{"11": "
\n

Debian Security Advisory

\n

DSA-011-2 mgetty -- insecure tempfile handling

\n
\n
Date Reported:
\n
10 Jan 2001
\n
Affected Packages:
\n
\nmgetty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2187.
In Mitre's CVE dictionary: CVE-2001-0141.
\n
More information:
\n
Immunix reports that mgetty does not create temporary\nfiles in a secure manner, which could lead to a symlink attack. This has been\ncorrected in mgetty 1.1.21-3potato1\n

We recommend you upgrade your mgetty package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.diff.gz
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21-3potato1.dsc
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/mgetty_1.1.21.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-all/mgetty-docs_1.1.21-3potato1_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-fax_1.1.21-3potato1_alpha.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-viewfax_1.1.21-3potato1_alpha.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty-voice_1.1.21-3potato1_alpha.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/mgetty_1.1.21-3potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-fax_1.1.21-3potato1_arm.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-viewfax_1.1.21-3potato1_arm.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty-voice_1.1.21-3potato1_arm.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/mgetty_1.1.21-3potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-fax_1.1.21-3potato1_i386.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-viewfax_1.1.21-3potato1_i386.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty-voice_1.1.21-3potato1_i386.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/mgetty_1.1.21-3potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/mgetty-fax_1.1.21-3potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/mgetty-viewfax_1.1.21-3potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/mgetty-voice_1.1.21-3potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/mgetty_1.1.21-3potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/mgetty-fax_1.1.21-3potato1_powerpc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/mgetty-viewfax_1.1.21-3potato1_powerpc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/mgetty-voice_1.1.21-3potato1_powerpc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/mgetty_1.1.21-3potato1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-fax_1.1.21-3potato1_sparc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-viewfax_1.1.21-3potato1_sparc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty-voice_1.1.21-3potato1_sparc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/mgetty_1.1.21-3potato1_sparc.deb
\n
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n
\n
\n
", "12": "
\n

Debian Security Advisory

\n

DSA-012-1 micq -- remote buffer overflow

\n
\n
Date Reported:
\n
22 Jan 2001
\n
Affected Packages:
\n
\nmicq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2254.
In Mitre's CVE dictionary: CVE-2001-0233.
\n
More information:
\n
PkC has reported that there is a buffer overflow in\nsprintf() in micq versions 0.4.6 and previous, that allows to a remote attacker\nable to sniff packets to the ICQ server to execute arbitrary code on the victim\nsystem.\n

We recommend you upgrade your micq package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/micq_0.4.3-4.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/micq_0.4.3.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/micq_0.4.3-4.diff.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/micq_0.4.3-4_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/micq_0.4.3-4_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/micq_0.4.3-4_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/micq_0.4.3-4_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/micq_0.4.3-4_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/micq_0.4.3-4_sparc.deb
\n
\n
\n
\n
\n
\n
", "13": "
\n

Debian Security Advisory

\n

DSA-013 MySQL -- remote buffer overflow

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2262.
In Mitre's CVE dictionary: CVE-2001-1274.
\n
More information:
\n
Nicolas Gregoire has reported a buffer overflow in the\nmysql server that leads to a remote exploit. An attacker could gain mysqld\nprivileges (and thus gaining access to all the databases).\n

We recommend you upgrade your mysql package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mysql_3.22.32-4.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mysql_3.22.32-4.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mysql_3.22.32.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/mysql-doc_3.22.32-4_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/mysql-client_3.22.32-4_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/mysql-server_3.22.32-4_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/mysql-client_3.22.32-4_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/mysql-server_3.22.32-4_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/mysql-client_3.22.32-4_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/mysql-server_3.22.32-4_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/mysql-client_3.22.32-4_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/mysql-server_3.22.32-4_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/mysql-client_3.22.32-4_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/mysql-server_3.22.32-4_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/mysql-client_3.22.32-4_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/mysql-server_3.22.32-4_sparc.deb
\n
\n
\n
\n
\n
\n
", "14": "
\n

Debian Security Advisory

\n

DSA-014-2 splitvt -- buffer overflow and format string attack

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\nsplitvt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2210.
In Mitre's CVE dictionary: CVE-2001-0111, CVE-2001-0112.
\n
More information:
\n
It was reported recently that splitvt is vulnerable to\nnumerous buffer overflow attack and a format string attack. An attacker was\nable to gain access to the root user id.\n

We recommend you upgrade your splitvt package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/splitvt_1.6.5-0potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/splitvt_1.6.5-0potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/splitvt_1.6.5.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/splitvt_1.6.5-0potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/splitvt_1.6.5-0potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/splitvt_1.6.5-0potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/splitvt_1.6.5-0potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/splitvt_1.6.5-0potato1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/splitvt_1.6.5-0potato1_sparc.deb
\n
\n
\n
\n
\n
\n
", "15": "
\n

Debian Security Advisory

\n

DSA-015-1 sash -- broken maintainer script

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\nsash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0195.
\n
More information:
\n
Versions of the sash package prior to 3.4-4 did not clone\n/etc/shadow properly, causing it to be made world-readable.\n

This package only exists in stable, so if you are running unstable you won't\nsee a bugfix unless you use the resources from the bottom of this message to\nthe proper configuration.\n

We recommend you upgrade your sash package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sash_3.4-6.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sash_3.4-6.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sash_3.4.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/sash_3.4-6_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/sash_3.4-6_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/sash_3.4-6_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/sash_3.4-6_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/sash_3.4-6_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/sash_3.4-6_sparc.deb
\n
\n
\n
\n
\n
\n
", "16": "
\n

Debian Security Advisory

\n

DSA-016-3 wu-ftpd -- temp file creation and format string

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2189, BugTraq ID 2296.
In Mitre's CVE dictionary: CVE-2001-0187.
\n
More information:
\n
Security people at WireX have noticed a temp file creation\nbug and the WU-FTPD development team has found a possible format string bug in\nwu-ftpd. Both could be remotely exploited, though no such exploit exists\ncurrently.\n

We recommend you upgrade your wu-ftpd package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-5.2.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-5.2.diff.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/wu-ftpd_2.6.0-5.2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/wu-ftpd_2.6.0-5.2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/wu-ftpd_2.6.0-5.2.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/wu-ftpd_2.6.0-5.2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/wu-ftpd_2.6.0-5.2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/wu-ftpd_2.6.0-5.2_sparc.deb
\n
\n
\n
\n
\n
\n
", "17": "
\n

Debian Security Advisory

\n

DSA-017-1 jazip -- buffer overflow

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\njazip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2209.
In Mitre's CVE dictionary: CVE-2001-0110.
\n
More information:
\n
With older versions of jazip a user could gain root\naccess for members of the floppy group to the local machine. The interface\ndoesn't run as root anymore and this very exploit was prevented. The program\nnow also truncates DISPLAY to 256 characters if it is bigger, which closes the\nbuffer overflow (within xforms).\n

We recommend you upgrade your jazip package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/jazip_0.33-1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/jazip_0.33-1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/jazip_0.33.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/jazip_0.33-1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/jazip_0.33-1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/jazip_0.33-1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/jazip_0.33-1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/jazip_0.33-1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/jazip_0.33-1_sparc.deb
\n
\n
\n
\n
\n
\n
", "18": "
\n

Debian Security Advisory

\n

DSA-018-1 tinyproxy -- remote nobody exploit

\n
\n
Date Reported:
\n
23 Jan 2001
\n
Affected Packages:
\n
\ntinyproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2217.
In Mitre's CVE dictionary: CVE-2001-0129.
\n
More information:
\n
PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell (user nobody) remotely.\n

We recommend you upgrade your tinyproxy package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/tinyproxy_1.3.1-2.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/tinyproxy_1.3.1-2.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/tinyproxy_1.3.1.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/tinyproxy_1.3.1-2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/tinyproxy_1.3.1-2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/tinyproxy_1.3.1-2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/tinyproxy_1.3.1-2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/tinyproxy_1.3.1-2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/tinyproxy_1.3.1-2_sparc.deb
\n
\n
\n
\n
\n
\n
", "19": "
\n

Debian Security Advisory

\n

DSA-019-1 squid -- insecure tempfile handling

\n
\n
Date Reported:
\n
25 Jan 2001
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2184.
In Mitre's CVE dictionary: CVE-2001-0142.
\n
More information:
\n
WireX discovered a potential temporary file race condition\nin the way that squid sends out email messages notifying the administrator\nabout updating the program. This could lead to arbitrary files to get\noverwritten. However the code would only be executed if running a very bleeding\nedge release of squid, running a server whose time is set some number of months\nin the past and squid is crashing. Read it as hardly to exploit. This version\nalso contains more upstream bugfixes wrt. dots in hostnames and improper HTML\nquoting.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/squid_2.2.5-3.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/squid_2.2.5-3.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/squid_2.2.5.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/squid-cgi_2.2.5-3.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/squid_2.2.5-3.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/squidclient_2.2.5-3.1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/squid-cgi_2.2.5-3.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/squid_2.2.5-3.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/squidclient_2.2.5-3.1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/squid-cgi_2.2.5-3.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/squid_2.2.5-3.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/squidclient_2.2.5-3.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/squid-cgi_2.2.5-3.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/squid_2.2.5-3.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/squidclient_2.2.5-3.1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/squid-cgi_2.2.5-3.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/squid_2.2.5-3.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/squidclient_2.2.5-3.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/squid-cgi_2.2.5-3.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/squid_2.2.5-3.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/squidclient_2.2.5-3.1_sparc.deb
\n
\n
\n
\n
\n
\n
", "20": "
\n

Debian Security Advisory

\n

DSA-020-1 php4 -- remote DOS and remote information leak

\n
\n
Date Reported:
\n
25 Jan 2001
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0108, CVE-2001-1385.
\n
More information:
\n
The Zend people have found a vulnerability in older\nversions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are\npresent in 4.0.3 as well). It is possible to specify PHP directives on a\nper-directory basis which leads to a remote attacker crafting an HTTP request\nthat would cause the next page to be served with the wrong values for these\ndirectives. Also even if PHP is installed, it can be activated and deactivated\non a per-directory or per-virtual host basis using the \"engine=on\" or\n\"engine=off\" directive. This setting can be leaked to other virtual hosts on\nthe same machine, effectively disabling PHP for those hosts and resulting in\nPHP source code being sent to the client instead of being executed on the\nserver.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-gd_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-imap_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-ldap_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mhash_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mysql_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-snmp_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-xml_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-gd_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-imap_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-ldap_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mhash_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mysql_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-pgsql_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-snmp_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4-xml_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/php4_4.0.3pl1-0potato1.1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-gd_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-imap_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-ldap_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-mhash_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-mysql_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-pgsql_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-snmp_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi-xml_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-cgi_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-gd_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-imap_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-ldap_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-mhash_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-mysql_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-pgsql_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-snmp_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4-xml_4.0.3pl1-0potato1.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/php4_4.0.3pl1-0potato1.1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-gd_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-imap_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-ldap_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mhash_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mysql_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-pgsql_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-snmp_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-xml_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-gd_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-imap_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-ldap_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-mhash_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-mysql_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-pgsql_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-snmp_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4-xml_4.0.3pl1-0potato1.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/php4_4.0.3pl1-0potato1.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-gd_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-imap_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-ldap_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mhash_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mysql_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-snmp_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-xml_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-gd_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-imap_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-ldap_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mhash_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mysql_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-pgsql_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-snmp_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4-xml_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/php4_4.0.3pl1-0potato1.1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-gd_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-imap_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-xml_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-gd_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-imap_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-ldap_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mhash_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mysql_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-snmp_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-xml_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/php4_4.0.3pl1-0potato1.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-gd_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-imap_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-ldap_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mhash_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mysql_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-snmp_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-xml_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-gd_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-imap_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-ldap_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mhash_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mysql_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-pgsql_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-snmp_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4-xml_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/php4_4.0.3pl1-0potato1.1_sparc.deb
\n
\n
\n
\n
\n
\n
", "21": "
\n

Debian Security Advisory

\n

DSA-021-1 apache -- insecure tempfile bug, broken mod_rewrite

\n
\n
Date Reported:
\n
26 Jan 2001
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2182.
In Mitre's CVE dictionary: CVE-2001-0131.
\n
More information:
\n
WireX have found some occurrences of insecure opening of\ntemporary files in htdigest and htpasswd. Both programs are not installed\nsetuid or setgid and thus the impact should be minimal. The Apache group has\nreleased another security bugfix which fixes a vulnerability in mod_rewrite\nwhich may result the remote attacker to access arbitrary files on the web\nserver.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-13.2.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-13.2.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-13.2_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-13.2_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-13.2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-13.2_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-13.2_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-13.2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-13.2_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-13.2_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-13.2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-13.2_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-13.2_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-13.2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-13.2_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-13.2_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/apache_1.3.9-13.2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/apache-common_1.3.9-13.2_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/apache-dev_1.3.9-13.2_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/apache_1.3.9-13.2_sparc.deb
\n
\n
\n
\n
\n
\n
", "22": "
\n

Debian Security Advisory

\n

DSA-022-1 exmh -- local insecure tempfile creation

\n
\n
Date Reported:
\n
26 Jan 2001
\n
Affected Packages:
\n
\nexmh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2327.
In Mitre's CVE dictionary: CVE-2001-0125.
\n
More information:
\n
Former versions of the exmh program used /tmp for storing\ntemporary files. No checks were made to ensure that nobody placed a symlink\nwith the same name in /tmp in the meantime and thus was vulnerable to a symlink\nattack. This could lead to a malicious local user being able to overwrite any\nfile writable by the user executing exmh. Upstream developers have reported and\nfixed this. The exmh program now use /tmp/login unless TMPDIR or EXMHTMPDIR\nis set.\n

We recommend you upgrade your exmh packages immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/exmh_2.1.1-1.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/exmh_2.1.1-1.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/exmh_2.1.1.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/exmh_2.1.1-1.1_all.deb
\n
\n
\n
\n
\n
\n
", "23": "
\n

Debian Security Advisory

\n

DSA-023-1 inn2 -- local tempfile vulnerabilities

\n
\n
Date Reported:
\n
26 Jan 2001
\n
Affected Packages:
\n
\ninn2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0361.
\n
More information:
\n
\n
    \n
  • People at WireX have found several potential insecure uses of temporary files in programs provided by INN2. Some of them only lead to a vulnerability to symlink attacks if the temporary directory was set to /tmp or /var/tmp, which is the case in many installations, at least in Debian packages. An attacker could overwrite any file owned by the news system administrator, i.e. owned by news.news.\n
  • Michal Zalewski found an exploitable buffer overflow with regard to cancel messages and their verification. This bug did only show up if \"verifycancels\" was enabled in inn.conf which is not the default and has been disrecommended by upstream.\n
  • Andi Kleen found a bug in INN2 that makes innd crash for two byte headers. There is a chance this can only be exploited with uucp.\n
\nWe recommend you upgrade your inn2 packages immediately.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/inn2_2.2.2.2000.01.31-4.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/inn2_2.2.2.2000.01.31-4.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/inn2_2.2.2.2000.01.31.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/inn2-dev_2.2.2.2000.01.31-4.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/inn2-inews_2.2.2.2000.01.31-4.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/inn2_2.2.2.2000.01.31-4.1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/inn2-dev_2.2.2.2000.01.31-4.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/inn2-inews_2.2.2.2000.01.31-4.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/inn2_2.2.2.2000.01.31-4.1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/inn2-dev_2.2.2.2000.01.31-4.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/inn2-inews_2.2.2.2000.01.31-4.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/inn2_2.2.2.2000.01.31-4.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/inn2-dev_2.2.2.2000.01.31-4.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/inn2-inews_2.2.2.2000.01.31-4.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/inn2_2.2.2.2000.01.31-4.1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/inn2-dev_2.2.2.2000.01.31-4.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/inn2-inews_2.2.2.2000.01.31-4.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/inn2_2.2.2.2000.01.31-4.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/inn2-dev_2.2.2.2000.01.31-4.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/inn2-inews_2.2.2.2000.01.31-4.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/inn2_2.2.2.2000.01.31-4.1_sparc.deb
\n
\n
\n
\n
\n
\n
", "24": "
\n

Debian Security Advisory

\n

DSA-024-1 cron -- local insecure crontab handling

\n
\n
Date Reported:
\n
27 Jan 2001
\n
Affected Packages:
\n
\ncron\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2332.
In Mitre's CVE dictionary: CVE-2001-0235.
\n
More information:
\n
The FreeBSD team has found a bug in the way new crontabs\nwere handled which allowed malicious users to display arbitrary crontab files\non the local system. This only affects valid crontab files so it can't be used to\nget access to /etc/shadow or something. crontab files are not especially secure\nanyway, as there are other ways they can leak. No passwords or similar\nsensitive data should be in there. We recommend you upgrade your cron\npackages.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1-57.2.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1-57.2.dsc
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/cron_3.0pl1-57.2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/cron_3.0pl1-57.2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/cron_3.0pl1-57.2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/cron_3.0pl1-57.2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/cron_3.0pl1-57.2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/cron_3.0pl1-57.2_sparc.deb
\n
\n
\n
\n
\n
\n
", "25": "
\n

Debian Security Advisory

\n

DSA-025-2 openssh -- Missing PAM support

\n
\n
Date Reported:
\n
28 Jan 2001
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
A former security upload of OpenSSH lacked support for PAM\nwhich lead to people not being able to log onto their server. This was\nonly a problem on the sparc architecture. We recommend you\nupgrade your ssh packages on sparc.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.3_sparc.deb
\n
\n
\n
\n
\n
\n
", "26": "
\n

Debian Security Advisory

\n

DSA-026-1 bind -- buffer overflows and information leak

\n
\n
Date Reported:
\n
29 Jan 2001
\n
Affected Packages:
\n
\nbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0010, CVE-2001-0012.
CERT's vulnerabilities, advisories and incident notes: CA-2001-02, VU#196945, VU#325431.
\n
More information:
\n
BIND 8 suffered from several buffer overflows. It is\npossible to construct an inverse query that allows the stack to be read\nremotely exposing environment variables. CERT has disclosed information about\nthese issues. A new upstream version fixes this. Due to the complexity of BIND\nwe have decided to make an exception to our rule by releasing the new upstream\nsource to our stable distribution. We recommend you upgrade your bind packages\nimmediately.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/bind_8.2.3-0.potato.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/bind_8.2.3.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/bind-dev_8.2.3-0.potato.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/bind_8.2.3-0.potato.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/dnsutils_8.2.3-0.potato.1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/bind-dev_8.2.3-0.potato.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/bind_8.2.3-0.potato.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/dnsutils_8.2.3-0.potato.1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/bind-dev_8.2.3-0.potato.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/bind_8.2.3-0.potato.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/dnsutils_8.2.3-0.potato.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/bind-dev_8.2.3-0.potato.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/bind_8.2.3-0.potato.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/dnsutils_8.2.3-0.potato.1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/bind-dev_8.2.3-0.potato.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/bind_8.2.3-0.potato.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/dnsutils_8.2.3-0.potato.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/bind-dev_8.2.3-0.potato.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/bind_8.2.3-0.potato.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/dnsutils_8.2.3-0.potato.1_sparc.deb
\n
\n
\n
\n
\n
\n
", "27": "
\n

Debian Security Advisory

\n

DSA-027-1 OpenSSH -- remote exploit

\n
\n
Date Reported:
\n
09 Feb 2001
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2344.
In Mitre's CVE dictionary: CVE-2001-0361.
\n
More information:
\n
\n
    \n
  1. Versions of OpenSSH prior to 2.3.0 are vulnerable to a remote arbitrary\nmemory overwrite attack which may lead to a root exploit.\n
  2. CORE-SDI has described a problem with regards to RSA key exchange and a\nBleichenbacher attack to gather the session key from an ssh session.\n
\nBoth of these issues have been corrected in our ssh package 1.2.3-9.2.\nWe recommend you upgrade your openssh package immediately.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.2.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.2.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.2_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.2_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.2_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.2_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.2_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-askpass-gnome_1.2.3-9.2_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.2_sparc.deb
\n
\n
\n
\n
\n
\n
", "28": "
\n

Debian Security Advisory

\n

DSA-028-1 man-db -- format string vulnerability

\n
\n
Date Reported:
\n
09 Feb 2001
\n
Affected Packages:
\n
\nman-db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0193.
\n
More information:
\n
Styx has reported that the program `man' mistakenly passes\nmalicious strings (i.e. containing format characters) through routines that\nwere not meant to use them as format strings. Since this could cause a\nsegmentation fault and privileges were not dropped it may lead to an exploit\nfor the 'man' user.\n

We recommend you upgrade your man-db package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-1.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-1.1.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/man-db_2.3.16-1.1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/man-db_2.3.16-1.1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/man-db_2.3.16-1.1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/man-db_2.3.16-1.1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/man-db_2.3.16-1.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/man-db_2.3.16-1.1_sparc.deb
\n
\n
\n
\n
\n
\n
", "29": "
\n

Debian Security Advisory

\n

DSA-029-2 proftpd -- remote DOS & potential buffer overflow

\n
\n
Date Reported:
\n
11 Feb 2001
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0318, CVE-2001-0136.
\n
More information:
\n
The following problems have been reported for the version\nof proftpd in Debian 2.2 (potato):\n
    \n
  1. There is a memory leak in the SIZE command which can result in a\ndenial of service, as reported by Wojciech Purczynski. This is only a\nproblem if proftpd cannot write to its scoreboard file; the default\nconfiguration of proftpd in Debian is not vulnerable.\n
  2. A similar memory leak affects the USER command, also as reported by\nWojciech Purczynski. The proftpd in Debian 2.2 is susceptible to this\nvulnerability; an attacker can cause the proftpd daemon to crash by\nexhausting its available memory.\n
  3. There were some format string vulnerabilities reported by Przemyslaw\nFrasunek. These are not known to have exploits, but have been corrected\nas a precaution.\n
\nAll three of the above vulnerabilities have been corrected in\nproftpd-1.2.0pre10-2potato1. We recommend you upgrade your proftpd\npackage immediately.
\n
Fixed in:
\n
\nDSA-032-1\n
\n
\n
\n
", "30": "
\n

Debian Security Advisory

\n

DSA-030-2 xfree86 -- buffer overflow, insecure tempfile handling, denial-of-service attack

\n
\n
Date Reported:
\n
12 Feb 2001
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 1430, BugTraq ID 2925, BugTraq ID 2924.
\n
More information:
\n
Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox,\nand others have noted a number of problems in several components of the X\nWindow System sample implementation (from which XFree86 is derived). While\nthere are no known reports of real-world malicious exploits of any of these\nproblems, it is nevertheless suggested that you upgrade your XFree86 packages\nimmediately.\n

\nThe scope of this advisory is XFree86 3.3.6 only, since that is the version\nreleased with Debian GNU/Linux 2.2 (\"potato\"); Debian packages of XFree86 4.0\nand later have not been released as part of a Debian distribution.\n

\nSeveral people are responsible for authoring the fixes to these problems,\nincluding Aaron Campbell, Paulo Cesar Pereira de Andrade, Keith Packard, David\nDawes, Matthieu Herrb, Trevor Johnson, Colin Phipps, and Branden Robinson.\n

    \n
  • The X servers are vulnerable to a denial-of-service attack during\nXC-SECURITY protocol negotiation.\n
  • X clients based on Xlib (which is most of them) are subject to potential\nbuffer overflows in the _XReply() and _XAsyncReply() functions if they connect\nto a maliciously-coded X server that places bogus data in its X protocol\nreplies. NOTE: This is only an effective attack against X clients running\nwith elevated privileges (setuid or setgid programs), and offers potential\naccess only to the elevated privilege. For instance, the most common setuid X\nclient is probably xterm. On many Unix systems, xterm is setuid root; in Debian\n2.2, xterm is only setgid utmp, which means that an effective exploit is\nlimited to corruption of the lastlog, utmp, and wtmp files --\nnot general\nroot access. Also note that the attacker must already have sufficient\nprivileges to start such an X client and successfully connect to the X server.\n
  • There is a buffer overflow (not stack-based) in xdm's XDMCP code.\n
  • There is a one-byte overflow in Xtrans.c.\n
  • Xtranssock.c is also subject to buffer overflow problems.\n
  • There is a buffer overflow with the -xkbmap X server flag.\n
  • The MultiSrc widget in the Athena widget library handle temporary files\ninsecurely.\n
  • The imake program handles temporary files insecurely when executing install\nrules.\n
  • The ICE library is subject to buffer overflow attacks.\n
  • The xauth program handles temporary files insecurely.\n
  • The XauLock() function in the Xau library handles temporary files\ninsecurely.\n
  • The gccmakedep and makedepend programs handle temporary files insecurely.\n
\nAll of the above issues are resolved by this security release.\n

There are several other XFree86 security issues commonly discussed in conjunction with the above, to which an up-to-date Debian 2.2 system is\nNOT vulnerable:\n

    \n
  • There are 4 distinct problems with Xlib's XOpenDisplay() function in which\na maliciously coded X server could cause a denial-of-service attack or buffer\noverflow. As before, this is only an effective attack against X clients running\nwith elevated privileges, and the attacker must already have sufficient\nprivileges to start such an X client and successfully connect to the X server.\nDebian 2.2 and 2.2r1 are only vulnerable to one of these problems, because we\napplied patches to XFree86 3.3.6 to correct the other three. An additional\npatch applied for Debian 2.2r2 corrected the fourth.\n
  • The AsciiSrc widget in the Athena widget library handles temporary files\ninsecurely. Debian 2.2r2 is not vulnerable to this problem because we applied a\npatch to correct it.\n
  • The imake program uses mktemp() instead of mkstemp(). This problem does not\nexist in XFree86 3.3.6, and therefore no release of Debian 2.2 is affected.\n
\nThese problems have been fixed in version 3.3.6-11potato32 and we recommend\nthat you upgrade your X packages immediately.\n

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xfree86-1_3.3.6-11potato32.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xfree86-1_3.3.6-11potato32.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xfree86-1_3.3.6.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/rstart_3.3.6-11potato32_all.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/xbase_3.3.6-11potato32_all.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/xfree86-common_3.3.6-11potato32_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/rstartd_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/twm_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xbase-clients_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xdm_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xext_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xf86setup_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xlib6g-dev_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xlib6g-static_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xlib6g_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xmh_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xnest_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xproxy_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xprt_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-3dlabs_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-common_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-fbdev_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-i128_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-mono_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-p9000_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-s3_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-s3v_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-svga_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-tga_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xserver-vga16_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xsm_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xterm_3.3.6-11potato32_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xvfb_3.3.6-11potato32_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/rstartd_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/twm_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xbase-clients_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xdm_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xext_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xf86setup_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xlib6g-dev_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xlib6g-static_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xlib6g_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xmh_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xnest_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xproxy_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xprt_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-3dlabs_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-common_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-fbdev_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-i128_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-mono_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-p9000_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-s3_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-s3v_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-svga_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-tga_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xserver-vga16_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xsm_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xterm_3.3.6-11potato32_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xvfb_3.3.6-11potato32_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/rstartd_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/twm_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xbase-clients_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xdm_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xext_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xf86setup_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xlib6g-dev_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xlib6g-static_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xlib6g_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xmh_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xnest_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xproxy_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xprt_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-3dlabs_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-common_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-fbdev_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-i128_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-mono_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-p9000_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-s3_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-s3v_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-svga_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-tga_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xserver-vga16_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xsm_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xterm_3.3.6-11potato32_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xvfb_3.3.6-11potato32_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/rstartd_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/twm_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xbase-clients_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xdm_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xext_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xf86setup_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xlib6g-dev_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xlib6g-static_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xlib6g_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xmh_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xnest_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xproxy_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xprt_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-3dlabs_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-common_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-fbdev_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-i128_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-mono_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-p9000_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-s3_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-s3v_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-svga_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-tga_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xserver-vga16_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xsm_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xterm_3.3.6-11potato32_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xvfb_3.3.6-11potato32_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/rstartd_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/twm_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xbase-clients_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xdm_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xext_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xf86setup_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xlib6g-dev_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xlib6g-static_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xlib6g_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xmh_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xnest_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xproxy_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xprt_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-3dlabs_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-common_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-fbdev_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-i128_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-mono_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-p9000_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-s3_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-s3v_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-svga_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-tga_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xserver-vga16_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xsm_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xterm_3.3.6-11potato32_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xvfb_3.3.6-11potato32_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/rstartd_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/twm_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xbase-clients_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xdm_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xext_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xf86setup_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xlib6g-dev_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xlib6g-static_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xlib6g_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xmh_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xnest_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xproxy_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xprt_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-3dlabs_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-common_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-fbdev_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-i128_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-mach64_3.3.6-11potato32_alpa.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-mono_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-p9000_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-s3_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-s3v_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-svga_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-tga_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xserver-vga16_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xsm_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xterm_3.3.6-11potato32_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xvfb_3.3.6-11potato32_sparc.deb
\n
\n
\n
\n
\n
\n
", "31": "
\n

Debian Security Advisory

\n

DSA-031-2 sudo -- buffer overflow

\n
\n
Date Reported:
\n
28 Feb 2001
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2829.
In Mitre's CVE dictionary: CVE-2001-0279.
\n
More information:
\n
Todd Miller announced a new version of sudo which corrects\na buffer overflow that could potentially be used to gain root privileges on the\nlocal system. The fix from sudo 1.6.3p6 is available in sudo 1.6.2p2-1potato1\nfor Debian 2.2 (potato).
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2-1potato1.diff.gz
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2-1potato1.dsc
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-1potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-1potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-1potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-1potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-1potato1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-1potato1_sparc.deb
\n
\n
\n
\n
\n
\n
", "32": "
\n

Debian Security Advisory

\n

DSA-032-1 proftpd -- proftpd running with incorrect userid, erroneous file removal

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0456.
\n
More information:
\n
The following problems have been reported for the version\nof proftpd in Debian 2.2 (potato):\n
    \n
  1. There is a configuration error in the postinst script, when the user enters\n'yes', when asked if anonymous access should be enabled. The postinst script\nwrongly leaves the 'run as uid/gid root' configuration option in\n/etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no\neffect.\n
  2. There is a bug that comes up when /var is a symlink, and proftpd is\nrestarted. When stopping proftpd, the /var symlink is removed; when it's\nstarted again a file named /var is created.\n
\nThe above problems have been corrected in proftpd-1.2.0pre10-2.0potato1. We\nrecommend you upgrade your proftpd package immediately.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10-2.0potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/proftpd_1.2.0pre10.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/proftpd_1.2.0pre10-2.0potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/proftpd_1.2.0pre10-2.0potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/proftpd_1.2.0pre10-2.0potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/proftpd_1.2.0pre10-2.0potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/proftpd_1.2.0pre10-2.0potato1.1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/proftpd_1.2.0pre10-2.0potato1_sparc.deb
\n
\n
\n
\n
\n
\n
", "33": "
\n

Debian Security Advisory

\n

DSA-033-1 analog -- buffer overflow

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\nanalog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2377.
In Mitre's CVE dictionary: CVE-2001-0301.
\n
More information:
\n
The author of analog, Stephen Turner, has found a buffer\noverflow bug in all versions of analog except of version 4.16. A malicious\nuser could use an ALIAS command to construct very long strings which were not\nchecked for length and boundaries. This bug is particularly dangerous if the\nform interface (which allows unknown users to run the program via a CGI script)\nhas been installed. There doesn't seem to be a known exploit.\n

The bugfix has been backported to the version of analog from Debian\n2.2. Version 4.01-1potato1 is fixed.\n

We recommend you upgrade your analog packages immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/analog_4.01.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/analog_4.01-1potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/analog_4.01-1potato1.diff.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/analog_4.01-1potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/analog_4.01-1potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/analog_4.01-1potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/analog_4.01-1potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/analog_4.01-1potato1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/analog_4.01-1potato1_sparc.deb
\n
\n
\n
\n
\n
\n
", "34": "
\n

Debian Security Advisory

\n

DSA-034-1 ePerl -- remote root exploit

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\neperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2464.
In Mitre's CVE dictionary: CVE-2001-0458.
\n
More information:
\n
Fumitoshi Ukai and Denis Barbier have found several\npotential buffer overflow bugs in our version of ePerl as distributed in all of\nour distributions.\n

When eperl is installed setuid root, it can switch to the UID/GID of\nthe scripts owner. Although Debian doesn't ship the program setuid\nroot, this is a useful feature which people may have activated\nlocally. When the program is used as /usr/lib/cgi-bin/nph-eperl the\nbugs could lead into a remote vulnerability as well.\n

Version 2.2.14-0.7potato2 fixes this; we recommend you upgrade your eperl\npackage immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/eperl_2.2.14-0.7potato2.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/eperl_2.2.14-0.7potato2.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/eperl_2.2.14.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/eperl_2.2.14-0.7potato2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/eperl_2.2.14-0.7potato2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/eperl_2.2.14-0.7potato2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/eperl_2.2.14-0.7potato2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/eperl_2.2.14-0.7potato2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/eperl_2.2.14-0.7potato2_sparc.deb
\n
\n
\n
\n
\n
\n
", "35": "
\n

Debian Security Advisory

\n

DSA-035-1 man2html -- remote denial of service

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\nman2html\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 28024, Bug 78195.
In Mitre's CVE dictionary: CVE-2001-0457.
\n
More information:
\n
It has been reported that one can tweak man2html remotely\ninto consuming all available memory. This has been fixed by Nicol\u00e1s Lichtmaier\nwith help of Stephan Kulow.\n

We recommend you upgrade your man2html package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/man2html_1.5.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/man2html_1.5-23.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/man2html_1.5-23.diff.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/man2html_1.5-23_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/man2html_1.5-23_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/man2html_1.5-23_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/man2html_1.5-23_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/man2html_1.5-23_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/man2html_1.5-23_sparc.deb
\n
\n
\n
\n
\n
\n
", "36": "
\n

Debian Security Advisory

\n

DSA-036-1 Midnight Commander -- arbitrary program execution

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\nmc, gmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2016.
In Mitre's CVE dictionary: CVE-2000-1109.
\n
More information:
\n
It has been reported that a local user could tweak\nMidnight Commander of another user into executing an arbitrary program under\nthe user id of the person running Midnight Commander. This behaviour has been\nfixed by Andrew V. Samoilov.\n

We recommend you upgrade your mc package.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mc_4.5.42-11.potato.6.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mc_4.5.42.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/gmc_4.5.42-11.potato.6_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/mc-common_4.5.42-11.potato.6_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/mc_4.5.42-11.potato.6_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/gmc_4.5.42-11.potato.6_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/mc-common_4.5.42-11.potato.6_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/mc_4.5.42-11.potato.6_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/gmc_4.5.42-11.potato.6_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/mc-common_4.5.42-11.potato.6_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/mc_4.5.42-11.potato.6_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/gmc_4.5.42-11.potato.6_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/mc-common_4.5.42-11.potato.6_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/mc_4.5.42-11.potato.6_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/gmc_4.5.42-11.potato.6_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/mc-common_4.5.42-11.potato.6_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/mc_4.5.42-11.potato.6_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/gmc_4.5.42-11.potato.6_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/mc-common_4.5.42-11.potato.6_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/mc_4.5.42-11.potato.6_sparc.deb
\n
\n
\n
\n
\n
\n
", "37": "
\n

Debian Security Advisory

\n

DSA-037-1 Athena Widget replacement libraries -- insecure tempfile handling

\n
\n
Date Reported:
\n
07 Mar 2001
\n
Affected Packages:
\n
\nnextaw
xaw3d
xaw95\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
It has been reported that the AsciiSrc and MultiSrc widget\nin the Athena widget library handle temporary files insecurely. Joey Hess has\nported the bugfix from XFree86 to these Xaw replacements libraries. The fixes\nare available in nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1, and xaw95\n1.1-4.6potato1.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1-34potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/nextaw_0.5.1.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3-6.9potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw3d_1.3.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw95_1.1-4.6potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xaw95_1.1.orig.tar.gz
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/nextaw_0.5.1-34potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/nextawg_0.5.1-34potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xaw3d_1.3-6.9potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg-dev_1.3-6.9potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xaw3dg_1.3-6.9potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xaw95g_1.1-4.6potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/nextaw_0.5.1-34potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/nextawg_0.5.1-34potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3d_1.3-6.9potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg-dev_1.3-6.9potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xaw3dg_1.3-6.9potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xaw95g_1.1-4.6potato1_m68k.deb
\n
\n
\n
\n
\n
\n
", "38": "
\n

Debian Security Advisory

\n

DSA-038-1 sgml-tools -- insecure tempfiles

\n
\n
Date Reported:
\n
08 Mar 2001
\n
Affected Packages:
\n
\nsgml-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0416.
\n
More information:
\n
Former versions of sgml-tools created temporary files\ndirectly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a\nsubdirectory first and open temporary files within that directory. This has\nbeen fixed in sgml-tools 1.0.9-15
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9-15.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/sgml-tools_1.0.9-15.diff.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/sgml-tools_1.0.9-15_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/sgml-tools_1.0.9-15_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/sgml-tools_1.0.9-15_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/sgml-tools_1.0.9-15_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/sgml-tools_1.0.9-15_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/sgml-tools_1.0.9-15_sparc.deb
\n
\n
\n
\n
\n
\n
", "39": "
\n

Debian Security Advisory

\n

DSA-039-1 glibc -- local file overwrite

\n
\n
Date Reported:
\n
08 Mar 2001
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2223.
In Mitre's CVE dictionary: CVE-2001-0169.
\n
More information:
\n
The version of GNU libc that was distributed with Debian\nGNU/Linux 2.2 suffered from 2 security problems:\n
    \n
  • It was possible to use LD_PRELOAD to load libraries that are listed in\n/etc/ld.so.cache, even for suid programs. This could be used to create (and\noverwrite) files which a user should not be allowed to.\n
  • By using LD_PROFILE suid programs would write data to a file to /var/tmp,\nwhich was not done safely. Again, this could be used to create (and overwrite)\nfiles which a user should not have access to.\n
\nBoth problems have been fixed in version 2.1.3-17 and we recommend that\nyou upgrade your glibc packages immediately.\n

Please note that a side-effect of this upgrade is that ldd will no longer\nwork on suid programs, unless you logged in as root.\n

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-17.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-17.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/glibc-doc_2.1.3-17_all.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-all/i18ndata_2.1.3-17_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dbg_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dev_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-pic_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-prof_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/libnss1-compat_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/locales_2.1.3-17_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/nscd_2.1.3-17_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dbg_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dev_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libc6-pic_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libc6-prof_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libc6_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/libnss1-compat_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/locales_2.1.3-17_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/nscd_2.1.3-17_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dbg_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dev_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libc6-pic_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libc6-prof_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libc6_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/libnss1-compat_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/locales_2.1.3-17_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/nscd_2.1.3-17_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dbg_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dev_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-pic_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-prof_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libc6_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/libnss1-compat_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/locales_2.1.3-17_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/nscd_2.1.3-17_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dbg_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dev_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-pic_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-prof_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/libnss1-compat_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/locales_2.1.3-17_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/nscd_2.1.3-17_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dbg_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dev_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-pic_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-prof_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libc6_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/libnss1-compat_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/locales_2.1.3-17_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/nscd_2.1.3-17_sparc.deb
\n
\n
\n
\n
\n
\n
", "40": "
\n

Debian Security Advisory

\n

DSA-040-1 slrn -- buffer overflow

\n
\n
Date Reported:
\n
09 Mar 2001
\n
Affected Packages:
\n
\nslrn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2493.
In Mitre's CVE dictionary: CVE-2001-0441.
\n
More information:
\n
Bill Nottingham reported a problem in the\nwrapping/unwrapping functions of the slrn newsreader. A long header in a\nmessage might overflow a buffer, which could result in executing arbitrary\ncode encoded in the message.\n

The default configuration does not have wrapping enable, but it can easily\nbe enabled either by changing the configuration or pressing W while viewing a\nmessage.\n

This has been fixed in version 0.9.6.2-9potato1 and we recommand that you\nupgrade your slrn package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato1_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato1_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato1_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato1_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato1_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato1_sparc.deb
\n
\n
\n
\n
\n
\n
", "41": "
\n

Debian Security Advisory

\n

DSA-041-1 joe -- local exploit

\n
\n
Date Reported:
\n
09 Mar 2001
\n
Affected Packages:
\n
\njoe\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2437.
In Mitre's CVE dictionary: CVE-2001-0289.
\n
More information:
\n
Christer \u00d6berg of Wkit Security AB found a problem in joe\n(Joe's Own Editor). joe will look for a configuration file in three locations:\nThe current directory, the users homedirectory ($HOME) and in /etc/joe. Since\nthe configuration file can define commands joe will run (for example to check\nspelling) reading it from the current directory can be dangerous: An attacker\ncan leave a .joerc file in a writable directory, which would be read when a\nunsuspecting user starts joe in that directory.\n

This has been fixed in version 2.8-15.3 and we recommend that you upgrade\nyour joe package immediately.

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.3.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/joe_2.8-15.3.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/joe_2.8.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/joe_2.8-15.3_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/joe_2.8-15.3_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/joe_2.8-15.3_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/joe_2.8-15.3_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/joe_2.8-15.3_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/joe_2.8-15.3_sparc.deb
\n
\n
\n
\n
\n
\n
", "42": "
\n

Debian Security Advisory

\n

DSA-042-1 gnuserv -- buffer overflow, weak security

\n
\n
Date Reported:
\n
09 Mar 2001
\n
Affected Packages:
\n
\ngnuserv, xemacs21\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2333.
In Mitre's CVE dictionary: CVE-2001-191.
\n
More information:
\n
Klaus Frank has found a vulnerability in the way gnuserv\nhandled remote connections. Gnuserv is a remote control facility for Emacsen\nwhich is available as standalone program as well as included in XEmacs21.\nGnuserv has a buffer for which insufficient boundary checks were made.\nUnfortunately this buffer affected access control to gnuserv which is using a\nMIT-MAGIC-COOCKIE based system. It is possible to overflow the buffer\ncontaining the cookie and foozle cookie comparison.\n

Gnuserv was derived from emacsserver which is part of GNU Emacs. It was\nreworked completely and not much is left over from its time as part of\nGNU Emacs. Therefore the versions of emacsserver in both Emacs19 and Emacs20\ndoesn't look vulnerable to this bug, they don't even provide a MIT-MAGIC-COOKIE\nbased mechanism.\n

This could lead into a remote user issue commands under the UID of the\nperson running gnuserv.\n

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha.orig.tar.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-support_21.1.10-5_all.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-supportel_21.1.10-5_all.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21_21.1.10-5_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/gnuserv_2.1alpha-5.1_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-bin_21.1.10-5_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule-canna-wnn_21.1.10-5_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule_21.1.10-5_alpha.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-nomule_21.1.10-5_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/gnuserv_2.1alpha-5.1_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-bin_21.1.10-5_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule-canna-wnn_21.1.10-5_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule_21.1.10-5_arm.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-nomule_21.1.10-5_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/gnuserv_2.1alpha-5.1_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-bin_21.1.10-5_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule-canna-wnn_21.1.10-5_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule_21.1.10-5_i386.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-nomule_21.1.10-5_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/gnuserv_2.1alpha-5.1_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-bin_21.1.10-5_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-mule-canna-wnn_21.1.10-5_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-mule_21.1.10-5_m68k.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-nomule_21.1.10-5_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/gnuserv_2.1alpha-5.1_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-bin_21.1.10-5_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule-canna-wnn_21.1.10-5_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule_21.1.10-5_powerpc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-nomule_21.1.10-5_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/gnuserv_2.1alpha-5.1_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-bin_21.1.10-5_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule-canna-wnn_21.1.10-5_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule_21.1.10-5_sparc.deb
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-nomule_21.1.10-5_sparc.deb
\n
\n
\n
\n
\n
\n
", "43": "
\n

Debian Security Advisory

\n

DSA-043-1 zope -- remote exploit

\n
\n
Date Reported:
\n
09 Mar 2001
\n
Affected Packages:
\n
\nzope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2458.
In Mitre's CVE dictionary: CVE-2001-0568, CVE-2001-0569.
\n
More information:
\n
This advisory covers several vulnerabilities in Zope that\nhave been addressed.\n
\n
Hotfix 08_09_2000 \"Zope security alert and hotfix product\"\n
\n The issue involves the fact that the getRoles method of user objects\n contained in the default UserFolder implementation returns a mutable\n Python type. Because the mutable object is still associated with\n the persistent User object, users with the ability to edit DTML\n could arrange to give themselves extra roles for the duration of a\n single request by mutating the roles list as a part of the request\n processing.\n
Hotfix 2000-10-02 \"ZPublisher security update\"\n
\n It is sometimes possible to access, through a URL only, objects\n protected by a role which the user has in some context, but not in\n the context of the accessed object.\n
Hotfix 2000-10-11 \"ObjectManager subscripting\"\n
\n The issue involves the fact that the 'subscript notation' that can\n be used to access items of ObjectManagers (Folders) did not\n correctly restrict return values to only actual sub items. This\n made it possible to access names that should be private from DTML\n (objects with names beginning with the underscore '_' character).\n This could allow DTML authors to see private implementation data\n structures and in certain cases possibly call methods that they\n shouldn't have access to from DTML.\n
Hotfix 2001-02-23 \"Class attribute access\"\n
\n The issue is related to ZClasses in that a user with through-the-web\n scripting capabilities on a Zope site can view and assign class\n attributes to ZClasses, possibly allowing them to make inappropriate\n changes to ZClass instances.\n
\n A second part fixes problems in the ObjectManager, PropertyManager,\n and PropertySheet classes related to mutability of method return\n values which could be perceived as a security problem.\n
\nThese fixes are included in zope 2.1.6-7 for Debian 2.2 (potato). We recommend\nyou upgrade your zope package immediately.\n\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-7.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-7.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-7_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-7_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-7_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-7_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-7_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-7_sparc.deb
\n
\n
\n
\n\n
\n
", "44": "
\n

Debian Security Advisory

\n

DSA-044-1 mailx -- buffer overflow

\n
\n
Date Reported:
\n
13 Mar 2001
\n
Affected Packages:
\n
\nmailx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2457.
\n
More information:
\n
The mail program (a simple tool to read and send\nemail) as distributed with Debian GNU/Linux 2.2 has a buffer overflow\nin the input parsing code. Since mail is installed setgid mail by\ndefault this allowed local users to use it to gain access to mail\ngroup.\n

Since the mail code was never written to be secure fixing it\nproperly would mean a large rewrite. Instead of doing this we decided\nto no longer install it setgid. This means that it can no longer lock\nyour mailbox properly on systems for which you need group mail to\nwrite to the mailspool, but it will still work for sending email.\n

This has been fixed in mailx version 8.1.1-10.1.5. If you have\nsuidmanager installed you can also make this manually with the\nfollowing command:\nsuidregister /usr/bin/mail root root 0755\n

\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mailx_8.1.1-10.1.5.diff.gz
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mailx_8.1.1-10.1.5.dsc
\n
\n
\nhttp://security.debian.org/dists/stable/updates/main/source/mailx_8.1.1.orig.tar.gz
\n
\n
alpha:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-alpha/mailx_8.1.1-10.1.5_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-arm/mailx_8.1.1-10.1.5_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-i386/mailx_8.1.1-10.1.5_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-m68k/mailx_8.1.1-10.1.5_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-powerpc/mailx_8.1.1-10.1.5_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/dists/stable/updates/main/binary-sparc/mailx_8.1.1-10.1.5_sparc.deb
\n
\n
\n
\n
\n
\n
", "45": "
\n

Debian Security Advisory

\n

DSA-045-2 ntpd -- remote root exploit

\n
\n
Date Reported:
\n
09 Apr 2001
\n
Affected Packages:
\n
\nntpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2450.
In Mitre's CVE dictionary: CVE-2001-0414.
\n
More information:
\n
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>\nreported that ntp daemons such as that released with Debian GNU/Linux are\nvulnerable to a buffer overflow that can lead to a remote root exploit. A\nprevious advisory (DSA-045-1) partially addressed this issue, but introduced a\npotential denial of service attack. This has been corrected for Debian 2.2\n(potato) in ntp version 4.0.99g-2potato2.
\n
Fixed in:
\n
\n

Debian 2.2 (potato)

\n
\n
Source:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.diff.gz
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g-2potato2.dsc
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/source/ntp_4.0.99g.orig.tar.gz
\n
\n
Architecture-independent component:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-all/ntp-doc_4.0.99g-2potato2_all.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-all/xntp3_4.0.99g-2potato2_all.deb
\n
\n
alpha:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntp_4.0.99g-2potato2_alpha.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-alpha/ntpdate_4.0.99g-2potato2_alpha.deb
\n
\n
arm:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntp_4.0.99g-2potato2_arm.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-arm/ntpdate_4.0.99g-2potato2_arm.deb
\n
\n
i386:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntp_4.0.99g-2potato2_i386.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-i386/ntpdate_4.0.99g-2potato2_i386.deb
\n
\n
m68k:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntp_4.0.99g-2potato2_m68k.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-m68k/ntpdate_4.0.99g-2potato2_m68k.deb
\n
\n
powerpc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntp_4.0.99g-2potato2_powerpc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-powerpc/ntpdate_4.0.99g-2potato2_powerpc.deb
\n
\n
sparc:
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntp_4.0.99g-2potato2_sparc.deb
\n
\n
\nhttp://security.debian.org/debian-security/dists/stable/updates/main/binary-sparc/ntpdate_4.0.99g-2potato2_sparc.deb
\n
\n
\n
\n
\n
\n
", "46": "
\n

Debian Security Advisory

\n

DSA-046-2 exuberant-ctags -- insecure temporary files

\n
\n
Date Reported:
\n
15 Apr 2001
\n
Affected Packages:
\n
\nexuberant-ctags\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0430.
\n
More information:
\n
\nColin Phipps discovered that the exuberant-ctags packages as distributed\nwith Debian GNU/Linux 2.2 creates temporary files insecurely. This has\nbeen fixed in version 1:3.2.4-0.1 of the Debian package, and upstream\nversion 3.5.\n

Note: DSA-046-1 included an incorrectly compiled sparc package, which\nthe second edition fixed.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/exuberant-ctags_3.2.4-0.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/exuberant-ctags_3.2.4-0.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/exuberant-ctags_3.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/exuberant-ctags_3.2.4-0.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/exuberant-ctags_3.2.4-0.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/exuberant-ctags_3.2.4-0.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/exuberant-ctags_3.2.4-0.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/exuberant-ctags_3.2.4-0.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/exuberant-ctags_3.2.4-0.1.1_sparc.deb
\n
\n\n\n
\n
", "47": "
\n

Debian Security Advisory

\n

DSA-047-1 kernel -- multiple security problems

\n
\n
Date Reported:
\n
16 Apr 2001
\n
Affected Packages:
\n
\nvarious kernel packages\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2529.
In Mitre's CVE dictionary: CVE-2001-1390, CVE-2001-1391, CVE-2001-1392, CVE-2001-1393, CVE-2001-1394, CVE-2001-1395, CVE-2001-1396, CVE-2001-1397, CVE-2001-1398, CVE-2001-1399, CVE-2001-1400.
\n
More information:
\n
\nThe kernels used in Debian GNU/Linux 2.2 have been found to have\nmultiple security problems. This is a list of problems based\non the 2.2.19 release notes as found on \nhttp://www.linux.org.uk/:\n
    \n
  • binfmt_misc used user pages directly\n
  • the CPIA driver had an off-by-one error in the buffer code which made\n it possible for users to write into kernel memory\n
  • the CPUID and MSR drivers had a problem in the module unloading code\n which could cause a system crash if they were set to automatically load\n and unload (please note that Debian does not automatically unload kernel\n modules)\n
  • There was a possible hang in the classifier code\n
  • The getsockopt and setsockopt system calls did not handle sign bits\n correctly which made a local DoS and other attacks possible\n
  • The sysctl system call did not handle sign bits correctly which allowed\n a user to write in kernel memory\n
  • ptrace/exec races that could give a local user extra privileges\n
  • possible abuse of a boundary case in the sockfilter code\n
  • SYSV shared memory code could overwrite recently freed memory which might\n cause problems\n
  • The packet length checks in the masquerading code were a bit lax\n (probably not exploitable)\n
  • Some x86 assembly bugs caused the wrong number of bytes to be copied.\n
  • A local user could deadlock the kernel due to bugs in the UDP port\n allocation.\n
\n

All these problems are fixed in the 2.2.19 kernel, and it is highly\nrecommend that you upgrade machines to this kernel.\n

Please note that kernel upgrades are not done automatically. You will\nhave to explicitly tell the packaging system to install the right kernel\nfor your system.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-source-2.2.19_2.2.19.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-alpha_2.2.19-1.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-arm_20010414.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-2.2.19-i386_2.2.19-2.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-headers-2.2.19-m68k_2.2.19-2.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-m68k_2.2.19-2.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-patch-2.2.19-powerpc_2.2.19-2.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/kernel-image-sparc-2.2_6.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-doc-2.2.19_2.2.19-2_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-source-2.2.19_2.2.19-2_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-headers-2.2.19-sparc_6_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-arm_20010414_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-m68k_2.2.19-2_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/kernel-patch-2.2.19-powerpc_2.2.19-2_all.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/kernel-image-2.2.19-riscpc_20010414_arm.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-headers-2.2.19_2.2.19-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-generic_2.2.19-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-jensen_2.2.19-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-nautilus_2.2.19-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/kernel-image-2.2.19-smp_2.2.19-1_alpha.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-headers-2.2.19_2.2.19-2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-amiga_2.2.19-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-atari_2.2.19-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-bvme6000_2.2.19-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mac_2.2.19-2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme147_2.2.19-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/kernel-image-2.2.19-mvme16x_2.2.19-1_m68k.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-compact_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-ide_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19-idepci_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-headers-2.2.19_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-compact_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-ide_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19-idepci_2.2.19-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/kernel-image-2.2.19_2.2.19-2_i386.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-headers-2.2.19_2.2.19-2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-chrp_2.2.19-2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-pmac_2.2.19-2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/kernel-image-2.2.19-prep_2.2.19-2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4cdm_6_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-pci_6_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4dm-smp_6_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u-smp_6_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/kernel-image-2.2.19-sun4u_6_sparc.deb
\n
\n\n\n
\n
", "48": "
\n

Debian Security Advisory

\n

DSA-048-3 samba -- symlink attack

\n
\n
Date Reported:
\n
09 May 2001
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2617.
In Mitre's CVE dictionary: CVE-2001-0406.
\n
More information:
\n
\nMarcus Meissner discovered that samba was not creating temporary\nfiles safely in two places:\n
    \n
  • when a remote user queried a printer queue samba would create a\n temporary file in which the queue data would be written. This was being\n done using a predictable filename, and insecurely, allowing a local\n attacker to trick samba into overwriting arbitrary files.\n
  • smbclient \"more\" and \"mput\" commands also created temporary files\n in /tmp insecurely.\n
\n

Both problems have been fixed in version 2.0.7-3.2, and we recommend\nthat you upgrade your samba package immediately. (This problem is also fixed\nin the Samba 2.2 codebase.)\n

Note: DSA-048-1 included an incorrectly compiled sparc package, which\nthe second edition fixed.\n

The third edition of the advisory was made because Marc Jacobsen from HP\ndiscovered that the security fixes from samba 2.0.8 did not fully fix the\n/tmp symlink attack problem. The samba team released version 2.0.9 to fix\nthat, and those fixes have been added to version 2.0.7-3.3 of the Debian\nsamba packages.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.3_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.3_sparc.deb
\n
\n\n\n
\n
", "49": "
\n

Debian Security Advisory

\n

DSA-049-1 cfingerd -- remote printf format attack

\n
\n
Date Reported:
\n
19 Apr 2001
\n
Affected Packages:
\n
\ncfingerd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2576.
In Mitre's CVE dictionary: CVE-2001-0609.
\n
More information:
\n
\nMegyer Laszlo report on Bugtraq that the cfingerd daemon as distributed\nwith Debian GNU/Linux 2.2 was not careful in its logging code. By\ncombining this with an off-by-one error in the code that copied the\nusername from an ident response cfingerd could be exploited by a remote\nuser. Since cfingerd does not drop its root privileges until after\nit has determined which user to finger an attacker can gain\nroot privileges.\n

This has been fixed in version 1.4.1-1.1, and we recommend that you\nupgrade your cfingerd package immediately.\n

Note: this advisory was previously posted as DSA-048-1 by mistake.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cfingerd_1.4.1-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cfingerd_1.4.1-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cfingerd_1.4.1-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cfingerd_1.4.1-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cfingerd_1.4.1-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cfingerd_1.4.1-1.1_sparc.deb
\n
\n\n\n
\n
", "50": "
\n

Debian Security Advisory

\n

DSA-050-1 sendfile -- broken privileges dropping, broken tempfile

\n
\n
Date Reported:
\n
20 Apr 2001
\n
Affected Packages:
\n
\nsendfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0623.
\n
More information:
\n
\nColin Phipps and Daniel Kobras discovered and fixed several serious\nbugs in the saft daemon `sendfiled' which caused it to drop privileges\nincorrectly. Exploiting this a local user can easily make it execute\narbitrary code under root privileges.\n

We recommend you upgrade your sendfile packages immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/sendfile_2.1-20.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/sendfile_2.1-20.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/sendfile_2.1-20.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/sendfile_2.1-20.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sendfile_2.1-20.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/sendfile_2.1-20.2_sparc.deb
\n
\n\n\n
\n
", "51": "
\n

Debian Security Advisory

\n

DSA-051-1 netscape -- unexpected javascript execution

\n
\n
Date Reported:
\n
23 Apr 2001
\n
Affected Packages:
\n
\nnetscape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0596.
\n
More information:
\n
\nFlorian Wesch has discovered a problem (reported to bugtraq) with the\nway how Netscape handles comments in GIF files. The Netscape browser\ndoes not escape the GIF file comment in the image information page.\nThis allows javascript execution in the \"about:\" protocol and can for\nexample be used to upload the History (about:global) to a webserver,\nthus leaking private information. This problem has been fixed\nupstream in Netscape 4.77.\n

Since we haven't received source code for these packages, they are not\npart of the Debian GNU/Linux distribution, but are packaged up as `.deb'\nfiles for a convenient installation.\n

We recommend that you upgrade your Netscape packages immediately and\nremove older versions.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/contrib/source/netscape4.base_4.77-1.tar.gz
\n
http://security.debian.org/dists/stable/updates/contrib/source/netscape4.base_4.77-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/netscape4.77_4.77-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/netscape4.77_4.77-2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-ja-resource-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-java-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-ko-resource-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/netscape-zh-resource-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/navigator-nethelp-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/communicator-nethelp-477_4.77-2_all.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-all/communicator-spellchk-477_4.77-2_all.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape_4.77-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape-base-4-libc5_4.77-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/contrib/binary-i386/netscape-base-4_4.77-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/contrib/binary-i386/navigator_4.77-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/contrib/binary-i386/communicator_4.77-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/netscape-base-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/netscape-smotif-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/netscape-base-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/navigator-base-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/navigator-smotif-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/communicator-base-477_4.77-2_i386.deb
\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/communicator-smotif-477_4.77-2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "52": "
\n

Debian Security Advisory

\n

DSA-052-1 sendfile -- broken dropping of privileges

\n
\n
Date Reported:
\n
23 Apr 2001
\n
Affected Packages:
\n
\nsendfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0623.
\n
More information:
\n
\nDaniel Kobras has discovered and fixed a problem in sendfiled which\ncaused the daemon not to drop privileges as expected when sending\nnotification mails. Exploiting this, a local user can easily make it\nexecute arbitrary code under root privileges.\n

We recommend that you upgrade your sendfile package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1-20.3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/sendfile_2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/sendfile_2.1-20.3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/sendfile_2.1-20.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/sendfile_2.1-20.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/sendfile_2.1-20.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sendfile_2.1-20.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/sendfile_2.1-20.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "53": "
\n

Debian Security Advisory

\n

DSA-053-1 nedit -- insecure temporary file

\n
\n
Date Reported:
\n
27 Apr 2001
\n
Affected Packages:
\n
\nnedit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2667.
In Mitre's CVE dictionary: CVE-2001-0556.
\n
More information:
\n
\nThe nedit (Nirvana editor) package as shipped in the non-free section\naccompanying Debian GNU/Linux 2.2/potato had a bug in its printing code:\nwhen printing text it would create a temporary file with the to be\nprinted text and pass that on to the print system. The temporary file\nwas not created safely, which could be exploited by an attacked to make\nnedit overwrite arbitrary files.\n

This has been fixed in version 5.02-7.1.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02-7.1.dsc
\n
http://security.debian.org/dists/stable/updates/non-free/source/nedit_5.02.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/non-free/binary-alpha/nedit_5.02-7.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/non-free/binary-arm/nedit_5.02-7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/non-free/binary-i386/nedit_5.02-7.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/non-free/binary-m68k/nedit_5.02-7.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/non-free/binary-powerpc/nedit_5.02-7.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/non-free/binary-sparc/nedit_5.02-7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "54": "
\n

Debian Security Advisory

\n

DSA-054-1 cron -- local root exploit

\n
\n
Date Reported:
\n
07 May 2001
\n
Affected Packages:
\n
\ncron\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0559.
\n
More information:
\n
\nA recent (fall 2000) security fix to cron introduced an error in giving\nup privileges before invoking the editor. This was discovered by Sebastian\nKrahmer from SuSE. A malicious user could easily gain root access.\n

This has been fixed in version 3.0pl1-57.3 (or 3.0pl1-67 for unstable).\nNo exploits are known to exist, but we recommend that you upgrade your\ncron packages immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1-57.3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1-57.3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cron_3.0pl1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cron_3.0pl1-57.3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cron_3.0pl1-57.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cron_3.0pl1-57.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cron_3.0pl1-57.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cron_3.0pl1-57.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cron_3.0pl1-57.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "55": "
\n

Debian Security Advisory

\n

DSA-055-1 zope -- remote unauthorized access

\n
\n
Date Reported:
\n
07 May 2001
\n
Affected Packages:
\n
\nzope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0567.
\n
More information:
\n
\nA new Zope hotfix has been released which fixes a problem in ZClasses.\nThe README for the 2001-05-01 hotfix describes the problem as `any user\ncan visit a ZClass declaration and change the ZClass permission mappings\nfor methods and other objects defined within the ZClass, possibly\nallowing for unauthorized access within the Zope instance.'\n

This hotfix has been added in version 2.1.6-10, and we highly recommend\nthat you upgrade your zope package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-10.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6-10.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/zope_2.1.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/zope_2.1.6-10_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/zope_2.1.6-10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zope_2.1.6-10_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zope_2.1.6-10_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zope_2.1.6-10_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/zope_2.1.6-10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "56": "
\n

Debian Security Advisory

\n

DSA-056-1 man-db -- local file overwrite

\n
\n
Date Reported:
\n
08 May 2001
\n
Affected Packages:
\n
\nman-db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2720.
In Mitre's CVE dictionary: CVE-2001-1331.
\n
More information:
\n
\nEthan Benson found a bug in man-db packages as distributed in\nDebian GNU/Linux 2.2. man-db includes a mandb tool which is used to\nbuild an index of the manual pages installed on a system. When the -u or\n-c option were given on the command-line to tell it to write its database\nto a different location it failed to properly drop privileges before\ncreating a temporary file. This makes it possible for an attacker to do\na standard symlink attack to trick mandb into overwriting any file that\nis writable by uid man, which includes the man and mandb binaries.\n

This has been fixed in version 2.3.16-3, and we recommend that you\nupgrade your man-db package immediately. If you use suidmanager\nyou can also use that to make sure man and mandb are not installed\nsuid which protects you from this problem. This can be done with the\nfollowing commands:\n

\n  suidregister /usr/lib/man-db/man root root 0755\n  suidregister /usr/lib/man-db/mandb root root 0755\n
\n

Of course even when using suidmanager an upgrade is still strongly\nrecommended.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-3.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/man-db_2.3.16-3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/man-db_2.3.16-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/man-db_2.3.16-3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/man-db_2.3.16-3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/man-db_2.3.16-3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/man-db_2.3.16-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "57": "
\n

Debian Security Advisory

\n

DSA-057-1 gftp -- printf format attack

\n
\n
Date Reported:
\n
08 May 2001
\n
Affected Packages:
\n
\ngftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0489.
\n
More information:
\n
\nThe gftp package as distributed with Debian GNU/Linux 2.2 has a problem\nin its logging code: it logged data received from the network but it did\nnot protect itself from printf format attacks. An attacker can use this\nby making an FTP server return special responses that exploit this.\n

This has been fixed in version 2.0.6a-3.1, and we recommend that you\nupgrade your gftp package.\n

Note: this advisory was posted as DSA-055-1 by mistake.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/gftp_2.0.6a-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/gftp_2.0.6a-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/gftp_2.0.6a-3.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/gftp_2.0.6a-3.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gftp_2.0.6a-3.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/gftp_2.0.6a-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "58": "
\n

Debian Security Advisory

\n

DSA-058-1 exim -- local printf format attack

\n
\n
Date Reported:
\n
10 Jun 2001
\n
Affected Packages:
\n
\nexim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0690.
\n
More information:
\n
\nMegyer Laszlo found a printf format bug in the exim mail transfer\nagent. The code that checks the header syntax of an email logs\nan error without protecting itself against printf format attacks.\nIt's only exploitable locally with the -bS switch\n(in batched SMTP mode).\n

This problem has been fixed in version 3.12-10.1. Since that code is\nnot turned on by default a standard installation is not vulnerable,\nbut we still recommend to upgrade your exim package.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12.orig.tar.gz
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3.12-10.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/eximon_3.12-10.1_arm.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/exim_3.12-10.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/eximon_3.12-10.1_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/exim_3.12-10.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/eximon_3.12-10.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_3.12-10.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/eximon_3.12-10.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/exim_3.12-10.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/eximon_3.12-10.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/exim_3.12-10.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/eximon_3.12-10.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "59": "
\n

Debian Security Advisory

\n

DSA-059-1 man-db -- symlink attack

\n
\n
Date Reported:
\n
12 Jun 2001
\n
Affected Packages:
\n
\nman-db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2720, BugTraq ID 2815.
In Mitre's CVE dictionary: CVE-2001-1331.
\n
More information:
\n
\nLuki R. reported a bug in man-db: it did not handle nested calls of\ndrop_effective_privs() and regain_effective_privs() correctly which\nwould cause it to regain privileges too early. This could be abused\nto make man create files as user man.\n

This has been fixed in version 2.3.16-4, and we recommend that you\nupgrade your man-db package immediately. If you use suidmanager you\ncan also use that to make sure man and mandb are not installed suid\nwhich protects you from this problem. This can be done with the\nfollowing commands:\n

\n   suidregister /usr/lib/man-db/man root root 0755\n   suidregister /usr/lib/man-db/mandb root root 0755\n
\n

\nOf course even when using suidmanager an upgrade is still strongly\nrecommended.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/man-db_2.3.16-4.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/man-db_2.3.16-4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/man-db_2.3.16-4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/man-db_2.3.16-4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/man-db_2.3.16-4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/man-db_2.3.16-4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/man-db_2.3.16-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "60": "
\n

Debian Security Advisory

\n

DSA-060-1 fetchmail -- buffer overflow

\n
\n
Date Reported:
\n
16 Jun 2001
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0819.
\n
More information:
\n
\nWolfram Kleff found a problem in fetchmail: it would crash when\nprocessing emails with extremely long headers. The problem was\na buffer overflow in the header parser which could be exploited.\n

This has been fixed in version 5.3.3-1.2, and we recommend that\nyou upgrade your fetchmail package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-1.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-1.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/fetchmailconf_5.3.3-1.2_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/fetchmail_5.3.3-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/fetchmail_5.3.3-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/fetchmail_5.3.3-1.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/fetchmail_5.3.3-1.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/fetchmail_5.3.3-1.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/fetchmail_5.3.3-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "61": "
\n

Debian Security Advisory

\n

DSA-061-1 gnupg -- printf format attack

\n
\n
Date Reported:
\n
16 Jun 2001
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2797.
In Mitre's CVE dictionary: CVE-2001-0522.
\n
More information:
\n
\nThe version of GnuPG (GNU Privacy Guard, an OpenPGP implementation)\nas distributed in Debian GNU/Linux 2.2 suffers from two problems:\n
    \n
  1. fish stiqz reported on bugtraq that there was a printf format\nproblem in the do_get() function: it printed a prompt which included\nthe filename that was being decrypted without checking for\npossible printf format attacks. This could be exploited by tricking\nsomeone into decrypting a file with a specially crafted filename.\n
  2. The second bug is related to importing secret keys: when gnupg\nimported a secret key it would immediately make the associated\npublic key fully trusted which changes your web of trust without\nasking for a confirmation. To fix this you now need a special\noption to import a secret key.\n
\n

Both problems have been fixed in version 1.0.6-0potato1.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.6-0potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.6-0potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/gnupg_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/gnupg_1.0.6-0potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/gnupg_1.0.6-0potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/gnupg_1.0.6-0potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/gnupg_1.0.6-0potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnupg_1.0.6-0potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/gnupg_1.0.6-0potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "62": "
\n

Debian Security Advisory

\n

DSA-062-1 rxvt -- buffer overflow

\n
\n
Date Reported:
\n
16 Jun 2001
\n
Affected Packages:
\n
\nrxvt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2878.
In Mitre's CVE dictionary: CVE-2001-1077.
\n
More information:
\n
\nSamuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a\nVT102 terminal emulator for X) have a buffer overflow in the\ntt_printf() function. A local user could abuse this making rxvt\nprint a special string using that function, for example by using\nthe -T or -name command-line options.\nThat string would cause a\nstack overflow and contain code which rxvt will execute.\n

Since rxvt is installed sgid utmp an attacker could use this\nto gain utmp which would allow them to modify the utmp file.\n

This has been fixed in version 2.6.2-2.1, and we recommend that\nyou upgrade your rxvt package.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2-2.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2-2.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/rxvt_2.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/rxvt-ml_2.6.2-2.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/rxvt_2.6.2-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/rxvt-ml_2.6.2-2.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/rxvt_2.6.2-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/rxvt-ml_2.6.2-2.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/rxvt_2.6.2-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/rxvt-ml_2.6.2-2.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/rxvt_2.6.2-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/rxvt-ml_2.6.2-2.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/rxvt_2.6.2-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/rxvt-ml_2.6.2-2.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/rxvt_2.6.2-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "63": "
\n

Debian Security Advisory

\n

DSA-063-1 xinetd -- change default umask

\n
\n
Date Reported:
\n
17 Jun 2001
\n
Affected Packages:
\n
\nxinetd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2826, BugTraq ID 2840.
In Mitre's CVE dictionary: CVE-2001-1322, CVE-2001-0763.
\n
More information:
\n
\nzen-parse reported on bugtraq that there is a possible buffer overflow\nin the logging code from xinetd. This could be triggered by using a\nfake identd that returns special replies when xinetd does an ident\nrequest.\n

Another problem is that xinetd sets it umask to 0. As a result any\nprograms that xinetd start that are not careful with file permissions\nwill create world-writable files.\n

Both problems have been fixed in version 2.1.8.8.p3-1.1.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3-1.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xinetd_2.1.8.8.p3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xinetd_2.1.8.8.p3-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xinetd_2.1.8.8.p3-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xinetd_2.1.8.8.p3-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xinetd_2.1.8.8.p3-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xinetd_2.1.8.8.p3-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xinetd_2.1.8.8.p3-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "64": "
\n

Debian Security Advisory

\n

DSA-064-1 w3m -- buffer overflow

\n
\n
Date Reported:
\n
21 Jun 2001
\n
Affected Packages:
\n
\nw3m\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0700.
\n
More information:
\n
\nSecureNet Service reported that w3m (a console web browser) has a\nbuffer overflow in its MIME header parsing code. This could be exploited\nby an attacker if by making a web-server a user visits return carefully\ncrafted MIME headers.\n

This has been fixed in version 0.1.10+0.1.11pre+kokb23-4, and we\nrecommend that you upgrade your w3m package.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m_0.1.10+0.1.11pre+kokb23-4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/w3m_0.1.10+0.1.11pre+kokb23-4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/w3m_0.1.10+0.1.11pre+kokb23-4_i386.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/w3m_0.1.10+0.1.11pre+kokb23-4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m_0.1.10+0.1.11pre+kokb23-4_sparc.deb
\n
\n\n\n
\n
", "65": "
\n

Debian Security Advisory

\n

DSA-065-1 samba -- remote file append/creation

\n
\n
Date Reported:
\n
23 Jun 2001
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2927.
In Mitre's CVE dictionary: CVE-2001-1162.
\n
More information:
\n
\nMichal Zalewski discovered that Samba does not properly validate\nNetBIOS names from remote machines.\n

By itself that is not a problem, except if Samba is configured to\nwrite log-files to a file that includes the NetBIOS name of the\nremote side by using the `%m' macro in the `log file' command. In\nthat case an attacker could use a NetBIOS name like '../tmp/evil'.\nIf the log-file was set to \"/var/log/samba/%s\" Samba would then\nwrite to /var/tmp/evil.\n

Since the NetBIOS name is limited to 15 characters and the `log\nfile' command could have an extension to the filename the results\nof this are limited. However if the attacker is also able to create\nsymbolic links on the Samba server they could trick Samba into\nappending any data they want to all files on the filesystem which\nSamba can write to.\n

The Debian GNU/Linux packaged version of Samba has a safe\nconfiguration and is not vulnerable.\n

As temporary workaround for systems that are vulnerable change all\noccurrences of the `%m' macro in smb.conf to `%l' and restart Samba.\n

This has been fixed in version 2.0.7-3.4, and we recommend that you\nupgrade your Samba package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7-3.4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/samba_2.0.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/samba-doc_2.0.7-3.4_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba-common_2.0.7-3.4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/samba_2.0.7-3.4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbclient_2.0.7-3.4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/smbfs_2.0.7-3.4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/swat_2.0.7-3.4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/samba-common_2.0.7-3.4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/samba_2.0.7-3.4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/smbclient_2.0.7-3.4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/smbfs_2.0.7-3.4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/swat_2.0.7-3.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/samba-common_2.0.7-3.4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/samba_2.0.7-3.4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/smbclient_2.0.7-3.4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/smbfs_2.0.7-3.4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/swat_2.0.7-3.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba-common_2.0.7-3.4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/samba_2.0.7-3.4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbclient_2.0.7-3.4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/smbfs_2.0.7-3.4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/swat_2.0.7-3.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba-common_2.0.7-3.4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/samba_2.0.7-3.4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbclient_2.0.7-3.4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/smbfs_2.0.7-3.4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/swat_2.0.7-3.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba-common_2.0.7-3.4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/samba_2.0.7-3.4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbclient_2.0.7-3.4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/smbfs_2.0.7-3.4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/swat_2.0.7-3.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "66": "
\n

Debian Security Advisory

\n

DSA-066-1 cfingerd -- remote exploit

\n
\n
Date Reported:
\n
11 Jul 2001
\n
Affected Packages:
\n
\ncfingerd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2914, BugTraq ID 2915.
In Mitre's CVE dictionary: CVE-2001-0735.
\n
More information:
\n
\nSteven van Acker reported on bugtraq that the version of cfingerd (a\nconfigurable finger daemon) as distributed in Debian GNU/Linux 2.2\nsuffers from two problems:\n
    \n
  1. The code that reads configuration files (files in which $ commands are\n expanded) copied its input to a buffer without checking for a buffer\n overflow. When the ALLOW_LINE_PARSING feature is enabled that code\n is used for reading users' files as well, so local users could exploit\n this.\n
  2. There also was a printf call in the same routine that did not protect\n against printf format attacks.\n
\n

Since ALLOW_LINE_PARSING is enabled in the default /etc/cfingerd.conf\nlocal users could use this to gain root access.\n

This has been fixed in version 1.4.1-1.2, and we recommend that you upgrade\nyour cfingerd package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1-1.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cfingerd_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cfingerd_1.4.1-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cfingerd_1.4.1-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cfingerd_1.4.1-1.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cfingerd_1.4.1-1.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cfingerd_1.4.1-1.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cfingerd_1.4.1-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "67": "
\n

Debian Security Advisory

\n

DSA-067-1 apache -- Remote exploit

\n
\n
Date Reported:
\n
28 Jul 2001
\n
Affected Packages:
\n
\napache, apache-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3009.
In Mitre's CVE dictionary: CVE-2001-0925.
\n
More information:
\n
\nWe have received reports that the `apache' package, as included in\nthe Debian `stable' distribution, is vulnerable to the `artificially\nlong slash path directory listing vulnerability' as described on SecurityFocus.\n

This vulnerability was announced to bugtraq by Dan Harkless.\n

Quoting the SecurityFocus entry for this vulnerability:\n

\n

A problem in the package could allow directory indexing, and path\n discovery. In a default configuration, Apache enables mod_dir,\n mod_autoindex, and mod_negotiation. However, by placing a custom\n crafted request to the Apache server consisting of a long path name\n created artificially by using numerous slashes, this can cause these\n modules to misbehave, making it possible to escape the error page,\n and gain a listing of the directory contents.\n

This vulnerability makes it possible for a malicious remote user\n to launch an information gathering attack, which could potentially\n result in compromise of the system. Additionally, this vulnerability\n affects all releases of Apache previous to 1.3.19.\n

\n

This problem has been fixed in apache-ssl 1.3.9-13.3 and\napache 1.3.9-14. We recommend that you upgrade your packages\nimmediately.

\n

Warning: The MD5Sum of the .dsc and .diff.gz file don't match\nsince they were copied from the stable release afterwards, the\ncontent of the .diff.gz file is the same, though, checked.

\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n

apache

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache_1.3.9-14_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-common_1.3.9-14_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-dev_1.3.9-14_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache_1.3.9-14_sparc.deb
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14_all.deb
\n

apache-ssl

\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-ssl_1.3.9.13-3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-ssl_1.3.9.13-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-ssl_1.3.9.13-3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-ssl_1.3.9.13-3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-ssl_1.3.9.13-3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-ssl_1.3.9.13-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "68": "
\n

Debian Security Advisory

\n

DSA-068-1 openldap -- remote DoS

\n
\n
Date Reported:
\n
09 Aug 2001
\n
Affected Packages:
\n
\nopenldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3049.
In Mitre's CVE dictionary: CVE-2001-0977.
CERT's vulnerabilities, advisories and incident notes: CA-2001-18.
\n
More information:
\n
\nThe CERT advisory lists a number of vulnerabilities in various\nLDAP implementations, based on the\nresults of the PROTOS LDAPv3 test suite. These tests found one\nproblem in OpenLDAP, a free LDAP implementation which is shipped\nas part of Debian GNU/Linux 2.2.\n

The problem is that slapd did not handle packets which had\nBER fields of invalid length and would crash if it received them.\nAn attacker could use this to mount a remote denial of service attack.\n

This problem has been fixed in version 1.2.12-1, and we recommend\nthat you upgrade your slapd package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/openldap_1.2.12-1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/ldap-rfc_1.2.12-1_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/libopenldap-runtime_1.2.12-1_all.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap-dev_1.2.12-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libopenldap1_1.2.12-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-gateways_1.2.12-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/openldap-utils_1.2.12-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/openldapd_1.2.12-1_arm.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap-dev_1.2.12-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libopenldap1_1.2.12-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-gateways_1.2.12-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldap-utils_1.2.12-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/openldapd_1.2.12-1_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap-dev_1.2.12-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libopenldap1_1.2.12-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-gateways_1.2.12-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/openldap-utils_1.2.12-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/openldapd_1.2.12-1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap-dev_1.2.12-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libopenldap1_1.2.12-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-gateways_1.2.12-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldap-utils_1.2.12-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/openldapd_1.2.12-1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap-dev_1.2.12-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libopenldap1_1.2.12-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-gateways_1.2.12-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldap-utils_1.2.12-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/openldapd_1.2.12-1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap-dev_1.2.12-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libopenldap1_1.2.12-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-gateways_1.2.12-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldap-utils_1.2.12-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/openldapd_1.2.12-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "69": "
\n

Debian Security Advisory

\n

DSA-069-1 xloadimage -- buffer overflow

\n
\n
Date Reported:
\n
09 Aug 2001
\n
Affected Packages:
\n
\nxloadimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3006.
In Mitre's CVE dictionary: CVE-2001-0775.
\n
More information:
\n
\nThe version of xloadimage (a graphics files viewer for X) that was\nshipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that\nhandles FACES format images. This could be exploited by an attacker by\ntricking someone into viewing a specially crafted image using xloadimage\nwhich would allow them to execute arbitrary code.\n

This problem was fixed in version 4.1-5potato1.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1-5potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1-5potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xloadimage_4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xloadimage_4.1-5potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xloadimage_4.1-5potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xloadimage_4.1-5potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xloadimage_4.1-5potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xloadimage_4.1-5potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xloadimage_4.1-5potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "70": "
\n

Debian Security Advisory

\n

DSA-070-1 netkit-telnet -- remote exploit

\n
\n
Date Reported:
\n
10 Aug 2001
\n
Affected Packages:
\n
\nnetkit-telnet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3064.
In Mitre's CVE dictionary: CVE-2001-0554.
\n
More information:
\n
\nThe netkit-telnet daemon contained in the telnetd package version\n0.16-4potato1, which is shipped with\nthe \"stable\" (2.2, potato) distribution of Debian GNU/Linux, is vulnerable to an\nexploitable overflow in its output handling.\n

\nThe original bug was found by <scut@nb.in-berlin.de>, and announced to\nbugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were\nnot believed to be vulnerable.\n

\nOn Aug 10 2001, zen-parse posted an advisory based on the same problem, for\nall netkit-telnet versions below 0.17.\n

\nMore details can be found on http://online.securityfocus.com/archive/1/203000.\nAs Debian uses the `telnetd' user to run in.telnetd, this is not a remote\nroot compromise on Debian systems; however, the user `telnetd' can be compromised.\n

We strongly advise you update your telnetd package to the versions\nlisted below.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16-4potato.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet_0.16-4potato.2.dsc
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet_0.16-4potato.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd_0.16-4potato.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/telnet_0.16-4potato.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd_0.16-4potato.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/telnet_0.16-4potato.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd_0.16-4potato.2_i386.deb
\n
Motorola 680x0 architecture:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet_0.16-4potato.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd_0.16-4potato.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet_0.16-4potato.2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd_0.16-4potato.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet_0.16-4potato.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd_0.16-4potato.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "71": "
\n

Debian Security Advisory

\n

DSA-071-1 fetchmail -- memory corruption

\n
\n
Date Reported:
\n
10 Aug 2001
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3164, BugTraq ID 3166.
In Mitre's CVE dictionary: CVE-2001-1009.
\n
More information:
\n
\nSalvatore Sanfilippo found two remotely exploitable problems in\nfetchmail while doing a security audit. In both the IMAP code\nand the POP3 code, the input isn't verified even though it's used to store\na number in an array. Since\nno bounds checking is done this can be used by an attacker to write\narbitrary data in memory. An attacker can use this if they can get a user\nto transfer mail from a custom IMAP or POP3 server they control.\n

This has been fixed in version 5.3.3-3, we recommend that you\nupdate your fetchmail packages immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3-3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/fetchmail_5.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/fetchmailconf_5.3.3-3_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/fetchmail_5.3.3-3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/fetchmail_5.3.3-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/fetchmail_5.3.3-3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/fetchmail_5.3.3-3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/fetchmail_5.3.3-3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/fetchmail_5.3.3-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "72": "
\n

Debian Security Advisory

\n

DSA-072-1 groff -- printf format attack

\n
\n
Date Reported:
\n
10 Aug 2001
\n
Affected Packages:
\n
\ngroff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3103.
In Mitre's CVE dictionary: CVE-2001-1022.
\n
More information:
\n
\nZenith Parse found a security problem in groff (the GNU version of\ntroff). The pic command was vulnerable to a printf format attack\nwhich made it possible to circumvent the `-S' option and execute\narbitrary code.\n

This has been fixed in version 1.15.2-2, and we recommend that you upgrade\nyour groff packages immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/groff_1.15.2-2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/groff_1.15.2-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/groff_1.15.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/groff_1.15.2-2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/groff_1.15.2-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/groff_1.15.2-2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/groff_1.15.2-2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/groff_1.15.2-2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/groff_1.15.2-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "73": "
\n

Debian Security Advisory

\n

DSA-073-1 imp -- 3 remote exploits

\n
\n
Date Reported:
\n
11 Aug 2001
\n
Affected Packages:
\n
\nimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3082, BugTraq ID 3083.
In Mitre's CVE dictionary: CVE-2001-1257, CVE-2001-1258, CVE-2001-1370.
\n
More information:
\n
\nThe Horde team released version 2.2.6 of IMP (a web based IMAP mail\nprogram) which fixes three security problems. Their release announcement\ndescribes them as follows:\n
    \n
  1. A PHPLIB vulnerability allowed an attacker to provide a value for the\n array element $_PHPLIB[libdir], and thus to get scripts from another\n server to load and execute. This vulnerability is remotely\n exploitable. (Horde 1.2.x ships with its own customized version of\n PHPLIB, which has now been patched to prevent this problem.)\n
  2. By using tricky encodings of \"javascript:\" an attacker can cause\n malicious JavaScript code to execute in the browser of a user reading\n email sent by attacker. (IMP 2.2.x already filters many such\n patterns; several new ones that were slipping past the filters are\n now blocked.)\n
  3. A hostile user that can create a publicly-readable file named\n \"prefs.lang\" somewhere on the Apache/PHP server can cause that file\n to be executed as PHP code. The IMP configuration files could thus\n be read, the Horde database password used to read and alter the\n database used to store contacts and preferences, etc. We do not\n believe this is remotely exploitable directly through Apache/PHP/IMP;\n however, shell access to the server or other means (e.g., FTP) could\n be used to create this file.\n
\n

This has been fixed in version 2:2.2.6-0.potato.1. Please note that you\nwill also need to upgrade the horde package to the same version.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/horde_1.2.6-0.potato.1_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/imp_2.2.6-0.potato.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "74": "
\n

Debian Security Advisory

\n

DSA-074-1 wmaker -- buffer overflow

\n
\n
Date Reported:
\n
12 Aug 2001
\n
Affected Packages:
\n
\nwmaker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-1027.
\n
More information:
\n
\nAlban Hertroys found a buffer overflow in Window Maker (a popular window\nmanager for X). The code that handles titles in the window list menu did\nnot check the length of the title when copying it to a buffer. Since\napplications will set the title using data that can't be trusted (for\nexample, most web browsers will include the title of the web page being\nshown in the title of their window), this could be exploited remotely.\n

This has been fixed in version 0.61.1-4.1 of the Debian package, and\nupstream version 0.65.1. We recommend that you update your Window\nMaker package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "75": "
\n

Debian Security Advisory

\n

DSA-075-1 netkit-telnet-ssl -- remote exploit

\n
\n
Date Reported:
\n
14 Aug 2001
\n
Affected Packages:
\n
\nnetkit-telnet-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0554.
\n
More information:
\n
\nThe telnet daemon contained in the netkit-telnet-ssl_0.16.3-1 package in\nthe 'stable' (potato) distribution of Debian GNU/Linux is vulnerable to an\nexploitable overflow in its output handling.\nThe original bug was found by <scut@nb.in-berlin.de>, and announced to\nbugtraq on Jul 18 2001. At that time, netkit-telnet versions after 0.14 were\nnot believed to be vulnerable.\n

On Aug 10 2001, zen-parse posted an advisory based on the same problem, for\nall netkit-telnet versions below 0.17.\n

More details can be found on\nSecurityFocus.\nAs Debian uses the 'telnetd' user to run in.telnetd, this is not a remote\nroot compromise on Debian systems; the 'telnetd' user can be compromised.\n

We strongly advise you update your netkit-telnet-ssl packages to the versions\nlisted below.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3-1.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/netkit-telnet-ssl_0.16.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssltelnet_0.16.3-1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnet-ssl_0.16.3-1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/telnetd-ssl_0.16.3-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/ssltelnet_0.16.3-1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/telnet-ssl_0.16.3-1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/telnetd-ssl_0.16.3-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/ssltelnet_0.16.3-1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/telnet-ssl_0.16.3-1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/telnetd-ssl_0.16.3-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssltelnet_0.16.3-1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnet-ssl_0.16.3-1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/telnetd-ssl_0.16.3-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssltelnet_0.16.3-1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnet-ssl_0.16.3-1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/telnetd-ssl_0.16.3-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssltelnet_0.16.3-1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnet-ssl_0.16.3-1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/telnetd-ssl_0.16.3-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n
MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "76": "
\n

Debian Security Advisory

\n

DSA-076-1 most -- buffer overflow

\n
\n
Date Reported:
\n
18 Sep 2001
\n
Affected Packages:
\n
\nmost\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3347.
In Mitre's CVE dictionary: CVE-2001-0961.
\n
More information:
\n
\nPavel Machek has found a buffer overflow in the `most' pager program.\nThe problem is part of most's tab expansion where the program would\nwrite beyond the bounds two array variables when viewing a malicious\nfile. This could lead into other data structures being overwritten\nwhich in turn could enable most to execute arbitrary code being able\nto compromise the users environment.\n

This has been fixed in the upstream version 4.9.2 and an updated\nversion of 4.9.0 for Debian GNU/Linux 2.2.\n

We recommend that you upgrade your most package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/most_4.9.0-2.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/most_4.9.0-2.1.dsc
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/most_4.9.0-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/most_4.9.0-2.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/most_4.9.0-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/most_4.9.0-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/most_4.9.0-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/most_4.9.0-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "77": "
\n

Debian Security Advisory

\n

DSA-077-1 squid -- remote DoS

\n
\n
Date Reported:
\n
24 Sep 2001
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3354.
In Mitre's CVE dictionary: CVE-2001-0843.
\n
More information:
\n
\nVladimir Ivaschenko found a problem in squid (a popular proxy cache).\nHe discovered that there was a flaw in the code to handle FTP PUT\ncommands: when a mkdir-only request was done squid would detect\nan internal error and exit. Since squid is configured to restart\nitself on problems this is not a big problem.\n

This has been fixed in version 2.2.5-3.2. This problem is logged\nas bug 233 in the squid bugtracker and will also be fixed in\nfuture squid releases.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/squid_2.2.5-3.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/squid_2.2.5-3.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/squid_2.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/squid-cgi_2.2.5-3.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/squid_2.2.5-3.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/squidclient_2.2.5-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/squid-cgi_2.2.5-3.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/squid_2.2.5-3.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/squidclient_2.2.5-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/squid-cgi_2.2.5-3.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/squid_2.2.5-3.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/squidclient_2.2.5-3.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/squid-cgi_2.2.5-3.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/squid_2.2.5-3.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/squidclient_2.2.5-3.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/squid-cgi_2.2.5-3.2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/squid_2.2.5-3.2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/squidclient_2.2.5-3.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/squid-cgi_2.2.5-3.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/squid_2.2.5-3.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/squidclient_2.2.5-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "78": "
\n

Debian Security Advisory

\n

DSA-078-1 slrn -- remote command invocation

\n
\n
Date Reported:
\n
24 Sep 2001
\n
Affected Packages:
\n
\nslrn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3364.
In Mitre's CVE dictionary: CVE-2001-1035.
\n
More information:
\n
\nByrial Jensen found a nasty problem in slrn (a threaded news reader).\nThe notice on slrn-announce describes it as follows:\n
\n

\n When trying to decode binaries, the built-in code executes any shell\n scripts the article might contain, apparently assuming they would be\n some kind of self-extracting archive.\n

\n
\n

This problem has been fixed in version 0.9.6.2-9potato2 by removing\nthis feature.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "79": "
\n

Debian Security Advisory

\n

DSA-079-2 uucp -- uucp uid/gid access

\n
\n
Date Reported:
\n
08 Feb 2002
\n
Affected Packages:
\n
\nuucp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3312.
In Mitre's CVE dictionary: CVE-2001-0873.
\n
More information:
\n
\n

Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It\npermits a local user to copy any file to anywhere which is writable by\nthe uucp uid, which effectively means that a local user can completely\nsubvert the UUCP subsystem, including stealing mail, etc.

\n

If a remote user with UUCP access is able to create files on the local\nsystem, and can successfully make certain guesses about the local\ndirectory structure layout, then the remote user can also subvert the\nUUCP system. A default installation of UUCP will permit a remote user\nto create files on the local system if the UUCP public directory has\nbeen created with world write permissions.

\n

Obviously this security hole is serious for anybody who uses UUCP on a\nmulti-user system with untrusted users, or anybody who uses UUCP and\npermits connections from untrusted remote systems.

\n

It was thought that this problem has been fixed with DSA 079-1, but\nthat didn't fix all variations of the problem. The problem is fixed\nin version 1.06.1-11potato2 of uucp which uses a patch from the\nupstream author Ian Lance Taylor.

\n

We recommend that you upgrade your uucp package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/uucp_1.06.1-11potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/uucp_1.06.1-11potato2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/uucp_1.06.1-11potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/uucp_1.06.1-11potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/uucp_1.06.1-11potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/uucp_1.06.1-11potato2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "80": "
\n

Debian Security Advisory

\n

DSA-080-1 htdig -- unauthorized gathering of data

\n
\n
Date Reported:
\n
17 Oct 2001
\n
Affected Packages:
\n
\nhtdig\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0834.
\n
More information:
\n
\nNergal reported a vulnerability in the htsearch program which is\ndistributed as part of the ht://Dig package, an indexing and searching\nsystem for small domains or intranets. Using former versions it was\nable to pass the parameter -c to the cgi program in order to use a\ndifferent configuration file.\n

A malicious user could point htsearch to a file like\n/dev/zero and\nlet the server run in an endless loop, trying to read config\nparameters. If the user has write permission on the server they can\npoint the program to it and retrieve any file readable by the webserver\nuser id.\n

This problem has been fixed in version 3.1.5-2.0potato.1 for Debian\nGNU/Linux 2.2.\n

We recommend that you upgrade your htdig package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/htdig_3.1.5-2.0potato.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/htdig_3.1.5-2.0potato.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/htdig_3.1.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/htdig-doc_3.1.5-2.0potato.1_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/htdig_3.1.5-2.0potato.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/htdig_3.1.5-2.0potato.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/htdig_3.1.5-2.0potato.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/htdig_3.1.5-2.0potato.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/htdig_3.1.5-2.0potato.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/htdig_3.1.5-2.0potato.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "81": "
\n

Debian Security Advisory

\n

DSA-081-1 w3m -- Buffer Overflow

\n
\n
Date Reported:
\n
18 Oct 2001
\n
Affected Packages:
\n
\nw3m, w3m-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2895.
In Mitre's CVE dictionary: CVE-2001-0700.
\n
More information:
\n
\n

In SNS Advisory No. 32 a buffer overflow vulnerability has been\nreported in the routine which parses MIME headers that are returned\nfrom web servers. A malicious web server administrator could exploit\nthis and let the client web browser execute arbitrary code.

\n

w3m handles MIME headers included in the request/response message of\nHTTP communication like any other web browser. A buffer overflow will\noccur when w3m receives a MIME encoded header with base64 format.

\n

This problem has been fixed by the maintainer in version\n0.1.10+0.1.11pre+kokb23-4 of w3m and w3m-ssl (for the SSL-enabled\nversion), both for Debian GNU/Linux 2.2.

\n

We recommend that you upgrade your w3m packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/w3m_0.1.10+0.1.11pre+kokb23-4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/w3m-ssl_0.1.10+0.1.11pre+kokb23-4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/w3m-ssl_0.1.10+0.1.11pre+kokb23-4.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m_0.1.10+0.1.11pre+kokb23-4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/w3m_0.1.10+0.1.11pre+kokb23-4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/w3m_0.1.10+0.1.11pre+kokb23-4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_i386.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m_0.1.10+0.1.11pre+kokb23-4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/w3m-ssl_0.1.10+0.1.11pre+kokb23-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n
MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "82": "
\n

Debian Security Advisory

\n

DSA-082-1 xvt -- Buffer Overflow

\n
\n
Date Reported:
\n
18 Oct 2001
\n
Affected Packages:
\n
\nxvt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2964.
In Mitre's CVE dictionary: CVE-2001-1561.
\n
More information:
\n
\nChristophe Bailleux reported on bugtraq that Xvt is vulnerable to a\nbuffer overflow in its argument handling. Since Xvt is installed\nsetuid root, it was possible for a normal user to pass\ncarefully-crafted arguments to xvt so that xvt executed a root shell.\n

This problem has been fixed by the maintainer in version 2.1-13 of xvt\nfor Debian unstable and 2.1-13.0potato.1 for the stable Debian\nGNU/Linux 2.2.\n

We recommend that you upgrade your xvt package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xvt_2.1-13.0potato.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xvt_2.1-13.0potato.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xvt_2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xvt_2.1-13.0potato.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xvt_2.1-13.0potato.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xvt_2.1-13.0potato.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xvt_2.1-13.0potato.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xvt_2.1-13.0potato.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xvt_2.1-13.0potato.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "83": "
\n

Debian Security Advisory

\n

DSA-083-1 procmail -- insecure signal handling

\n
\n
Date Reported:
\n
18 Oct 2001
\n
Affected Packages:
\n
\nprocmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0905.
\n
More information:
\n
\nUsing older versions of procmail it was possible to make procmail\ncrash by sending it signals. On systems where procmail is installed\nsetuid this could be exploited to obtain unauthorized privileges.\n

This problem has been fixed in version 3.20 by the upstream\nmaintainer, included in Debian unstable, and was ported back to\nversion 3.15.2 which is available for the stable Debian GNU/Linux\n2.2.\n

We recommend that you upgrade your procmail package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2-1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/procmail_3.15.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/procmail_3.15.2-1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/procmail_3.15.2-1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/procmail_3.15.2-1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/procmail_3.15.2-1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/procmail_3.15.2-1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/procmail_3.15.2-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "84": "
\n

Debian Security Advisory

\n

DSA-084-1 gftp -- Information Retrieval

\n
\n
Date Reported:
\n
18 Oct 2001
\n
Affected Packages:
\n
\ngftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3446.
In Mitre's CVE dictionary: CVE-1999-1562.
\n
More information:
\n
\nStephane Gaudreault told\nus that version 2.0.6a of gftp displays the\npassword in plain text on the screen within the log window when it is\nlogging into an ftp server. A malicious colleague who is watching the\nscreen could gain access to the users shell on the remote machine.\n

This problem has been fixed by the Security Team in version 2.0.6a-3.2\nfor the stable Debian GNU/Linux 2.2.\n

We recommend that you upgrade your gftp package.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gftp_2.0.6a-3.2.dsc
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/gftp_2.0.6a-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/gftp_2.0.6a-3.2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/gftp_2.0.6a-3.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/gftp_2.0.6a-3.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gftp_2.0.6a-3.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/gftp_2.0.6a-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "85": "
\n

Debian Security Advisory

\n

DSA-085-1 nvi -- Format string vulnerability

\n
\n
Date Reported:
\n
20 Oct 2001
\n
Affected Packages:
\n
\nnvi, nvi-m17n\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\nTakeshi Uno found a very stupid format string vulnerability in all\nversions of nvi (in both, the plain and the multilingualized version).\nWhen a filename is saved, it ought to get displayed on the screen.\nThe routine handling this didn't escape format strings.\n

This problem has been fixed in version 1.79-16a.1 for nvi and\n1.79+19991117-2.3 for nvi-m17n for the stable Debian GNU/Linux 2.2.\n

Even if we don't believe that this could lead into somebody gaining\naccess of another users account if they haven't lost their brain, we\nrecommend that you upgrade your nvi packages.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/nvi-m17n_1.79+19991117-2.3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/nvi-m17n_1.79+19991117-2.3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/nvi-m17n_1.79+19991117.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/nvi_1.79-16a.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/nvi_1.79-16a.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/nvi_1.79.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/nvi-m17n-common_1.79+19991117-2.3_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/nvi-m17n-canna_1.79+19991117-2.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/nvi-m17n_1.79+19991117-2.3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/nvi_1.79-16a.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/nvi-m17n-canna_1.79+19991117-2.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/nvi-m17n_1.79+19991117-2.3_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/nvi_1.79-16a.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/nvi-m17n-canna_1.79+19991117-2.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/nvi-m17n_1.79+19991117-2.3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/nvi_1.79-16a.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/nvi-m17n-canna_1.79+19991117-2.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/nvi-m17n_1.79+19991117-2.3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/nvi_1.79-16a.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/nvi-m17n-canna_1.79+19991117-2.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/nvi-m17n_1.79+19991117-2.3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/nvi_1.79-16a.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/nvi-m17n-canna_1.79+19991117-2.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/nvi-m17n_1.79+19991117-2.3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/nvi_1.79-16a.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "86": "
\n

Debian Security Advisory

\n

DSA-086-1 ssh-nonfree -- remote root exploit

\n
\n
Date Reported:
\n
13 Nov 2001
\n
Affected Packages:
\n
\nssh-nonfree, ssh-socks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0361.
\n
More information:
\n
\n

We have received reports that the \"SSH CRC-32 compensation attack\ndetector vulnerability\" is being actively exploited. This is the same\ninteger type error previously corrected for OpenSSH in DSA-027-1.\nOpenSSH (the Debian ssh package) was fixed at that time, but\nssh-nonfree and ssh-socks were not.

\n

Though packages in the non-free section of the archive are not\nofficially supported by the Debian project, we are taking the unusual\nstep of releasing updated ssh-nonfree/ssh-socks packages for those\nusers who have not yet migrated to OpenSSH. However, we do recommend\nthat our users migrate to the regularly supported, DFSG-free \"ssh\"\npackage as soon as possible. ssh 1.2.3-9.3 is the OpenSSH package\navailable in Debian 2.2r4.

\n

The fixed ssh-nonfree/ssh-socks packages are available in version\n1.2.27-6.2 for use with Debian 2.2 (potato) and version 1.2.27-8 for\nuse with the Debian unstable/testing distribution. Note that the new\nssh-nonfree/ssh-socks packages remove the setuid bit from the ssh\nbinary, disabling rhosts-rsa authentication. If you need this\nfunctionality, run

\n

chmod u+s /usr/bin/ssh1

\n

after installing the new package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27-6.2.diff.gz
\n
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27-6.2.dsc
\n
http://security.debian.org/dists/potato/updates/non-free/source/ssh-nonfree_1.2.27.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-askpass-nonfree_1.2.27-6.2_alpha.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-nonfree_1.2.27-6.2_alpha.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-alpha/ssh-socks_1.2.27-6.2_alpha.deb
\n
ARM:\n Not yet available\n
Intel ia32:\n
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-askpass-nonfree_1.2.27-6.2_i386.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-nonfree_1.2.27-6.2_i386.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-i386/ssh-socks_1.2.27-6.2_i386.deb
\n
Motorola M680x0:\n
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-askpass-nonfree_1.2.27-6.2_m68k.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-nonfree_1.2.27-6.2_m68k.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-m68k/ssh-socks_1.2.27-6.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-askpass-nonfree_1.2.27-6.2_powerpc.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-nonfree_1.2.27-6.2_powerpc.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-powerpc/ssh-socks_1.2.27-6.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-askpass-nonfree_1.2.27-6.2_sparc.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-nonfree_1.2.27-6.2_sparc.deb
\n
http://security.debian.org/dists/potato/updates/non-free/binary-sparc/ssh-socks_1.2.27-6.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "87": "
\n

Debian Security Advisory

\n

DSA-087-1 wu-ftpd -- remote root exploit

\n
\n
Date Reported:
\n
03 Dec 2001
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3581.
In Mitre's CVE dictionary: CVE-2001-0550.
CERT's vulnerabilities, advisories and incident notes: CA-2001-18, VU#886083.
\n
More information:
\n
\nCORE ST reports that an exploit has been found for a bug in the wu-ftpd\nglob code (this is the code that handles filename wildcard expansion).\nAny logged in user (including anonymous FTP users) can exploit the bug\nto gain root privileges on the server.\n

This has been corrected in version 2.6.0-6 of the wu-ftpd package.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-6.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0-6.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/wu-ftpd_2.6.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/wu-ftpd-academ_2.6.0-6_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/wu-ftpd_2.6.0-6_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/wu-ftpd_2.6.1-6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/wu-ftpd_2.6.0-6_i386.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wu-ftpd_2.6.0-6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/wu-ftpd_2.6.0-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "88": "
\n

Debian Security Advisory

\n

DSA-088-1 fml -- improper character escaping

\n
\n
Date Reported:
\n
05 Dec 2001
\n
Affected Packages:
\n
\nfml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3623.
\n
More information:
\n
\nThe fml (a mailing list package) as distributed in Debian GNU/Linux 2.2\nsuffers from a cross-site scripting problem. When generating index\npages for list archives the `<' and `>' characters were not properly\nescaped for subjects.\n

This has been fixed in version 3.0+beta.20000106-5, and we recommend\nthat you upgrade your fml package to that version. Upgrading will\nautomatically regenerate the index pages.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106-5.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/fml_3.0+beta.20000106.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/fml_3.0+beta.20000106-5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "89": "
\n

Debian Security Advisory

\n

DSA-089-2 icecast-server -- remote root exploit (and others)

\n
\n
Date Reported:
\n
05 Dec 2001
\n
Affected Packages:
\n
\nicecast-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 2264, BugTraq ID 2932, BugTraq ID 2933.
In Mitre's CVE dictionary: CVE-2001-0784, CVE-2001-1083, CVE-2001-1230.
\n
More information:
\n
\n

The icecast-server (a streaming music server) package as distributed\nin Debian GNU/Linux 2.2 has several security problems:

\n
    \n
  • if a client added a / after the filename of a file to be downloaded\n the server would crash
    • \n
  • by escaping dots as E it was possible to circumvent security measures\n and download arbitrary files
    • \n
  • there were several buffer overflows that could be exploited to\n gain root access
    • \n
\n

These have been fixed in version 1.3.10-1, and we strongly recommend\nthat you upgrade your icecast-server package immediately.\n

The i386 package mentioned in the DSA-089-1 advisory was incorrectly\ncompiled and will not run on Debian GNU/Linux potato machines. This\nhas been corrected in version 1.3.10-1.1.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/icecast-server_1.3.10-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/icecast-server_1.3.10-1.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/icecast-server_1.3.10-1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/icecast-server_1.3.10-1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/icecast-server_1.3.10-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/icecast-server_1.3.10-1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/icecast-server_1.3.10-1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/icecast-server_1.3.10-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n(DSA-089-2)\n

\n\n
\n
", "90": "
\n

Debian Security Advisory

\n

DSA-090-1 xtel -- symlink attack

\n
\n
Date Reported:
\n
05 Dec 2001
\n
Affected Packages:
\n
\nxtel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3626.
In Mitre's CVE dictionary: CVE-2002-0334.
\n
More information:
\n
\n

The xtel (an X emulator for minitel) package as distributed with Debian\nGNU/Linux 2.2 has two possible symlink attacks:

\n
    \n
  • xteld creates a temporary file /tmp/.xtel-<user>\n without checking for symlinks.
    • \n
  • when printing a hardcopy xtel would create a temporary file without\n protecting itself against symlink attacks.
    • \n
\n

Both problems have been fixed in version 3.2.1-4.potato.1 .\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xtel_3.2.1-4.potato.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xtel_3.2.1-4.potato.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xtel_3.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xtel_3.2.1-4.potato.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xtel_3.2.1-4.potato.1_arm.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xtel_3.2.1-4.potato.1_m68k.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xtel_3.2.1-4.potato.1_i386.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xtel_3.2.1-4.potato.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xtel_3.2.1-4.potato.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "91": "
\n

Debian Security Advisory

\n

DSA-091-1 ssh -- influencing login

\n
\n
Date Reported:
\n
05 Dec 2001
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3614.
In Mitre's CVE dictionary: CVE-2001-0872.
\n
More information:
\n
\nIf the UseLogin feature is enabled in ssh local users could\npass environment variables (including variables like LD_PRELOAD)\nto the login process. This has been fixed by not copying the\nenvironment if UseLogin is enabled.\n

Please note that the default configuration for Debian does not\nhave UseLogin enabled.\n

This has been fixed in version 1:1.2.3-9.4.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3-9.4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/openssh_1.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/ssh-askpass-ptk_1.2.3-9.4_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh-askpass-gnome_1.2.3-9.4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/ssh_1.2.3-9.4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/ssh-askpass-gnome_1.2.3-9.4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/ssh_1.2.3-9.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/ssh-askpass-gnome_1.2.3-9.4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/ssh_1.2.3-9.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh-askpass-gnome_1.2.3-9.4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/ssh_1.2.3-9.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh-askpass-gnome_1.2.3-9.4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ssh_1.2.3-9.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-askpass-gnome_1.2.3-9.4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "92": "
\n

Debian Security Advisory

\n

DSA-092-1 wmtv -- local root exploit

\n
\n
Date Reported:
\n
06 Dec 2001
\n
Affected Packages:
\n
\nwmtv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3658.
In Mitre's CVE dictionary: CVE-2001-1272.
\n
More information:
\n
\nNicolas Boullis found a nasty security problem in the wmtv (a\ndockable video4linux TV player for windowmaker) package as\ndistributed in Debian GNU/Linux 2.2.\n

wmtv can optionally run a command if you double-click on the TV\nwindow. This command can be specified using the -e command line\noption. However, since wmtv is installed suid root, this command\nwas also run as root, which gives local users a very simple way\nto get root access.\n

This has been fixed in version 0.6.5-2potato1 by dropping root\nprivileges before executing the command. We recommend that you\nupgrade your wmtv package immediately.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-2potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-2potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/wmtv_0.6.5-2potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/wmtv_0.6.5-2potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/wmtv_0.6.5-2potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/wmtv_0.6.5-2potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmtv_0.6.5-2potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/wmtv_0.6.5-2potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "93": "
\n

Debian Security Advisory

\n

DSA-093-1 postfix -- remote DoS

\n
\n
Date Reported:
\n
12 Dec 2001
\n
Affected Packages:
\n
\npostfix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0894.
\n
More information:
\n
\nWietse Venema reported he found a denial of service vulnerability in\npostfix. The SMTP session log that postfix keeps for debugging purposes\ncould grow to an unreasonable size.\n

This has been fixed in version 0.0.19991231pl11-2.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/postfix_0.0.19991231pl11-2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/postfix_0.0.19991231pl11-2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/postfix_0.0.19991231pl11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/postfix_0.0.19991231pl11-2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/postfix_0.0.19991231pl11-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/postfix_0.0.19991231pl11-2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/postfix_0.0.19991231pl11-2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/postfix_0.0.19991231pl11-2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/postfix_0.0.19991231pl11-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "94": "
\n

Debian Security Advisory

\n

DSA-094-1 mailman -- cross-site scripting hole

\n
\n
Date Reported:
\n
16 Dec 2001
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\nBarry A. Warsaw reported several cross-site scripting security holes\nin Mailman, due to non-existent escaping of CGI variables.\n

These have been fixed upstream in version 2.0.8, and the relevant\npatches have been backported to version 1.1-10 in Debian.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/mailman_1.1-10_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/mailman_1.1-10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/mailman_1.1-10_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/mailman_1.1-10_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mailman_1.1-10_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/mailman_1.1-10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "95": "
\n

Debian Security Advisory

\n

DSA-095-1 gpm -- local root vulnerability

\n
\n
Date Reported:
\n
27 Dec 2001
\n
Affected Packages:
\n
\ngpm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-1203.
\n
More information:
\n
\nThe package 'gpm' contains the gpm-root program, which can be used to\ncreate mouse-activated menus on the console.\nAmong other problems, the gpm-root program contains a format string\nvulnerability, which allows an attacker to gain root privileges.\n

This has been fixed in version 1.17.8-18.1, and we recommend that you upgrade\nyour 1.17.8-18 package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "96": "
\n

Debian Security Advisory

\n

DSA-096-2 mutt -- buffer overflow

\n
\n
Date Reported:
\n
03 Jan 2002
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0001.
\n
More information:
\n
\nJoost Pol found a buffer overflow in the address handling code of\nmutt (a popular mail user agent). Even though this is a one byte\noverflow this is exploitable.\n

This has been fixed upstream in version 1.2.5.1 and 1.3.25. The\nrelevant patch has been added to version 1.2.5-5 of the Debian\npackage.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5-5.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/mutt_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/mutt_1.2.5-5_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/mutt_1.2.5-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/mutt_1.2.5-5_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/mutt_1.2.5-5_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mutt_1.2.5-5_powerpc.deb
\n
SPARC:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/mutt_1.2.5-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n(DSA-096-2)\n

\n\n
\n
", "97": "
\n

Debian Security Advisory

\n

DSA-097-1 exim -- Uncontrolled program execution

\n
\n
Date Reported:
\n
03 Jan 2002
\n
Affected Packages:
\n
\nexim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Patrice Fournier discovered a bug in all versions of Exim older than\nExim 3.34 and Exim 3.952.

\n

The Exim maintainer, Philip Hazel,\nwrites about this issue: \"The\nproblem exists only in the case of a run time configuration which\ndirects or routes an address to a pipe transport without checking the\nlocal part of the address in any way. This does not apply, for\nexample, to pipes run from alias or forward files, because the local\npart is checked to ensure that it is the name of an alias or of a\nlocal user. The bug's effect is that, instead of obeying the correct\npipe command, a broken Exim runs the command encoded in the local part\nof the address.\"

\n

This problem has been fixed in Exim version 3.12-10.2 for the stable\ndistribution Debian GNU/Linux 2.2 and 3.33-1.1 for the testing and\nunstable distribution. We recommend that you upgrade your exim\npackage.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12-10.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/exim_3.12.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/exim_3.12-10.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/eximon_3.12-10.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/exim_3.12-10.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/eximon_3.12-10.2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/exim_3.12-10.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/eximon_3.12-10.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/exim_3.12-10.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/eximon_3.12-10.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/exim_3.12-10.2_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/eximon_3.12-10.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/exim_3.12-10.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/eximon_3.12-10.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "98": "
\n

Debian Security Advisory

\n

DSA-098-1 libgtop -- format string vulnerability and buffer overflow

\n
\n
Date Reported:
\n
09 Jan 2002
\n
Affected Packages:
\n
\nlibgtop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0927, CVE-2001-0928.
\n
More information:
\n
\n

Two different problems where found in libgtop-daemon:

\n
    \n
  • The laboratory intexxia found a format string problem in the logging\n code from libgtop_daemon. There were two logging functions which are\n called when authorizing a client which could be exploited by a remote\n user.\n
  • Flavio Veloso found a buffer overflow in the function that authorizes\n clients\n
\n

Since libgtop_daemon runs as user nobody both bugs could be used\nto gain access as the nobody user to a system running libgtop_daemon.

\n

Both problems have been fixed in version 1.0.6-1.1 and we recommend\nyou upgrade your libgtop-daemon package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop-daemon_1.0.6-1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop-dev_1.0.6-1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop1_1.0.6-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop-daemon_1.0.6-1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop-dev_1.0.6-1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop1_1.0.6-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop-daemon_1.0.6-1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop-dev_1.0.6-1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop1_1.0.6-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop-daemon_1.0.6-1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop-dev_1.0.6-1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop1_1.0.6-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop-daemon_1.0.6-1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop-dev_1.0.6-1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop1_1.0.6-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop-daemon_1.0.6-1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop-dev_1.0.6-1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop1_1.0.6-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "99": "
\n

Debian Security Advisory

\n

DSA-099-1 xchat -- IRC session hijacking

\n
\n
Date Reported:
\n
12 Jan 2002
\n
Affected Packages:
\n
\nXChat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0006.
\n
More information:
\n
\n

zen-parse found a vulnerability in the XChat IRC client that allows an\nattacker to take over the users IRC session.

\n

It is possible to trick XChat IRC clients into sending arbitrary\ncommands to the IRC server they are on, potentially allowing social\nengineering attacks, channel takeovers, and denial of service. This\nproblem exists in versions 1.4.2 and 1.4.3. Later versions of XChat\nare vulnerable as well, but this behaviour is controlled by the\nconfiguration variable \u00bbpercascii\u00ab, which defaults to 0. If it is set\nto 1 then the problem becomes apparent in 1.6/1.8 as well.

\n

This problem has been fixed in upstream version 1.8.7 and in version\n1.4.3-1 for the current stable Debian release (2.2) with a patch\nprovided from the upstream author Peter Zelezny. We recommend that\nyou upgrade your XChat packages immediately, since this problem is\nalready actively being exploited.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3-1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xchat_1.4.3-1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/xchat-common_1.4.3-1_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xchat-gnome_1.4.3-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xchat-text_1.4.3-1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xchat_1.4.3-1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xchat-gnome_1.4.3-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xchat-text_1.4.3-1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xchat_1.4.3-1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xchat-gnome_1.4.3-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xchat-text_1.4.3-1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xchat_1.4.3-1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xchat_1.4.3-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xchat-gnome_1.4.3-1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xchat-text_1.4.3-1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xchat-gnome_1.4.3-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xchat_1.4.3-1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xchat-text_1.4.3-1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xchat-text_1.4.3-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xchat-gnome_1.4.3-1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xchat_1.4.3-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "100": "
\n

Debian Security Advisory

\n

DSA-100-1 gzip -- Potential buffer overflow

\n
\n
Date Reported:
\n
13 Jan 2002
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-1228.
\n
More information:
\n
\n

GOBBLES found a buffer overflow in gzip that occurs when compressing\nfiles with really long filenames. Even though GOBBLES claims to have\ndeveloped an exploit to take advantage of this bug, it has been said\nby others that this problem is not likely to be exploitable as other\nsecurity incidents.

\n

Additionally, the Debian version of gzip from the stable release does\nnot segfault, and hence does not directly inherit this problem.\nHowever, better be safe than sorry, so we have prepared an update for\nyou.

\n

Please make sure you are running an up-to-date version from\nstable/unstable/testing with at least version 1.2.4-33.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4-33.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/gzip_1.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/gzip_1.2.4-33.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/gzip_1.2.4-33.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/gzip_1.2.4-33.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/gzip_1.2.4-33.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gzip_1.2.4-33.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/gzip_1.2.4-33.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "101": "
\n

Debian Security Advisory

\n

DSA-101-1 sudo -- Local root exploit

\n
\n
Date Reported:
\n
14 Jan 2002
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0043.
\n
More information:
\n
\n

Sebastian Krahmer from SuSE found a vulnerability in sudo which could\neasily lead into a local root exploit.

\n

This problem has been fixed in upstream version 1.6.4 as well as in\nversion 1.6.2p2-2.1 for the stable release of Debian GNU/Linux.

\n

We recommend that you upgrade your sudo packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "102": "
\n

Debian Security Advisory

\n

DSA-102-2 at -- daemon exploit

\n
\n
Date Reported:
\n
16 Jan 2002
\n
Affected Packages:
\n
\nat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0004.
\n
More information:
\n
\n

zen-parse found a bug in the current implementation of at which leads\ninto a heap corruption vulnerability which in turn could potentially\nlead into an exploit of the daemon user.

\n

We recommend that you upgrade your at packages.

\n

Unfortunately, the bugfix from DSA 102-1 wasn't propagated properly due\nto a packaging bug. While the file parsetime.y was fixed, and yy.tab.c\nshould be generated from it, yy.tab.c from the original source was still\nused. This has been fixed in DSA-102-2.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/at_3.1.8-10.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/at_3.1.8-10.2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/at_3.1.8-10.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/at_3.1.8-10.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/at_3.1.8-10.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/at_3.1.8-10.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "103": "
\n

Debian Security Advisory

\n

DSA-103-1 glibc -- buffer overflow

\n
\n
Date Reported:
\n
13 Jan 2002
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2001-0886.
\n
More information:
\n
\n

A buffer overflow has been found in the globbing code for glibc.\nThis is the code which is used to glob patterns for filenames and is\ncommonly used in applications like shells and FTP servers.

\n

This has been fixed in version 2.1.3-20 and we recommend that\nyou upgrade your libc package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-20.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3-20.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/glibc_2.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/glibc-doc_2.1.3-20_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/i18ndata_2.1.3-20_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dbg_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-dev_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-pic_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1-prof_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libc6.1_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libnss1-compat_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/locales_2.1.3-20_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/nscd_2.1.3-20_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dbg_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-dev_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-pic_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libc6-prof_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libc6_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/locales_2.1.3-20_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/nscd_2.1.3-20_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dbg_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-dev_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-pic_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libc6-prof_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libc6_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libnss1-compat_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/locales_2.1.3-20_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/nscd_2.1.3-20_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dbg_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-dev_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-pic_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6-prof_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libc6_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libnss1-compat_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/locales_2.1.3-20_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/nscd_2.1.3-20_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dbg_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-dev_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-pic_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6-prof_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libc6_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/locales_2.1.3-20_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/nscd_2.1.3-20_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dbg_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-dev_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-pic_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6-prof_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libc6_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/locales_2.1.3-20_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/nscd_2.1.3-20_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "104": "
\n

Debian Security Advisory

\n

DSA-104-1 cipe -- DoS attack

\n
\n
Date Reported:
\n
14 Jan 2002
\n
Affected Packages:
\n
\ncipe\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0047.
\n
More information:
\n
\n

Larry McVoy found a bug in the packet handling code for the CIPE\nVPN package: it did not check if a received packet was too short\nand could crash.

\n

This has been fixed in version 1.3.0-3, and we recommend that you\nupgrade your CIPE packages immediately.

\n

Please note that the package only contains the required kernel patch,\nyou will have to manually build the kernel modules for your kernel with the\nupdated source from the cipe-source package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cipe_1.3.0-3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cipe_1.3.0-3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cipe_1.3.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/cipe-common_1.3.0-3_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/cipe-source_1.3.0-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "105": "
\n

Debian Security Advisory

\n

DSA-105-1 enscript -- insecure temporary files

\n
\n
Date Reported:
\n
21 Jan 2002
\n
Affected Packages:
\n
\nenscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0044.
\n
More information:
\n
\n

The version of enscript (a tool to convert ASCII text to different\nformats) in potato has been found to create temporary files insecurely.

\n

This has been fixed in version 1.6.2-4.1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/enscript_1.6.2-4.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/enscript_1.6.2-4.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/enscript_1.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/enscript_1.6.2-4.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/enscript_1.6.2-4.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/enscript_1.6.2-4.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/enscript_1.6.2-4.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/enscript_1.6.2-4.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/enscript_1.6.2-4.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "106": "
\n

Debian Security Advisory

\n

DSA-106-2 rsync -- remote exploit

\n
\n
Date Reported:
\n
26 Jan 2002
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0048.
\n
More information:
\n
\nSebastian Krahmer found several places in rsync (a popular tool to synchronise files between machines)\nwhere signed and unsigned numbers\nwere mixed which resulted in insecure code (see securityfocus.com).\nThis could be abused by\nremote users to write 0-bytes in rsync's memory and trick rsync into\nexecuting arbitrary code.\n

This has been fixed in version 2.3.2-1.3 and we recommend you upgrade\nyour rsync package immediately.

\n

Unfortunately the patch used to fix that problem broke rsync.\nThis has been fixed in version 2.3.2-1.5 and we recommend you\nupgrade to that version immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.5.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.5.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.5_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.5_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.5_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n(DSA-106-2)\n

\n\n
\n
", "107": "
\n

Debian Security Advisory

\n

DSA-107-1 jgroff -- format print vulnerability

\n
\n
Date Reported:
\n
30 Jan 2002
\n
Affected Packages:
\n
\njgroff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\nBasically, this is the same Security Advisory as DSA 072-1, but for\njgroff instead of groff. The package jgroff contains a version\nderived from groff that has Japanese character sets enabled. This\npackage is available only in the stable release of Debian, patches for\nJapanese support have been merged into the main groff package.\n

The old advisory said:\n

Zenith Parse found a security problem in groff (the GNU version of\ntroff). The pic command was vulnerable to a printf format attack\nwhich made it possible to circumvent the `-S' option and execute\narbitrary code.\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja-3.4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/jgroff_1.15+ja.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/jgroff_1.15+ja-3.4_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/jgroff_1.15+ja-3.4_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/jgroff_1.15+ja-3.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/jgroff_1.15+ja-3.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/jgroff_1.15+ja-3.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/jgroff_1.15+ja-3.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "108": "
\n

Debian Security Advisory

\n

DSA-108-1 wmtv -- symlink vulnerability

\n
\n
Date Reported:
\n
07 Feb 2002
\n
Affected Packages:
\n
\nwmtv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0247, CVE-2002-0248.
\n
More information:
\n
\n

Nicolas Boullis found some security problems in the wmtv package (a\ndockable video4linux TV player for windowmaker) which is distributed\nin Debian GNU/Linux 2.2. With the current version of wmtv, the\nconfiguration file is written back as the superuser, and without any\nfurther checks. A malicious user might use that to damage important\nfiles.

\n

This problem has been fixed in version 0.6.5-2potato2 for the stable\ndistribution by dropping privileges as soon as possible and only\nregaining them where required. In the current testing/unstable\ndistribution this problem has been fixed in version 0.6.5-9 and above\nby not requiring privileges anymore. Both contain fixes for two\npotential buffer overflows as well.

\n

We recommend that you upgrade your wmtv packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-2potato2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-2potato2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/wmtv_0.6.5-2potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/wmtv_0.6.5-2potato2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/wmtv_0.6.5-2potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/wmtv_0.6.5-2potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmtv_0.6.5-2potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/wmtv_0.6.5-2potato2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "109": "
\n

Debian Security Advisory

\n

DSA-109-1 faqomatic -- cross-site scripting vulnerability

\n
\n
Date Reported:
\n
13 Feb 2002
\n
Affected Packages:
\n
\nfaqomatic\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0230.
\n
More information:
\n
\n

Due to unescaped HTML code Faq-O-Matic returned unverified scripting\ncode to the browser. With some tweaking this enables an attacker to\nsteal cookies from one of the Faq-O-Matic moderators or the admin.

\n

Cross-Site Scripting is a type of problem that allows a malicious\nperson to make another person run some JavaScript in their browser.\nThe JavaScript is executed on the victims machine and is in the\ncontext of the website running the Faq-O-Matic Frequently Asked\nQuestion manager.

\n

This problem has been fixed in version 2.603-1.2 for the stable Debian\ndistribution and version 2.712-2 for the current testing/unstable\ndistribution.

\n

We recommend that you upgrade your faqomatic package if you have it\ninstalled.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/faqomatic_2.603-1.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/faqomatic_2.603-1.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/faqomatic_2.603.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/faqomatic_2.603-1.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "110": "
\n

Debian Security Advisory

\n

DSA-110-1 cups -- buffer overflow

\n
\n
Date Reported:
\n
13 Feb 2002
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0063.
\n
More information:
\n
\n

The authors of CUPS, the Common UNIX Printing System, have found a\npotential buffer overflow bug in the code of the CUPS daemon where it\nreads the names of attributes. This affects all versions of CUPS.

\n

This problem has been fixed in version 1.0.4-10 for the stable Debian\ndistribution and version 1.1.13-2 for the current testing/unstable\ndistribution.

\n

We recommend that you upgrade your CUPS packages immediately if you\nhave them installed.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-10.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4-10.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cupsys_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys-bsd_1.0.4-10_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cupsys_1.0.4-10_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1-dev_1.0.4-10_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libcupsys1_1.0.4-10_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys-bsd_1.0.4-10_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cupsys_1.0.4-10_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1-dev_1.0.4-10_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libcupsys1_1.0.4-10_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys-bsd_1.0.4-10_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cupsys_1.0.4-10_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1-dev_1.0.4-10_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libcupsys1_1.0.4-10_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys-bsd_1.0.4-10_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cupsys_1.0.4-10_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1-dev_1.0.4-10_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libcupsys1_1.0.4-10_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys-bsd_1.0.4-10_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cupsys_1.0.4-10_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1-dev_1.0.4-10_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libcupsys1_1.0.4-10_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys-bsd_1.0.4-10_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cupsys_1.0.4-10_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1-dev_1.0.4-10_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libcupsys1_1.0.4-10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "111": "
\n

Debian Security Advisory

\n

DSA-111-1 ucd-snmp -- remote exploit

\n
\n
Date Reported:
\n
14 Feb 2002
\n
Affected Packages:
\n
\nucd-snmp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-012, CVE-2002-013.
CERT's vulnerabilities, advisories and incident notes: VU#854306, VU#107186, CA-2002-03.
\n
More information:
\n
\n

The Secure Programming Group of the Oulu University did a study on\nSNMP implementations and uncovered multiple problems which can\ncause problems ranging from Denial of Service attacks to remote\nexploits.

\n

New UCD-SNMP packages have been prepared to fix these problems\nas well as a few others. The complete list of fixed problems is:

\n
    \n
  • When running external programs snmpd used temporary files insecurely
    • \n
  • snmpd did not properly reset supplementary groups after changing\n its uid and gid
    • \n
  • Modified most code to use buffers instead of fixed-length strings to\n prevent buffer overflows
    • \n
  • The ASN.1 parser did not check for negative lengths
    • \n
  • The IFINDEX response handling in snmpnetstat did not do a sanity check\n on its input
    • \n
\n

(thanks to Caldera for most of the work on those patches)

\n

The new version is 4.1.1-2.1 and we recommend you upgrade your\nsnmp packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1-2.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/ucd-snmp_4.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1-dev_4.1.1-2.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libsnmp4.1_4.1.1-2.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmp_4.1.1-2.2_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/snmpd_4.1.1-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1-dev_4.1.1-2.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libsnmp4.1_4.1.1-2.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/snmp_4.1.1-2.2_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/snmpd_4.1.1-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1-dev_4.1.1-2.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libsnmp4.1_4.1.1-2.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/snmp_4.1.1-2.2_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/snmpd_4.1.1-2.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1-dev_4.1.1-2.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libsnmp4.1_4.1.1-2.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/snmp_4.1.1-2.2_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/snmpd_4.1.1-2.2_m68k.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1-dev_4.1.1-2.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libsnmp4.1_4.1.1-2.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/snmp_4.1.1-2.2_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/snmpd_4.1.1-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "112": "
\n

Debian Security Advisory

\n

DSA-112-1 hanterm -- buffer overflow

\n
\n
Date Reported:
\n
16 Feb 2002
\n
Affected Packages:
\n
\nhanterm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0239.
\n
More information:
\n
\n

A set of buffer overflow problems have been found in hanterm, a Hangul\nterminal for X11 derived from xterm, that will read and display Korean\ncharacters in its terminal window. The font handling code in hanterm\nuses hard limited string variables but didn't check for boundaries.

\n

This problem can be exploited by a malicious user to gain access to\nthe utmp group which is able to write the wtmp and utmp files. These\nfiles record login and logout activities.

\n

This problem has been fixed in version 3.3.1p17-5.2 for the stable\nDebian distribution. A fixed package for the current testing/unstable\ndistribution is not yet available but will have a version number\nhigher than 3.3.1p18-6.1.

\n

We recommend that you upgrade your hanterm packages immediately if you\nhave them installed. Known exploits are already available.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/hanterm_3.3.1p17-5.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/hanterm_3.3.1p17-5.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/hanterm_3.3.1p17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/hanterm_3.3.1p17-5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/hanterm_3.3.1p17-5.2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/hanterm_3.3.1p17-5.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/hanterm_3.3.1p17-5.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/hanterm_3.3.1p17-5.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/hanterm_3.3.1p17-5.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "113": "
\n

Debian Security Advisory

\n

DSA-113-1 ncurses -- buffer overflow

\n
\n
Date Reported:
\n
18 Feb 2002
\n
Affected Packages:
\n
\nncurses\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0062.
\n
More information:
\n
\n

Several buffer overflows were fixed in the \"ncurses\" library in November\n2000. Unfortunately, one was missed. This can lead to crashes when using\nncurses applications in large windows.

\n

The Common Vulnerabilities and\nExposures project has assigned the name\nCAN-2002-0062 to this issue.

\n

This problem has been fixed for the stable release of Debian in version\n5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2,\nwhich is not affected by this problem.

\n

There are no known exploits for this problem, but we recommend that all\nusers upgrade ncurses immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz
\n
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc
\n
http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb
\n
Alpha:\n
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb
\n
http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "114": "
\n

Debian Security Advisory

\n

DSA-114-1 gnujsp -- unauthorized file access

\n
\n
Date Reported:
\n
21 Feb 2002
\n
Affected Packages:
\n
\ngnujsp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0300.
\n
More information:
\n
\n

Thomas Springer found a vulnerability in GNUJSP, a Java servlet that\nallows you to insert Java source code into HTML files. The problem\ncan be used to bypass access restrictions in the web server. An\nattacker can view the contents of directories and download files\ndirectly rather then receiving their HTML output. This means that the\nsource code of scripts could also be revealed.

\n

The problem was fixed by Stefan Gybas, who maintains the Debian\npackage of GNUJSP. It is fixed in version 1.0.0-5 for the stable\nrelease of Debian GNU/Linux.

\n

The versions in testing and unstable are the same as the one in stable\nso they are vulnerable, too. You can install the fixed version this\nadvisory refers to on these systems to solve the problem as this\npackage is architecture independent.

\n

We recommend that you upgrade your gnujsp package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/contrib/source/gnujsp_1.0.0.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/contrib/source/gnujsp_1.0.0-5.dsc
\n
http://security.debian.org/dists/stable/updates/contrib/source/gnujsp_1.0.0-5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/contrib/binary-all/gnujsp_1.0.0-5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "115": "
\n

Debian Security Advisory

\n

DSA-115-1 php -- broken boundary check and more

\n
\n
Date Reported:
\n
02 Mar 2002
\n
Affected Packages:
\n
\nphp3, php4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4183.
In Mitre's CVE dictionary: CVE-2002-0081.
CERT's vulnerabilities, advisories and incident notes: CA-2002-05, VU#297363.
\n
More information:
\n
\n

Stefan Esser, who is also a member of the PHP team, found several\nflaws\nin the way PHP handles multipart/form-data POST requests (as\ndescribed in RFC1867) known as POST fileuploads. Each of the flaws\ncould allow an attacker to execute arbitrary code on the victim's\nsystem.

\n

For PHP3 flaws contain a broken boundary check and an arbitrary heap\noverflow. For PHP4 they consist of a broken boundary check and a heap\noff by one error.

\n

For the stable release of Debian these problems are fixed in version\n3.0.18-0potato1.1 of PHP3 and version 4.0.3pl1-0potato3 of PHP4.

\n

For the unstable and testing release of Debian these problems are\nfixed in version 3.0.18-22 of PHP3 and version 4.1.2-1 of PHP4.

\n

There is no PHP4 in the stable and unstable distribution for the arm\narchitecture due to a compiler error.

\n

We recommend that you upgrade your PHP packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/php3_3.0.18-0potato1.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/php3_3.0.18-0potato1.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/php3_3.0.18.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/php3-doc_3.0.18-0potato1.1_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/php4-dev_4.0.3pl1-0potato3_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-gd_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-imap_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-ldap_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-magick_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-mhash_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-mysql_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-pgsql_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-snmp_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi-xml_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-cgi_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-dev_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-gd_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-imap_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-ldap_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-magick_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-mhash_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-mysql_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-pgsql_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-snmp_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3-xml_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php3_3.0.18-0potato1.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-gd_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-imap_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-ldap_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mhash_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mysql_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-snmp_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-xml_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-gd_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-imap_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-ldap_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mhash_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mysql_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-pgsql_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-snmp_4.0.3pl1-0potato3_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-xml_4.0.3pl1-0potato3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-gd_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-imap_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-ldap_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-magick_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-mhash_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-mysql_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-pgsql_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-snmp_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi-xml_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-cgi_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-dev_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-gd_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-imap_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-ldap_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-magick_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-mhash_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-mysql_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-pgsql_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-snmp_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3-xml_3.0.18-0potato1.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/php3_3.0.18-0potato1.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-gd_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-imap_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-ldap_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-magick_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-mhash_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-mysql_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-pgsql_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-snmp_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi-xml_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-cgi_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-dev_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-gd_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-imap_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-ldap_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-magick_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-mhash_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-mysql_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-pgsql_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-snmp_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3-xml_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php3_3.0.18-0potato1.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-gd_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-imap_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-ldap_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mhash_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mysql_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-pgsql_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-snmp_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-xml_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-gd_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-imap_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-ldap_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mhash_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mysql_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-pgsql_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-snmp_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-xml_4.0.3pl1-0potato3_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/php4_4.0.3pl1-0potato3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-gd_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-imap_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-ldap_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-magick_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-mhash_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-mysql_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-pgsql_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-snmp_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi-xml_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-cgi_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-dev_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-gd_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-imap_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-ldap_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-magick_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-mhash_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-mysql_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-pgsql_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-snmp_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3-xml_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php3_3.0.18-0potato1.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-gd_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-imap_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-ldap_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mhash_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mysql_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-snmp_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-xml_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-gd_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-imap_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-ldap_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mhash_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mysql_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-pgsql_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-snmp_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4_4.0.3pl1-0potato3_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-xml_4.0.3pl1-0potato3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-gd_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-imap_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-ldap_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-magick_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-mhash_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-mysql_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-pgsql_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-snmp_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi-xml_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-cgi_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-dev_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-gd_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-imap_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-ldap_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-magick_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-mhash_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-mysql_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-pgsql_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-snmp_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3-xml_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php3_3.0.18-0potato1.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-gd_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-imap_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-xml_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-gd_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-imap_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-ldap_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mhash_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mysql_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-pgsql_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-snmp_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-xml_4.0.3pl1-0potato3_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4_4.0.3pl1-0potato3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-gd_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-imap_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-ldap_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-magick_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-mhash_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-mysql_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-pgsql_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-snmp_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi-xml_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-cgi_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-dev_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-gd_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-imap_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-ldap_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-magick_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-mhash_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-mysql_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-pgsql_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-snmp_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3-xml_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php3_3.0.18-0potato1.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-gd_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-imap_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-ldap_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mhash_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mysql_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-snmp_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-xml_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-gd_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-imap_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-ldap_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mhash_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mysql_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-pgsql_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-snmp_4.0.3pl1-0potato3_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-xml_4.0.3pl1-0potato3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "116": "
\n

Debian Security Advisory

\n

DSA-116-1 cfs -- buffer overflow

\n
\n
Date Reported:
\n
02 Mar 2002
\n
Affected Packages:
\n
\ncfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0351.
\n
More information:
\n
\n

Zorgon found several buffer overflows in cfsd, a daemon that pushes\nencryption services into the Unix(tm) file system. We are not yet\nsure if these overflows can successfully be exploited to gain root\naccess to the machine running the CFS daemon. However, since cfsd can\neasily be forced to die, a malicious user can easily perform a denial\nof service attack to it.

\n

This problem has been fixed in version 1.3.3-8.1 for the stable Debian\ndistribution and in version 1.4.1-5 for the testing and unstable\ndistribution of Debian.

\n

We recommend that you upgrade your cfs package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3-8.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3-8.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cfs_1.3.3-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cfs_1.3.3-8.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cfs_1.3.3-8.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cfs_1.3.3-8.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cfs_1.3.3-8.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cfs_1.3.3-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "117": "
\n

Debian Security Advisory

\n

DSA-117-1 cvs -- improper variable initialization

\n
\n
Date Reported:
\n
05 Mar 2002
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0092.
\n
More information:
\n
\n

Kim Nielsen recently found an internal problem with the CVS server and\nreported it to the vuln-dev mailing list. The problem is triggered by\nan improperly initialized global variable. A user exploiting this can\ncrash the CVS server, which may be accessed through the pserver\nservice and running under a remote user id. It is not yet clear if\nthe remote account can be exposed, though.

\n

This problem has been fixed in version 1.10.7-9 for the stable Debian\ndistribution with help of Niels Heinen and in versions newer\nthan 1.11.1p1debian-3 for the\ntesting and unstable distribution of Debian (not yet uploaded,\nthough).

\n

We recommend that you upgrade your CVS package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7-9.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/cvs_1.10.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/cvs-doc_1.10.7-9_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/cvs_1.10.7-9_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/cvs_1.10.7-9_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/cvs_1.10.7-9_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/cvs_1.10.7-9_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/cvs_1.10.7-9_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/cvs_1.10.7-9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "118": "
\n

Debian Security Advisory

\n

DSA-118-1 xsane -- insecure temporary files

\n
\n
Date Reported:
\n
05 Mar 2002
\n
Affected Packages:
\n
\nxsane\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Tim Waugh found several insecure uses of temporary files in the xsane\nprogram, which is used for scanning. This was fixed for Debian/stable\nby moving those files into a securely created directory within the\n/tmp directory.

\n

This problem has been fixed in version 0.50-5.1 for the stable Debian\ndistribution and in version 0.84-0.1 for the testing and unstable\ndistribution of Debian.

\n

We recommend that you upgrade your xsane package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xsane_0.50-5.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xsane_0.50-5.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xsane_0.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xsane_0.50-5.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xsane_0.50-5.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xsane_0.50-5.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xsane_0.50-5.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xsane_0.50-5.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xsane_0.50-5.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "119": "
\n

Debian Security Advisory

\n

DSA-119-1 ssh -- local root exploit, remote client exploit

\n
\n
Date Reported:
\n
07 Mar 2002
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
No
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4241.
In Mitre's CVE dictionary: CVE-2002-0083.
\n
More information:
\n
\n

Joost Pol reports that OpenSSH\nversions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation\ncode. This vulnerability can be exploited by authenticated users to gain\nroot privilege or by a malicious server exploiting a client with this\nbug.

\n

Since Debian 2.2 (potato) shipped with OpenSSH (the \"ssh\" package)\nversion 1.2.3, it is not vulnerable to this exploit. No fix is required\nfor Debian 2.2 (potato).

\n

The Debian unstable and testing archives do include a more recent OpenSSH\n(ssh) package. If you are running these pre-release distributions you should\nensure that you are running version 3.0.2p1-8, a patched version which was\nadded to the unstable archive today, or a later version.

\n
\n
\n
\n
", "120": "
\n

Debian Security Advisory

\n

DSA-120-1 mod_ssl -- buffer overflow

\n
\n
Date Reported:
\n
10 Mar 2002
\n
Affected Packages:
\n
\nlibapache-mod-ssl, apache-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0082.
\n
More information:
\n
\n

Ed Moyle recently\nfound a buffer overflow in Apache-SSL and mod_ssl.\nWith session caching enabled, mod_ssl will serialize SSL session\nvariables to store them for later use. These variables were stored in\na buffer of a fixed size without proper boundary checks.

\n

To exploit the overflow, the server must be configured to require client\ncertificates, and an attacker must obtain a carefully crafted client\ncertificate that has been signed by a Certificate Authority which is\ntrusted by the server. If these conditions are met, it would be possible\nfor an attacker to execute arbitrary code on the server.

\n

This problem has been fixed in version 1.3.9.13-4 of Apache-SSL and\nversion 2.4.10-1.3.9-1potato1 of libapache-mod-ssl for the stable\nDebian distribution as well as in version 1.3.23.1+1.47-1 of\nApache-SSL and version 2.8.7-1 of libapache-mod-ssl for the testing\nand unstable distribution of Debian.

\n

We recommend that you upgrade your Apache-SSL and mod_ssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9-1potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9-1potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato1_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-ssl_1.3.9.13-4_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/libapache-mod-ssl_2.4.10-1.3.9-1potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-ssl_1.3.9.13-4_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/libapache-mod-ssl_2.4.10-1.3.9-1potato1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-ssl_1.3.9.13-4_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libapache-mod-ssl_2.4.10-1.3.9-1potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-ssl_1.3.9.13-4_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/libapache-mod-ssl_2.4.10-1.3.9-1potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-ssl_1.3.9.13-4_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libapache-mod-ssl_2.4.10-1.3.9-1potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-ssl_1.3.9.13-4_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libapache-mod-ssl_2.4.10-1.3.9-1potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "121": "
\n

Debian Security Advisory

\n

DSA-121-1 xtell -- buffer overflow, symlink problem, \"..\" directory traversal

\n
\n
Date Reported:
\n
11 Mar 2002
\n
Affected Packages:
\n
\nxtell\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0332, CVE-2002-0333, CVE-2002-0334.
\n
More information:
\n
\n

Several security related problems have been found in the xtell\npackage, a simple messaging client and server. In detail, these\nproblems contain several buffer overflows, a problem in connection\nwith symbolic links, unauthorized directory traversal when the path\ncontains \"..\". These problems could lead into an attacker being able\nto execute arbitrary code on the server machine. The server runs with\nnobody privileges by default, so this would be the account to be\nexploited.

\n

They have been corrected by backporting changes from a newer upstream\nversion by the Debian maintainer for xtell. These problems are fixed\nin version 1.91.1 in the stable distribution of Debian and in version\n2.7 for the testing and unstable distribution of Debian.

\n

We recommend that you upgrade your xtell packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xtell_1.91.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xtell_1.91.1.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xtell_1.91.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/xtell_1.91.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xtell_1.91.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xtell_1.91.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xtell_1.91.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xtell_1.91.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "122": "
\n

Debian Security Advisory

\n

DSA-122-1 zlib -- malloc error (double free)

\n
\n
Date Reported:
\n
11 Mar 2002
\n
Affected Packages:
\n
\nzlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0059.
\n
More information:
\n
\n

The compression library zlib has a flaw in which it attempts to free\nmemory more than once under certain conditions. This can possibly be\nexploited to run arbitrary code in a program that includes zlib. If a\nnetwork application running as root is linked to zlib, this could\npotentially lead to a remote root compromise. No exploits are known at\nthis time. This vulnerability is assigned the CVE candidate name of\nCAN-2002-0059.

\n

The zlib vulnerability is fixed in the Debian zlib package version\n1.1.3-5.1. A number of programs either link statically to zlib or include\na private copy of zlib code. These programs must also be upgraded\nto eliminate the zlib vulnerability. The affected packages and fixed\nversions follow:

\n
    \n
  • amaya 2.4-1potato1\n
  • dictd 1.4.9-9potato1\n
  • erlang 49.1-10.1\n
  • freeamp 2.0.6-2.1\n
  • mirrordir 0.10.48-2.1\n
  • ppp 2.3.11-1.5\n
  • rsync 2.3.2-1.6\n
  • vrweb 1.5-5.1\n
\n

Those using the pre-release (testing) version of Debian should upgrade\nto zlib 1.1.3-19.1 or a later version. Note that since this version of\nDebian has not yet been released it may not be available immediately for\nall architectures. Debian 2.2 (potato) is the latest supported release.

\n

We recommend that you upgrade your packages immediately. Note that you\nshould restart all programs that use the shared zlib library in order\nfor the fix to take effect. This is most easily done by rebooting the\nsystem.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.diff.gz
\n MD5 checksum: 8b7e02c4e32b5af668eb546d71170620\n
http://security.debian.org/dists/stable/updates/main/source/amaya_2.4-1potato1.dsc
\n MD5 checksum: 26451580b96e586120f8edb57ae07855\n
http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.diff.gz
\n MD5 checksum: c6e6bdcc444124e7a12ef924cfd4e94f\n
http://security.debian.org/dists/stable/updates/main/source/dictd_1.4.9-9potato1.dsc
\n MD5 checksum: d39c2bd83ed1178e441c55be2d4ca980\n
http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.diff.gz
\n MD5 checksum: 4c9594e4e9ecd32f932ef1c441e1926a\n
http://security.debian.org/dists/stable/updates/main/source/erlang_49.1-10.1.dsc
\n MD5 checksum: 48b631745b1ddfe02be7dc06e9695fa2\n
http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.diff.gz
\n MD5 checksum: 5c356b5999d62763343c930c6c1d5aa2\n
http://security.debian.org/dists/stable/updates/main/source/freeamp_2.0.6-2.1.dsc
\n MD5 checksum: 5bd1fbceb6a810da65aec534cf3a3234\n
http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.diff.gz
\n MD5 checksum: 839961cc3ed655757c1c802fd03efd56\n
http://security.debian.org/dists/stable/updates/main/source/mirrordir_0.10.48-2.1.dsc
\n MD5 checksum: cb1c985cd95a9f59a517e14e24d2a7e8\n
http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.diff.gz
\n MD5 checksum: 3a1cf6315b17f2f83d5aea971d8e468d\n
http://security.debian.org/dists/stable/updates/main/source/ppp_2.3.11-1.5.dsc
\n MD5 checksum: 75a5827497f1d4c23aaad79358723079\n
http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.diff.gz
\n MD5 checksum: f6db414ebdbad942698243dd9b5068d7\n
http://security.debian.org/dists/stable/updates/main/source/rsync_2.3.2-1.6.dsc
\n MD5 checksum: 32bf6c8c200f3efbf7ee5b3016ce512a\n
http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.diff.gz
\n MD5 checksum: 85be86d09c96de9f1b6672ec172700cd\n
http://security.debian.org/dists/stable/updates/main/source/vrweb_1.5-5.1.dsc
\n MD5 checksum: e87bcdec444fb501a38a6cd917bf1428\n
http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.diff.gz
\n MD5 checksum: 6ab5b82c42f9455d8126afe111a0020d\n
http://security.debian.org/dists/stable/updates/main/source/zlib_1.1.3-5.1.dsc
\n MD5 checksum: 68a4a7329b43a42d695ef1d57c483113\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/erlang-base_49.1-10.1_all.deb
\n MD5 checksum: 8c9400db85a52e19b979bba867ad1ecd\n
http://security.debian.org/dists/stable/updates/main/binary-all/erlang-erl_49.1-10.1_all.deb
\n MD5 checksum: 65e8b03fb8e56695d1367a5dc6747a45\n
http://security.debian.org/dists/stable/updates/main/binary-all/erlang-java_49.1-10.1_all.deb
\n MD5 checksum: 74c2d0ac9fb9c0d27c59610317256d1e\n
http://security.debian.org/dists/stable/updates/main/binary-all/freeamp-doc_2.0.6-2.1_all.deb
\n MD5 checksum: 8e434427d2962da24852bdbf8504d916\n
Alpha:\n Fixed erlang and freeamp packages are not yet available.\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/amaya_2.4-1potato1_alpha.deb
\n MD5 checksum: 103e503b9cdea75b1b1180184f09ee06\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/dict_1.4.9-9potato1_alpha.deb
\n MD5 checksum: 587a8fad2ea2ea65ac9136034121d763\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/dictd_1.4.9-9potato1_alpha.deb
\n MD5 checksum: 392faaa8797b42039f710a197a449eeb\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/mirrordir_0.10.48-2.1_alpha.deb
\n MD5 checksum: 864abf2f06ca92b59519eb68ac7792fe\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/ppp_2.3.11-1.5_alpha.deb
\n MD5 checksum: 25437980d4ab9d19a7867362eeb5223e\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/rsync_2.3.2-1.6_alpha.deb
\n MD5 checksum: 89b44c524f87976d50527e740a6568e1\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/vrweb_1.5-5.1_alpha.deb
\n MD5 checksum: 0f1787afbf74aac8dbd1838116682477\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib-bin_1.1.3-5.1_alpha.deb
\n MD5 checksum: 5c4bec088a589a7fc2d95ed2631b6c3b\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g-dev_1.1.3-5.1_alpha.deb
\n MD5 checksum: 21cbcdb89af9bfad1d67e32250092252\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/zlib1g_1.1.3-5.1_alpha.deb
\n MD5 checksum: eda30505a1272966bb38efe8a866355f\n
ARM:\n Fixed erlang and freeamp packages are not yet available\n
http://security.debian.org/dists/stable/updates/main/binary-arm/amaya_2.4-1potato1_arm.deb
\n MD5 checksum: 98366f4267c4d33a750ef54555f510e6\n
http://security.debian.org/dists/stable/updates/main/binary-arm/dict_1.4.9-9potato1_arm.deb
\n MD5 checksum: 18f41595d4f1fb35479d37b57c54e539\n
http://security.debian.org/dists/stable/updates/main/binary-arm/dictd_1.4.9-9potato1_arm.deb
\n MD5 checksum: edaa15b32639ba25fcfa093fdd8639da\n
http://security.debian.org/dists/stable/updates/main/binary-arm/mirrordir_0.10.48-2.1_arm.deb
\n MD5 checksum: 12a1fdb998a2b99909c5f64326c517c8\n
http://security.debian.org/dists/stable/updates/main/binary-arm/ppp_2.3.11-1.5_arm.deb
\n MD5 checksum: 2143bc17f7f3627cf2ac76a886ee83b9\n
http://security.debian.org/dists/stable/updates/main/binary-arm/rsync_2.3.2-1.6_arm.deb
\n MD5 checksum: df6bf519af26c155b059a1d72e237be5\n
http://security.debian.org/dists/stable/updates/main/binary-arm/vrweb_1.5-5.1_arm.deb
\n MD5 checksum: c368b4b16739004d1da8d99d616a53af\n
http://security.debian.org/dists/stable/updates/main/binary-arm/zlib-bin_1.1.3-5.1_arm.deb
\n MD5 checksum: f32088581e8ca649264f5ead2b8ff662\n
http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g-dev_1.1.3-5.1_arm.deb
\n MD5 checksum: b39746f9b8f5d0a1689de2ae3c87c067\n
http://security.debian.org/dists/stable/updates/main/binary-arm/zlib1g_1.1.3-5.1_arm.deb
\n MD5 checksum: e65571a96e96e55d83030e6f8ea62646\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/amaya_2.4-1potato1_i386.deb
\n MD5 checksum: 9edc31d21f777409a4e836eac02edaf7\n
http://security.debian.org/dists/stable/updates/main/binary-i386/dict_1.4.9-9potato1_i386.deb
\n MD5 checksum: 1ef7ecdd761ae384185ce519a3a6e723\n
http://security.debian.org/dists/stable/updates/main/binary-i386/dictd_1.4.9-9potato1_i386.deb
\n MD5 checksum: ff61f3719b33c0c839f3447f72066d78\n
http://security.debian.org/dists/stable/updates/main/binary-i386/erlang_49.1-10.1_i386.deb
\n MD5 checksum: d933a67f85b37f5b91b60bb7052ba443\n
http://security.debian.org/dists/stable/updates/main/binary-i386/freeamp_2.0.6-2.1_i386.deb
\n MD5 checksum: 0e60fd65d7c36c8fb2dc2dda5ae78ce7\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-alsa_2.0.6-2.1_i386.deb
\n MD5 checksum: 05508140d8b28de7a9677b442b034ca2\n
http://security.debian.org/dists/stable/updates/main/binary-i386/libfreeamp-esound_2.0.6-2.1_i386.deb
\n MD5 checksum: 540e4bca658ab95e92b232cba362a0e8\n
http://security.debian.org/dists/stable/updates/main/binary-i386/mirrordir_0.10.48-2.1_i386.deb
\n MD5 checksum: fd0d7ceb5fa949455b87b3beec7809d8\n
http://security.debian.org/dists/stable/updates/main/binary-i386/ppp_2.3.11-1.5_i386.deb
\n MD5 checksum: aab4d275165c490a7a153c080d26c232\n
http://security.debian.org/dists/stable/updates/main/binary-i386/rsync_2.3.2-1.6_i386.deb
\n MD5 checksum: dbb3fd68442fc31cd474f73feb6e69cd\n
http://security.debian.org/dists/stable/updates/main/binary-i386/vrweb_1.5-5.1_i386.deb
\n MD5 checksum: 38b6552e9531c4082e0e26b7b309a1bc\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib-bin_1.1.3-5.1_i386.deb
\n MD5 checksum: 3b7a51b2f7920fbbdc41d0385d633277\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1-altdev_1.1.3-5.1_i386.deb
\n MD5 checksum: ad125010b4fe3fd81450df3d9a4f4495\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1_1.1.3-5.1_i386.deb
\n MD5 checksum: a22ed0933265d6fc60e088e7b9fac767\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g-dev_1.1.3-5.1_i386.deb
\n MD5 checksum: 4bd5ee2a61508ad5a65c1f2cfdc999d1\n
http://security.debian.org/dists/stable/updates/main/binary-i386/zlib1g_1.1.3-5.1_i386.deb
\n MD5 checksum: fe990607608285642f4f5a8834a43515\n
Motorola 680x0:\n Fixed amaya, erlang, and freeamp packages are not yet available\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/dict_1.4.9-9potato1_m68k.deb
\n MD5 checksum: 53f263726d3ac8cdf9871f2afa1404e1\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/dictd_1.4.9-9potato1_m68k.deb
\n MD5 checksum: 5deebe594adb9c3fce05340aab13a93b\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/mirrordir_0.10.48-2.1_m68k.deb
\n MD5 checksum: f5f484a482df62b25c6672b0e6a36840\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/ppp_2.3.11-1.5_m68k.deb
\n MD5 checksum: 41f54ba14ecaeb73b3e67f47fc4b449c\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/rsync_2.3.2-1.6_m68k.deb
\n MD5 checksum: 6ddd7d495dddb8adab5f1ce2cb89cf46\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib-bin_1.1.3-5.1_m68k.deb
\n MD5 checksum: ed20e21e130998cdd9c3067c60a85284\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1-altdev_1.1.3-5.1_m68k.deb
\n MD5 checksum: 32f000160aaf7aeffe679340499a077d\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1_1.1.3-5.1_m68k.deb
\n MD5 checksum: 8d5a20517f70e9e320effdbb94960d30\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g-dev_1.1.3-5.1_m68k.deb
\n MD5 checksum: 0138affc09403329102cb2ac8c1e3233\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/zlib1g_1.1.3-5.1_m68k.deb
\n MD5 checksum: f793784742e28455c638c5f222ad35ec\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/amaya_2.4-1potato1_powerpc.deb
\n MD5 checksum: 635468964d16fedf4adf2bc82ffb2487\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/dict_1.4.9-9potato1_powerpc.deb
\n MD5 checksum: 180c1116e2ab5cc253ccdd904c895a1c\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/dictd_1.4.9-9potato1_powerpc.deb
\n MD5 checksum: bb8952f706da3a6220edfa1a2517b427\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/erlang_49.1-10.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/freeamp_2.0.6-2.1_powerpc.deb
\n MD5 checksum: 1c9bfdbda16f812b5710489f69ed769b\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-alsa_2.0.6-2.1_powerpc.deb
\n MD5 checksum: 4a98275c96c880f922cc141660fe31a6\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libfreeamp-esound_2.0.6-2.1_powerpc.deb
\n MD5 checksum: 43ae8f7d469b2d68c04f10ed4fedd09c\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ppp_2.3.11-1.5_powerpc.deb
\n MD5 checksum: a2f66003d6dbb68d4a45b82bfde535ba\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/rsync_2.3.2-1.6_powerpc.deb
\n MD5 checksum: 208ee03e22c774110e6c1ce8058cb6ff\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/vrweb_1.5-5.1_powerpc.deb
\n MD5 checksum: 9a99930387c2a4e113d72b1e98a0f22d\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib-bin_1.1.3-5.1_powerpc.deb
\n MD5 checksum: 42b2797840af971b1539804f24961f9b\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g-dev_1.1.3-5.1_powerpc.deb
\n MD5 checksum: 1418015984f8eae6900c14aea7e34e27\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/zlib1g_1.1.3-5.1_powerpc.deb
\n MD5 checksum: f3d4c6e5ac91121cc1788ad2918be87b\n
Sun Sparc:\n Fixed erlang packages are not yet available\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/amaya_2.4-1potato1_sparc.deb
\n MD5 checksum: 66daff720b4842ba2ffa189cb3ec71e1\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/dict_1.4.9-9potato1_sparc.deb
\n MD5 checksum: f21c262fc6ce524e4fa8890e9df664df\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/dictd_1.4.9-9potato1_sparc.deb
\n MD5 checksum: 50e092399da866eb963a5d1d8334231e\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/freeamp_2.0.6-2.1_sparc.deb
\n MD5 checksum: 5d98e0b0fddfca6f7dd3419845dc0716\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-alsa_2.0.6-2.1_sparc.deb
\n MD5 checksum: 9a9aae3e2675ceb57ea72f4fb97ee15f\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/libfreeamp-esound_2.0.6-2.1_sparc.deb
\n MD5 checksum: c866d84dcb7bdbf15c5f6fc248763a7c\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/mirrordir_0.10.48-2.1_sparc.deb
\n MD5 checksum: d8244127cddcef161e8897d97e01c412\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/ppp_2.3.11-1.5_sparc.deb
\n MD5 checksum: 9e6908bc41505b6b9c52181106656295\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/rsync_2.3.2-1.6_sparc.deb
\n MD5 checksum: 042eb6d05e0cc945b58f5016dbebb0b9\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/vrweb_1.5-5.1_sparc.deb
\n MD5 checksum: 5f05c34d1a08204fe7112f2968cf092e\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib-bin_1.1.3-5.1_sparc.deb
\n MD5 checksum: adb48a5e589c83b0f0bcb362b6ae9121\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g-dev_1.1.3-5.1_sparc.deb
\n MD5 checksum: 23fda7fd35dddb0d6e57a4042b86c727\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/zlib1g_1.1.3-5.1_sparc.deb
\n MD5 checksum: 6e1acae215a1e1073184936958f07d31\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "123": "
\n

Debian Security Advisory

\n

DSA-123-1 listar -- remote exploit

\n
\n
Date Reported:
\n
19 Mar 2002
\n
Affected Packages:
\n
\nlistar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4176.
In Mitre's CVE dictionary: CVE-2002-0467.
\n
More information:
\n
\n

Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow\nin the address_match of listar (a listserv style mailing-list manager).

\n

This has been fixed in version 0.129a-2.potato1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/listar_0.129a-2.potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/listar_0.129a-2.potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/listar_0.129a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/listar-cgi_0.129a-2.potato1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/listar_0.129a-2.potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/listar-cgi_0.129a-2.potato1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/listar_0.129a-2.potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/listar-cgi_0.129a-2.potato1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/listar_0.129a-2.potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/listar-cgi_0.129a-2.potato1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/listar_0.129a-2.potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/listar-cgi_0.129a-2.potato1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/listar_0.129a-2.potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/listar-cgi_0.129a-2.potato1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/listar_0.129a-2.potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "124": "
\n

Debian Security Advisory

\n

DSA-124-1 mtr -- buffer overflow

\n
\n
Date Reported:
\n
26 Mar 2002
\n
Affected Packages:
\n
\nmtr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4217.
In Mitre's CVE dictionary: CVE-2002-0497.
\n
More information:
\n
\n

The authors of mtr released a new upstream version, noting a\nnon-exploitable buffer overflow in their ChangeLog. Przemyslaw\nFrasunek, however, found an easy way to exploit this bug, which allows\nan attacker to gain access to the raw socket, which makes IP spoofing\nand other malicious network activity possible.

\n

The problem has been fixed by the Debian maintainer in version 0.41-6\nfor the stable distribution of Debian by backporting the upstream fix\nand in version 0.48-1 for the testing/unstable distribution.

\n

We recommend that you upgrade your mtr package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/mtr_0.41.orig.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/mtr_0.41-6.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/mtr_0.41-6.diff.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/mtr_0.41-6_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/mtr_0.41-6_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/mtr_0.41-6_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/mtr_0.41-6_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mtr_0.41-6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/mtr_0.41-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "125": "
\n

Debian Security Advisory

\n

DSA-125-1 analog -- cross-site scripting

\n
\n
Date Reported:
\n
28 Mar 2002
\n
Affected Packages:
\n
\nanalog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4389.
In Mitre's CVE dictionary: CVE-2002-0166.
\n
More information:
\n
\n

Yuji Takahashi discovered a bug in analog which allows a cross-site\nscripting type attack. It is easy for an attacker to insert arbitrary\nstrings into any web server logfile. If these strings are then\nanalysed by analog, they can appear in the report. By this means an\nattacker can introduce arbitrary Javascript code, for example, into an\nanalog report produced by someone else and read by a third person.\nAnalog already attempted to encode unsafe characters to avoid this\ntype of attack, but the conversion was incomplete.

\n

This problem has been fixed in the upstream version 5.22 of analog.\nUnfortunately patching the old version of analog in the stable\ndistribution of Debian instead is a very large job that defeats us.

\n

We recommend that you upgrade your analog package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/analog_5.22-0potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/analog_5.22-0potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/analog_5.22.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/analog_5.22-0potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/analog_5.22-0potato1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/analog_5.22-0potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/analog_5.22-0potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/analog_5.22-0potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/analog_5.22-0potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "126": "
\n

Debian Security Advisory

\n

DSA-126-1 imp -- cross-site scripting

\n
\n
Date Reported:
\n
16 Apr 2002
\n
Affected Packages:
\n
\nimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4444.
In Mitre's CVE dictionary: CVE-2002-0181.
\n
More information:
\n
\n

A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web\nbased IMAP mail package). This was fixed upstream in Horde version 1.2.8\nand IMP version 2.2.8. The relevant patches have been back-ported to\nversion 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5\nof the imp package.

\n

This release also fixes a bug introduced by the PHP security fix from\nDSA-115-1: Postgres support for PHP was changed\nin a subtle way which broke the Postgres support from IMP.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/horde_1.2.6-0.potato.5.tar.gz
\n
http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/imp_2.2.6-0.potato.5.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/horde_1.2.6-0.potato.5_all.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-all/imp_2.2.6-0.potato.5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "127": "
\n

Debian Security Advisory

\n

DSA-127-1 xpilot-server -- remote buffer overflow

\n
\n
Date Reported:
\n
17 Apr 2002
\n
Affected Packages:
\n
\nxpilot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4534.
In Mitre's CVE dictionary: CVE-2002-0179.
\n
More information:
\n
\n

An internal audit by the xpilot (a multi-player tactical manoeuvring\ngame for X) maintainers revealed a buffer overflow in xpilot server.\nThis overflow can be abused by remote attackers to gain access to\nthe server under which the xpilot server is running.

\n

This has been fixed in upstream version 4.5.1 and version\n4.1.0-4.U.4alpha2.4.potato1 of the Debian package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/xpilot_4.1.0-4.U.4alpha2.4.potato1_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "128": "
\n

Debian Security Advisory

\n

DSA-128-1 sudo -- buffer overflow

\n
\n
Date Reported:
\n
26 Apr 2002
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4593.
In Mitre's CVE dictionary: CVE-2002-0184.
\n
More information:
\n
\n

fc found a buffer overflow in the variable expansion code\nused by sudo for its prompt. Since sudo is necessarily installed suid\nroot a local user can use this to gain root access.

\n

This has been fixed in version 1.6.2-2.2 for the stable distribution\nof Debian and version 1.6.6-1 for the testing/unstable distribution.\nWe recommend that you upgrade your sudo package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.2.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.2.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "129": "
\n

Debian Security Advisory

\n

DSA-129-1 uucp -- remote denial of service

\n
\n
Date Reported:
\n
27 May 2002
\n
Affected Packages:
\n
\nuucp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4910.
In Mitre's CVE dictionary: CVE-2002-0912.
\n
More information:
\n
\n

We have received reports that in.uucpd, an authentication agent in the\nuucp package, does not properly terminate certain long input strings.\nThis has been corrected in uucp package version 1.06.1-11potato3 for\nDebian 2.2 (potato) and in version 1.06.1-18 for the upcoming (woody)\nrelease.

\n

We recommend you upgrade your uucp package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato3.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1-11potato3.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/uucp_1.06.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/uucp_1.06.1-11potato3_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/uucp_1.06.1-11potato3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/uucp_1.06.1-11potato3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/uucp_1.06.1-11potato3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/uucp_1.06.1-11potato3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/uucp_1.06.1-11potato3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "130": "
\n

Debian Security Advisory

\n

DSA-130-1 ethereal -- remotely triggered memory allocation error

\n
\n
Date Reported:
\n
01 Jun 2002
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4604, BugTraq ID 4806, BugTraq ID 4805, BugTraq ID 4807, BugTraq ID 4808.
In Mitre's CVE dictionary: CVE-2002-0353, CVE-2002-0401, CVE-2002-0402, CVE-2002-0403, CVE-2002-0404.
\n
More information:
\n
\n

Ethereal versions prior to 0.9.3 were vulnerable to an allocation error\nin the ASN.1 parser. This can be triggered when analyzing traffic using\nthe SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This\nvulnerability was announced in the ethereal security advisory\nenpa-sa-00003.\nThis issue has been corrected in ethereal version 0.8.0-3potato for\nDebian 2.2 (potato).

\n

Additionally, a number of vulnerabilities were discussed in ethereal\nsecurity advisory\nenpa-sa-00004;\nthe version of ethereal in Debian 2.2\n(potato) is not vulnerable to the issues raised in this later advisory.\nUsers of the not-yet-released woody distribution should ensure that they\nare running ethereal 0.9.4-1 or a later version.

\n

We recommend you upgrade your ethereal package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-3potato.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0-3potato.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/ethereal_0.8.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/ethereal_0.8.0-3potato_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/ethereal_0.8.0-3potato_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/ethereal_0.8.0-3potato_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/ethereal_0.8.0-3potato_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/ethereal_0.8.0-3potato_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/ethereal_0.8.0-3potato_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "131": "
\n

Debian Security Advisory

\n

DSA-131-1 apache -- remote DoS / exploit

\n
\n
Date Reported:
\n
19 Jun 2002
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5033.
In Mitre's CVE dictionary: CVE-2002-0392.
CERT's vulnerabilities, advisories and incident notes: CA-2002-17, VU#944335.
\n
More information:
\n
\n

Mark Litchfield found a denial of service attack in the Apache\nweb-server. While investigating the problem the Apache Software\nFoundation discovered that the code for handling invalid requests which\nuse chunked encoding also might allow arbitrary code execution on 64\nbit architectures.

\n

This has been fixed in version 1.3.9-14.1 of the Debian apache package,\nas well as upstream versions 1.3.26 and 2.0.37. We strongly recommend\nthat you upgrade your apache package immediately.

\n

The package upgrade does not restart the apache server automatically,\nthis will have to be done manually. Please make sure your\nconfiguration is correct (\"apachectl configtest\" will verify that for\nyou) and restart it using \"/etc/init.d/apache restart\"

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9-14.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/apache_1.3.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/dists/stable/updates/main/binary-all/apache-doc_1.3.9-14.1_all.deb
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-common_1.3.9-14.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-dev_1.3.9-14.1_alpha.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache_1.3.9-14.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-common_1.3.9-14.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-dev_1.3.9-14.1_arm.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache_1.3.9-14.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-common_1.3.9-14.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-dev_1.3.9-14.1_i386.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache_1.3.9-14.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-common_1.3.9-14.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-dev_1.3.9-14.1_m68k.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache_1.3.9-14.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-common_1.3.9-14.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-dev_1.3.9-14.1_powerpc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache_1.3.9-14.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-common_1.3.9-14.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-dev_1.3.9-14.1_sparc.deb
\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache_1.3.9-14.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "132": "
\n

Debian Security Advisory

\n

DSA-132-1 apache-ssl -- remote DoS / exploit

\n
\n
Date Reported:
\n
19 Jun 2002
\n
Affected Packages:
\n
\napache-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5033.
In Mitre's CVE dictionary: CVE-2002-0392.
CERT's vulnerabilities, advisories and incident notes: CA-2002-17, VU#944335.
\n
More information:
\n
\n

Mark Litchfield found a denial of service attack in the Apache\nweb-server. While investigating the problem the Apache Software\nFoundation discovered that the code for handling invalid requests which\nuse chunked encoding also might allow arbitrary code execution on 64 bit\narchitectures.

\n

This has been fixed in version 1.3.9.13-4.1 of the Debian apache-ssl\npackage and we recommend that you upgrade your apache-ssl package\nimmediately.

\n

An update for the soon to be released Debian GNU/Linux 3.0/woody\ndistribution is not available at the moment.

\n

More Information:\nCVE-2002-0392,\nVU#944335.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.1.diff.gz
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13-4.1.dsc
\n
http://security.debian.org/dists/stable/updates/main/source/apache-ssl_1.3.9.13.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/dists/stable/updates/main/binary-alpha/apache-ssl_1.3.9.13-4.1_alpha.deb
\n
ARM:\n
http://security.debian.org/dists/stable/updates/main/binary-arm/apache-ssl_1.3.9.13-4.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/dists/stable/updates/main/binary-i386/apache-ssl_1.3.9.13-4.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/dists/stable/updates/main/binary-m68k/apache-ssl_1.3.9.13-4.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/dists/stable/updates/main/binary-powerpc/apache-ssl_1.3.9.13-4.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/dists/stable/updates/main/binary-sparc/apache-ssl_1.3.9.13-4.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "133": "
\n

Debian Security Advisory

\n

DSA-133-1 apache-perl -- remote DoS / exploit

\n
\n
Date Reported:
\n
20 Jun 2002
\n
Affected Packages:
\n
\napache-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5033.
In Mitre's CVE dictionary: CVE-2002-0392.
CERT's vulnerabilities, advisories and incident notes: CA-2002-17, VU#944335.
\n
More information:
\n
\n

Mark Litchfield found a denial of service attack in the Apache\nweb-server. While investigating the problem the Apache Software\nFoundation discovered that the code for handling invalid requests which\nuse chunked encoding also might allow arbitrary code execution.

\n

This has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debian\napache-perl package and we recommend that you upgrade your apache-perl\npackage immediately.

\n

An update for the soon to be released Debian GNU/Linux 3.0/woody\ndistribution will be available soon.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.dsc
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_alpha.deb
\n
arm architecture (Arm)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_arm.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_i386.deb
\n
m68k architecture (Motorola Mc680x0)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_m68k.deb
\n
powerpc architecture (PowerPC)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_powerpc.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "134": "
\n

Debian Security Advisory

\n

DSA-134-4 ssh -- remote exploit

\n
\n
Date Reported:
\n
24 Jun 2002
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5093.
In Mitre's CVE dictionary: CVE-2002-0640, CVE-2002-0639.
CERT's vulnerabilities, advisories and incident notes: CA-2002-18, VU#369347.
\n
More information:
\n
\n

ISS X-Force released an advisory about an OpenSSH \"Remote Challenge\nVulnerability\". Unfortunately, the advisory was incorrect on some\npoints, leading to widespread confusion about the impact of this\nvulnerability. No version of OpenSSH in Debian is affected by the\nSKEY and BSD_AUTH authentication methods described in the ISS\nadvisory. However, Debian does include OpenSSH servers with the PAM\nfeature described as vulnerable in the later advisory by the OpenSSH\nteam. (This vulnerable feature is authentication using PAM via the\nkeyboard-interactive mechanism [kbdint].) This vulnerability affects\nOpenSSH versions 2.3.1 through 3.3. No exploit is currently known for\nthe PAM/kbdint vulnerability, but the details are publicly known. All\nof these vulnerabilities were corrected in OpenSSH 3.4.

\n

In addition to the vulnerabilities fixes outlined above, our OpenSSH\npackages version 3.3 and higher support the new privilege separation\nfeature from Niels Provos, which changes ssh to use a separate\nnon-privileged process to handle most of the work. Vulnerabilities in\nthe unprivileged parts of OpenSSH will lead to compromise of an\nunprivileged account restricted to an empty chroot, rather than a\ndirect root compromise. Privilege separation should help to mitigate\nthe risks of any future OpenSSH compromise.

\n

Debian 2.2 (potato) shipped with an ssh package based on OpenSSH\n1.2.3, and is not vulnerable to the vulnerabilities covered by this\nadvisory. Users still running a version 1.2.3 ssh package do not have\nan immediate need to upgrade to OpenSSH 3.4. Users who upgraded to the\nOpenSSH version 3.3 packages released in previous iterations of\nDSA-134 should upgrade to the new version 3.4 OpenSSH packages, as the\nversion 3.3 packages are vulnerable. We suggest that users running\nOpenSSH 1.2.3 consider a move to OpenSSH 3.4 to take advantage of the\nprivilege separation feature. (Though, again, we have no specific\nknowledge of any vulnerability in OpenSSH 1.2.3. Please carefully read\nthe caveats listed below before upgrading from OpenSSH 1.2.3.) We\nrecommend that any users running a back-ported version of OpenSSH\nversion 2.0 or higher on potato move to OpenSSH 3.4.

\n

The current pre-release version of Debian (woody) includes an OpenSSH\nversion 3.0.2p1 package (ssh), which is vulnerable to the PAM/kbdint\nproblem described above. We recommend that users upgrade to OpenSSH\n3.4 and enable privilege separation. Please carefully read the release\nnotes below before upgrading. Updated packages for ssh-krb5 (an\nOpenSSH package supporting kerberos authentication) are currently\nbeing developed. Users who cannot currently upgrade their OpenSSH\npackages may work around the known vulnerabilities by disabling the\nvulnerable features: make sure the following lines are uncommented and\npresent in /etc/ssh/sshd_config and restart ssh

\n
\n  PAMAuthenticationViaKbdInt no\n  ChallengeResponseAuthentication no\n
\n

There should be no other PAMAuthenticationViaKbdInt or\nChallengeResponseAuthentication entries in sshd_config.

\n

That concludes the vulnerability section of this advisory. What\nfollows are release notes related to the OpenSSH 3.4 package and the\nprivilege separation feature. URLs for the OpenSSH 3.4 packages are at\nthe bottom.

\n

Some notes on possible issues associated with this upgrade:

\n
    \n
  • This package introduces a new account called `sshd' that is used in\n the privilege separation code. If no sshd account exists the package\n will try to create one. If the account already exists it will be\n re-used. If you do not want this to happen you will have to fix this\n manually.
    • \n
  • (relevant for potato only) This update adds a back-port of version\n 0.9.6c of the SSL library. This means you will have to upgrade the\n libssl0.9.6 package as well.
    • \n
  • (relevant for potato only) This update uses version 2 of the SSH\n protocol by default (even if configured to support version 1 of the\n SSH protocol). This can break existing setups where RSA\n authentication is used. You will either have to\n
      \n
    • add -1 to the ssh invocation to keep using SSH protocol 1 and\n your existing keys, or\n
    • change the Protocol line in /etc/ssh/ssh_config\n and/or\n /etc/ssh/sshd_config to \"Protocol 1,2\"\n to try protocol 1\n before protocol 2, or\n
    • create new rsa or dsa keys for SSH protocol 2\n
    \n
    • \n
  • sshd defaults to enabling privilege separation, even if you do not\n explicitly enable it in /etc/ssh/sshd_config.
    • \n
  • ssh fall-back to rsh is no longer available.
    • \n
  • (relevant for potato only) Privilege separation does not currently\n work with Linux 2.0 kernels.
    • \n
  • Privilege separation does not currently work with PAM authentication\n via the KeyboardInteractive mechanism.
    • \n
  • Privilege separation causes some PAM modules which expect to run\n with root privileges to fail.
    • \n
  • If for some reason you cannot use privilege separation at this time due\n to one of the issues described above, you can disable it by adding\n \"UsePrivilegeSeparation no\" to your\n /etc/ssh/sshd_config file.
    • \n
\n

Some issues from previous OpenSSH 3.3p1 packages corrected in this\nadvisory (not a complete changelog):

\n
    \n
  • (relevant for potato only) the installation question, \"do you want\n to allow protocol 2 only\" no longer defaults to \"yes\" for potato\n packages. Users who\n answered yes to this question and also chose to regenerate their\n sshd_config file found that they could no longer connect to their\n server via protocol 1. See /usr/doc/ssh/README.Debian for\n instructions on how to enable protocol 1 if caught in this situation.\n Since the default in the potato packages is now \"no\", this should not be\n an issue for people upgrading from version 1.2.3 in the future.\n
    • \n
  • (relevant for potato only) the ssh package no longer conflicts with\n rsh-server, nor does it provide an rsh alternative
    • \n
  • installation will no longer fail if users choose to generate\n protocol 1 keys
    • \n
\n

Again, we regret having to release packages with larger changes and\nless testing than is our usual practice; given the potential severity\nand non-specific nature of the original threat we decided that our users were\nbest served by having packages available for evaluation as quickly as\npossible. We will send additional information as it comes to us, and\nwill continue to work on the outstanding issues.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0potato1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.1_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_arm.deb
\n
i386 (Intel IA32):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_i386.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0potato1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0potato1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-0.0woody1.diff.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_hppa.deb
\n
i386 (Intel IA32):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_i386.deb
\n
ia64 (Intel IA64):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_m68k.deb
\n
mips (SGI MIPS):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mips.deb
\n
mipsel (SGI MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-0.0woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-0.0woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n(DSA-134-2)\n(DSA-134-3)\n(DSA-134-4)\n

\n\n
\n
", "135": "
\n

Debian Security Advisory

\n

DSA-135-1 libapache-mod-ssl -- buffer overflow / DoS

\n
\n
Date Reported:
\n
02 Jul 2002
\n
Affected Packages:
\n
\nlibapache-mod-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5084.
In Mitre's CVE dictionary: CVE-2002-0653.
\n
More information:
\n
\n

The libapache-mod-ssl package provides SSL capability to the apache\nwebserver.\nRecently, a problem has been found in the handling of .htaccess files,\nallowing arbitrary code execution as the web server user (regardless of\nExecCGI / suexec settings), DoS attacks (killing off apache children), and\nallowing someone to take control of apache child processes - all through\nspecially crafted .htaccess files.

\n

This has been fixed in the libapache-mod-ssl_2.4.10-1.3.9-1potato2 package\n(for potato), and the libapache-mod-ssl_2.8.9-2 package (for woody).\nWe recommend you upgrade as soon as possible.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.dsc
\n MD5 checksum:\t5b2cb207ba8214f52ffbc28836dd8dc4\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2.diff.gz
\n MD5 checksum:\t29eef2b3307f00d92eb425ac669dabec\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
\n MD5 checksum:\tcb0f2e07065438396f0d5df403dd2c16\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato2_all.deb
\n MD5 checksum:\tebd8154f614e646b3a12980c8db606b6\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_alpha.deb
\n MD5 checksum:\ta3d73598e692b9c0bb945a52a00a363c\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_arm.deb
\n MD5 checksum:\t11e1085504430cacadd0255a0743b80a\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_i386.deb
\n MD5 checksum:\ta1fd7d6a7ef3506ee0f94e56735d3d08\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_powerpc.deb
\n MD5 checksum:\t0f01742c2a77f2728baea4e1e9ad7ff0\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato2_sparc.deb
\n MD5 checksum:\t4982a209adc93acbf50a650a3569d217\n

Debian GNU/Linux 3.0 (woody)

\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.dsc
\n MD5 checksum:\t7cce5c97bd3cf35c8782d54a25138165\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.diff.gz
\n MD5 checksum:\tfc9f20e6d3bece6f0d3bad067c61d56a\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2_all.deb
\n MD5 checksum:\t541257e99c523141625f5fc43fb3dec4\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_alpha.deb
\n MD5 checksum:\t712e406d8be713047f3e46bbf58269a5\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_arm.deb
\n MD5 checksum:\t8ce3d4d45f45423a6c6b7d795c319d33\n
i386 (intel ia32):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_i386.deb
\n MD5 checksum:\t06733dc49c228230e5713f34eae7f8b0\n m68k architecture\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_m68k.deb
\n MD5 checksum: e5a8518aac6d08bb5e9cc50195d336e3\n mips architecture\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mips.deb
\n MD5 checksum:\tdde883d6ee72f3b29fc324d9cb497670\n mipsel architecture\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_mipsel.deb
\n MD5 checksum:\ta80756857248358c7973a5b0fb9372e2\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_powerpc.deb
\n MD5 checksum:\t715876a54ddddf1e17e4c2ec9d2f5eea\n
s390 (S390):\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2_s390.deb
\n MD5 checksum:\t1a31f564ceba0ca82d9892d023caffd0\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "136": "
\n

Debian Security Advisory

\n

DSA-136-1 openssl -- multiple remote exploits

\n
\n
Date Reported:
\n
30 Jul 2002
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5362, BugTraq ID 5363, BugTraq ID 5366, BugTraq ID 5353, BugTraq ID 5364, BugTraq ID 5361.
In Mitre's CVE dictionary: CVE-2002-0655, CVE-2002-0656, CVE-2002-0657, CVE-2002-0659.
CERT's vulnerabilities, advisories and incident notes: CA-2002-23, CA-2002-27.
\n
More information:
\n
\n

The OpenSSL development team has announced that a security audit by A.L.\nDigital Ltd and The Bunker, under the DARPA CHATS program, has revealed\nremotely exploitable buffer overflow conditions in the OpenSSL code.\nAdditionally, the ASN1 parser in OpenSSL has a potential DoS attack\nindependently discovered by Adi Stav and James Yonan.

\n

CAN-2002-0655 references overflows in buffers used to hold ASCII\nrepresentations of integers on 64 bit platforms. CAN-2002-0656\nreferences buffer overflows in the SSL2 server implementation (by\nsending an invalid key to the server) and the SSL3 client implementation\n(by sending a large session id to the client). The SSL2 issue was also\nnoticed by Neohapsis, who have privately demonstrated exploit code for\nthis issue. CAN-2002-0659 references the ASN1 parser DoS issue.

\n

These vulnerabilities have been addressed for Debian 3.0 (woody) in\nopenssl094_0.9.4-6.woody.2, openssl095_0.9.5a-6.woody.1 and\nopenssl_0.9.6c-2.woody.1.

\n

These vulnerabilities are also present in Debian 2.2 (potato). Fixed\npackages are available in openssl094_0.9.4-6.potato.2 and\nopenssl_0.9.6c-0.potato.4.

\n

A worm is actively exploiting this issue on internet-attached hosts;\nwe recommend you upgrade your OpenSSL as soon as possible. Note that you\nmust restart any daemons using SSL. (E.g., ssh or ssl-enabled apache.)\nIf you are uncertain which programs are using SSL you may choose to\nreboot to ensure that all running daemons are using the new libraries.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.potato.2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.potato.2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.potato.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.4_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_alpha.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_ia64.deb
\n
Motorola 680x0\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.0_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.0_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "137": "
\n

Debian Security Advisory

\n

DSA-137-1 mm -- insecure temporary files

\n
\n
Date Reported:
\n
30 Jul 2002
\n
Affected Packages:
\n
\nmm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5352.
In Mitre's CVE dictionary: CVE-2002-0658.
\n
More information:
\n
\n

Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary\nfile vulnerability in the mm shared memory library. This problem can\nbe exploited to gain root access to a machine running Apache which is\nlinked against this library, if shell access to the user \u201cwww-data\u201d\nis already available (which could easily be triggered through PHP).

\n

This problem has been fixed in the upstream version 1.2.0 of mm, which\nwill be uploaded to the unstable Debian distribution while this\nadvisory is released. Fixed packages for potato (Debian 2.2) and\nwoody (Debian 3.0) are linked below.

\n

We recommend that you upgrade your libmm packages immediately and\nrestart your Apache server.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_arm.deb
\n
Intel ia32:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_i386.deb
\n
Intel ia64:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_powerpc.deb
\n
IBM S/390 architecture:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "138": "
\n

Debian Security Advisory

\n

DSA-138-1 gallery -- remote exploit

\n
\n
Date Reported:
\n
01 Aug 2002
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5375.
In Mitre's CVE dictionary: CVE-2002-1412.
\n
More information:
\n
\n

A problem was found in gallery (a web-based photo album toolkit): it\nwas possible to pass in the GALLERY_BASEDIR variable remotely. This\nmade it possible to execute commands under the uid of web-server.

\n

This has been fixed in version 1.2.5-7 of the Debian package and upstream\nversion 1.3.1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-7.woody.0_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "139": "
\n

Debian Security Advisory

\n

DSA-139-1 super -- format string vulnerability

\n
\n
Date Reported:
\n
01 Aug 2002
\n
Affected Packages:
\n
\nsuper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5367.
In Mitre's CVE dictionary: CVE-2002-0817.
\n
More information:
\n
\n

GOBBLES found an insecure use of format strings in the super package.\nThe included program super is intended to provide access to certain\nsystem users for particular users and programs, similar to the program\nsudo. Exploiting this format string vulnerability a local user can\ngain unauthorized root access.

\n

This problem has been fixed in version 3.12.2-2.1 for the old stable\ndistribution (potato), in version 3.16.1-1.1 for the current stable\ndistribution (woody) and in version 3.18.0-3 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your super package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1.dsc
\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_arm.deb
\n
Intel ia32:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/super/super_3.12.2-2.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1.dsc
\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_alpha.deb
\n
Intel ia32:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_i386.deb
\n
Intel ia64:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_mipsel.deb
\n
IBM S/390 architecture:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_s390.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "140": "
\n

Debian Security Advisory

\n

DSA-140-2 libpng -- buffer overflow

\n
\n
Date Reported:
\n
05 Aug 2002
\n
Affected Packages:
\n
\nlibpng, libpng3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0660, CVE-2002-0728.
\n
More information:
\n
\n

Developers of the PNG library have fixed a buffer overflow in the\nprogressive reader when the PNG datastream contains more IDAT data\nthan indicated by the IHDR chunk. Such deliberately malformed\ndatastreams would crash applications which could potentially allow an\nattacker to execute malicious code. Programs such as Galeon,\nKonqueror and various others make use of these libraries.

\n

In addition to that, the packages below fix another\npotential buffer overflow. The PNG libraries implement a safety\nmargin which is also included in a newer upstream release. Thanks to\nGlenn Randers-Pehrson for informing us.

\n

To find out which packages depend on this library, you may want to\nexecute the following commands:

\n
\n    apt-cache showpkg libpng2\n    apt-cache showpkg libpng3\n
\n

This problem has been fixed in version 1.0.12-3.woody.2 of libpng and\nversion 1.2.1-1.1.woody.2 of libpng3 for the current stable\ndistribution (woody) and in version 1.0.12-4 of libpng and version\n1.2.1-2 of libpng3 for the unstable distribution (sid).\nThe potato release of Debian does not seem to be vulnerable.

\n

We recommend that you upgrade your libpng packages immediately and\nrestart programs and daemons that link to these libraries and read\nexternal data, such as web browsers.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "141": "
\n

Debian Security Advisory

\n

DSA-141-1 mpack -- buffer overflow

\n
\n
Date Reported:
\n
01 Aug 2002
\n
Affected Packages:
\n
\nmpack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5385.
In Mitre's CVE dictionary: CVE-2002-1425.
\n
More information:
\n
\n

Eckehard Berns discovered a buffer overflow in the munpack program\nwhich is used for decoding (respectively) binary files in MIME\n(Multipurpose Internet Mail Extensions) format mail messages. If\nmunpack is run on an appropriately malformed email (or news article)\nthen it will crash, and perhaps can be made to run arbitrary code.

\n

Herbert Xu reported a second vulnerability which affected malformed\nfilenames that refer to files in upper directories like \"../a\". The\nsecurity impact is limited, though, because only a single leading\n\"../\" was accepted and only new files can be created (i.e. no files\nwill be overwritten).

\n

Both problems have been fixed in version 1.5-5potato2 for the old\nstable distribution (potato), in version 1.5-7woody2 for the current\nstable distribution (woody) and in version 1.5-9 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your mpack package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.dsc
\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-5potato2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2.dsc
\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mpack/mpack_1.5-7woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "142": "
\n

Debian Security Advisory

\n

DSA-142-1 openafs -- integer overflow

\n
\n
Date Reported:
\n
05 Aug 2002
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5356.
In Mitre's CVE dictionary: CVE-2002-0391.
CERT's vulnerabilities, advisories and incident notes: VU#192995.
\n
More information:
\n
\n

An integer overflow bug has been discovered in the RPC library used by\nthe OpenAFS database server, which is derived from the SunRPC library.\nThis bug could be exploited to crash certain OpenAFS servers\n(volserver, vlserver, ptserver, buserver) or to obtain unauthorized\nroot access to a host running one of these processes. No exploits are\nknown to exist yet.

\n

This problem has been fixed in version 1.2.3final2-6 for the current\nstable distribution (woody) and in version 1.2.6-1 for the unstable\ndistribution (sid). Debian 2.2 (potato) is not affected since it\ndoesn't contain OpenAFS packages.

\n

OpenAFS is only available for the architectures alpha, i386, powerpc,\ns390, sparc. Hence, we only provide fixed packages for these\narchitectures.

\n

We recommend that you upgrade your openafs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.2.3final2-6.dsc
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.2.3final2-6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.2.3final2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.2.3final2-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.2.3final2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.2.3final2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.2.3final2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.2.3final2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.2.3final2-6_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.2.3final2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.2.3final2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.2.3final2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.2.3final2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.2.3final2-6_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.2.3final2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.2.3final2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.2.3final2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.2.3final2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.2.3final2-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.2.3final2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.2.3final2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.2.3final2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.2.3final2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.2.3final2-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.2.3final2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.2.3final2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.2.3final2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.2.3final2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.2.3final2-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "143": "
\n

Debian Security Advisory

\n

DSA-143-1 krb5 -- integer overflow

\n
\n
Date Reported:
\n
05 Aug 2002
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5356.
In Mitre's CVE dictionary: CVE-2002-0391.
CERT's vulnerabilities, advisories and incident notes: VU#192995.
\n
More information:
\n
\n

An integer overflow bug has been discovered in the RPC library used by\nthe Kerberos 5 administration system, which is derived from the SunRPC\nlibrary. This bug could be exploited to gain unauthorized root access\nto a KDC host. It is believed that the attacker needs to be able to\nauthenticate to the kadmin daemon for this attack to be successful.\nNo exploits are known to exist yet.

\n

This problem has been fixed in version 1.2.4-5woody1 for the current\nstable distribution (woody) and in version 1.2.5-2 for the unstable\ndistribution (sid). Debian 2.2 (potato) is not affected since it\ndoesn't contain krb5 packages.

\n

We recommend that you upgrade your kerberos packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "144": "
\n

Debian Security Advisory

\n

DSA-144-1 wwwoffle -- improper input handling

\n
\n
Date Reported:
\n
06 Aug 2002
\n
Affected Packages:
\n
\nwwwoffle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5260.
In Mitre's CVE dictionary: CVE-2002-0818.
\n
More information:
\n
\n

A problem with wwwoffle has been discovered. The web proxy didn't\nhandle input data with negative Content-Length settings properly which\ncauses the processing child to crash. It is at this time not obvious\nhow this can lead to an exploitable vulnerability; however, it's better\nto be safe than sorry, so here's an update.

\n

Additionally, in the woody version empty passwords will be treated as\nwrong when trying to authenticate. In the woody version we also\nreplaced CanonicaliseHost() with the latest routine from 2.7d, offered\nby upstream. This stops bad IPv6 format IP addresses in URLs from\ncausing problems (memory overwriting, potential exploits).

\n

This problem has been fixed in version 2.5c-10.4 for the old stable\ndistribution (potato), in version 2.7a-1.2 for the current stable\ndistribution (woody) and in version 2.7d-1 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your wwwoffle packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4.dsc
\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.5c-10.4_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2.dsc
\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wwwoffle/wwwoffle_2.7a-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "145": "
\n

Debian Security Advisory

\n

DSA-145-1 tinyproxy -- doubly freed memory

\n
\n
Date Reported:
\n
07 Aug 2002
\n
Affected Packages:
\n
\ntinyproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4731.
In Mitre's CVE dictionary: CVE-2002-0847.
\n
More information:
\n
\n

The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug\nin the handling of some invalid proxy requests. Under some\ncircumstances, an invalid request may result in allocated memory\nbeing freed twice. This can potentially result in the execution of\narbitrary code.

\n

This problem has been fixed in version 1.4.3-2woody2 for the current\nstable distribution (woody) and in version 1.4.3-3 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected by this problem.

\n

We recommend that you upgrade your tinyproxy package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tinyproxy/tinyproxy_1.4.3-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "146": "
\n

Debian Security Advisory

\n

DSA-146-2 dietlibc -- integer overflow

\n
\n
Date Reported:
\n
08 Aug 2002
\n
Affected Packages:
\n
\ndietlibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5356.
In Mitre's CVE dictionary: CVE-2002-0391.
CERT's vulnerabilities, advisories and incident notes: VU#192995.
\n
More information:
\n
\n

An integer overflow bug has been discovered in the RPC library used by\ndietlibc, a libc optimized for small size, which is derived from the\nSunRPC library. This bug could be exploited to gain unauthorized root\naccess to software linking to this code. The packages below also fix\ninteger overflows in the calloc, fread and fwrite code. They are also\nmore strict regarding hostile DNS packets that could lead to a\nvulnerability otherwise.

\n

These problems have been fixed in version 0.12-2.4 for the current\nstable distribution (woody) and in version 0.20-0cvs20020808 for the\nunstable distribution (sid). Debian 2.2 (potato) is not affected\nsince it doesn't contain dietlibc packages.

\n

We recommend that you upgrade your dietlibc packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12-2.4.dsc
\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-doc_0.12-2.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_i386.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "147": "
\n

Debian Security Advisory

\n

DSA-147-1 mailman -- cross-site scripting

\n
\n
Date Reported:
\n
08 Aug 2002
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4825, BugTraq ID 4826, BugTraq ID 5298.
In Mitre's CVE dictionary: CVE-2002-0388, CVE-2002-0855.
\n
More information:
\n
\n

A cross-site scripting vulnerability was discovered in mailman, a\nsoftware to manage electronic mailing lists. When a properly crafted\nURL is accessed with Internet Explorer (other browsers don't seem to\nbe affected), the resulting webpage is rendered similar to the real\none, but the javascript component is executed as well, which could be\nused by an attacker to get access to sensitive information. The new\nversion for Debian 2.2 also includes backports of security related\npatches from mailman 2.0.11.

\n

This problem has been fixed in version 2.0.11-1woody4 for the current\nstable distribution (woody), in version 1.1-10.1 for the old stable\ndistribution (potato) and in version 2.0.12-1 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your mailman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_1.1-10.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "148": "
\n

Debian Security Advisory

\n

DSA-148-1 hylafax -- buffer overflows and format string vulnerabilities

\n
\n
Date Reported:
\n
12 Aug 2002
\n
Affected Packages:
\n
\nhylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3357, BugTraq ID 5349, BugTraq ID 5348.
In Mitre's CVE dictionary: CVE-2002-1049, CVE-2002-1050, CVE-2001-1034.
\n
More information:
\n
\n

A set of problems have been discovered in Hylafax, a flexible\nclient/server fax software distributed with many GNU/Linux\ndistributions. Quoting SecurityFocus the problems are in detail:

\n
    \n
  • A format string vulnerability makes it possible for users to\n potentially execute arbitrary code on some implementations. Due to\n insufficient checking of input, it's possible to execute a format\n string attack. Since this only affects systems with the faxrm and\n faxalter programs installed setuid, Debian is not vulnerable.
    • \n
  • A buffer overflow has been reported in Hylafax. A malicious fax\n transmission may include a long scan line that will overflow a\n memory buffer, corrupting adjacent memory. An exploit may result\n in a denial of service condition, or possibly the execution of\n arbitrary code with root privileges.
    • \n
  • A format string vulnerability has been discovered in faxgetty.\n Incoming fax messages include a Transmitting Subscriber\n Identification (TSI) string, used to identify the sending fax\n machine. Hylafax uses this data as part of a format string without\n properly sanitizing the input. Malicious fax data may cause the\n server to crash, resulting in a denial of service condition.
    • \n
  • Marcin Dawcewicz discovered a format string vulnerability in hfaxd,\n which will crash hfaxd under certain circumstances. Since Debian\n doesn't have hfaxd installed setuid root, this problem cannot\n directly lead into a vulnerability. This has been fixed by Darren\n Nickerson, which was already present in newer versions, but not in\n the potato version.
    • \n
\n

These problems have been fixed in version 4.0.2-14.3 for the old\nstable distribution (potato), in version 4.1.1-1.1 for the current\nstable distribution (woody) and in version 4.1.2-2.1 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your hylafax packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2-14.3.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2-14.3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.0.2-14.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.0.2-14.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.0.2-14.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-1.1.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-1.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "149": "
\n

Debian Security Advisory

\n

DSA-149-1 glibc -- integer overflow

\n
\n
Date Reported:
\n
13 Aug 2002
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5356.
In Mitre's CVE dictionary: CVE-2002-0391.
CERT's vulnerabilities, advisories and incident notes: VU#192995.
\n
More information:
\n
\n

An integer overflow bug has been discovered in the RPC library used by\nGNU libc, which is derived from the SunRPC library. This bug could be\nexploited to gain unauthorized root access to software linking to this\ncode. The packages below also fix integer overflows in the malloc\ncode. They also contain a fix from Andreas Schwab to reduce\nlinebuflen in parallel to bumping up the buffer pointer in the NSS DNS\ncode.

\n

This problem has been fixed in version 2.1.3-23 for the old stable\ndistribution (potato), in version 2.2.5-11.1 for the current stable\ndistribution (woody) and in version 2.2.5-13 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your libc6 packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.1.3-24_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/i18ndata_2.1.3-24_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "150": "
\n

Debian Security Advisory

\n

DSA-150-1 interchange -- illegal file exposition

\n
\n
Date Reported:
\n
13 Aug 2002
\n
Affected Packages:
\n
\ninterchange\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5453.
In Mitre's CVE dictionary: CVE-2002-0874.
\n
More information:
\n
\n

A problem has been discovered in Interchange, an e-commerce and\ngeneral HTTP database display system, which can lead to an attacker\nbeing able to read any file to which the user of the Interchange\ndaemon has sufficient permissions, when Interchange runs in \"INET\nmode\" (internet domain socket). This is not the default setting in\nDebian packages, but configurable with Debconf and via configuration\nfile. We also believe that this bug cannot exploited on a regular\nDebian system.

\n

This problem has been fixed by the package maintainer in version\n4.8.3.20020306-1.woody.1 for the current stable distribution (woody)\nand in version 4.8.6-1 for the unstable distribution (sid). The old\nstable distribution (potato) is not affected, since it doesn't ship\nthe Interchange system.

\n

We recommend that you upgrade your interchange packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange-cat-foundation_4.8.3.20020306-1.woody.1_all.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange-ui_4.8.3.20020306-1.woody.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "151": "
\n

Debian Security Advisory

\n

DSA-151-1 xinetd -- pipe exposure

\n
\n
Date Reported:
\n
13 Aug 2002
\n
Affected Packages:
\n
\nxinetd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5458.
In Mitre's CVE dictionary: CVE-2002-0871.
\n
More information:
\n
\n

Solar Designer found a vulnerability in xinetd, a replacement for the\nBSD derived inetd. File descriptors for the signal pipe introduced in\nversion 2.3.4 are leaked into services started from xinetd. The\ndescriptors could be used to talk to xinetd resulting in crashing it\nentirely. This is usually called a denial of service.

\n

This problem has been fixed by the package maintainer in version\n2.3.4-1.2 for the current stable distribution (woody) and in version\n2.3.7-1 for the unstable distribution (sid). The old stable\ndistribution (potato) is not affected, since it doesn't contain the\nsignal pipe.

\n

We recommend that you upgrade your xinetd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2.dsc
\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xinetd/xinetd_2.3.4-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "152": "
\n

Debian Security Advisory

\n

DSA-152-1 l2tpd -- missing random seed

\n
\n
Date Reported:
\n
13 Aug 2002
\n
Affected Packages:
\n
\nl2tpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5451.
In Mitre's CVE dictionary: CVE-2002-0872, CVE-2002-0873.
\n
More information:
\n
\n

Current versions of l2tpd, a layer 2 tunneling client/server program,\nforgot to initialize the random generator which made it vulnerable\nsince all generated random number were 100% guessable. When dealing\nwith the size of the value in an attribute value pair, too many bytes\nwere able to be copied, which could lead into the vendor field being\noverwritten.

\n

These problems have been fixed in version 0.67-1.1 for the current\nstable distribution (woody) and in version 0.68-1 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the l2tpd package.

\n

We recommend that you upgrade your l2tpd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1.dsc
\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "153": "
\n

Debian Security Advisory

\n

DSA-153-1 mantis -- cross site code execution and privilege escalation

\n
\n
Date Reported:
\n
14 Aug 2002
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5565, BugTraq ID 5563, BugTraq ID 5509, BugTraq ID 5504, BugTraq ID 5514, BugTraq ID 5515, BugTraq ID 5510.
In Mitre's CVE dictionary: CVE-2002-1114, CVE-2002-1113, CVE-2002-1112, CVE-2002-1111, CVE-2002-1110.
\n
More information:
\n
\n

Joao Gouveia discovered an uninitialized variable which was insecurely\nused with file inclusions in the mantis package, a php based bug\ntracking system. The Debian Security Team found even more similar\nproblems. When these occasions are exploited, a remote user is able\nto execute arbitrary code under the webserver user id on the web\nserver hosting the mantis system.

\n

Jeroen Latour discovered that Mantis did not check all user input,\nespecially if they do not come directly from form fields. This opens\nup a wide variety of SQL poisoning vulnerabilities on systems without\nmagic_quotes_gpc enabled. Most of these vulnerabilities are only\nexploitable in a limited manner, since it is no longer possible to\nexecute multiple queries using one call to mysql_query(). There is\none query which can be tricked into changing an account's access\nlevel.

\n

Jeroen Latour also reported that it is possible to instruct Mantis to\nshow reporters only the bugs that they reported, by setting the\nlimit_reporters option to ON. However, when formatting the output\nsuitable for printing, the program did not check the limit_reporters\noption and thus allowed reporters to see the summaries of bugs they\ndid not report.

\n

Jeroen Latour discovered that the page responsible for displaying a\nlist of bugs in a particular project, did not check whether the user\nactually has access to the project, which is transmitted by a cookie\nvariable. It accidentally trusted the fact that only projects\naccessible to the user were listed in the drop-down menu. This\nprovides a malicious user with an opportunity to display the bugs of a\nprivate project selected.

\n

These problems have been fixed in version 0.17.1-2.2 for the current\nstable distribution (woody) and in version 0.17.4a-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the mantis package.

\n

Additional information:

\n\n

We recommend that you upgrade your mantis packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "154": "
\n

Debian Security Advisory

\n

DSA-154-1 fam -- privilege escalation

\n
\n
Date Reported:
\n
15 Aug 2002
\n
Affected Packages:
\n
\nfam\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5487.
In Mitre's CVE dictionary: CVE-2002-0875.
\n
More information:
\n
\n

A flaw\nwas discovered in FAM's group handling. In the effect users\nare unable to read FAM directories they have group read and execute\npermissions on. However, also unprivileged users can potentially\nlearn names of files that only users in root's group should be able to\nview.

\n

This problem been fixed in version 2.6.6.1-5.2 for the current stable\nstable distribution (woody) and in version 2.6.8-1 (or any later\nversion) for the unstable distribution (sid). The old stable\ndistribution (potato) is not affected, since it doesn't contain fam\npackages.

\n

We recommend that you upgrade your fam packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.dsc
\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "155": "
\n

Debian Security Advisory

\n

DSA-155-1 kdelibs -- privacy escalation with Konqueror

\n
\n
Date Reported:
\n
17 Aug 2002
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5410.
In Mitre's CVE dictionary: CVE-2002-0970.
\n
More information:
\n
\n

Due to a security engineering oversight, the SSL library from KDE,\nwhich Konqueror uses, doesn't check whether an intermediate\ncertificate for a connection is signed by the certificate authority as\nsafe for the purpose, but accepts it when it is signed. This makes it\npossible for anyone with a valid VeriSign SSL site certificate to\nforge any other VeriSign SSL site certificate, and abuse Konqueror\nusers.

\n

A local root exploit using artsd has been discovered which exploited\nan insecure use of a format string. The exploit wasn't working on a\nDebian system since artsd wasn't running setuid root. Neither artsd\nnor artswrapper need to be setuid root anymore since current computer\nsystems are fast enough to handle the audio data in time.

\n

These problems have been fixed in version 2.2.2-13.woody.2 for the\ncurrent stable distribution (woody). The old stable\ndistribution (potato) is not affected, since it doesn't contain KDE\npackages. The unstable distribution (sid) is not yet fixed, but new\npackages are expected in the future, the fixed version will be version\n2.2.2-14 or higher.

\n

We recommend that you upgrade your kdelibs and libarts packages and\nrestart Konqueror.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "156": "
\n

Debian Security Advisory

\n

DSA-156-1 epic4-script-light -- arbitrary script execution

\n
\n
Date Reported:
\n
22 Aug 2002
\n
Affected Packages:
\n
\nepic4-script-light\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5555.
In Mitre's CVE dictionary: CVE-2002-0984.
\n
More information:
\n
\n

All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7\nbranch) and prior to 2.8pre10 (on the 2.8 branch) running on any\nplatform are vulnerable to a remotely-exploitable bug, which can lead\nto nearly arbitrary code execution.

\n

This problem has been fixed in version 2.7.30p5-1.1 for the current\nstable distribution (woody) and in version 2.7.30p5-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the Light package.

\n

We recommend that you upgrade your epic4-script-light package and\nrestart your IRC client.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.dsc
\n
http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/epic4-script-light/epic4-script-light_2.7.30p5-1.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "157": "
\n

Debian Security Advisory

\n

DSA-157-1 irssi-text -- denial of service

\n
\n
Date Reported:
\n
23 Aug 2002
\n
Affected Packages:
\n
\nirssi-text\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5055.
In Mitre's CVE dictionary: CVE-2002-0983.
\n
More information:
\n
\n

The IRC client irssi is vulnerable to a denial of service condition.\nThe problem occurs when a user attempts to join a channel that has an\noverly long topic description. When a certain string is appended to\nthe topic, irssi will crash.

\n

This problem has been fixed in version 0.8.4-3.1 for the current\nstable distribution (woody) and in version 0.8.5-2 for the\nunstable distribution (sid). The old stable distribution (potato) is\nnot affected, since the corresponding portions of code are not\npresent. The same applies to irssi-gnome and irssi-gtk, which don't\nseem to be affected as well.

\n

We recommend that you upgrade your irssi-text package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1.dsc
\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/irssi-text/irssi-text_0.8.4-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "158": "
\n

Debian Security Advisory

\n

DSA-158-1 gaim -- arbitrary program execution

\n
\n
Date Reported:
\n
27 Aug 2002
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5574.
In Mitre's CVE dictionary: CVE-2002-0989.
\n
More information:
\n
\n

The developers of Gaim, an instant messenger client that combines\nseveral different networks, found a vulnerability in the hyperlink\nhandling code. The 'Manual' browser command passes an untrusted\nstring to the shell without escaping or reliable quoting, permitting\nan attacker to execute arbitrary commands on the users machine.\nUnfortunately, Gaim doesn't display the hyperlink before the user\nclicks on it. Users who use other inbuilt browser commands aren't\nvulnerable.

\n

This problem has been fixed in version 0.58-2.2 for the current\nstable distribution (woody) and in version 0.59.1-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't ship the Gaim program.

\n

The fixed version of Gaim no longer passes the user's manual browser\ncommand to the shell. Commands which contain the %s in quotes will\nneed to be amended, so they don't contain any quotes. The 'Manual'\nbrowser command can be edited in the 'General' pane of the\n'Preferences' dialog, which can be accessed by clicking 'Options' from\nthe login window, or 'Tools' and then 'Preferences' from the menu bar\nin the buddy list window.

\n

We recommend that you upgrade your gaim package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "159": "
\n

Debian Security Advisory

\n

DSA-159-1 python -- insecure temporary files

\n
\n
Date Reported:
\n
28 Aug 2002
\n
Affected Packages:
\n
\npython\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5581.
In Mitre's CVE dictionary: CVE-2002-1119.
\n
More information:
\n
\n

Zack Weinberg discovered an insecure use of a temporary file in\nos._execvpe from os.py. It uses a predictable name which could lead\nexecution of arbitrary code.

\n

This problem has been fixed in several versions of Python: For the\ncurrent stable distribution (woody) it has been fixed in version\n1.5.2-23.1 of Python 1.5, in version 2.1.3-3.1 of Python 2.1 and in\nversion 2.2.1-4.1 of Python 2.2. For the old stable distribution\n(potato) this has been fixed in version 1.5.2-10potato12 for Python\n1.5. For the unstable distribution (sid) this has been fixed in\nversion 1.5.2-24 of Python 1.5, in version 2.1.3-6a of Python 2.1 and\nin version 2.2.1-8 of Python 2.2. Python 2.3 is not affected by this\nproblem.

\n

We recommend that you upgrade your Python packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato13.dsc
\n
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato13.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python/python_1.5.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python/idle_1.5.2-10potato13_all.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-elisp_1.5.2-10potato13_all.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-examples_1.5.2-10potato13_all.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-regrtest_1.5.2-10potato13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-dev_1.5.2-10potato13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-gdbm_1.5.2-10potato13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-mpz_1.5.2-10potato13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-tk_1.5.2-10potato13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python/python-zlib_1.5.2-10potato13_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2.dsc
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python1.5/idle-python1.5_1.5.2-23.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-examples_1.5.2-23.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/idle-python2.1_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/idle_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-dev_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-doc_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-elisp_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-examples_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-gdbm_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-mpz_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-tk_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-xmlbase_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-doc_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-elisp_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-examples_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python_2.1.3-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-dev_1.5.2-23.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-gdbm_1.5.2-23.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-mpz_1.5.2-23.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python1.5/python1.5-tk_1.5.2-23.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "160": "
\n

Debian Security Advisory

\n

DSA-160-1 scrollkeeper -- insecure temporary file creation

\n
\n
Date Reported:
\n
03 Sep 2002
\n
Affected Packages:
\n
\nscrollkeeper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5602.
In Mitre's CVE dictionary: CVE-2002-0662.
\n
More information:
\n
\n

Spybreak discovered a problem in scrollkeeper, a free electronic\ncataloging system for documentation. The scrollkeeper-get-cl program\ncreates temporary files in an insecure manner in /tmp using guessable\nfilenames. Since scrollkeeper is called automatically when a user\nlogs into a Gnome session, an attacker with local access can easily\ncreate and overwrite files as another user.

\n

This problem has been fixed in version 0.3.6-3.1 for the current\nstable distribution (woody) and in version 0.3.11-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the scrollkeeper package.

\n

We recommend that you upgrade your scrollkeeper packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1.dsc
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper-dev_0.3.6-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/libscrollkeeper0_0.3.6-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/scrollkeeper/scrollkeeper_0.3.6-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "161": "
\n

Debian Security Advisory

\n

DSA-161-1 mantis -- privilege escalation

\n
\n
Date Reported:
\n
04 Sep 2002
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1115, CVE-2002-1116.
\n
More information:
\n
\n

A problem with user privileges has been discovered in the Mantis\npackage, a PHP based bug tracking system. The Mantis system didn't\ncheck whether a user is permitted to view a bug, but displays it right\naway if the user entered a valid bug id.

\n

Another bug in Mantis caused the 'View Bugs' page to list bugs from\nboth public and private projects when no projects are accessible to\nthe current user.

\n

These problems have been fixed in version 0.17.1-2.5 for the current\nstable distribution (woody) and in version 0.17.5-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected, since it doesn't contain the mantis package.

\n

Additional information:

\n\n

We recommend that you upgrade your mantis packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.5.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-2.5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "162": "
\n

Debian Security Advisory

\n

DSA-162-1 ethereal -- buffer overflow

\n
\n
Date Reported:
\n
06 Sep 2002
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5573.
In Mitre's CVE dictionary: CVE-2002-0834.
\n
More information:
\n
\n

Ethereal developers discovered a buffer overflow in the ISIS protocol\ndissector. It may be possible to make Ethereal crash or hang by\ninjecting a purposefully malformed packet onto the wire, or by\nconvincing someone to read a malformed packet trace file. It may be\npossible to make Ethereal run arbitrary code by exploiting the buffer\nand pointer problems.

\n

This problem has been fixed in version 0.9.4-1woody2 for the current\nstable distribution (woody), in version 0.8.0-4potato.1 for\nthe old stable distribution (potato) and in version 0.9.6-1 for the\nunstable distribution (sid).

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.8.0-4potato.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "163": "
\n

Debian Security Advisory

\n

DSA-163-1 mhonarc -- cross site scripting

\n
\n
Date Reported:
\n
09 Sep 2002
\n
Affected Packages:
\n
\nmhonarc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4546.
In Mitre's CVE dictionary: CVE-2002-0738.
\n
More information:
\n
\n

Jason Molenda and Hiromitsu Takagi\nfound\nways to exploit cross site\nscripting bugs in mhonarc, a mail to HTML converter. When processing\nmaliciously crafted mails of type text/html mhonarc does not\ndeactivate all scripting parts properly. This is fixed in upstream\nversion 2.5.3.

\n

If you are worried about security, it is recommended that you disable\nsupport of text/html messages in your mail archives. There is no\nguarantee that the mhtxthtml.pl library is robust enough to eliminate\nall possible exploits that can occur with HTML data.

\n

To exclude HTML data, you can use the MIMEEXCS resource. For example:

\n
\n    <MIMEExcs>\n    text/html\n    text/x-html\n    </MIMEExcs>\n
\n

The type \"text/x-html\" is probably not used any more, but is good to\ninclude it, just-in-case.

\n

If you are concerned that this could block out the entire contents of\nsome messages, then you could do the following instead:

\n
\n    <MIMEFilters>\n    text/html; m2h_text_plain::filter; mhtxtplain.pl\n    text/x-html; m2h_text_plain::filter; mhtxtplain.pl\n    </MIMEFilters>\n
\n

This treats the HTML as text/plain.

\n

The above problems have been fixed in version 2.5.2-1.1 for the\ncurrent stable distribution (woody), in version 2.4.4-1.1 for\nthe old stable distribution (potato) and in version 2.5.11-1 for the\nunstable distribution (sid).

\n

We recommend that you upgrade your mhonarc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.1_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "164": "
\n

Debian Security Advisory

\n

DSA-164-1 cacti -- arbitrary code execution

\n
\n
Date Reported:
\n
10 Sep 2002
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1477, CVE-2002-1478.
\n
More information:
\n
\n

A problem in cacti, a PHP based frontend to rrdtool for monitoring\nsystems and services, has been discovered. This could lead into cacti\nexecuting arbitrary program code under the user id of the web server.\nThis problem, however, is only persistent to users who already have\nadministrator privileges in the cacti system.

\n

This problem has been fixed by removing any dollar signs and backticks\nfrom the title string in version 0.6.7-2.1 for the current stable\ndistribution (woody) and in version 0.6.8a-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain the cacti package.

\n

We recommend that you upgrade your cacti package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.1.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "165": "
\n

Debian Security Advisory

\n

DSA-165-1 postgresql -- buffer overflows

\n
\n
Date Reported:
\n
12 Sep 2002
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0972, CVE-2002-1398, CVE-2002-1400, CVE-2002-1401, CVE-2002-1402.
\n
More information:
\n
\n

Mordred Labs and others found several vulnerabilities in PostgreSQL,\nan object-relational SQL database. They are inherited from several\nbuffer overflows and integer overflows. Specially crafted long date\nand time input, currency, repeat data and long timezone names could\ncause the PostgreSQL server to crash as well as specially crafted\ninput data for lpad() and rpad(). More buffer/integer overflows were\nfound in circle_poly(), path_encode() and path_addr().

\n

Except for the last three, these problems are fixed in the upstream\nrelease 7.2.2 of PostgreSQL which is the recommended version to use.

\n

Most of these problems do not exist in the version of PostgreSQL that\nDebian ships in the potato release since the corresponding\nfunctionality is not yet implemented. However, PostgreSQL 6.5.3 is\nquite old and may bear more risks than we are aware of, which may\ninclude further buffer overflows, and certainly include bugs that\nthreaten the integrity of your data.

\n

You are strongly advised not to use this release but to upgrade your\nsystem to Debian 3.0 (stable) including PostgreSQL release 7.2.1\ninstead, where many bugs have been fixed and new features introduced\nto increase compatibility with the SQL standards.

\n

If you consider an upgrade, please make sure to dump the entire\ndatabase system using the pg_dumpall utility. Please take into\nconsideration that the newer PostgreSQL is more strict in its input\nhandling. This means that tests like \"foo = NULL\" which are not valid\nwon't be accepted anymore. It also means that when using UNICODE\nencoding, ISO 8859-1 and ISO 8859-15 are no longer valid encodings to\nuse when inserting data into the relation. In such a case you are\nadvised to convert the dump in question using\nrecode latin1..utf-16.

\n

These problems have been fixed in version 7.2.1-2woody2 for the\ncurrent stable distribution (woody) and in version 7.2.2-2 for the\nunstable distribution (sid). The old stable distribution (potato) is\npartially affected and we ship a fixed version 6.5.3-27.2 for it.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_6.5.3-27.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/ecpg_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-pl_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-test_6.5.3-27.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_6.5.3-27.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "166": "
\n

Debian Security Advisory

\n

DSA-166-1 purity -- buffer overflows

\n
\n
Date Reported:
\n
13 Sep 2002
\n
Affected Packages:
\n
\npurity\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1124.
\n
More information:
\n
\n

Two buffer overflows have been discovered in purity, a game for nerds\nand hackers, which is installed setgid games on a Debian system. This\nproblem could be exploited to gain unauthorized access to the group\ngames. A malicious user could alter the highscore of several games.

\n

This problem has been fixed in version 1-14.2 for the current stable\ndistribution (woody), in version 1-9.1 for the old stable distribution\n(potato) and in version 1-16 for the unstable distribution (sid).

\n

We recommend that you upgrade your purity packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1.dsc
\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/purity/purity_1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-9.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2.dsc
\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/purity/purity_1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/purity/purity_1-14.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "167": "
\n

Debian Security Advisory

\n

DSA-167-1 kdelibs -- cross site scripting

\n
\n
Date Reported:
\n
16 Sep 2002
\n
Affected Packages:
\n
\nKonquerer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1151.
\n
More information:
\n
\n

A cross site scripting problem has been discovered in Konqueror, a\nfamous browser for KDE and other programs using KHTML. The KDE team\nreports\nthat Konqueror's cross site scripting protection fails to\ninitialize the domains on sub-(i)frames correctly. As a result,\nJavaScript is able to access any foreign subframe which is defined in\nthe HTML source. Users of Konqueror and other KDE software that uses\nthe KHTML rendering engine may become victim of a cookie stealing and\nother cross site scripting attacks.

\n

This problem has been fixed in version 2.2.2-13.woody.3 for the\ncurrent stable distribution (woody) and in version 2.2.2-14 for the\nunstable distribution (sid). The old stable distribution (potato) is\nnot affected since it didn't ship KDE.

\n

We recommend that you upgrade your kdelibs package and restart\nKonqueror.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "168": "
\n

Debian Security Advisory

\n

DSA-168-1 php -- bypassing safe_mode, CRLF injection

\n
\n
Date Reported:
\n
18 Sep 2002
\n
Affected Packages:
\n
\nPHP3, PHP4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5681.
In Mitre's CVE dictionary: CVE-2002-0985, CVE-2002-0986, CVE-2002-1783.
\n
More information:
\n
\n

Wojciech Purczynski found out that it is possible for scripts to pass\narbitrary text to sendmail as commandline extension when sending a\nmail through PHP even when safe_mode is turned on. Passing 5th\nargument should be disabled if PHP is configured in safe_mode, which\nis the case for newer PHP versions and for the versions below. This\ndoes not affect PHP3, though.

\n

Wojciech Purczynski also found out that arbitrary ASCII control\ncharacters may be injected into string arguments of the mail() function.\nIf mail() arguments are taken from user's input it may give the user\nability to alter message content including mail headers.

\n

Ulf H\u00e4rnhammar discovered that file() and fopen() are vulnerable to\nCRLF injection. An attacker could use it to escape certain\nrestrictions and add arbitrary text to alleged HTTP requests that are\npassed through.

\n

However this only happens if something is passed to these functions\nwhich is neither a valid file name nor a valid url. Any string that\ncontains control chars cannot be a valid url. Before you pass a\nstring that should be a url to any function you must use urlencode()\nto encode it.

\n

Three problems have been identified in PHP:

\n
    \n
  1. The mail() function can allow arbitrary email headers to be\n specified if a recipient address or subject contains CR/LF\n characters.
    2. \n
  2. The mail() function does not properly disable the passing of\n arbitrary command-line options to sendmail when running in Safe\n Mode.
    3. \n
  3. The fopen() function, when retrieving a URL, can allow manipulation\n of the request for the resource through a URL containing CR/LF\n characters. For example, headers could be added to an HTTP\n request.
    4. \n
\n

These problems have been fixed in version 3.0.18-23.1woody1 for PHP3\nand 4.1.2-5 for PHP4 for the current stable distribution (woody), in\nversion 3.0.18-0potato1.2 for PHP3 and 4.0.3pl1-0potato4 for PHP4 in\nthe old stable distribution (potato) and in version 3.0.18-23.2 for\nPHP3 and 4.2.3-3 for PHP4 for the unstable distribution (sid).

\n

We recommend that you upgrade your PHP packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2.dsc
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php3/php3-doc_3.0.18-0potato1.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.0.3pl1-0potato4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-gd_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-imap_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-ldap_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mhash_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mysql_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-pgsql_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-snmp_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-xml_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.0.3pl1-0potato4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xml_4.0.3pl1-0potato4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-gd_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-imap_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-ldap_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mhash_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mysql_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-pgsql_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-snmp_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-xml_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.0.3pl1-0potato4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xml_4.0.3pl1-0potato4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-gd_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-imap_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-ldap_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mhash_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mysql_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-pgsql_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-snmp_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-xml_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.0.3pl1-0potato4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xml_4.0.3pl1-0potato4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-gd_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-imap_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-ldap_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mhash_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mysql_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-pgsql_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-snmp_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-xml_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.0.3pl1-0potato4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xml_4.0.3pl1-0potato4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-pgsql_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-pgsql_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-0potato1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-gd_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-imap_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-ldap_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mhash_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-mysql_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-pgsql_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-snmp_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi-xml_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.0.3pl1-0potato4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xml_4.0.3pl1-0potato4_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php3/php3-doc_3.0.18-23.1woody1_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.1.2-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "169": "
\n

Debian Security Advisory

\n

DSA-169-1 htcheck -- cross site scripting

\n
\n
Date Reported:
\n
25 Sep 2002
\n
Affected Packages:
\n
\nhtcheck\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1195.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar\ndiscovered a problem in ht://Check's PHP interface.\nThe PHP interface displays information unchecked which was gathered\nfrom crawled external web servers. This could lead into a cross site\nscripting attack if somebody has control over the server responses of\na remote web server which is crawled by ht://Check.

\n

This problem has been fixed in version 1.1-1.1 for the current stable\ndistribution (woody) and in version 1.1-1.2 for the unstable release\n(sid). The old stable release (potato) does not contain the htcheck\npackage.

\n

We recommend that you upgrade your htcheck package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1.dsc
\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck-php_1.1-1.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/htcheck/htcheck_1.1-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "170": "
\n

Debian Security Advisory

\n

DSA-170-1 tomcat4 -- source code disclosure

\n
\n
Date Reported:
\n
04 Oct 2002
\n
Affected Packages:
\n
\ntomcat4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5786.
In Mitre's CVE dictionary: CVE-2002-1148.
\n
More information:
\n
\n

A security vulnerability has been found in all Tomcat 4.x releases.\nThis problem allows an attacker to use a specially crafted URL to\nreturn the unprocessed source code of a JSP page, or, under special\ncircumstances, a static resource which would otherwise have been\nprotected by security constraints, without the need for being properly\nauthenticated.

\n

This problem has been fixed in version 4.0.3-3woody1 for the current\nstable distribution (woody) and in version 4.1.12-1 for the unstable\nrelease (sid). The old stable release (potato) does not contain\ntomcat packages. Also, packages for tomcat3 are not vulnerable to\nthis problem.

\n

We recommend that you upgrade your tomcat package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody1.dsc
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody1_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody1_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "171": "
\n

Debian Security Advisory

\n

DSA-171-1 fetchmail -- buffer overflows

\n
\n
Date Reported:
\n
07 Oct 2002
\n
Affected Packages:
\n
\nfetchmail, fetchmail-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5825, BugTraq ID 5826, BugTraq ID 5827.
In Mitre's CVE dictionary: CVE-2002-1175, CVE-2002-1174.
\n
More information:
\n
\n

Stefan Esser discovered several buffer overflows and a broken boundary\ncheck within fetchmail. If fetchmail is running in multidrop mode\nthese flaws can be used by remote attackers to crash it or to execute\narbitrary code under the user id of the user running fetchmail.\nDepending on the configuration this even allows a remote root\ncompromise.

\n

These problems have been fixed in version 5.9.11-6.1 for both\nfetchmail and fetchmail-ssl for the current stable distribution\n(woody), in version 5.3.3-4.2 for fetchmail for the old stable\ndistribution (potato) and in version 6.1.0-1 for both fetchmail and\nfetchmail-ssl for the unstable distribution (sid). There are no\nfetchmail-ssl packages for the old stable distribution (potato) and\nthus no updates.

\n

We recommend that you upgrade your fetchmail packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.1_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "172": "
\n

Debian Security Advisory

\n

DSA-172-1 tkmail -- insecure temporary files

\n
\n
Date Reported:
\n
08 Oct 2002
\n
Affected Packages:
\n
\ntkmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1193.
\n
More information:
\n
\n

It has been discovered that tkmail creates temporary files insecurely.\nExploiting this an attacker with local access can easily create and\noverwrite files as another user.

\n

This problem has been fixed in version 4.0beta9-8.1 for the current\nstable distribution (woody), in version 4.0beta9-4.1 for the old\nstable distribution (potato) and in version 4.0beta9-9 for the\nunstable distribution (sid).

\n

We recommend that you upgrade your tkmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1.dsc
\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-4.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1.dsc
\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tkmail/tkmail_4.0beta9-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "173": "
\n

Debian Security Advisory

\n

DSA-173-1 bugzilla -- privilege escalation

\n
\n
Date Reported:
\n
09 Oct 2002
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1196.
\n
More information:
\n
\n

The developers of Bugzilla, a web-based bug tracking system,\ndiscovered a problem in the handling of more than 47 groups. When a\nnew product is added to an installation with 47 groups or more and\n\"usebuggroups\" is enabled, the new group will be assigned a groupset\nbit using Perl math that is not exact beyond 248.\nThis results in\nthe new group being defined with a \"bit\" that has several bits set.\nAs users are given access to the new group, those users will also gain\naccess to spurious lower group privileges. Also, group bits were not\nalways reused when groups were deleted.

\n

This problem has been fixed in version 2.14.2-0woody2 for the current\nstable distribution (woody) and will soon be fixed in the unstable\ndistribution (sid). The old stable distribution (potato) doesn't\ncontain a bugzilla package.

\n

We recommend that you upgrade your bugzilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody2.dsc
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla-doc_2.14.2-0woody2_all.deb
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "174": "
\n

Debian Security Advisory

\n

DSA-174-1 heartbeat -- buffer overflow

\n
\n
Date Reported:
\n
14 Oct 2002
\n
Affected Packages:
\n
\nheartbeat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1215.
\n
More information:
\n
\n

Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem\nfor High-Availability Linux. A remote attacker could send a specially\ncrafted UDP packet that overflows a buffer, leaving heartbeat to\nexecute arbitrary code as root.

\n

This problem has been fixed in version 0.4.9.0l-7.2 for the current\nstable distribution (woody) and version 0.4.9.2-1 for the unstable\ndistribution (sid). The old stable distribution (potato) doesn't\ncontain a heartbeat package.

\n

We recommend that you upgrade your heartbeat package immediately if\nyou run internet connected servers that are heartbeat-monitored.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.dsc
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "175": "
\n

Debian Security Advisory

\n

DSA-175-1 syslog-ng -- buffer overflow

\n
\n
Date Reported:
\n
15 Oct 2002
\n
Affected Packages:
\n
\nsyslog-ng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5934.
In Mitre's CVE dictionary: CVE-2002-1200.
\n
More information:
\n
\n

Balazs Scheidler discovered a problem in the way syslog-ng handles macro\nexpansion. When a macro is expanded a static length buffer is used\naccompanied by a counter. However, when constant characters are\nappended, the counter is not updated properly, leading to incorrect\nboundary checking. An attacker may be able to use specially crafted\nlog messages inserted via UDP which overflows the buffer.

\n

This problem has been fixed in version 1.5.15-1.1 for the current\nstable distribution (woody), in version 1.4.0rc3-3.2 for the old\nstable distribution (potato) and version 1.5.21-1 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your syslog-ng package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2.dsc
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.4.0rc3-3.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1.dsc
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_1.5.15-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "176": "
\n

Debian Security Advisory

\n

DSA-176-1 gv -- buffer overflow

\n
\n
Date Reported:
\n
16 Oct 2002
\n
Affected Packages:
\n
\ngv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5808.
In Mitre's CVE dictionary: CVE-2002-0838.
\n
More information:
\n
\n

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. This problem is triggered by scanning the PostScript\nfile and can be exploited by an attacker sending a malformed\nPostScript or PDF file. The attacker is able to cause arbitrary code\nto be run with the privileges of the victim.

\n

This problem has been fixed in version 3.5.8-26.1 for the current\nstable distribution (woody), in version 3.5.8-17.1 for the old stable\ndistribution (potato) and version 3.5.8-27 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your gv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "177": "
\n

Debian Security Advisory

\n

DSA-177-1 pam -- serious security violation

\n
\n
Date Reported:
\n
17 Oct 2002
\n
Affected Packages:
\n
\npam\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1227.
\n
More information:
\n
\n

A serious security violation in PAM was discovered.\nDisabled passwords (i.e. those with '*' in the\npassword file) were classified as empty password and access to such\naccounts is granted through the regular login procedure (getty,\ntelnet, ssh). This works for all such accounts whose shell field in\nthe password file does not refer to /bin/false.\nOnly version 0.76 of PAM seems to be affected by this problem.

\n

This problem has been fixed in version 0.76-6 for the current unstable\ndistribution (sid). The stable distribution (woody), the old stable\ndistribution (potato) and the testing distribution (sarge) are not\naffected by this problem.

\n

As stated in the Debian security team FAQ, testing\nand unstable are rapidly moving targets and the security team does not\nhave the resources needed to properly support those. This security\nadvisory is an exception to that rule, due to the seriousness of the\nproblem.

\n

We recommend that you upgrade your PAM packages immediately if you are\nrunning Debian/unstable.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux unstable (sid)

\n
\n
Source:\n
http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76-6.dsc
\n
http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76-6.diff.gz
\n
http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76.orig.tar.gz
\n
Architecture-independent component:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-doc_0.76-6_all.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-runtime_0.76-6_all.deb
\n
Alpha:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_alpha.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_alpha.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_alpha.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_alpha.deb
\n
ARM:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_arm.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_arm.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_arm.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_arm.deb
\n
Intel IA-32:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_i386.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_i386.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_i386.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_i386.deb
\n
Intel IA-64:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_ia64.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_ia64.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_ia64.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_ia64.deb
\n
HP Precision:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_hppa.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_hppa.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_hppa.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_hppa.deb
\n
Motorola 680x0:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_m68k.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_m68k.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_m68k.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_m68k.deb
\n
Big endian MIPS:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_mips.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_mips.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_mips.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_mips.deb
\n
Little endian MIPS:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_mipsel.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_mipsel.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_mipsel.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_mipsel.deb
\n
PowerPC:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_powerpc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_powerpc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_powerpc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_powerpc.deb
\n
IBM S/390:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_s390.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_s390.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_s390.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_s390.deb
\n
Sun Sparc:\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_sparc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_sparc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_sparc.deb
\n
http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "178": "
\n

Debian Security Advisory

\n

DSA-178-1 heimdal -- remote command execution

\n
\n
Date Reported:
\n
17 Oct 2002
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1225, CVE-2002-1226.
CERT's vulnerabilities, advisories and incident notes: VU#875073, CA-2002-29.
\n
More information:
\n
\n

The SuSE Security Team has reviewed critical parts of the Heimdal\npackage such as the kadmind and kdc server. While doing so several\npotential buffer overflows and other bugs have been uncovered and\nfixed. Remote attackers can probably gain remote root access on\nsystems without fixes. Since these services usually run on\nauthentication servers these bugs are considered very serious.

\n

These problems have been fixed in version 0.4e-7.woody.4 for the\ncurrent stable distribution (woody), in version 0.2l-7.4 for the old\nstable distribution (potato) and version 0.4e-21 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your Heimdal packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l-7.4.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l-7.4.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.2l-7.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.4_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.4.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.4_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "179": "
\n

Debian Security Advisory

\n

DSA-179-1 gnome-gv -- buffer overflow

\n
\n
Date Reported:
\n
18 Oct 2002
\n
Affected Packages:
\n
\ngnome-gv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5808.
In Mitre's CVE dictionary: CVE-2002-0838.
\n
More information:
\n
\n

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in gnome-gv. This problem\nis triggered by scanning the PostScript file and can be exploited by\nan attacker sending a malformed PostScript or PDF file. The attacker\nis able to cause arbitrary code to be run with the privileges of the\nvictim.

\n

This problem has been fixed in version 1.1.96-3.1 for the current\nstable distribution (woody), in version 0.82-2.1 for the old stable\ndistribution (potato) and version 1.99.7-9 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your gnome-gv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_0.82-2.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnome-gv/gnome-gv_1.1.96-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "180": "
\n

Debian Security Advisory

\n

DSA-180-1 nis -- information leak

\n
\n
Date Reported:
\n
21 Oct 2002
\n
Affected Packages:
\n
\nnis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1232.
\n
More information:
\n
\n

Thorsten Kukuck discovered a problem in the ypserv program which is\npart of the Network Information Services (NIS). A memory leak in all\nversions of ypserv prior to 2.5 is remotely exploitable. When a\nmalicious user could request a non-existing map the server will leak\nparts of an old domainname and mapname.

\n

This problem has been fixed in version 3.9-6.1 for the current stable\ndistribution (woody), in version 3.8-2.1 for the old stable\ndistribution (potato) and in version 3.9-6.2 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your nis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.dsc
\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.dsc
\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "181": "
\n

Debian Security Advisory

\n

DSA-181-1 libapache-mod-ssl -- cross site scripting

\n
\n
Date Reported:
\n
22 Oct 2002
\n
Affected Packages:
\n
\nlibapache-mod-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6029.
In Mitre's CVE dictionary: CVE-2002-1157.
\n
More information:
\n
\n

Joe Orton discovered a cross site scripting problem in mod_ssl, an\nApache module that adds Strong cryptography (i.e. HTTPS support) to\nthe webserver. The module will return the server name unescaped in\nthe response to an HTTP request on an SSL port.

\n

Like the other recent Apache XSS bugs, this only affects servers using\na combination of \"UseCanonicalName off\" (default in the Debian package\nof Apache) and wildcard DNS. This is very unlikely to happen, though.\nApache 2.0/mod_ssl is not vulnerable since it already escapes this\nHTML.

\n

With this setting turned on, whenever Apache needs to construct a\nself-referencing URL (a URL that refers back to the server the\nresponse is coming from) it will use ServerName and Port to form a\n\"canonical\" name. With this setting off, Apache will use the\nhostname:port that the client supplied, when possible. This also\naffects SERVER_NAME and SERVER_PORT in CGI scripts.

\n

This problem has been fixed in version 2.8.9-2.1 for the current\nstable distribution (woody), in version 2.4.10-1.3.9-1potato4 for the\nold stable distribution (potato) and version 2.8.9-2.3 for the\nunstable distribution (sid).

\n

We recommend that you upgrade your libapache-mod-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.4.10-1.3.9-1potato4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.4.10-1.3.9-1potato4_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "182": "
\n

Debian Security Advisory

\n

DSA-182-1 kdegraphics -- buffer overflow

\n
\n
Date Reported:
\n
28 Oct 2002
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5808.
In Mitre's CVE dictionary: CVE-2002-0838.
\n
More information:
\n
\n

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF\nviewer for X11. The same code is present in kghostview which is part\nof the KDE-Graphics package. This problem is triggered by scanning\nthe PostScript file and can be exploited by an attacker sending a\nmalformed PostScript or PDF file. The attacker is able to cause\narbitrary code to be run with the privileges of the victim.

\n

This problem has been fixed in version 2.2.2-6.8 for the current\nstable distribution (woody) and in version 2.2.2-6.9 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since no KDE is included.

\n

We recommend that you upgrade your kghostview package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.8.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "183": "
\n

Debian Security Advisory

\n

DSA-183-1 krb5 -- buffer overflow

\n
\n
Date Reported:
\n
29 Oct 2002
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1235.
CERT's vulnerabilities, advisories and incident notes: CA-2002-29, VU#875073.
\n
More information:
\n
\n

Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow\nin the kadm_ser_wrap_in function in the Kerberos v4 administration\nserver. This kadmind bug has a working exploit code circulating,\nhence it is considered serious. The MIT krb5 implementation\nincludes support for version 4, including a complete v4 library,\nserver side support for krb4, and limited client support for v4.

\n

This problem has been fixed in version 1.2.4-5woody3 for the current\nstable distribution (woody) and in version 1.2.6-2 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since no krb5 packages are included.

\n

We recommend that you upgrade your krb5 packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "184": "
\n

Debian Security Advisory

\n

DSA-184-1 krb4 -- buffer overflow

\n
\n
Date Reported:
\n
30 Oct 2002
\n
Affected Packages:
\n
\nkrb4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1235.
CERT's vulnerabilities, advisories and incident notes: CA-2002-29, VU#875073.
\n
More information:
\n
\n

Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow\nin the kadm_ser_wrap_in function in the Kerberos v4 administration\nserver. This kadmind bug has a working exploit code circulating,\nhence it is considered serious.

\n

This problem has been fixed in version 1.1-8-2.2 for the current\nstable distribution (woody), in version 1.0-2.2 for the old stable\ndistribution (potato) and in version 1.1-11-8 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your krb4 packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.dsc
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_m68k.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.2.dsc
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-docs_1.1-8-2.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.1-8-2.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.1-8-2.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.1-8-2.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.1-8-2.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "185": "
\n

Debian Security Advisory

\n

DSA-185-1 heimdal -- buffer overflow

\n
\n
Date Reported:
\n
31 Oct 2002
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1235.
CERT's vulnerabilities, advisories and incident notes: CA-2002-29, VU#875073.
\n
More information:
\n
\n

A stack buffer overflow in the kadm_ser_wrap_in function in the\nKerberos v4 administration server was discovered, which is provided by\nHeimdal as well. A working exploit for this kadmind bug is already\ncirculating, hence it is considered serious. The broken library also\ncontains a vulnerability which could lead to another root exploit.

\n

These problems have been fixed in version 0.4e-7.woody.5 for the\ncurrent stable distribution (woody), in version 0.2l-7.6 for the old\nstable distribution (potato) and in version 0.4e-22 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your heimdal packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l-7.6.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l-7.6.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.2l.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.2l-7.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.2l-7.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.2l-7.6_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.5_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "186": "
\n

Debian Security Advisory

\n

DSA-186-1 log2mail -- buffer overflow

\n
\n
Date Reported:
\n
01 Nov 2002
\n
Affected Packages:
\n
\nlog2mail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1251.
\n
More information:
\n
\n

Enrico Zini discovered a buffer overflow in log2mail, a daemon for\nwatching logfiles and sending lines with matching patterns via mail.\nThe log2mail daemon is started upon system boot and runs as root. A\nspecially crafted (remote) log message could overflow a static buffer,\npotentially leaving log2mail to execute arbitrary code as root.

\n

This problem has been fixed in version 0.2.5.1 the current\nstable distribution (woody) and in version 0.2.6-1 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a log2mail package.

\n

We recommend that you upgrade your log2mail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.dsc
\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "187": "
\n

Debian Security Advisory

\n

DSA-187-1 apache -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Nov 2002
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5847, BugTraq ID 5884, BugTraq ID 5887, BugTraq ID 2182, BugTraq ID 5995.
In Mitre's CVE dictionary: CVE-2002-0839, CVE-2002-0840, CVE-2002-0843, CVE-2001-0131, CVE-2002-1233.
\n
More information:
\n
\n

According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several remotely exploitable vulnerabilities have been found\nin the Apache package, a commonly used webserver. These\nvulnerabilities could allow an attacker to enact a denial of service\nagainst a server or execute a cross scripting attack. The Common\nVulnerabilities and Exposures (CVE) project identified the following\nvulnerabilities:

\n
    \n
  1. CAN-2002-0839: A vulnerability exists on platforms using System V\n shared memory based scoreboards. This vulnerability allows an\n attacker to execute code under the Apache UID to exploit the Apache\n shared memory scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.
    2. \n
  2. CAN-2002-0840: Apache is susceptible to a cross site scripting\n vulnerability in the default 404 page of any web server hosted on a\n domain that allows wildcard DNS lookups.
    3. \n
  3. CAN-2002-0843: There were some possible overflows in the utility\n ApacheBench (ab) which could be exploited by a malicious server.
    4. \n
  4. CAN-2002-1233: A race condition in the htpasswd and htdigest\n program enables a malicious local user to read or even modify the\n contents of a password file or easily create and overwrite files as\n the user running the htpasswd (or htdigest respectively) program.
    5. \n
  5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\n others allows local users to overwrite arbitrary files via a\n symlink attack.\n

    This is the same vulnerability as CAN-2002-1233, which was fixed in\n potato already but got lost later and was never applied upstream.

    6. \n
  6. NO-CAN: Several buffer overflows have been found in the ApacheBench\n (ab) utility that could be exploited by a remote server returning\n very long strings.
    7. \n
\n

These problems have been fixed in version 1.3.26-0woody3 for the\ncurrent stable distribution (woody) and in 1.3.9-14.3 for the old\nstable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.

\n

We recommend that you upgrade your Apache package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9-14.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "188": "
\n

Debian Security Advisory

\n

DSA-188-1 apache-ssl -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Nov 2002
\n
Affected Packages:
\n
\napache-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5847, BugTraq ID 5884, BugTraq ID 5887, BugTraq ID 5995.
In Mitre's CVE dictionary: CVE-2002-0839, CVE-2002-0840, CVE-2002-0843, CVE-2001-0131, CVE-2002-1233.
\n
More information:
\n
\n

According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache\npackage, a commonly used webserver. Most of the code is shared\nbetween the Apache and Apache-SSL packages, so vulnerabilities are\nshared as well. These vulnerabilities could allow an attacker to\nenact a denial of service against a server or execute a cross\nscripting attack, or steal cookies from other web site users.\nVulnerabilities in the included legacy programs htdigest, htpasswd and\nApacheBench can be exploited when called via CGI. Additionally the\ninsecure temporary file creation in htdigest and htpasswd can also be\nexploited locally. The Common Vulnerabilities and Exposures (CVE)\nproject identified the following vulnerabilities:

\n
    \n
  1. CAN-2002-0839: A vulnerability exists on platforms using System V\n shared memory based scoreboards. This vulnerability allows an\n attacker to execute code under the Apache UID to exploit the Apache\n shared memory scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.
    2. \n
  2. CAN-2002-0840: Apache is susceptible to a cross site scripting\n vulnerability in the default 404 page of any web server hosted on a\n domain that allows wildcard DNS lookups.
    3. \n
  3. CAN-2002-0843: There were some possible overflows in the utility\n ApacheBench (ab) which could be exploited by a malicious server.
    4. \n
  4. CAN-2002-1233: A race condition in the htpasswd and htdigest\n program enables a malicious local user to read or even modify the\n contents of a password file or easily create and overwrite files as\n the user running the htpasswd (or htdigest respectively) program.\n (binaries not included in apache-ssl package though)
    5. \n
  5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\n others allows local users to overwrite arbitrary files via a\n symlink attack.\n

    This is the same vulnerability as CAN-2002-1233, which was fixed in\n potato already but got lost later and was never applied upstream.\n (binaries not included in apache-ssl package though)

    6. \n
  6. NO-CAN: Several buffer overflows have been found in the ApacheBench\n (ab) utility that could be exploited by a remote server returning\n very long strings.\n (binary not included in apache-ssl package though)
    7. \n
\n

These problems have been fixed in version 1.3.26.1+1.48-0woody3 for\nthe current stable distribution (woody) and in 1.3.9.13-4.2 for the\nold stable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.

\n

We recommend that you upgrade your Apache-SSL package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2.dsc
\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3.dsc
\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.26.1+1.48-0woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "189": "
\n

Debian Security Advisory

\n

DSA-189-1 luxman -- local root exploit

\n
\n
Date Reported:
\n
06 Nov 2002
\n
Affected Packages:
\n
\nluxman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1245.
\n
More information:
\n
\n

iDEFENSE reported about a vulnerability in LuxMan, a maze game for\nGNU/Linux, similar to the PacMan arcade game. When successfully\nexploited a local attacker gains read-write access to the memory,\nleading to a local root compromise in many ways, examples of which\ninclude scanning the file for fragments of the master password file\nand modifying kernel memory to re-map system calls.

\n

This problem has been fixed in version 0.41-17.1 for the current stable\ndistribution (woody) and in version 0.41-19 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a luxman package.

\n

We recommend that you upgrade your luxman package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.1.dsc
\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "190": "
\n

Debian Security Advisory

\n

DSA-190-1 wmaker -- buffer overflow

\n
\n
Date Reported:
\n
07 Nov 2002
\n
Affected Packages:
\n
\nwmaker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1277.
\n
More information:
\n
\n

Al Viro found a problem in the image handling code use in Window Maker,\na popular NEXTSTEP like window manager. When creating an image it would\nallocate a buffer by multiplying the image width and height, but did not\ncheck for an overflow. This makes it possible to overflow the buffer.\nThis could be exploited by using specially crafted image files (for\nexample when previewing themes).

\n

This problem has been fixed in version 0.80.0-4.1 for the current stable\ndistribution (woody). Packages for the mipsel architecture are not yet\navailable.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "191": "
\n

Debian Security Advisory

\n

DSA-191-1 squirrelmail -- cross site scripting

\n
\n
Date Reported:
\n
07 Nov 2002
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5949, BugTraq ID 5763.
In Mitre's CVE dictionary: CVE-2002-1131, CVE-2002-1132, CVE-2002-1276.
\n
More information:
\n
\n

Several cross site scripting vulnerabilities have been found in\nsquirrelmail, a feature-rich webmail package written in PHP4. The\nCommon Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities:

\n
    \n
  1. CAN-2002-1131: User input is not always sanitized so execution of\n arbitrary code on a client computer is possible. This can happen\n after following a malicious URL or by viewing a malicious\n addressbook entry.
    2. \n
  2. CAN-2002-1132: Another problem could make it possible for an\n attacker to gain sensitive information under some conditions.\n When a malformed argument is appended to a link, an error page\n will be generated which contains the absolute pathname of the\n script. However, this information is available through the\n Contents file of the distribution anyway.
    3. \n
\n

These problems have been fixed in version 1.2.6-1.1 for the current stable\ndistribution (woody) and in version 1.2.8-1.1 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a squirrelmail package.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.2.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "192": "
\n

Debian Security Advisory

\n

DSA-192-1 html2ps -- arbitrary code execution

\n
\n
Date Reported:
\n
08 Nov 2002
\n
Affected Packages:
\n
\nhtml2ps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6079.
In Mitre's CVE dictionary: CVE-2002-1275.
\n
More information:
\n
\n

The SuSE Security Team found a vulnerability in html2ps, an HTML to\nPostScript converter, that opened files based on unsanitized input\ninsecurely. This problem can be exploited when html2ps is installed\nas filter within lprng and the attacker has previously gained access\nto the lp account.

\n

These problems have been fixed in version 1.0b3-1.1 for the current\nstable distribution (woody), in version 1.0b1-8.1 for the old stable\ndistribution (potato) and in version 1.0b3-2 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your html2ps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2.dsc
\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2.dsc
\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "193": "
\n

Debian Security Advisory

\n

DSA-193-1 kdenetwork -- buffer overflow

\n
\n
Date Reported:
\n
11 Nov 2002
\n
Affected Packages:
\n
\nkdenetwork\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6157.
In Mitre's CVE dictionary: CVE-2002-1247.
\n
More information:
\n
\n

iDEFENSE reports a security vulnerability in the klisa package, that\nprovides a LAN information service similar to \"Network Neighbourhood\",\nwhich was discovered by Texonet. It is possible for a local attacker\nto exploit a buffer overflow condition in resLISa, a restricted\nversion of KLISa. The vulnerability exists in the parsing of the\nLOGNAME environment variable, an overly long value will overwrite the\ninstruction pointer thereby allowing an attacker to seize control of\nthe executable.

\n

This problem has been fixed in version 2.2.2-14.2 for the current stable\ndistribution (woody) and in version 2.2.2-14.3 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a kdenetwork package.

\n

We recommend that you upgrade your klisa package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "194": "
\n

Debian Security Advisory

\n

DSA-194-1 masqmail -- buffer overflows

\n
\n
Date Reported:
\n
12 Nov 2002
\n
Affected Packages:
\n
\nmasqmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1279.
\n
More information:
\n
\n

A set of buffer overflows have been discovered in masqmail, a mail\ntransport agent for hosts without permanent internet connection. In\naddition to this privileges were dropped only after reading a user\nsupplied configuration file. Together this could be exploited to gain\nunauthorized root access to the machine on which masqmail is\ninstalled.

\n

These problems have been fixed in version 0.1.16-2.1 for the current\nstable distribution (woody) and in version 0.2.15-1 for the unstable\ndistribution (sid). The old stable distribution (potato) is not\naffected since it doesn't contain a masqmail package.

\n

We recommend that you upgrade your masqmail package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1.dsc
\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "195": "
\n

Debian Security Advisory

\n

DSA-195-1 apache-perl -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Nov 2002
\n
Affected Packages:
\n
\napache-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5847, BugTraq ID 5884, BugTraq ID 5887, BugTraq ID 5995.
In Mitre's CVE dictionary: CVE-2002-0839, CVE-2002-0840, CVE-2002-0843, CVE-2001-0131, CVE-2002-1233.
\n
More information:
\n
\n

According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache server\npackage, a commonly used webserver. Most of the code is shared\nbetween the Apache and Apache-Perl packages, so vulnerabilities are\nshared as well.

\n

These vulnerabilities could allow an attacker to enact a denial of\nservice against a server or execute a cross site scripting attack, or\nsteal cookies from other web site users. The Common Vulnerabilities\nand Exposures (CVE) project identified the following vulnerabilities:

\n
    \n
  1. CAN-2002-0839: A vulnerability exists on platforms using System V\n shared memory based scoreboards. This vulnerability allows an\n attacker to execute code under the Apache UID to exploit the Apache\n shared memory scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.
    2. \n
  2. CAN-2002-0840: Apache is susceptible to a cross site scripting\n vulnerability in the default 404 page of any web server hosted on a\n domain that allows wildcard DNS lookups.
    3. \n
  3. CAN-2002-0843: There were some possible overflows in the utility\n ApacheBench (ab) which could be exploited by a malicious server.\n No such binary programs are distributed by the Apache-Perl package,\n though.
    4. \n
  4. CAN-2002-1233: A race condition in the htpasswd and htdigest\n program enables a malicious local user to read or even modify the\n contents of a password file or easily create and overwrite files as\n the user running the htpasswd (or htdigest respectively) program.\n No such binary programs are distributed by the Apache-Perl package,\n though.
    5. \n
  5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\n others allows local users to overwrite arbitrary files via a\n symlink attack. No such binary programs are distributed by the\n Apache-Perl package, though.
    6. \n
  6. NO-CAN: Several buffer overflows have been found in the ApacheBench\n (ab) utility that could be exploited by a remote server returning\n very long strings. No such binary programs are distributed by the\n Apache-Perl package, though.
    7. \n
\n

These problems have been fixed in version 1.3.26-1-1.26-0woody2 for\nthe current stable distribution (woody), in\n1.3.9-14.1-1.21.20000309-1.1 for the old stable distribution (potato)\nand in version 1.3.26-1.1-1.27-3-1 for the unstable distribution\n(sid).

\n

We recommend that you upgrade your Apache-Perl package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1.dsc
\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.9-14.1-1.21.20000309-1.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2.dsc
\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache-perl/apache-perl_1.3.26-1-1.26-0woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "196": "
\n

Debian Security Advisory

\n

DSA-196-1 bind -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Nov 2002
\n
Affected Packages:
\n
\nbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6159, BugTraq ID 6160, BugTraq ID 6161.
In Mitre's CVE dictionary: CVE-2002-0029, CVE-2002-1219, CVE-2002-1220, CVE-2002-1221.
CERT's vulnerabilities, advisories and incident notes: VU#581682, VU#844360, VU#852283, VU#229595, VU#542971, CA-2002-31.
\n
More information:
\n
\n

[Bind version 9, the bind9 package, is not affected by these problems.]

\n

ISS X-Force has discovered several serious vulnerabilities in the Berkeley\nInternet Name Domain Server (BIND). BIND is the most common implementation\nof the DNS (Domain Name Service) protocol, which is used on the vast\nmajority of DNS servers on the Internet. DNS is a vital Internet protocol\nthat maintains a database of easy-to-remember domain names (host names) and\ntheir corresponding numerical IP addresses.

\n

Circumstantial evidence suggests that the Internet Software Consortium\n(ISC), maintainers of BIND, was made aware of these issues in mid-October.\nDistributors of Open Source operating systems, including Debian, were\nnotified of these vulnerabilities via CERT about 12 hours before the release\nof the advisories on November 12th. This notification did not include any\ndetails that allowed us to identify the vulnerable code, much less prepare\ntimely fixes.

\n

Unfortunately ISS and the ISC released their security advisories with only\ndescriptions of the vulnerabilities, without any patches. Even though there\nwere no signs that these exploits are known to the black-hat community, and\nthere were no reports of active attacks, such attacks could have been\ndeveloped in the meantime - with no fixes available.

\n

We can all express our regret at the inability of the ironically named\nInternet Software Consortium to work with the Internet community in handling\nthis problem. Hopefully this will not become a model for dealing with\nsecurity issues in the future.

\n

The Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities:

\n
    \n
  1. CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier\n allows a remote attacker to execute arbitrary code via a certain DNS\n server response containing SIG resource records (RR). This buffer\n overflow can be exploited to obtain access to the victim host under the\n account the named process is running with, usually root.
    2. \n
  2. CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote\n attacker to cause a denial of service (termination due to assertion\n failure) via a request for a subdomain that does not exist, with an OPT\n resource record with a large UDP payload size.
    3. \n
  3. CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker\n to cause a denial of service (crash) via SIG RR elements with invalid\n expiry times, which are removed from the internal BIND database and later\n cause a null dereference.
    4. \n
\n

These problems have been fixed in version 8.3.3-2.0woody1 for the current\nstable distribution (woody), in version 8.2.3-0.potato.3 for the previous stable\ndistribution (potato) and in version 8.3.3-3 for the unstable distribution\n(sid). The fixed packages for unstable will enter the archive today.

\n

We recommend that you upgrade your bind package immediately, update to\nbind9, or switch to another DNS server implementation.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3.dsc
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind/task-dns-server_8.2.3-0.potato.3_all.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.2.3-0.potato.3_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_arm.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_i386.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.2.3-0.potato.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/dnsutils_8.2.3-0.potato.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.2.3-0.potato.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1.dsc
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.3.3-2.0woody1_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "197": "
\n

Debian Security Advisory

\n

DSA-197-1 courier -- buffer overflow

\n
\n
Date Reported:
\n
15 Nov 2002
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1311.
\n
More information:
\n
\n

A problem in the Courier sqwebmail package, a CGI program to grant\nauthenticated access to local mailboxes, has been discovered. The\nprogram did not drop permissions fast enough upon startup under\ncertain circumstances so a local shell user can execute the sqwebmail\nbinary and manage to read an arbitrary file on the local filesystem.

\n

This problem has been fixed in version 0.37.3-2.3 for the current\nstable distribution (woody) and in version 0.40.0-1 for the unstable\ndistribution (sid). The old stable distribution (potato) does not\ncontain Courier sqwebmail packages. courier-ssl packages\nare also not affected since they don't expose an sqwebmail package.

\n

We recommend that you upgrade your sqwebmail package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "198": "
\n

Debian Security Advisory

\n

DSA-198-1 nullmailer -- denial of service

\n
\n
Date Reported:
\n
18 Nov 2002
\n
Affected Packages:
\n
\nnullmailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6193.
In Mitre's CVE dictionary: CVE-2002-1313.
\n
More information:
\n
\n

A problem has been discovered in nullmailer, a simple relay-only mail\ntransport agent for hosts that relay mail to a fixed set of smart\nrelays. When a mail is to be delivered locally to a user that doesn't\nexist, nullmailer tries to deliver it, discovers a user unknown error\nand stops delivering. Unfortunately, it stops delivering entirely,\nnot only this mail. Hence, it's very easy to craft a denial of service.

\n

This problem has been fixed in version 1.00RC5-16.1woody2 for the\ncurrent stable distribution (woody) and in version 1.00RC5-17 for the\nunstable distribution (sid). The old stable distribution (potato)\ndoes not contain a nullmailer package.

\n

We recommend that you upgrade your nullmailer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_ia64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nullmailer/nullmailer_1.00RC5-16.1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "199": "
\n

Debian Security Advisory

\n

DSA-199-1 mhonarc -- cross site scripting

\n
\n
Date Reported:
\n
19 Nov 2002
\n
Affected Packages:
\n
\nmhonarc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6204.
In Mitre's CVE dictionary: CVE-2002-1307.
\n
More information:
\n
\n

Steven Christey discovered a cross site scripting vulnerability in\nmhonarc, a mail to HTML converter. Carefully crafted message headers\ncan introduce cross site scripting when mhonarc is configured to\ndisplay all headers lines on the web. However, it is often useful to\nrestrict the displayed header lines to To, From and Subject, in which\ncase the vulnerability cannot be exploited.

\n

This problem has been fixed in version 2.5.2-1.2 for the current\nstable distribution (woody), in version 2.4.4-1.2 for the old stable\ndistribution (potato) and in version 2.5.13-1 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your mhonarc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.2_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "200": "
\n

Debian Security Advisory

\n

DSA-200-1 samba -- remote exploit

\n
\n
Date Reported:
\n
22 Nov 2002
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1318.
\n
More information:
\n
\n

Steve Langasek found an exploitable bug in the password handling\ncode in samba: when converting from DOS code-page to little endian\nUCS2 unicode a buffer length was not checked and a buffer could\nbe overflowed. There is no known exploit for this, but an upgrade\nis strongly recommended.

\n

This problem has been fixed in version 2.2.3a-12 of the Debian\nsamba packages and upstream version 2.2.7.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_ia64.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "201": "
\n

Debian Security Advisory

\n

DSA-201-1 freeswan -- denial of service

\n
\n
Date Reported:
\n
02 Dec 2002
\n
Affected Packages:
\n
\nfreeswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0666.
CERT's vulnerabilities, advisories and incident notes: VU#459371.
\n
More information:
\n
\n

Bindview discovered a problem in several IPSEC implementations that do\nnot properly handle certain very short packets. IPSEC is a set of\nsecurity extensions to IP which provide authentication and encryption.\nFree/SWan in Debian is affected by this and is said to cause a kernel\npanic.

\n

This problem has been fixed in version 1.96-1.4 for the current stable\ndistribution (woody) and in version 1.99-1 for the unstable\ndistribution (sid). The old stable distribution (potato) does not\ncontain Free/SWan packages.

\n

We recommend that you upgrade your freeswan package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4.dsc
\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeswan/kernel-patch-freeswan_1.96-1.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeswan/freeswan_1.96-1.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "202": "
\n

Debian Security Advisory

\n

DSA-202-1 im -- insecure temporary files

\n
\n
Date Reported:
\n
03 Dec 2002
\n
Affected Packages:
\n
\nim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6307.
In Mitre's CVE dictionary: CVE-2002-1395.
\n
More information:
\n
\n

Tatsuya Kinoshita discovered that IM, which contains interface\ncommands and Perl libraries for E-mail and NetNews, creates temporary\nfiles insecurely.

\n
    \n
  • The impwagent program creates a temporary directory in an insecure\n manner in /tmp using predictable directory names without checking\n the return code of mkdir, so it's possible to seize a permission\n of the temporary directory by local access as another user.
    • \n
  • The immknmz program creates a temporary file in an insecure manner\n in /tmp using a predictable filename, so an attacker with local\n access can easily create and overwrite files as another user.
    • \n
\n

These problems have been fixed in version 141-18.1 for the current\nstable distribution (woody), in version 133-2.2 of the old stable\ndistribution (potato) and in version 141-20 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your IM package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/im/im_133-2.3.dsc
\n
http://security.debian.org/pool/updates/main/i/im/im_133-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/im/im_133.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/im/im_133-2.3_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/im/im_141-18.2.dsc
\n
http://security.debian.org/pool/updates/main/i/im/im_141-18.2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/im/im_141.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/im/im_141-18.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "203": "
\n

Debian Security Advisory

\n

DSA-203-1 smb2www -- arbitrary command execution

\n
\n
Date Reported:
\n
04 Dec 2002
\n
Affected Packages:
\n
\nsmb2www\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1342.
\n
More information:
\n
\n

Robert Luberda found a security problem in smb2www, a Windows Network\nclient that is accessible through a web browser. This could lead a\nremote attacker to execute arbitrary programs under the user id\nwww-data on the host where smb2www is running.

\n

This problem has been fixed in version 980804-16.1 for the current\nstable distribution (woody), in version 980804-8.1 of the old stable\ndistribution (potato) and in version 980804-17 for the unstable\ndistribution (sid).

\n

We recommend that you upgrade your smb2www package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1.dsc
\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-8.1_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1.dsc
\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smb2www/smb2www_980804-16.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "204": "
\n

Debian Security Advisory

\n

DSA-204-1 kdelibs -- arbitrary program execution

\n
\n
Date Reported:
\n
05 Dec 2002
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1281, CVE-2002-1282.
\n
More information:
\n
\n

The KDE team has discovered a vulnerability in the support for various\nnetwork protocols via the KIO. The implementation of the rlogin and telnet\nprotocols allows a carefully crafted URL in an HTML page, HTML email or\nother KIO-enabled application to execute arbitrary commands on the\nsystem using the victim's account on the vulnerable machine.

\n

This problem has been fixed by disabling rlogin and telnet in version\n2.2.2-13.woody.5 for the current stable distribution (woody). The old\nstable distribution (potato) is not affected since it doesn't contain\nKDE. A correction for the package in the unstable distribution (sid)\nis not yet available.

\n

We recommend that you upgrade your kdelibs3 package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "205": "
\n

Debian Security Advisory

\n

DSA-205-1 gtetrinet -- buffer overflow

\n
\n
Date Reported:
\n
10 Dec 2002
\n
Affected Packages:
\n
\ngtetrinet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Steve Kemp and James Antill found several buffer overflows in the\ngtetrinet (a multiplayer tetris-like game) package as shipped in\nDebian GNU/Linux 3.0, which could be abused by a malicious server.

\n

This has been fixed in upstream version 0.4.4 and release\n0.4.1-9woody1.1 of the Debian package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1.orig.tar.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.4.1-9woody1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "206": "
\n

Debian Security Advisory

\n

DSA-206-1 tcpdump -- denial of service

\n
\n
Date Reported:
\n
10 Dec 2002
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6213.
In Mitre's CVE dictionary: CVE-2002-1350.
\n
More information:
\n
\n

The BGP decoding routines for tcpdump used incorrect bounds checking\nwhen copying data. This could be abused by introducing malicious traffic\non a sniffed network for a denial of service attack against tcpdump,\nor possibly even remote code execution.

\n

This has been fixed in version 3.6.2-2.2.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2.diff.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_mips.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "207": "
\n

Debian Security Advisory

\n

DSA-207-1 tetex-bin -- arbitrary command execution

\n
\n
Date Reported:
\n
11 Dec 2002
\n
Affected Packages:
\n
\ntetex-bin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0836.
\n
More information:
\n
\n

The SuSE security team discovered a vulnerability in kpathsea library\n(libkpathsea) which is used by xdvi and dvips. Both programs call the\nsystem() function insecurely, which allows a remote attacker to\nexecute arbitrary commands via cleverly crafted DVI files.

\n

If dvips is used in a print filter, this allows a local or remote\nattacker with print permission execute arbitrary code as the printer\nuser (usually lp).

\n

This problem has been fixed in version 1.0.7+20011202-7.1 for the\ncurrent stable distribution (woody), in version 1.0.6-7.3 for the old\nstable distribution (potato) and in version 1.0.7+20021025-4 for the\nunstable distribution (sid). xdvik-ja and dvipsk-ja are vulnerable as\nwell, but link to the kpathsea library dynamically and will\nautomatically be fixed after a new libkpathsea is installed.

\n

We recommend that you upgrade your tetex-lib package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.6-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-dev_1.0.6-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-lib_1.0.6-7.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "208": "
\n

Debian Security Advisory

\n

DSA-208-1 perl -- broken safe compartment

\n
\n
Date Reported:
\n
12 Dec 2002
\n
Affected Packages:
\n
\nperl
perl-5.004
perl-5.005\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6111.
In Mitre's CVE dictionary: CVE-2002-1323.
\n
More information:
\n
\n

A security hole has been discovered in Safe.pm which is used in all\nversions of Perl. The Safe extension module allows the creation of\ncompartments in which perl code can be evaluated in a new namespace\nand the code evaluated in the compartment cannot refer to variables\noutside this namespace. However, when a Safe compartment has already\nbeen used, there's no guarantee that it is Safe any longer, because\nthere's a way for code to be executed within the Safe compartment to\nalter its operation mask. Thus, programs that use a Safe compartment\nonly once aren't affected by this bug.

\n

This problem has been fixed in version 5.6.1-8.2 for the current\nstable distribution (woody), in version 5.004.05-6.2 and 5.005.03-7.2\nfor the old stable distribution (potato) and in version 5.8.0-14 for\nthe unstable distribution (sid).

\n

We recommend that you upgrade your Perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2.dsc
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2.dsc
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-doc_5.004.05-6.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-doc_5.005.03-7.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.2_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "209": "
\n

Debian Security Advisory

\n

DSA-209-1 wget -- directory traversal

\n
\n
Date Reported:
\n
12 Dec 2002
\n
Affected Packages:
\n
\nwget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6352.
In Mitre's CVE dictionary: CVE-2002-1344, CVE-2002-1565.
\n
More information:
\n
\n

Two problems have been found in the wget package as distributed in\nDebian GNU/Linux:

\n
    \n
  • Stefano Zacchiroli found a buffer overrun in the url_filename function,\n which would make wget segfault on very long URLs
    • \n
  • Steven M. Christey discovered that wget did not verify the FTP server\n response to a NLST command: it must not contain any directory information,\n since that can be used to make an FTP client overwrite arbitrary files.
    • \n
\n

Both problems have been fixed in version 1.5.3-3.1 for Debian GNU/Linux\n2.2/potato and version 1.8.1-6.1 for Debian GNU/Linux 3.0/woody.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1.dsc
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_arm.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_i386.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.5.3-3.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1.dsc
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_mips.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.8.1-6.1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "210": "
\n

Debian Security Advisory

\n

DSA-210-1 lynx -- CRLF injection

\n
\n
Date Reported:
\n
13 Dec 2002
\n
Affected Packages:
\n
\nlynx, lynx-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5499.
In Mitre's CVE dictionary: CVE-2002-1405.
\n
More information:
\n
\n

lynx (a text-only web browser) did not properly check for illegal\ncharacters in all places, including processing of command line options,\nwhich could be used to insert extra HTTP headers in a request.

\n

For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1\nof the lynx package and version 2.8.3.1-1.1 of the lynx-ssl package.

\n

For Debian GNU/Linux 3.0/woody this has been fixed in version 2.8.4.1b-3.2\nof the lynx package and version 1:2.8.4.1b-3.1 of the lynx-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.diff.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_arm.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_i386.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.diff.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "211": "
\n

Debian Security Advisory

\n

DSA-211-1 micq -- denial of service

\n
\n
Date Reported:
\n
13 Dec 2002
\n
Affected Packages:
\n
\nmicq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1362.
\n
More information:
\n
\n

R\u00fcdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client,\ndiscovered a problem in mICQ. Receiving certain ICQ message types\nthat do not contain the required 0xFE separator causes all versions to\ncrash.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.4.9-0woody3.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.4.3-4.1.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 0.4.9.4-1.

\n

We recommend that you upgrade your micq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1.dsc
\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.3-4.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3.dsc
\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/micq/micq_0.4.9-0woody3_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "212": "
\n

Debian Security Advisory

\n

DSA-212-1 mysql -- multiple problems

\n
\n
Date Reported:
\n
17 Dec 2002
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6373, BugTraq ID 6368, BugTraq ID 6375.
In Mitre's CVE dictionary: CVE-2002-1373, CVE-2002-1374, CVE-2002-1375, CVE-2002-1376.
\n
More information:
\n
\n

While performing an audit of MySQL e-matters found several problems:

\n
\n
signed/unsigned problem in COM_TABLE_DUMP\n
\n Two sizes were taken as signed integers from a request and then cast\n to unsigned integers without checking for negative numbers. Since the\n resulting numbers where used for a memcpy() operation this could lead\n to memory corruption.
\n
Password length handling in COM_CHANGE_USER\n
\n When re-authenticating to a different user MySQL did not perform\n all checks that are performed on initial authentication. This created\n two problems:\n
    \n
  • it allowed for single-character password brute forcing (as was fixed in\n February 2000 for initial login) which could be used by a normal user to\n gain root privileges to the database
    • \n
  • it was possible to overflow the password buffer and force the server\n to execute arbitrary code
    • \n
\n
read_rows() overflow in libmysqlclient\n
\n When processing the rows returned by a SQL server there was no check\n for overly large rows or terminating NUL characters. This can be used\n to exploit SQL clients if they connect to a compromised MySQL server.
\n
read_one_row() overflow in libmysqlclient\n
\n When processing a row as returned by a SQL server the returned field\n sizes were not verified. This can be used to exploit SQL clients if they\n connect to a compromised MySQL server.
\n
\n

For Debian GNU/Linux 3.0/woody this has been fixed in version 3.23.49-8.2\nand version 3.22.32-6.3 for Debian GNU/Linux 2.2/potato.

\n

We recommend that you upgrade your mysql packages as soon as possible.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.3_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_arm.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_i386.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.2_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.2_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_m68k.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.2_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "213": "
\n

Debian Security Advisory

\n

DSA-213-1 libpng -- buffer overflow

\n
\n
Date Reported:
\n
19 Dec 2002
\n
Affected Packages:
\n
\nlibpng, libpng3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6431.
In Mitre's CVE dictionary: CVE-2002-1363.
\n
More information:
\n
\n

Glenn Randers-Pehrson discovered a problem in connection with 16-bit\nsamples from libpng, an interface for reading and writing PNG\n(Portable Network Graphics) format files. The starting offsets for\nthe loops are calculated incorrectly which causes a buffer overrun\nbeyond the beginning of the row buffer.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.0.12-3.woody.3 for libpng and in version\n1.2.1-1.1.woody.3 for libpng3.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.0.5-1.1 for libpng. There are no other libpng packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.12-7 for libpng and in version 1.2.5-8 for libpng3.

\n

We recommend that you upgrade your libpng packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5-1.1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.5-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.5-1.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.3_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "214": "
\n

Debian Security Advisory

\n

DSA-214-1 kdenetwork -- buffer overflows

\n
\n
Date Reported:
\n
20 Dec 2002
\n
Affected Packages:
\n
\nkdenetwork\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1306.
\n
More information:
\n
\n

Olaf Kirch from SuSE Linux AG discovered another vulnerability in the\nklisa package, that provides a LAN information service similar to\n\"Network Neighbourhood\". The lisa daemon contains a buffer overflow\nvulnerability which potentially enables any local user, as well as\nany remote attacker on the LAN who is able to gain control of the LISa\nport (7741 by default), to obtain root privileges. In addition, a\nremote attacker potentially may be able to gain access to a victim's\naccount by using an \"rlan://\" URL in an HTML page or via another KDE\napplication.

\n

This problem has been fixed in version 2.2.2-14.5 for the current\nstable distribution (woody) and in version 2.2.2-14.20 for the\nunstable distribution (sid). The old stable distribution (potato) is\nnot affected since it doesn't contain a kdenetwork package.

\n

We recommend that you upgrade your klisa package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.5.dsc
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.5_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "215": "
\n

Debian Security Advisory

\n

DSA-215-1 cyrus-imapd -- buffer overflow

\n
\n
Date Reported:
\n
23 Dec 2002
\n
Affected Packages:
\n
\ncyrus-imapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6298.
In Mitre's CVE dictionary: CVE-2002-1580.
CERT's vulnerabilities, advisories and incident notes: VU#740169.
\n
More information:
\n
\n

Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,\nwhich could be exploited by a remote attacker prior to logging in. A\nmalicious user could craft a request to run commands on the server under\nthe UID and GID of the cyrus server.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.5.19-9.1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.5.19-2.2.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 1.5.19-9.10. Current cyrus21-imapd packages are not\nvulnerable.

\n

We recommend that you upgrade your cyrus-imapd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2.dsc
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2.diff.gz
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_arm.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_arm.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_arm.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_arm.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_arm.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-admin_1.5.19-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-common_1.5.19-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-dev_1.5.19-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-imapd_1.5.19-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-nntp_1.5.19-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/non-free/c/cyrus-imapd/cyrus-pop3d_1.5.19-2.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "216": "
\n

Debian Security Advisory

\n

DSA-216-1 fetchmail -- buffer overflow

\n
\n
Date Reported:
\n
24 Dec 2002
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6390.
In Mitre's CVE dictionary: CVE-2002-1365.
\n
More information:
\n
\n

Stefan Esser of e-matters discovered a buffer overflow in fetchmail,\nan SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When\nfetchmail retrieves a mail all headers that contain addresses are\nsearched for local addresses. If a hostname is missing, fetchmail\nappends it but doesn't reserve enough space for it. This heap\noverflow can be used by remote attackers to crash it or to execute\narbitrary code with the privileges of the user running fetchmail.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 5.9.11-6.2 of fetchmail and fetchmail-ssl.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 5.3.3-4.3.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 6.2.0-1 of fetchmail and fetchmail-ssl.

\n

We recommend that you upgrade your fetchmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.3.3-4.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.3.3-4.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.2_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.2_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "217": "
\n

Debian Security Advisory

\n

DSA-217-1 typespeed -- buffer overflow

\n
\n
Date Reported:
\n
27 Dec 2002
\n
Affected Packages:
\n
\ntypespeed\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1389.
\n
More information:
\n
\n

A problem has been discovered in the typespeed, a game that lets you\nmeasure your typematic speed. By overflowing a buffer a local\nattacker could execute arbitrary commands under the group id games.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.4.1-2.1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.4.0-5.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.4.2-2.

\n

We recommend that you upgrade your typespeed package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "218": "
\n

Debian Security Advisory

\n

DSA-218-1 bugzilla -- cross site scripting

\n
\n
Date Reported:
\n
30 Dec 2002
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6257.
\n
More information:
\n
\n

A cross site scripting vulnerability has been reported for Bugzilla, a\nweb-based bug tracking system. Bugzilla does not properly sanitize\nany input submitted by users for use in quips. As a result, it is possible for a\nremote attacker to create a malicious link containing script code\nwhich will be executed in the browser of a legitimate user, in the\ncontext of the website running Bugzilla. This issue may be exploited\nto steal cookie-based authentication credentials from legitimate users\nof the website running the vulnerable software.

\n

This vulnerability only affects users who have the 'quips' feature\nenabled and who upgraded from version 2.10 which did not exist inside\nof Debian. The Debian package history of Bugzilla starts with 1.13\nand jumped to 2.13. However, users could have installed version 2.10\nprior to the Debian package.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.14.2-0woody3.

\n

The old stable distribution (potato) does not contain a Bugzilla\npackage.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your bugzilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody3.dsc
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla-doc_2.14.2-0woody3_all.deb
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody3_all.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "219": "
\n

Debian Security Advisory

\n

DSA-219-1 dhcpcd -- remote command execution

\n
\n
Date Reported:
\n
31 Dec 2002
\n
Affected Packages:
\n
\ndhcpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6200.
In Mitre's CVE dictionary: CVE-2002-1403.
\n
More information:
\n
\n

Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and\nRFC1541 compliant DHCP client daemon, that runs with root privileges\non client machines. A malicious administrator of the regular or an\nuntrusted DHCP server may execute any command with root privileges on\nthe DHCP client machine by sending the command enclosed in shell\nmetacharacters in one of the options provided by the DHCP server.

\n

This problem has been fixed in version 1.3.17pl2-8.1 for the old\nstable distribution (potato) and in version 1.3.22pl2-2 for the\ntesting (sarge) and unstable (sid) distributions. The current stable\ndistribution (woody) does not contain a dhcpcd package.

\n

We recommend that you upgrade your dhcpcd package (on the client\nmachine).

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.17pl2-8.1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "220": "
\n

Debian Security Advisory

\n

DSA-220-1 squirrelmail -- cross site scripting

\n
\n
Date Reported:
\n
02 Jan 2003
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6302.
In Mitre's CVE dictionary: CVE-2002-1341.
\n
More information:
\n
\n

A cross site scripting vulnerability has been discovered in\nsquirrelmail, a feature-rich webmail package written in PHP4.\nSquirrelmail doesn't sanitize user provided variables in all places,\nleaving it vulnerable to a cross site scripting attack.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.2.6-1.3. The old stable distribution (potato) is\nnot affected since it doesn't contain a squirrelmail package.

\n

An updated package for the unstable distribution (sid) is\nexpected soon.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3_all.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "221": "
\n

Debian Security Advisory

\n

DSA-221-1 mhonarc -- cross site scripting

\n
\n
Date Reported:
\n
03 Jan 2003
\n
Affected Packages:
\n
\nmhonarc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6479.
In Mitre's CVE dictionary: CVE-2002-1388.
\n
More information:
\n
\n

Earl Hood, author of mhonarc, a mail to HTML converter, discovered a\ncross site scripting vulnerability in this package. A specially\ncrafted HTML mail message can introduce foreign scripting content in\narchives, by-passing MHonArc's HTML script filtering.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.5.2-1.3.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 2.4.4-1.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.14-1.

\n

We recommend that you upgrade your mhonarc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.3.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.4.4-1.3_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.3.dsc
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhonarc/mhonarc_2.5.2-1.3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "222": "
\n

Debian Security Advisory

\n

DSA-222-1 xpdf -- integer overflow

\n
\n
Date Reported:
\n
06 Jan 2003
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6475.
In Mitre's CVE dictionary: CVE-2002-1384.
\n
More information:
\n
\n

iDEFENSE discovered an integer overflow in the pdftops filter from the\nxpdf package that can be exploited to gain the privileges of the\ntarget user. This can lead to gaining unauthorized access to the 'lp'\nuser if the pdftops program is part of the print filter.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.00-3.1.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 0.90-8.1.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 2.01-2.

\n

We recommend that you upgrade your xpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_0.90-8.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "223": "
\n

Debian Security Advisory

\n

DSA-223-1 geneweb -- information exposure

\n
\n
Date Reported:
\n
07 Jan 2003
\n
Affected Packages:
\n
\ngeneweb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6549.
In Mitre's CVE dictionary: CVE-2002-1390.
\n
More information:
\n
\n

A security issue has been discovered by Daniel de Rauglaudre, upstream\nauthor of geneweb, a genealogical software with web interface. It\nruns as a daemon on port 2317 by default. Paths are not properly\nsanitized, so a carefully crafted URL lead geneweb to read and display\narbitrary files of the system it runs on.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 4.06-2.

\n

The old stable distribution (potato) is not affected.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 4.09-1.

\n

We recommend that you upgrade your geneweb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2.dsc
\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "224": "
\n

Debian Security Advisory

\n

DSA-224-1 canna -- buffer overflow and more

\n
\n
Date Reported:
\n
08 Jan 2003
\n
Affected Packages:
\n
\ncanna\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6351, BugTraq ID 6354.
In Mitre's CVE dictionary: CVE-2002-1158, CVE-2002-1159.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in canna, a Japanese\ninput system. The Common Vulnerabilities and Exposures (CVE) project\nidentified the following vulnerabilities:

\n
    \n
  • CAN-2002-1158 (BugTraq Id 6351): \"hsj\" of Shadow Penguin Security\n discovered a heap overflow vulnerability in the irw_through\n function in canna server.
    • \n
  • CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project\n discovered that canna does not properly validate requests, which\n allows remote attackers to cause a denial of service or information\n leak.
    • \n
\n

For the current stable distribution (woody) these problems have been\nfixed in version 3.5b2-46.2.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 3.5b2-25.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.6p1-1.

\n

We recommend that you upgrade your canna packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.dsc
\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.diff.gz
\n
http://ftp.debian.org/debian/dists/potato/main/source/utils/canna_3.5b2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.dsc
\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.diff.gz
\n
http://ftp.debian.org/debian/pool/main/c/canna/canna_3.5b2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "225": "
\n

Debian Security Advisory

\n

DSA-225-1 tomcat4 -- source disclosure

\n
\n
Date Reported:
\n
09 Jan 2003
\n
Affected Packages:
\n
\ntomcat4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1394.
\n
More information:
\n
\n

A security vulnerability has been confirmed to exist in Apache Tomcat\n4.0.x releases, which allows to use a specially crafted URL to return\nthe unprocessed source of a JSP page, or, under special circumstances,\na static resource which would otherwise have been protected by a\nsecurity constraint, without the need for being properly\nauthenticated. This is based on a variant of the exploit that was\nidentified as CAN-2002-1148.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 4.0.3-3woody2.

\n

The old stable distribution (potato) does not contain tomcat packages.

\n

For the unstable distribution (sid) this problem does not exist in the\ncurrent version 4.1.16-1.

\n

We recommend that you upgrade your tomcat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody2.dsc
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody2_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody2_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody2_all.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "226": "
\n

Debian Security Advisory

\n

DSA-226-1 xpdf-i -- integer overflow

\n
\n
Date Reported:
\n
10 Jan 2003
\n
Affected Packages:
\n
\nxpdf-i\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6475.
In Mitre's CVE dictionary: CVE-2002-1384.
\n
More information:
\n
\n

iDEFENSE discovered an integer overflow in the pdftops filter from the\nxpdf and xpdf-i packages that can be exploited to gain the privileges\nof the target user. This can lead to gaining unauthorized access to the\n'lp' user if the pdftops program is part of the print filter.

\n

For the current stable distribution (woody) xpdf-i is only a dummy\npackage and the problem was fixed in xpdf already.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 0.90-8.1.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 2.01-2.

\n

We recommend that you upgrade your xpdf-i package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf-i/xpdf-i_0.90-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "227": "
\n

Debian Security Advisory

\n

DSA-227-1 openldap2 -- buffer overflows and other bugs

\n
\n
Date Reported:
\n
13 Jan 2003
\n
Affected Packages:
\n
\nopenldap2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6328, BugTraq ID 6620.
In Mitre's CVE dictionary: CVE-2002-1378, CVE-2002-1379, CVE-2002-1508.
\n
More information:
\n
\n

The SuSE Security Team reviewed critical parts of openldap2, an\nimplementation of the Lightweight Directory Access Protocol (LDAP)\nversion 2 and 3, and found several buffer overflows and other bugs\nremote attackers could exploit to gain access on systems running\nvulnerable LDAP servers. In addition to these bugs, various local\nexploitable bugs within the OpenLDAP2 libraries have been fixed.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.0.23-6.3.

\n

The old stable distribution (potato) does not contain OpenLDAP2\npackages.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.27-3.

\n

We recommend that you upgrade your openldap2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.dsc
\n
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "228": "
\n

Debian Security Advisory

\n

DSA-228-1 libmcrypt -- buffer overflows and memory leak

\n
\n
Date Reported:
\n
14 Jan 2003
\n
Affected Packages:
\n
\nlibmcrypt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6510, BugTraq ID 6512.
In Mitre's CVE dictionary: CVE-2003-0031, CVE-2003-0032.
\n
More information:
\n
\n

Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a\ndecryption and encryption library, that originates from improper or\nlacking input validation. By passing input which is longer than\nexpected to a number of functions (multiple functions are affected)\nthe user can successfully make libmcrypt crash and may be able to insert\narbitrary, malicious code which will be executed under the user\nlibmcrypt runs as, e.g. inside a web server.

\n

Another vulnerability exists in the way libmcrypt loads algorithms via\nlibtool. When different algorithms are loaded dynamically, each time\nan algorithm is loaded a small part of memory is leaked. In a\npersistent environment (web server) this could lead to a memory\nexhaustion attack that will exhaust all available memory by launching\nrepeated requests at an application utilizing the mcrypt library.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.5.0-1woody1.

\n

The old stable distribution (potato) does not contain libmcrypt packages.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.5-1.

\n

We recommend that you upgrade your libmcrypt packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt_2.5.0-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt_2.5.0-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt_2.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "229": "
\n

Debian Security Advisory

\n

DSA-229-1 imp -- SQL injection

\n
\n
Date Reported:
\n
15 Jan 2003
\n
Affected Packages:
\n
\nimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6559.
In Mitre's CVE dictionary: CVE-2003-0025.
\n
More information:
\n
\n

Jouko Pynnonen discovered a problem with IMP, a web based IMAP mail\nprogram. Using carefully crafted URLs a remote attacker is able to\ninject SQL code into SQL queries without proper user authentication.\nEven though results of SQL queries aren't directly readable from the\nscreen, an attacker might update their mail signature to contain wanted\nquery results and then view it on the preferences page of IMP.

\n

The impact of SQL injection depends heavily on the underlying database\nand its configuration. If PostgreSQL is used, it's possible to\nexecute multiple complete SQL queries separated by semicolons. The\ndatabase contains session id's so the attacker might hijack sessions\nof people currently logged in and read their mail. In the worst case,\nif the hordemgr user has the required privilege to use the COPY SQL\ncommand (found in PostgreSQL at least), a remote user may read or\nwrite to any file the database user (postgres) can. The attacker may\nthen be able to run arbitrary shell commands by writing them to the\npostgres user's ~/.psqlrc; they'd be run when the user starts the psql\ncommand which under some configurations happens regularly from a cron\nscript.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.2.6-5.1.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 2.2.6-0.potato.5.1.

\n

For the unstable distribution (sid) this problem have been fixed in\nversion 2.2.6-7.

\n

We recommend that you upgrade your IMP packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-0.potato.5.1.dsc
\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-0.potato.5.1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-0.potato.5.1_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-5.1.dsc
\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-5.1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/imp/imp_2.2.6-5.1_all.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "230": "
\n

Debian Security Advisory

\n

DSA-230-1 bugzilla -- insecure permissions, spurious backup files

\n
\n
Date Reported:
\n
16 Jan 2003
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6501, BugTraq ID 6502.
In Mitre's CVE dictionary: CVE-2003-0012, CVE-2003-0013.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Bugzilla, a web-based bug\ntracking system, by its authors. The Common Vulnerabilities and\nExposures Project identifies the following vulnerabilities:

\n
\n
CAN-2003-0012 (BugTraq ID 6502)
\n
\n

\n The provided data collection\n script intended to be run as a nightly cron job changes the\n permissions of the data/mining directory to be world-writable every\n time it runs. This would enable local users to alter or delete the\n collected data.\n

\n
\n
CAN-2003-0013 (BugTraq ID 6501)
\n
\n

\n The default .htaccess scripts\n provided by checksetup.pl do not block access to backups of the\n localconfig file that might be created by editors such as vi or\n emacs (typically these will have a .swp or ~ suffix). This allows\n an end user to download one of the backup copies and potentially\n obtain your database password.\n

\n

\n This does not affect the Debian installation because there is no\n .htaccess as all data file aren't under the CGI path as they are on\n the standard Bugzilla package. Additionally, the configuration is\n in /etc/bugzilla/localconfig and hence outside of the web directory.

\n
\n
\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.14.2-0woody4.

\n

The old stable distribution (potato) does not contain a Bugzilla\npackage.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your bugzilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody4.dsc
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla-doc_2.14.2-0woody4_all.deb
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.14.2-0woody4_all.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "231": "
\n

Debian Security Advisory

\n

DSA-231-1 dhcp3 -- stack overflows

\n
\n
Date Reported:
\n
17 Jan 2003
\n
Affected Packages:
\n
\ndhcp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0026.
CERT's vulnerabilities, advisories and incident notes: VU#284857, CA-2003-01.
\n
More information:
\n
\n

The Internet Software Consortium discovered several vulnerabilities\nduring an audit of the ISC DHCP Daemon. The vulnerabilities exist in\nerror handling routines within the minires library and may be\nexploitable as stack overflows. This could allow a remote attacker to\nexecute arbitrary code under the user id the dhcpd runs under, usually\nroot. Other DHCP servers than dhcp3 doesn't seem to be affected.

\n

For the stable distribution (woody) this problem has been\nfixed in version 3.0+3.0.1rc9-2.1.

\n

The old stable distribution (potato) does not contain dhcp3 packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0+3.0.1rc11-1.

\n

We recommend that you upgrade your dhcp3-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "232": "
\n

Debian Security Advisory

\n

DSA-232-1 cupsys -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jan 2003
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6475, BugTraq ID 6440, BugTraq ID 6439, BugTraq ID 6438, BugTraq ID 6437, BugTraq ID 6436, BugTraq ID 6435.
In Mitre's CVE dictionary: CVE-2002-1366, CVE-2002-1367, CVE-2002-1368, CVE-2002-1369, CVE-2002-1371, CVE-2002-1372, CVE-2002-1383, CVE-2002-1384.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the Common Unix Printing\nSystem (CUPS). Several of these issues represent the potential for a\nremote compromise or denial of service. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CAN-2002-1383: Multiple integer overflows allow a remote attacker\n to execute arbitrary code via the CUPSd HTTP interface and the\n image handling code in CUPS filters.
    • \n
  • CAN-2002-1366: Race conditions in connection with /etc/cups/certs/\n allow local users with lp privileges to create or overwrite\n arbitrary files. This is not present in the potato version.
    • \n
  • CAN-2002-1367: This vulnerability allows a remote attacker to add\n printers without authentication via a certain UDP packet, which can\n then be used to perform unauthorized activities such as stealing\n the local root certificate for the administration server via a\n \"need authorization\" page.
    • \n
  • CAN-2002-1368: Negative lengths fed into memcpy() can cause a\n denial of service and possibly execute arbitrary code.
    • \n
  • CAN-2002-1369: An unsafe strncat() function call processing the\n options string allows a remote attacker to execute arbitrary code\n via a buffer overflow.
    • \n
  • CAN-2002-1371: Zero width images allows a remote attacker to\n execute arbitrary code via modified chunk headers.
    • \n
  • CAN-2002-1372: CUPS does not properly check the return values of\n various file and socket operations, which could allow a remote\n attacker to cause a denial of service.
    • \n
  • CAN-2002-1384: The cupsys package contains some code from the xpdf\n package, used to convert PDF files for printing, which contains an\n exploitable integer overflow bug. This is not present in the\n potato version.
    • \n
\n

Even though we tried very hard to fix all problems in the packages for\npotato as well, the packages may still contain other security related\nproblems. Hence, we advise users of potato systems using CUPS to\nupgrade to woody soon.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 1.1.14-4.3.

\n

For the old stable distribution (potato), these problems have been fixed\nin version 1.0.4-12.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.18-1.

\n

We recommend that you upgrade your CUPS packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-4.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-4.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-4.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-4.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-4.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-4.4_sparc.deb
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "233": "
\n

Debian Security Advisory

\n

DSA-233-1 cvs -- doubly freed memory

\n
\n
Date Reported:
\n
21 Jan 2003
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0015.
CERT's vulnerabilities, advisories and incident notes: CA-2003-02, VU#650937.
\n
More information:
\n
\n

Stefan Esser discovered a problem in cvs, a concurrent versions\nsystem, which is used for many Free Software projects. The current\nversion contains a flaw that can be used by a remote attacker to\nexecute arbitrary code on the CVS server under the user id the CVS\nserver runs as. Anonymous read-only access is sufficient to exploit\nthis problem.

\n

For the stable distribution (woody) this problem has been\nfixed in version 1.11.1p1debian-8.1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.10.7-9.2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your cvs package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs-doc_1.10.7-9.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "234": "
\n

Debian Security Advisory

\n

DSA-234-1 kdeadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2003
\n
Affected Packages:
\n
\nkdeadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-7.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/lilo-config_2.2.2-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "235": "
\n

Debian Security Advisory

\n

DSA-235-1 kdegraphics -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2003
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-6.10.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "236": "
\n

Debian Security Advisory

\n

DSA-236-1 kdelibs -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2003
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-13.woody.6.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "237": "
\n

Debian Security Advisory

\n

DSA-237-1 kdenetwork -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2003
\n
Affected Packages:
\n
\nkdenetwork\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-14.6.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.6.dsc
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "238": "
\n

Debian Security Advisory

\n

DSA-238-1 kdepim -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2003
\n
Affected Packages:
\n
\nkdepim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-5.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "239": "
\n

Debian Security Advisory

\n

DSA-239-1 kdesdk -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2003
\n
Affected Packages:
\n
\nkdesdk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-3.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kapptemplate_2.2.2-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-doc_2.2.2-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-scripts_2.2.2-3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "240": "
\n

Debian Security Advisory

\n

DSA-240-1 kdegames -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2003
\n
Affected Packages:
\n
\nkdegames\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-2.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegames/kdegames_2.2.2-2.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegames/kdegames_2.2.2-2.2.diff.gz
\n
http://ftp.debian.org/debian/pool/main/k/kdegames/kdegames_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegames/kdecarddecks_2.2.2-2.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegames/kabalone_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kasteroids_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/katomic_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbackgammon_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kbattleship_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kblackbox_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjezz_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kjumpingcube_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/klines_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmahjongg_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kmines_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/konquest_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpat_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kpoker_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kreversi_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksame_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kshisen_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksirtet_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksmiletris_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksnake_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ksokoban_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kspaceduel_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktron_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/ktuberling_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/kwin4_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/libkdegames_2.2.2-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegames/lskat_2.2.2-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "241": "
\n

Debian Security Advisory

\n

DSA-241-1 kdeutils -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jan 2003
\n
Affected Packages:
\n
\nkdeutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-9.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdeutils_2.2.2-9.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdeutils_2.2.2-9.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdeutils_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdeutils/ark_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kab_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/karm_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcalc_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kcharselect_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdepasswd_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kdf_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kedit_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfind_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kfloppy_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/khexedit_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kjots_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klaptopdaemon_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kljettool_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klpq_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/klprfax_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/knotes_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/kpm_2.2.2-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeutils/ktimer_2.2.2-9.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "242": "
\n

Debian Security Advisory

\n

DSA-242-1 kdebase -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jan 2003
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been fixed\nin version 2.2.2-14.2.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "243": "
\n

Debian Security Advisory

\n

DSA-243-1 kdemultimedia -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jan 2003
\n
Affected Packages:
\n
\nkdemultimedia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1393.
\n
More information:
\n
\n

The KDE team discovered several vulnerabilities in the K Desktop\nEnvironment. In some instances KDE fails to properly quote parameters\nof instructions passed to a command shell for execution. These\nparameters may incorporate data such as URLs, filenames and e-mail\naddresses, and this data may be provided remotely to a victim in an\ne-mail, a webpage or files on a network filesystem or other untrusted\nsource.

\n

By carefully crafting such data an attacker might be able to execute\narbitrary commands on a vulnerable system using the victim's account and\nprivileges. The KDE Project is not aware of any existing exploits of\nthese vulnerabilities. The patches also provide better safe guards\nand check data from untrusted sources more strictly in multiple\nplaces.

\n

For the current stable distribution (woody), these problems have been\nfixed in version 2.2.2-8.2. Please note that we are unable to provide\nupdated packages for both MIPS architectures since the compilation of\nkdemultimedia triggers an internal compiler error on these machines.

\n

The old stable distribution (potato) does not contain KDE packages.

\n

For the unstable distribution (sid), these problems will most probably\nnot be fixed but new packages for KDE 3.1 for sid are expected for\nthis year.

\n

We recommend that you upgrade your KDE packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2-8.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2-8.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "244": "
\n

Debian Security Advisory

\n

DSA-244-1 noffle -- buffer overflows

\n
\n
Date Reported:
\n
27 Jan 2003
\n
Affected Packages:
\n
\nnoffle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0037.
\n
More information:
\n
\n

Dan Jacobson noticed a problem in noffle, an offline news server, that\nleads to a segmentation fault. It is not yet clear whether this\nproblem is exploitable. However, if it is, a remote attacker could\ntrigger arbitrary code execution under the user that calls noffle,\nprobably news.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.1-1.1.

\n

The old stable distribution (potato) does not contain a noffle\npackage.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.2-1.

\n

We recommend that you upgrade your noffle package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1.dsc
\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/noffle/noffle_1.0.1-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "245": "
\n

Debian Security Advisory

\n

DSA-245-1 dhcp3 -- ignored counter boundary

\n
\n
Date Reported:
\n
28 Jan 2003
\n
Affected Packages:
\n
\ndhcp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6628.
In Mitre's CVE dictionary: CVE-2003-0039.
CERT's vulnerabilities, advisories and incident notes: VU#149953.
\n
More information:
\n
\n

Florian Lohoff discovered a bug in the dhcrelay causing it to send a\ncontinuing packet storm towards the configured DHCP server(s) in case\nof a malicious BOOTP packet, such as sent from buggy Cisco switches.

\n

When the dhcp-relay receives a BOOTP request it forwards the request\nto the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff\nwhich causes the network interface to reflect the packet back into the\nsocket. To prevent loops the dhcrelay checks whether the\nrelay-address is its own, in which case the packet would be dropped.\nIn combination with a missing upper boundary for the hop counter an\nattacker can force the dhcp-relay to send a continuing packet storm\ntowards the configured dhcp server(s).

\n

This patch introduces a new command line switch -c maxcount and\npeople are advised to start the dhcp-relay with dhcrelay -c 10\nor a smaller number, which will only create that many packets.

\n

The dhcrelay program from the \"dhcp\" package does not seem to be\naffected since DHCP packets are dropped if they were apparently\nrelayed already.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.0+3.0.1rc9-2.2.

\n

The old stable distribution (potato) does not contain dhcp3 packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.2-1.

\n

We recommend that you upgrade your dhcp3 package when you are using\nthe dhcrelay server.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "246": "
\n

Debian Security Advisory

\n

DSA-246-1 tomcat -- information exposure, cross site scripting

\n
\n
Date Reported:
\n
29 Jan 2003
\n
Affected Packages:
\n
\ntomcat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0042, CVE-2003-0043, CVE-2003-0044.
\n
More information:
\n
\n

The developers of tomcat discovered several problems in tomcat version\n3.x. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CAN-2003-0042: A maliciously crafted request could return a\n directory listing even when an index.html, index.jsp, or other\n welcome file is present. File contents can be returned as well.
    • \n
  • CAN-2003-0043: A malicious web application could read the contents\n of some files outside the web application via its web.xml file in\n spite of the presence of a security manager. The content of files\n that can be read as part of an XML document would be accessible.
    • \n
  • CAN-2003-0044: A cross-site scripting vulnerability was discovered\n in the included sample web application that allows remote attackers\n to execute arbitrary script code.
    • \n
\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.3a-4woody.1.

\n

The old stable distribution (potato) does not contain tomcat packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.3.1a-1.

\n

We recommend that you upgrade your tomcat package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.dsc
\n
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/contrib/t/tomcat/tomcat_3.3a-4woody1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "247": "
\n

Debian Security Advisory

\n

DSA-247-1 courier-ssl -- missing input sanitizing

\n
\n
Date Reported:
\n
30 Jan 2003
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0040.
\n
More information:
\n
\n

The developers of courier, an integrated user side mail server,\ndiscovered a problem in the PostgreSQL auth module. Not all\npotentially malicious characters were sanitized before the username\nwas passed to the PostgreSQL engine. An attacker could inject\narbitrary SQL commands and queries exploiting this vulnerability. The\nMySQL auth module is not affected.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.37.3-3.3.

\n

The old stable distribution (potato) does not contain courier packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.40.2-3.

\n

We recommend that you upgrade your courier-authpostgresql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.dsc
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-authpostgresql_0.37.3-3.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-mta-ssl_0.37.3-3.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-pop-ssl_0.37.3-3.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-ssl_0.37.3-3.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "248": "
\n

Debian Security Advisory

\n

DSA-248-1 hypermail -- buffer overflows

\n
\n
Date Reported:
\n
31 Jan 2003
\n
Affected Packages:
\n
\nhypermail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6689, BugTraq ID 6690.
In Mitre's CVE dictionary: CVE-2003-0057.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered two problems in hypermail, a program to\ncreate HTML archives of mailing lists.

\n

An attacker could craft a long filename for an attachment that would\noverflow two buffers when a certain option for interactive use was\ngiven, opening the possibility to inject arbitrary code. This code\nwould then be executed under the user id hypermail runs as, mostly as\na local user. Automatic and silent use of hypermail does not seem to\nbe affected.

\n

The CGI program mail, which is not installed by the Debian package,\ndoes a reverse look-up of the user's IP number and copies the\nresulting hostname into a fixed-size buffer. A specially crafted DNS\nreply could overflow this buffer, opening the program to an exploit.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.1.3-2.0.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 2.0b25-1.1.

\n

For the unstable distribution (sid) this problem has been fixed\nin version 2.1.6-1.

\n

We recommend that you upgrade your hypermail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1.dsc
\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0.dsc
\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "249": "
\n

Debian Security Advisory

\n

DSA-249-1 w3mmee -- missing HTML quoting

\n
\n
Date Reported:
\n
11 Feb 2003
\n
Affected Packages:
\n
\nw3mmee\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1335, CVE-2002-1348.
\n
More information:
\n
\n

Hironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.3.p23.3-1.5. Please note that the update also contains an\nimportant patch to make the program work on the powerpc platform again.

\n

The old stable distribution (potato) is not affected by these\nproblems.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.3.p24.17-3 and later.

\n

We recommend that you upgrade your w3mmee packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5.dsc
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5.diff.gz
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_mips.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee_0.3.p23.3-1.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/w3mmee/w3mmee-img_0.3.p23.3-1.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "250": "
\n

Debian Security Advisory

\n

DSA-250-1 w3mmee-ssl -- missing HTML quoting

\n
\n
Date Reported:
\n
12 Feb 2003
\n
Affected Packages:
\n
\nw3mmee-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1335, CVE-2002-1348.
\n
More information:
\n
\n

Hironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.3.p23.3-1.5. Please note that the update also contains an\nimportant patch to make the program work on the powerpc platform again.

\n

The old stable distribution (potato) is not affected by these\nproblems.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.3.p24.17-3 and later.

\n

We recommend that you upgrade your w3mmee-ssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5.dsc
\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5.diff.gz
\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/w3mmee-ssl/w3mmee-ssl_0.3.p23.3-1.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "251": "
\n

Debian Security Advisory

\n

DSA-251-1 w3m -- missing HTML quoting

\n
\n
Date Reported:
\n
14 Feb 2003
\n
Affected Packages:
\n
\nw3m, w3m-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1335, CVE-2002-1348.
\n
More information:
\n
\n

Hironori Sakamoto, one of the w3m developers, found two security\nvulnerabilities in w3m and associated programs. The w3m browser does\nnot properly escape HTML tags in frame contents and img alt\nattributes. A malicious HTML frame or img alt attribute may deceive a\nuser to send their local cookies which are used for configuration. The\ninformation is not leaked automatically, though.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.3-2.4.

\n

The old stable distribution (potato) is not affected by these\nproblems.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.3.2.2-1 and later.

\n

We recommend that you upgrade your w3m and w3m-ssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4.dsc
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4.dsc
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/w3m/w3m_0.3-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/w3m/w3m-img_0.3-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/w3m-ssl/w3m-ssl_0.3-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "252": "
\n

Debian Security Advisory

\n

DSA-252-1 slocate -- buffer overflow

\n
\n
Date Reported:
\n
21 Feb 2003
\n
Affected Packages:
\n
\nslocate\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6676.
In Mitre's CVE dictionary: CVE-2003-0056.
\n
More information:
\n
\n

A problem has been discovered in slocate, a secure locate replacement.\nA buffer overflow in the setgid program slocate can be used to execute\narbitrary code as group slocate. This can be used to alter the\nslocate database.

\n

For the stable distribution (woody) this problem has been\nfixed in version 2.6-1.3.1.

\n

The old stable distribution (potato) is not affected by this problem.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.7-1.

\n

We recommend that you upgrade your slocate package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1.dsc
\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "253": "
\n

Debian Security Advisory

\n

DSA-253-1 openssl -- information leak

\n
\n
Date Reported:
\n
24 Feb 2003
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6884.
In Mitre's CVE dictionary: CVE-2003-0078.
\n
More information:
\n
\n

A vulnerability has been discovered in OpenSSL, a Secure Socket Layer\n(SSL) implementation. In an upcoming paper, Brice Canvel (EPFL),\nAlain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,\nIlion) describe and demonstrate a timing-based attack on CBC cipher\nsuites used in SSL and TLS. OpenSSL has been found to be vulnerable to\nthis attack.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.9.6c-2.woody.2.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.9.6c-0.potato.5. Please note that this updates the\nversion from potato-proposed-updates that supersedes the version in\npotato.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.7a-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.5_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "254": "
\n

Debian Security Advisory

\n

DSA-254-1 traceroute-nanog -- buffer overflow

\n
\n
Date Reported:
\n
27 Feb 2003
\n
Affected Packages:
\n
\ntraceroute-nanog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4956, BugTraq ID 6166, BugTraq ID 6274, BugTraq ID 6275.
In Mitre's CVE dictionary: CVE-2002-1051, CVE-2002-1364, CVE-2002-1386, CVE-2002-1387.
\n
More information:
\n
\n

A vulnerability has been discovered in NANOG traceroute, an enhanced\nversion of the Van Jacobson/BSD traceroute program. A buffer overflow\noccurs in the 'get_origin()' function. Due to insufficient bounds\nchecking performed by the whois parser, it may be possible to corrupt\nmemory on the system stack. This vulnerability can be exploited by a\nremote attacker to gain root privileges on a target host. Though,\nmost probably not in Debian.

\n

The Common Vulnerabilities and Exposures (CVE) project additionally\nidentified the following vulnerabilities which were already fixed in\nthe Debian version in stable (woody) and oldstable (potato) and are\nmentioned here for completeness (and since other distributions had to\nrelease a separate advisory for them):

\n
    \n
  • CAN-2002-1364 (BugTraq ID 6166) talks about a buffer overflow in\n the get_origin function which allows attackers to execute arbitrary\n code via long WHOIS responses.
    • \n
  • CAN-2002-1051 (BugTraq ID 4956) talks about a format string\n vulnerability that allows local users to execute arbitrary code via\n the -T (terminator) command line argument.
    • \n
  • CAN-2002-1386 talks about a buffer overflow that may allow local\n users to execute arbitrary code via a long hostname argument.
    • \n
  • CAN-2002-1387 talks about the spray mode that may allow local users\n to overwrite arbitrary memory locations.
    • \n
\n

Fortunately, the Debian package drops privileges quite early after\nstartup, so those problems are not likely to result in an exploit on a\nDebian machine.

\n

For the current stable distribution (woody) the above problem has been\nfixed in version 6.1.1-1.2.

\n

For the old stable distribution (potato) the above problem has been\nfixed in version 6.0-2.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 6.3.0-1.

\n

We recommend that you upgrade your traceroute-nanog package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.dsc
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.0-2.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.dsc
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "255": "
\n

Debian Security Advisory

\n

DSA-255-1 tcpdump -- infinite loop

\n
\n
Date Reported:
\n
27 Feb 2003
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4890, BugTraq ID 6974.
In Mitre's CVE dictionary: CVE-2003-0108, CVE-2002-0380.
\n
More information:
\n
\n

Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a\npowerful tool for network monitoring and data acquisition. An\nattacker is able to send a specially crafted network packet which\ncauses tcpdump to enter an infinite loop.

\n

In addition to the above problem the tcpdump developers discovered a\npotential infinite loop when parsing malformed BGP packets. They also\ndiscovered a buffer overflow that can be exploited with certain\nmalformed NFS packets.

\n

For the stable distribution (woody) these problems have been\nfixed in version 3.6.2-2.3.

\n

The old stable distribution (potato) does not seem to be affected\nby these problems.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.7.1-1.2.

\n

We recommend that you upgrade your tcpdump packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "256": "
\n

Debian Security Advisory

\n

DSA-256-1 mhc -- insecure temporary file

\n
\n
Date Reported:
\n
28 Feb 2003
\n
Affected Packages:
\n
\nmhc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0120.
\n
More information:
\n
\n

A problem has been discovered in adb2mhc from the mhc-utils package. The\ndefault temporary directory uses a predictable name. This adds a\nvulnerability that allows a local attacker to overwrite arbitrary\nfiles the users has write permissions for.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.25+20010625-7.1.

\n

The old stable distribution (potato) does not contain mhc\npackages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.25+20030224-1.

\n

We recommend that you upgrade your mhc-utils packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc_0.25+20010625-7.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mhc/mhc_0.25+20010625-7.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mhc/mhc_0.25+20010625.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc_0.25+20010625-7.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mhc/mhc-utils_0.25+20010625-7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "257": "
\n

Debian Security Advisory

\n

DSA-257-1 sendmail -- remote exploit

\n
\n
Date Reported:
\n
04 Mar 2003
\n
Affected Packages:
\n
\nsendmail, sendmail-wide\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-1337.
CERT's vulnerabilities, advisories and incident notes: CA-2003-07, VU#398025.
\n
More information:
\n
\n

Mark Dowd of ISS X-Force found a bug in the header parsing routines\nof sendmail: it could overflow a buffer overflow when encountering\naddresses with very long comments. Since sendmail also parses headers\nwhen forwarding emails this vulnerability can hit mail-servers which do\nnot deliver the email as well.

\n

This has been fixed in upstream release 8.12.8, version 8.12.3-5 of\nthe package for Debian GNU/Linux 3.0/woody and version 8.9.3-25 of the\npackage for Debian GNU/Linux 2.2/potato.

\n

DSA-257-2: Updated sendmail-wide packages are available in package\nversion 8.9.3+3.2W-24 for Debian 2.2 (potato) and\nversion 8.12.3+3.5Wbeta-5.2 for Debian 3.0 (woody).

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24.tar.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_arm.deb
\n
--\n
i386 (Intel IA-32):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_i386.deb
\n
m68k (Motorola 680x0):\n
--\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-24_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-5_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_alpha.deb
\n
arm (ARM):\n
--\n
--\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_hppa.deb
\n
i386 (Intel IA-32):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_i386.deb
\n
ia64 (Intel IA-64):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_ia64.deb
\n
m68k (Motorola 680x0):\n
--\n
--\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n(DSA-257-2)\n

\n\n
\n
", "258": "
\n

Debian Security Advisory

\n

DSA-258-1 ethereal -- format string vulnerability

\n
\n
Date Reported:
\n
10 Mar 2003
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7049.
In Mitre's CVE dictionary: CVE-2003-0081.
\n
More information:
\n
\n

Georgi Guninski discovered a problem in ethereal, a network traffic\nanalyzer. The program contains a format string vulnerability that\ncould probably lead to execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody3.

\n

The old stable distribution (potato) does not seem to be affected\nby this problem.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.9-2.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "259": "
\n

Debian Security Advisory

\n

DSA-259-1 qpopper -- mail user privilege escalation

\n
\n
Date Reported:
\n
12 Mar 2003
\n
Affected Packages:
\n
\nqpopper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0143.
\n
More information:
\n
\n

Florian Heinz heinz@cronon-ag.de posted to the Bugtraq mailing list an\nexploit for qpopper based on a bug in the included vsnprintf implementation.\nThe sample exploit requires a valid user account and password, and overflows a\nstring in the pop_msg() function to give the user \"mail\" group privileges and a\nshell on the system. Since the Qvsnprintf function is used elsewhere in\nqpopper, additional exploits may be possible.

\n

The qpopper package in Debian 2.2 (potato) does not include the vulnerable\nsnprintf implementation. For Debian 3.0 (woody) an updated package is available\nin version 4.0.4-2.woody.3. Users running an unreleased version of Debian\nshould upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper\npackage immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3.dsc
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "260": "
\n

Debian Security Advisory

\n

DSA-260-1 file -- buffer overflow

\n
\n
Date Reported:
\n
13 Mar 2003
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0102.
\n
More information:
\n
\n

\niDEFENSE discovered a buffer overflow vulnerability in the ELF format\nparsing of the \"file\" command, one which can be used to execute\narbitrary code with the privileges of the user running the command. The\nvulnerability can be exploited by crafting a special ELF binary which is\nthen input to file. This could be accomplished by leaving the binary on\nthe file system and waiting for someone to use file to identify it, or\nby passing it to a service that uses file to classify input. (For\nexample, some printer filters run file to determine how to process input\ngoing to a printer.)

\n

Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2\n(potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We\nrecommend you upgrade your file package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.dsc
\n
http://security.debian.org/pool/updates/main/f/file/file_3.28.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1.diff.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_arm.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_i386.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_m68k.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_powerpc.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/f/file/file_3.28-1.potato.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/f/file/file_3.37.orig.tar.gz
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_ia64.deb
\n
m68k (Motorola Mc680x0):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_m68k.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/f/file/file_3.37-3.1.woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "261": "
\n

Debian Security Advisory

\n

DSA-261-1 tcpdump -- infinite loop

\n
\n
Date Reported:
\n
14 Mar 2003
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7090.
In Mitre's CVE dictionary: CVE-2003-0093, CVE-2003-0145.
\n
More information:
\n
\n

A problem has been discovered in tcpdump, a powerful tool for network\nmonitoring and data acquisition. An attacker is able to send a\nspecially crafted RADIUS network packet which causes tcpdump to enter\nan infinite loop.

\n

For the stable distribution (woody) this problem has been\nfixed in version 3.6.2-2.4.

\n

The old stable distribution (potato) does not seem to be affected\nby this problem.

\n

The unstable distribution (sid) is not affected by this problem anymore.

\n

We recommend that you upgrade your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "262": "
\n

Debian Security Advisory

\n

DSA-262-1 samba -- remote exploit

\n
\n
Date Reported:
\n
15 Mar 2003
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7107, BugTraq ID 7106.
In Mitre's CVE dictionary: CVE-2003-0085, CVE-2003-0086.
\n
More information:
\n
\n

Sebastian Krahmer of the SuSE security audit team found two problems\nin samba, a popular SMB/CIFS implementation. The problems are:

\n
    \n
  • a buffer overflow in the SMB/CIFS packet fragment re-assembly code\n used by smbd. Since smbd runs as root an attacker can use this to\n gain root access to a machine running smbd.
    • \n
  • the code to write reg files was vulnerable for a chown race which made\n it possible for a local user to overwrite system files
    • \n
\n

Both problems have been fixed in upstream version 2.2.8, and version\n2.2.3a-12.1 of package for Debian GNU/Linux 3.0/woody.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.1_all.deb
\n
alpha (DEC Alpha):\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_alpha.deb
\n
arm (ARM):\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_arm.deb
\n
hppa (HP PA RISC):\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_hppa.deb
\n
i386 (Intel ia32):\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_i386.deb
\n
ia64 (Intel ia64):\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_ia64.deb
\n
mips (MIPS (Big Endian)):\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mips.deb
\n
mipsel (MIPS (Little Endian)):\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_mipsel.deb
\n
powerpc (PowerPC):\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_powerpc.deb
\n
s390 (IBM S/390):\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_s390.deb
\n
sparc (Sun SPARC/UltraSPARC):\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "263": "
\n

Debian Security Advisory

\n

DSA-263-1 netpbm-free -- math overflow errors

\n
\n
Date Reported:
\n
17 Mar 2003
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0146.
CERT's vulnerabilities, advisories and incident notes: VU#378049, VU#630433.
\n
More information:
\n
\n

Al Viro and Alan Cox discovered several maths overflow errors in\nNetPBM, a set of graphics conversion tools. These programs are not\ninstalled setuid root but are often installed to prepare data for\nprocessing. These vulnerabilities may allow remote attackers to cause\na denial of service or execute arbitrary code.

\n

For the stable distribution (woody) this problem has been\nfixed in version 9.20-8.2.

\n

The old stable distribution (potato) does not seem to be affected\nby this problem.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 9.20-9.

\n

We recommend that you upgrade your netpbm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.2.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "264": "
\n

Debian Security Advisory

\n

DSA-264-1 lxr -- missing filename sanitizing

\n
\n
Date Reported:
\n
19 Mar 2003
\n
Affected Packages:
\n
\nlxr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0156.
\n
More information:
\n
\n

Upstream developers of lxr, a general hypertext cross-referencing\ntool, have been alerted of a vulnerability that allows a remote\nattacker to read arbitrary files on the host system as user www-data.\nThis could disclose local files that were not meant to be shared with\nthe public.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.3-3.

\n

The old stable distribution (potato) is not affected since it does not\ncontain an lxr package.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 0.3-4.

\n

We recommend that you upgrade your lxr package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3.dsc
\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lxr/lxr_0.3-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "265": "
\n

Debian Security Advisory

\n

DSA-265-1 bonsai -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Mar 2003
\n
Affected Packages:
\n
\nbonsai\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0152, CVE-2003-0153, CVE-2003-0154, CVE-2003-0155.
\n
More information:
\n
\n

R\u00e9mi Perrot fixed several security related bugs in the bonsai, the\nMozilla CVS query tool by web interface. Vulnerabilities include\narbitrary code execution, cross-site scripting and access to\nconfiguration parameters. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CAN-2003-0152 - Remote execution of arbitrary commands as www-data
    • \n
  • CAN-2003-0153 - Absolute path disclosure
    • \n
  • CAN-2003-0154 - Cross site scripting attacks
    • \n
  • CAN-2003-0155 - Unauthenticated access to parameters page
    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3+cvs20020224-1woody1.

\n

The old stable distribution (potato) is not affected since it doesn't\ncontain bonsai.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3+cvs20030317-1.

\n

We recommend that you upgrade your bonsai package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bonsai/bonsai_1.3+cvs20020224-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "266": "
\n

Debian Security Advisory

\n

DSA-266-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Mar 2003
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0028, CVE-2003-0072, CVE-2003-0082, CVE-2003-0138, CVE-2003-0139.
CERT's vulnerabilities, advisories and incident notes: VU#623217, VU#442569, VU#516825, CA-2003-10.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in krb5, an\nimplementation of MIT Kerberos.

\n
    \n
  • A cryptographic weakness in version 4 of the Kerberos protocol\n allows an attacker to use a chosen-plaintext attack to impersonate\n any principal in a realm. Additional cryptographic weaknesses in\n the krb4 implementation included in the MIT krb5 distribution\n permit the use of cut-and-paste attacks to fabricate krb4 tickets\n for unauthorized client principals if triple-DES keys are used to\n key krb4 services. These attacks can subvert a site's entire\n Kerberos authentication infrastructure.\n

    Kerberos version 5 does not contain this cryptographic\n vulnerability. Sites are not vulnerable if they have Kerberos v4\n completely disabled, including the disabling of any krb5 to krb4\n translation services.

    \n
    • \n
  • The MIT Kerberos 5 implementation includes an RPC library derived\n from SUNRPC. The implementation contains length checks, that are\n vulnerable to an integer overflow, which may be exploitable to\n create denials of service or to gain unauthorized access to\n sensitive information.
    • \n
  • Buffer overrun and underrun problems exist in Kerberos principal\n name handling in unusual cases, such as names with zero components,\n names with one empty component, or host-based service principal\n names with no host name component.
    • \n
\n

\nThis version of the krb5 package changes the default behavior and\ndisallows cross-realm authentication for Kerberos version 4. Because\nof the fundamental nature of the problem, cross-realm authentication\nin Kerberos version 4 cannot be made secure and sites should avoid its\nuse. A new option (-X) is provided to the krb5kdc and krb524d\ncommands to re-enable version 4 cross-realm authentication for those\nsites that must use this functionality but desire the other security\nfixes.\n

\n

For the stable distribution (woody) this problem has been\nfixed in version 1.2.4-5woody4.

\n

The old stable distribution (potato) does not contain krb5 packages.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "267": "
\n

Debian Security Advisory

\n

DSA-267-1 lpr -- buffer overflow

\n
\n
Date Reported:
\n
24 Mar 2003
\n
Affected Packages:
\n
\nlpr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7025.
In Mitre's CVE dictionary: CVE-2003-0144.
\n
More information:
\n
\n

A buffer overflow has been discovered in lpr, a BSD lpr/lpd line\nprinter spooling system. This problem can be exploited by a local\nuser to gain root privileges, even if the printer system is set up\nproperly.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2000.05.07-4.3.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.48-1.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2000.05.07-4.20.

\n

We recommend that you upgrade your lpr package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2.dsc
\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_0.48-1.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3.dsc
\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lpr/lpr_2000.05.07-4.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "268": "
\n

Debian Security Advisory

\n

DSA-268-1 mutt -- buffer overflow

\n
\n
Date Reported:
\n
25 Mar 2003
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7120.
In Mitre's CVE dictionary: CVE-2003-0140.
\n
More information:
\n
\n

Core Security Technologies discovered a buffer overflow in the IMAP\ncode of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG,\nPGP and threading. This problem allows a remote malicious IMAP server\nto cause a denial of service (crash) and possibly execute arbitrary\ncode via a specially crafted mail folder.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.3.28-2.1.

\n

The old stable distribution (potato) is not affected by this problem.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.4-1.

\n

We recommend that you upgrade your mutt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "269": "
\n

Debian Security Advisory

\n

DSA-269-1 heimdal -- Cryptographic weakness

\n
\n
Date Reported:
\n
26 Mar 2003
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0138.
CERT's vulnerabilities, advisories and incident notes: VU#623217.
\n
More information:
\n
\n

A cryptographic weakness in version 4 of the Kerberos protocol allows\nan attacker to use a chosen-plaintext attack to impersonate any\nprincipal in a realm. Additional cryptographic weaknesses in the krb4\nimplementation permit the use of cut-and-paste attacks to fabricate\nkrb4 tickets for unauthorized client principals if triple-DES keys are\nused to key krb4 services. These attacks can subvert a site's entire\nKerberos authentication infrastructure.

\n

This version of the heimdal package changes the default behavior and\ndisallows cross-realm authentication for Kerberos version 4. Because\nof the fundamental nature of the problem, cross-realm authentication\nin Kerberos version 4 cannot be made secure and sites should avoid its\nuse. A new option (--kerberos4-cross-realm) is provided to the kdc\ncommand to re-enable version 4 cross-realm authentication for those\nsites that must use this functionality but desire the other security\nfixes.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.4e-7.woody.8.

\n

The old stable distribution (potato) is not affected by this problem,\nsince it isn't compiled against kerberos 4.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 0.5.2-1.

\n

We recommend that you upgrade your heimdal packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.8.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.8.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.8_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "270": "
\n

Debian Security Advisory

\n

DSA-270-1 linux-kernel-mips -- local privilege escalation

\n
\n
Date Reported:
\n
27 Mar 2003
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-mips, kernel-patch-2.4.19-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7112.
In Mitre's CVE dictionary: CVE-2003-0127.
\n
More information:
\n
\n

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw\nin ptrace. This hole allows local users to obtain root privileges by\nusing ptrace to attach to a child process that is spawned by the\nkernel. Remote exploitation of this hole is not possible.

\n

This advisory only covers kernel packages for the big and little endian MIPS\narchitectures. Other architectures will be covered by separate advisories.

\n

For the stable distribution (woody) this problem has been fixed in version\n2.4.17-0.020226.2.woody1 of kernel-patch-2.4.17-mips (mips+mipsel) and in\nversion 2.4.19-0.020911.1.woody1 of kernel-patch-2.4.19-mips (mips only).

\n

The old stable distribution (potato) is not affected by this problem\nfor these architectures since mips and mipsel were first released with\nDebian GNU/Linux 3.0 (woody).

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4.19-0.020911.6 of kernel-patch-2.4.19-mips (mips+mipsel).

\n

We recommend that you upgrade your kernel-images packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody1_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody1_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "271": "
\n

Debian Security Advisory

\n

DSA-271-1 ecartis -- unauthorized password change

\n
\n
Date Reported:
\n
27 Mar 2003
\n
Affected Packages:
\n
\necartis, listar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6971.
In Mitre's CVE dictionary: CVE-2003-0162.
\n
More information:
\n
\n

A problem has been discovered in ecartis, a mailing list manager,\nformerly known as listar. This vulnerability enables an attacker to\nreset the password of any user defined on the list server, including\nthe list admins.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.129a+1.0.0-snap20020514-1.1 of ecartis.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.129a-2.potato3 of listar.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 1.0.0+cvs.20030321-1 of ecartis.

\n

We recommend that you upgrade your ecartis and listar packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3.dsc
\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/listar/listar_0.129a-2.potato3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/listar/listar-cgi_0.129a-2.potato3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1.dsc
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "272": "
\n

Debian Security Advisory

\n

DSA-272-1 dietlibc -- integer overflow

\n
\n
Date Reported:
\n
28 Mar 2003
\n
Affected Packages:
\n
\ndietlibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7123.
In Mitre's CVE dictionary: CVE-2003-0028.
CERT's vulnerabilities, advisories and incident notes: VU#516825, CA-2003-10.
\n
More information:
\n
\n

eEye Digital Security discovered an integer overflow in the\nxdrmem_getbytes() function of glibc, that is also present in dietlibc,\na small libc useful especially for small and embedded systems. This\nfunction is part of the XDR encoder/decoder derived from Sun's RPC\nimplementation. Depending upon the application, this vulnerability\ncan cause buffer overflows and could possibly be exploited to execute\narbitrary code.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.12-2.5.

\n

The old stable distribution (potato) does not contain dietlibc\npackages.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 0.22-2.

\n

We recommend that you upgrade your dietlibc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12-2.5.dsc
\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc_0.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-doc_0.12-2.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_i386.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dietlibc/dietlibc-dev_0.12-2.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "273": "
\n

Debian Security Advisory

\n

DSA-273-1 krb4 -- Cryptographic weakness

\n
\n
Date Reported:
\n
28 Mar 2003
\n
Affected Packages:
\n
\nkrb4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0138, CVE-2003-0139.
CERT's vulnerabilities, advisories and incident notes: VU#623217, VU#442569.
\n
More information:
\n
\n

A cryptographic weakness in version 4 of the Kerberos protocol allows\nan attacker to use a chosen-plaintext attack to impersonate any\nprincipal in a realm. Additional cryptographic weaknesses in the krb4\nimplementation permit the use of cut-and-paste attacks to fabricate\nkrb4 tickets for unauthorized client principals if triple-DES keys are\nused to key krb4 services. These attacks can subvert a site's entire\nKerberos authentication infrastructure.

\n

For the stable distribution (woody) this problem has been\nfixed in version 1.1-8-2.3.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 1.0-2.3.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 1.2.2-1.

\n

We recommend that you upgrade your krb4 packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.3.dsc
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.2_m68k.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.0-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.0-2.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.3.dsc
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-docs_1.1-8-2.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.1-8-2.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.1-8-2.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.1-8-2.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.1-8-2.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "274": "
\n

Debian Security Advisory

\n

DSA-274-1 mutt -- buffer overflow

\n
\n
Date Reported:
\n
28 Mar 2003
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7229.
In Mitre's CVE dictionary: CVE-2003-0167.
\n
More information:
\n
\n

Byrial Jensen discovered a couple of off-by-one buffer overflow in the\nIMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,\nGPG, PGP and threading. This problem could potentially allow a remote\nmalicious IMAP server to cause a denial of service (crash) and\npossibly execute arbitrary code via a specially crafted mail folder.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.3.28-2.2.

\n

The old stable distribution (potato) is also affected by this problem\nand an update will follow.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.0 and above.

\n

We recommend that you upgrade your mutt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.2.5-5.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.3.28-2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt-utf8_1.3.28-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "275": "
\n

Debian Security Advisory

\n

DSA-275-1 lpr-ppd -- buffer overflow

\n
\n
Date Reported:
\n
02 Apr 2003
\n
Affected Packages:
\n
\nlpr-ppd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7025.
In Mitre's CVE dictionary: CVE-2003-0144.
\n
More information:
\n
\n

A buffer overflow has been discovered in lpr, a BSD lpr/lpd line\nprinter spooling system. This problem can be exploited by a local\nuser to gain root privileges, even if the printer system is set up\nproperly.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.72-2.1.

\n

The old stable distribution (potato) does not contain lpr-ppd packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.72-3.

\n

We recommend that you upgrade your lpr-ppd package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1.dsc
\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lpr-ppd/lpr-ppd_0.72-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "276": "
\n

Debian Security Advisory

\n

DSA-276-1 linux-kernel-s390 -- local privilege escalation

\n
\n
Date Reported:
\n
03 Apr 2003
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7112.
In Mitre's CVE dictionary: CVE-2003-0127.
\n
More information:
\n
\n

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw\nin ptrace. This hole allows local users to obtain root privileges by\nusing ptrace to attach to a child process that is spawned by the\nkernel. Remote exploitation of this hole is not possible.

\n

This advisory only covers kernel packages for the S/390 architecture.\nOther architectures will be covered by separate advisories.

\n

For the stable distribution (woody) this problem has been fixed in the\nfollowing versions:

\n
    \n
  • kernel-patch-2.4.17-s390: version 0.0.20020816-0.woody.1.1
    • \n
  • kernel-image-2.4.17-s390: version 2.4.17-2.woody.2.2
    • \n
\n

The old stable distribution (potato) is not affected by this problem\nfor this architecture since s390 was first released with Debian\nGNU/Linux 3.0 (woody).

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your kernel-images packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.2.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.2.2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.1.1_all.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.2.2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "277": "
\n

Debian Security Advisory

\n

DSA-277-1 apcupsd -- buffer overflows, format string

\n
\n
Date Reported:
\n
03 Apr 2003
\n
Affected Packages:
\n
\napcupsd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7200.
In Mitre's CVE dictionary: CVE-2003-0098, CVE-2003-0099.
\n
More information:
\n
\n

The controlling and management daemon apcupsd for APC's Unbreakable\nPower Supplies is vulnerable to several buffer overflows and format\nstring attacks. These bugs can be exploited remotely by an attacker to gain root\naccess to the machine apcupsd is running on.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.8.5-1.1.1.

\n

For the old stable distribution (potato) this problem does not seem to\nexist.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 3.8.5-1.2.

\n

We recommend that you upgrade your apcupsd packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1.dsc
\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apcupsd/apcupsd_3.8.5-1.1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "278": "
\n

Debian Security Advisory

\n

DSA-278-1 sendmail -- char-to-int conversion

\n
\n
Date Reported:
\n
04 Apr 2003
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7230.
In Mitre's CVE dictionary: CVE-2003-0161.
CERT's vulnerabilities, advisories and incident notes: VU#897604, CA-2003-12.
\n
More information:
\n
\n

Michal Zalewski discovered a buffer overflow, triggered by a char to\nint conversion, in the address parsing code in sendmail, a widely used\npowerful, efficient, and scalable mail transport agent. This problem\nis potentially remotely exploitable.

\n

For the stable distribution (woody) this problem has been\nfixed in version 8.12.3-6.3.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 8.9.3-26.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 8.12.9-1.

\n

We recommend that you upgrade your sendmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "279": "
\n

Debian Security Advisory

\n

DSA-279-1 metrics -- insecure temporary file creation

\n
\n
Date Reported:
\n
07 Apr 2003
\n
Affected Packages:
\n
\nmetrics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7293.
In Mitre's CVE dictionary: CVE-2003-0202.
\n
More information:
\n
\n

Paul Szabo and Matt Zimmerman discovered two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\n\"halstead\" and \"gather_stats\", open temporary files without taking\nappropriate security precautions. \"halstead\" is installed as a user\nprogram, while \"gather_stats\" is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a\nlocal attacker to overwrite files owned by the user running the\nscripts, including root.

\n

The stable distribution (woody) is not affected since it doesn't\ncontain a metrics package anymore.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.0-1.1.

\n

The unstable distribution (sid) is not affected since it doesn't\ncontain a metrics package anymore.

\n

We recommend that you upgrade your metrics package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1.dsc
\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "280": "
\n

Debian Security Advisory

\n

DSA-280-1 samba -- buffer overflow

\n
\n
Date Reported:
\n
07 Apr 2003
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7294, BugTraq ID 7295.
In Mitre's CVE dictionary: CVE-2003-0201, CVE-2003-0196.
CERT's vulnerabilities, advisories and incident notes: VU#267873.
\n
More information:
\n
\n

Digital Defense, Inc. has alerted the Samba Team to a serious\nvulnerability in Samba, a LanManager-like file and printer server for Unix.\nThis vulnerability can lead to an anonymous user gaining root access\non a Samba serving system. An exploit for this problem is already\ncirculating and in use.

\n

Since the packages for potato are quite old it is likely that they\ncontain more security-relevant bugs that we don't know of. You are\ntherefore advised to upgrade your systems running Samba to woody\nsoon.

\n

Unofficial backported packages from the Samba maintainers for version\n2.2.8 of Samba for woody are available at\n~peloy and\n~vorlon.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.3a-12.3.

\n

For the old stable distribution (potato) this problem has been fixed in\nversion 2.0.7-5.1.

\n

The unstable distribution (sid) is not affected since it contains\nversion 3.0 packages already.

\n

We recommend that you upgrade your Samba packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.0.7-5.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.7-5.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.0.7-5.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.0.7-5.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-12.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "281": "
\n

Debian Security Advisory

\n

DSA-281-1 moxftp -- buffer overflow

\n
\n
Date Reported:
\n
08 Apr 2003
\n
Affected Packages:
\n
\nmoxftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6921.
In Mitre's CVE dictionary: CVE-2003-0203.
\n
More information:
\n
\n

Knud Erik H\u00f8jgaard discovered a vulnerability in moxftp (and xftp\nrespectively), an Athena X interface to FTP. Insufficient bounds\nchecking could lead to execution of arbitrary code, provided by a\nmalicious FTP server. Erik Tews fixed this.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2-18.1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 2.2-13.1.

\n

For the unstable distribution (sid) this problem has been fixed\nin version 2.2-18.20.

\n

We recommend that you upgrade your xftp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-13.1.dsc
\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-13.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-13.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-18.1.dsc
\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2-18.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moxftp/moxftp_2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/moxftp/xftp_2.2-18.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "282": "
\n

Debian Security Advisory

\n

DSA-282-1 glibc -- integer overflow

\n
\n
Date Reported:
\n
09 Apr 2003
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7123.
In Mitre's CVE dictionary: CVE-2003-0028.
CERT's vulnerabilities, advisories and incident notes: VU#516825, CA-2003-10.
\n
More information:
\n
\n

eEye Digital Security discovered an integer overflow in the\nxdrmem_getbytes() function which is also present in GNU libc. This\nfunction is part of the XDR (external data representation)\nencoder/decoder derived from Sun's RPC implementation. Depending upon\nthe application, this vulnerability can cause buffer overflows and\ncould possibly be exploited to execute arbitrary code.

\n

For the stable distribution (woody) this problem has been\nfixed in version 2.2.5-11.5.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 2.1.3-25.

\n

For the unstable distribution (sid) this problem has been\nfixed in version 2.3.1-16.

\n

We recommend that you upgrade your libc6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.1.3-25_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/i18ndata_2.1.3-25_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-25_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-25_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.5.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.5_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "283": "
\n

Debian Security Advisory

\n

DSA-283-1 xfsdump -- insecure file creation

\n
\n
Date Reported:
\n
11 Apr 2003
\n
Affected Packages:
\n
\nxfsdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7321.
In Mitre's CVE dictionary: CVE-2003-0173.
CERT's vulnerabilities, advisories and incident notes: VU#111673.
\n
More information:
\n
\n

Ethan Benson discovered a problem in xfsdump, that contains\nadministrative utilities for the XFS filesystem. When filesystem\nquotas are enabled xfsdump runs xfsdq to save the quota information\ninto a file at the root of the filesystem being dumped. The manner in\nwhich this file is created is unsafe.

\n

While fixing this, a new option \u201c-f path\u201d has been added to xfsdq(8)\nto specify an output file instead of using the standard output stream.\nThis file is created by xfsdq and xfsdq will fail to run if it exists\nalready. The file is also created with a more appropriate mode than\nwhatever the umask happened to be when xfsdump(8) was run.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.1-2.

\n

The old stable distribution (potato) is not affected since it doesn't\ncontain xfsdump packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.8-1.

\n

We recommend that you upgrade your xfsdump package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2.dsc
\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfsdump/xfsdump_2.0.1-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "284": "
\n

Debian Security Advisory

\n

DSA-284-1 kdegraphics -- insecure execution

\n
\n
Date Reported:
\n
12 Apr 2003
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7318.
In Mitre's CVE dictionary: CVE-2003-0204.
\n
More information:
\n
\n

The KDE team discovered a vulnerability in the way KDE uses Ghostscript\nsoftware for processing of PostScript (PS) and PDF files. An attacker\ncould provide a malicious PostScript or PDF file via mail or websites\nthat could lead to executing arbitrary commands under the privileges\nof the user viewing the file or when the browser generates a directory\nlisting with thumbnails.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-6.11 of kdegraphics and associated packages.

\n

The old stable distribution (potato) is not affected since it does not\ncontain KDE.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

For the unofficial backport of KDE 3.1.1 to woody by Ralf Nolden on\ndownload.kde.org, this problem has been fixed in version 3.1.1-0woody2\nof kdegraphics. Using the normal backport line for apt-get you will\nget the update:

\n

deb http://download.kde.org/stable/latest/Debian stable main

\n

We recommend that you upgrade your kdegraphics and associated packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "285": "
\n

Debian Security Advisory

\n

DSA-285-1 lprng -- insecure temporary file

\n
\n
Date Reported:
\n
14 Apr 2003
\n
Affected Packages:
\n
\nlprng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7334.
In Mitre's CVE dictionary: CVE-2003-0136.
\n
More information:
\n
\n

Karol Lewandowski discovered that psbanner, a printer filter that\ncreates a PostScript format banner and is part of LPRng, insecurely\ncreates a temporary file for debugging purpose when it is configured\nas filter. The program does not check whether this file already\nexists or is linked to another place, psbanner writes its current environment\nand called arguments to the file unconditionally with the user id\ndaemon.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.8.10-1.2.

\n

The old stable distribution (potato) is not affected by this problem.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.8.20-4.

\n

We recommend that you upgrade your lprng package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2.dsc
\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng-doc_3.8.10-1.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lprng/lprng_3.8.10-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "286": "
\n

Debian Security Advisory

\n

DSA-286-1 gs-common -- insecure temporary file

\n
\n
Date Reported:
\n
14 Apr 2003
\n
Affected Packages:
\n
\ngs-common\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7337.
In Mitre's CVE dictionary: CVE-2003-0207.
\n
More information:
\n
\n

Paul Szabo discovered insecure creation of a temporary file in\nps2epsi, a script that is distributed as part of gs-common which\ncontains common files for different Ghostscript releases. ps2epsi uses\na temporary file in the process of invoking ghostscript. This file\nwas created in an insecure fashion, which could allow a local attacker\nto overwrite files owned by a user who invokes ps2epsi.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.3.3.0woody1.

\n

The old stable distribution (potato) is not affected by this problem.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.3.3.1.

\n

We recommend that you upgrade your gs-common package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "287": "
\n

Debian Security Advisory

\n

DSA-287-1 epic -- buffer overflows

\n
\n
Date Reported:
\n
15 Apr 2003
\n
Affected Packages:
\n
\nepic\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7103, BugTraq ID 7091.
In Mitre's CVE dictionary: CVE-2003-0324.
\n
More information:
\n
\n

Timo Sirainen discovered several problems in EPIC, a popular client\nfor Internet Relay Chat (IRC). A malicious server could craft special\nreply strings, triggering the client to write beyond buffer\nboundaries. This could lead to a denial of service if the client only\ncrashes, but may also lead to executing of arbitrary code under the\nuser id of the chatting user.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.004-17.1.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 3.004-16.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.004-19.

\n

We recommend that you upgrade your EPIC package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.dsc
\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-16.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.dsc
\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/epic/epic_3.004-17.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "288": "
\n

Debian Security Advisory

\n

DSA-288-1 openssl -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2003
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7101, BugTraq ID 7148.
In Mitre's CVE dictionary: CVE-2003-0147, CVE-2003-0131.
CERT's vulnerabilities, advisories and incident notes: VU#888801.
\n
More information:
\n
\n

Researchers discovered two flaws in OpenSSL, a Secure Socket Layer\n(SSL) library and related cryptographic tools. Applications that are\nlinked against this library are generally vulnerable to attacks that\ncould leak the server's private key or make the encrypted session\ndecryptable otherwise. The Common Vulnerabilities and Exposures (CVE)\nproject identified the following vulnerabilities:

\n
\n
CAN-2003-0147
\n
\n OpenSSL does not use RSA blinding by default, which allows local and\n remote attackers to obtain the server's private key.
\n
CAN-2003-0131
\n
\n The SSL allows remote attackers to perform an unauthorized RSA\n private key operation that causes OpenSSL to leak information\n regarding the relationship between ciphertext and the associated\n plaintext.
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.9.6c-2.woody.3.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 0.9.6c-0.potato.6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.7b-1 of openssl and version 0.9.6j-1 of openssl096.

\n

We recommend that you upgrade your openssl packages immediately and\nrestart the applications that use OpenSSL.

\n

Unfortunately, RSA blinding is not thread-safe and will cause failures\nfor programs that use threads and OpenSSL such as stunnel. However,\nsince the proposed fix would change the binary interface (ABI),\nprograms that are dynamically linked against OpenSSL won't run\nanymore. This is a dilemma we can't solve.

\n

You will have to decide whether you want the security update which is\nnot thread-safe and recompile all applications that apparently fail\nafter the upgrade, or fetch the additional source packages at the end\nof this advisory, recompile it and use a thread-safe OpenSSL library\nagain, but also recompile all applications that make use of it (such\nas apache-ssl, mod_ssl, ssh etc.).

\n

However, since only very few packages use threads and link against the\nOpenSSL library most users will be able to use packages from this\nupdate without any problems.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-0.potato.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-0.potato.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-0.potato.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-0.potato.6_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.3_sparc.deb
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-0.potato.7.dsc
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-0.potato.7.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-0.potato.7.patch
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-2.woody.4.dsc
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-2.woody.4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://master.debian.org/~joey/NMU/openssl_0.9.6c-2.woody.4.patch
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "289": "
\n

Debian Security Advisory

\n

DSA-289-1 rinetd -- incorrect memory resizing

\n
\n
Date Reported:
\n
17 Apr 2003
\n
Affected Packages:
\n
\nrinetd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7377.
In Mitre's CVE dictionary: CVE-2003-0212.
\n
More information:
\n
\n

Sam Hocevar discovered a security problem in rinetd, an IP connection\nredirection server. When the connection list is full, rinetd resizes\nthe list in order to store the new incoming connection. However, this\nis done improperly, resulting in a denial of service and potentially\nexecution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.61-1.1.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 0.52-2.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.61-2

\n

We recommend that you upgrade your rinetd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1.dsc
\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.52-2.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1.dsc
\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rinetd/rinetd_0.61-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "290": "
\n

Debian Security Advisory

\n

DSA-290-1 sendmail-wide -- char-to-int conversion

\n
\n
Date Reported:
\n
17 Apr 2003
\n
Affected Packages:
\n
\nsendmail-wide\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7230.
In Mitre's CVE dictionary: CVE-2003-0161.
CERT's vulnerabilities, advisories and incident notes: VU#897604, CA-2003-12.
\n
More information:
\n
\n

Michal Zalewski discovered a buffer overflow, triggered by a char to\nint conversion, in the address parsing code in sendmail, a widely used\npowerful, efficient, and scalable mail transport agent. This problem\nis potentially remotely exploitable.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 8.12.3+3.5Wbeta-5.4

\n

For the old stable distribution (potato) this problem has been\nfixed in version 8.9.3+3.2W-25

\n

For the unstable distribution (sid) this problem has been\nfixed in version 8.12.9+3.5Wbeta-1

\n

We recommend that you upgrade your sendmail-wide packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.9.3+3.2W-25_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "291": "
\n

Debian Security Advisory

\n

DSA-291-1 ircii -- buffer overflows

\n
\n
Date Reported:
\n
22 Apr 2003
\n
Affected Packages:
\n
\nircii\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7098, BugTraq ID 7095, BugTraq ID 7094, BugTraq ID 7093.
In Mitre's CVE dictionary: CVE-2003-0323.
\n
More information:
\n
\n

Timo Sirainen discovered several problems in ircII, a popular\nclient for Internet Relay Chat (IRC). A malicious server could\ncraft special reply strings, triggering the client to write beyond\nbuffer boundaries. This could lead to a denial of service if the\nclient only crashes, but may also lead to executing of arbitrary code\nunder the user id of the chatting user.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 20020322-1.1.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 4.4M-1.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 20030315-1.

\n

We recommend that you upgrade your ircII package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_4.4M-1.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ircii/ircii_20020322-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "292": "
\n

Debian Security Advisory

\n

DSA-292-3 mime-support -- insecure temporary file creation

\n
\n
Date Reported:
\n
22 Apr 2003
\n
Affected Packages:
\n
\nmime-support\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0214.
\n
More information:
\n
\n

Colin Phipps discovered several problems in mime-support, that contains\nsupport programs for the MIME control files 'mime.types' and 'mailcap'.\nWhen a temporary file is to be used it is created insecurely, allowing\nan attacker to overwrite arbitrary under the user id of the person\nexecuting run-mailcap.

\n

When run-mailcap is executed on a file with a potentially\nproblematic filename, a temporary file is created (not insecurely\nanymore), removed and a symbolic link to this filename is created. An\nattacker could recreate the file before the symbolic link is created,\nforcing the display program to display different content.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.18-1.3.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 3.9-1.3.

\n

For the unstable distribution (sid) these problems have been\nfixed in version 3.23-1.

\n

We recommend that you upgrade your mime-support packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.9-1.3.dsc
\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.9-1.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.9-1.3_all.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.18-1.3.dsc
\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.18-1.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mime-support/mime-support_3.18-1.3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "293": "
\n

Debian Security Advisory

\n

DSA-293-1 kdelibs -- insecure execution

\n
\n
Date Reported:
\n
23 Apr 2003
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7318.
In Mitre's CVE dictionary: CVE-2003-0204.
\n
More information:
\n
\n

The KDE team discovered a vulnerability in the way KDE uses Ghostscript\nsoftware for processing of PostScript (PS) and PDF files. An attacker\ncould provide a malicious PostScript or PDF file via mail or websites\nthat could lead to executing arbitrary commands under the privileges\nof the user viewing the file or when the browser generates a directory\nlisting with thumbnails.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.7 of kdelibs and associated packages.

\n

The old stable distribution (potato) is not affected since it does not\ncontain KDE.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

For the unofficial backport of KDE 3.1.1 to woody by Ralf Nolden on\ndownload.kde.org, this problem has been fixed in version 3.1.1-0woody3\nof kdelibs. Using the normal backport line for apt-get you will get\nthe update:

\n

deb http://download.kde.org/stable/latest/Debian stable main

\n

We recommend that you upgrade your kdelibs and associated packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.7.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "294": "
\n

Debian Security Advisory

\n

DSA-294-1 gkrellm-newsticker -- missing quoting, incomplete parser

\n
\n
Date Reported:
\n
23 Apr 2003
\n
Affected Packages:
\n
\ngkrellm-newsticker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7414.
In Mitre's CVE dictionary: CVE-2003-0205, CVE-2003-0206.
\n
More information:
\n
\n

Brian Campbell discovered two security-related problems in\ngkrellm-newsticker, a plugin for the gkrellm system monitor program,\nwhich provides a news ticker from RDF feeds. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
\n
CAN-2003-0205
\n
\n It can launch a web browser of the user's choice when the ticker\n title is clicked by using the URI given by the feed. However,\n special shell characters are not properly escaped enabling a\n malicious feed to execute arbitrary shell commands on the clients\n machine.
\n
CAN-2003-0206
\n
\n It crashes the entire gkrellm system on feeds where link or title\n elements are not entirely on a single line. A malicious server\n could therefore craft a denial of service.
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.3-3.1.

\n

The old stable distribution (potato) is not affected since it doesn't\ncontain gkrellm-newsticker packages.

\n

For the unstable distribution (sid) these problems is not yet fixed.

\n

We recommend that you upgrade your gkrellm-newsticker package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gkrellm-newsticker/gkrellm-newsticker_0.3-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "295": "
\n

Debian Security Advisory

\n

DSA-295-1 pptpd -- buffer overflow

\n
\n
Date Reported:
\n
30 Apr 2003
\n
Affected Packages:
\n
\npptpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7316.
In Mitre's CVE dictionary: CVE-2003-0213.
\n
More information:
\n
\n

Timo Sirainen discovered a vulnerability in pptpd, a Point to Point\nTunneling Server, which implements PPTP-over-IPSEC and is commonly\nused to create Virtual Private Networks (VPN). By specifying a small\npacket length an attacker is able to overflow a buffer and execute\ncode under the user id that runs pptpd, probably root. An exploit for\nthis problem is already circulating.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.2-1.4.

\n

For the old stable distribution (potato) this problem has been\nfixed in version 1.0.0-4.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.4-0.b3.2.

\n

We recommend that you upgrade your pptpd package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2.dsc
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.0.0-4.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4.dsc
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.1.2-1.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "296": "
\n

Debian Security Advisory

\n

DSA-296-1 kdebase -- insecure execution

\n
\n
Date Reported:
\n
30 Apr 2003
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7318.
In Mitre's CVE dictionary: CVE-2003-0204.
\n
More information:
\n
\n

The KDE team discovered a vulnerability in the way KDE uses Ghostscript\nsoftware for processing of PostScript (PS) and PDF files. An attacker\ncould provide a malicious PostScript or PDF file via mail or websites\nthat could lead to executing arbitrary commands under the privileges\nof the user viewing the file or when the browser generates a directory\nlisting with thumbnails.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-14.4 of kdebase and associated packages.

\n

The old stable distribution (potato) is not affected since it does not\ncontain KDE.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

For the unofficial backport of KDE 3.1.1 to woody by Ralf Nolden on\ndownload.kde.org, this problem has been fixed in version 3.1.1-0woody3\nof kdebase. Using the normal backport line for apt-get you will get\nthe update:

\n

deb http://download.kde.org/stable/latest/Debian stable main

\n

We recommend that you upgrade your kdebase and associated packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "297": "
\n

Debian Security Advisory

\n

DSA-297-1 snort -- integer overflow, buffer overflow

\n
\n
Date Reported:
\n
01 May 2003
\n
Affected Packages:
\n
\nsnort\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7178, BugTraq ID 6963.
In Mitre's CVE dictionary: CVE-2003-0033, CVE-2003-0209.
CERT's vulnerabilities, advisories and incident notes: VU#139129, VU#916785, CA-2003-13.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Snort, a popular network\nintrusion detection system. Snort comes with modules and plugins that\nperform a variety of functions such as protocol analysis. The\nfollowing issues have been identified:

\n
\n
Heap overflow in Snort \"stream4\" preprocessor
\n (VU#139129, CAN-2003-0209, Bugtraq Id 7178)
\n
Researchers at CORE Security Technologies have discovered a\n remotely exploitable integer overflow that results in overwriting\n the heap in the \"stream4\" preprocessor module. This module allows\n Snort to reassemble TCP packet fragments for further analysis. An\n attacker could insert arbitrary code that would be executed as\n the user running Snort, probably root.
\n
Buffer overflow in Snort RPC preprocessor
\n (VU#916785, CAN-2003-0033, Bugtraq Id 6963)
\n
Researchers at Internet Security Systems X-Force have discovered a\n remotely exploitable buffer overflow in the Snort RPC preprocessor\n module. Snort incorrectly checks the lengths of what is being\n normalized against the current packet size. An attacker could\n exploit this to execute arbitrary code under the privileges of the\n Snort process, probably root.
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.8.4beta1-3.1.

\n

The old stable distribution (potato) is not affected by these problems\nsince it doesn't contain the problematic code.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.0-1.

\n

We recommend that you upgrade your snort package immediately.

\n

You are also advised to upgrade to the most recent version of Snort,\nsince Snort, as any intrusion detection system, is rather useless if\nit is based on old and out-dated data and not kept up to date. Such\ninstallations would be unable to detect intrusions using modern\nmethods. The current version of Snort is 2.0.0, while the version in\nthe stable distribution (1.8) is quite old and the one in the old\nstable distribution is beyond hope.

\n

Since Debian does not update arbitrary packages in stable releases,\neven Snort is not going to see updates other than to fix security\nproblems, you are advised to upgrade to the most recent version from\nthird party sources.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.dsc
\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/snort/snort-doc_1.8.4beta1-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-rules-default_1.8.4beta1-3.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/snort/snort_1.8.4beta1-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-common_1.8.4beta1-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/snort/snort-mysql_1.8.4beta1-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "298": "
\n

Debian Security Advisory

\n

DSA-298-1 epic4 -- buffer overflows

\n
\n
Date Reported:
\n
02 May 2003
\n
Affected Packages:
\n
\nepic4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7098, BugTraq ID 7095, BugTraq ID 7094, BugTraq ID 7093.
In Mitre's CVE dictionary: CVE-2003-0323.
\n
More information:
\n
\n

Timo Sirainen discovered several problems in EPIC4, a popular client\nfor Internet Relay Chat (IRC). A malicious server could craft special\nreply strings, triggering the client to write beyond buffer\nboundaries. This could lead to a denial of service if the client only\ncrashes, but may also lead to executing of arbitrary code under the\nuser id of the chatting user.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.1.2.20020219-2.1.

\n

For the old stable distribution (potato) these problems have been\nfixed in version pre2.508-2.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.1.11.20030409-1.

\n

We recommend that you upgrade your EPIC4 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3.dsc
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_pre2.508-2.3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1.dsc
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "299": "
\n

Debian Security Advisory

\n

DSA-299-1 leksbot -- improper setuid-root execution

\n
\n
Date Reported:
\n
06 May 2003
\n
Affected Packages:
\n
\nleksbot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7505.
In Mitre's CVE dictionary: CVE-2003-0262.
\n
More information:
\n
\n

Maurice Massar discovered that, due to a packaging error, the program\n/usr/bin/KATAXWR was inadvertently installed setuid root. This\nprogram was not designed to run setuid, and contained multiple\nvulnerabilities which could be exploited to gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2-3.1.

\n

The old stable distribution (potato) does not contain a leksbot\npackage.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2-5.

\n

We recommend that you update your leksbot package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "300": "
\n

Debian Security Advisory

\n

DSA-300-1 balsa -- buffer overflow

\n
\n
Date Reported:
\n
06 May 2003
\n
Affected Packages:
\n
\nbalsa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7229.
In Mitre's CVE dictionary: CVE-2003-0167.
\n
More information:
\n
\n

Byrial Jensen discovered a couple of off-by-one buffer overflow in the\nIMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,\nGPG, PGP and threading. This code is imported in the Balsa package.\nThis problem could potentially allow a remote malicious IMAP server to\ncause a denial of service (crash) and possibly execute arbitrary code\nvia a specially crafted mail folder.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.4-2.2.

\n

The old stable distribution (potato) does not seem to be affected by\nthis problem.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your balsa package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2.dsc
\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/balsa/balsa_1.2.4-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "301": "
\n

Debian Security Advisory

\n

DSA-301-1 libgtop -- buffer overflow

\n
\n
Date Reported:
\n
07 May 2003
\n
Affected Packages:
\n
\nlibgtop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 3594.
In Mitre's CVE dictionary: CVE-2001-0928.
\n
More information:
\n
\n

The gtop daemon, used for monitoring remote machines, contains a\nbuffer overflow which could be used by an attacker to execute\narbitrary code with the privileges of the daemon process. If started\nas root, the daemon process drops root privileges, assuming uid and\ngid 99 by default.

\n

This bug was previously fixed in DSA-098,\nbut one of the patches was not carried over to later versions of libgtop.

\n

For the stable distribution (woody), this problem has been fixed in\nversion 1.0.13-3.1.

\n

For the old stable distribution (potato), this problem was fixed in\nDSA-098.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.13-4.

\n

We recommend that you update your libgtop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop_1.0.13-3.1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop_1.0.13-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop_1.0.13.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-daemon_1.0.13-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop-dev_1.0.13-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop/libgtop1_1.0.13-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "302": "
\n

Debian Security Advisory

\n

DSA-302-1 fuzz -- privilege escalation

\n
\n
Date Reported:
\n
07 May 2003
\n
Affected Packages:
\n
\nfuzz\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7521.
In Mitre's CVE dictionary: CVE-2003-0261.
\n
More information:
\n
\n

Joey Hess discovered that fuzz, a software stress-testing tool,\ncreates a temporary file without taking appropriate security\nprecautions. This bug could allow an attacker to gain the privileges\nof the user invoking fuzz, excluding root (fuzz does not allow itself\nto be invoked as root).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.6-6woody1.

\n

The old stable distribution (potato) does not contain a fuzz package.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your fuzz package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fuzz/fuzz_0.6-6woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "303": "
\n

Debian Security Advisory

\n

DSA-303-1 mysql -- privilege escalation

\n
\n
Date Reported:
\n
15 May 2003
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7052.
In Mitre's CVE dictionary: CVE-2003-0073, CVE-2003-0150.
\n
More information:
\n
\n

CAN-2003-0073: The mysql package contains a bug whereby dynamically\nallocated memory is freed more than once, which could be deliberately\ntriggered by an attacker to cause a crash, resulting in a denial of\nservice condition. In order to exploit this vulnerability, a valid\nusername and password combination for access to the MySQL server is\nrequired.

\n

CAN-2003-0150: The mysql package contains a bug whereby a malicious\nuser, granted certain permissions within mysql, could create a\nconfiguration file which would cause the mysql server to run as root,\nor any other user, rather than the mysql user.

\n

For the stable distribution (woody) both problems have been fixed in\nversion 3.23.49-8.4.

\n

The old stable distribution (potato) is only affected by\nCAN-2003-0150, and this has been fixed in version 3.22.32-6.4.

\n

For the unstable distribution (sid), CAN-2003-0073 was fixed in\nversion 4.0.12-2, and CAN-2003-0150 will be fixed soon.

\n

We recommend that you update your mysql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.4.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.4_sparc.deb
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.4.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32-6.4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.22.32.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.22.32-6.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.22.32-6.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.22.32-6.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "304": "
\n

Debian Security Advisory

\n

DSA-304-1 lv -- privilege escalation

\n
\n
Date Reported:
\n
15 May 2003
\n
Affected Packages:
\n
\nlv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7613.
In Mitre's CVE dictionary: CVE-2003-0188.
\n
More information:
\n
\n

Leonard Stiles discovered that lv, a multilingual file viewer, would\nread options from a configuration file in the current directory.\nBecause such a file could be placed there by a malicious user, and lv\nconfiguration options can be used to execute commands, this\nrepresented a security vulnerability. An attacker could gain the\nprivileges of the user invoking lv, including root.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.49.4-7woody2.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 4.49.3-4potato2.

\n

For the unstable distribution (sid) this problem is fixed in version\n4.49.5-2.

\n

We recommend that you update your lv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2.dsc
\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.4-7woody2_sparc.deb
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2.dsc
\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lv/lv_4.49.3-4potato2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "305": "
\n

Debian Security Advisory

\n

DSA-305-1 sendmail -- insecure temporary files

\n
\n
Date Reported:
\n
15 May 2003
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7614.
In Mitre's CVE dictionary: CVE-2003-0308.
\n
More information:
\n
\n

Paul Szabo discovered bugs in three scripts included in the sendmail\npackage where temporary files were created insecurely (expn,\nchecksendmail and doublebounce.pl). These bugs could allow an\nattacker to gain the privileges of a user invoking the script\n(including root).

\n

For the stable distribution (woody) these problems have been fixed in\nversion 8.12.3-6.4.

\n

For the old stable distribution (potato) these problems have been fixed\nin version 8.9.3-26.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 8.12.9-2.

\n

We recommend that you update your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.4_sparc.deb
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.9.3-26.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "306": "
\n

Debian Security Advisory

\n

DSA-306-1 ircii-pana -- buffer overflows, integer overflow

\n
\n
Date Reported:
\n
19 May 2003
\n
Affected Packages:
\n
\nircii-pana\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7097, BugTraq ID 7096, BugTraq ID 7099, BugTraq ID 7100.
In Mitre's CVE dictionary: CVE-2003-0321, CVE-2003-0322, CVE-2003-0328.
\n
More information:
\n
\n

Timo Sirainen discovered several problems in BitchX, a popular client\nfor Internet Relay Chat (IRC). A malicious server could craft special\nreply strings, triggering the client to write beyond buffer boundaries\nor allocate a negative amount of memory. This could lead to a denial\nof service if the client only crashes, but may also lead to executing\nof arbitrary code under the user id of the chatting user.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.0-0c19-1.1.

\n

For the old stable distribution (potato) these problems have been\nfixed in version 1.0-0c16-2.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0-0c19-8.

\n

We recommend that you upgrade your BitchX package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c16-2.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c16-2.1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx_1.0-0c19-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-dev_1.0-0c19-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-gtk_1.0-0c19-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircii-pana/bitchx-ssl_1.0-0c19-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "307": "
\n

Debian Security Advisory

\n

DSA-307-1 gps -- multiple vulnerabilities

\n
\n
Date Reported:
\n
27 May 2003
\n
Affected Packages:
\n
\ngps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7736.
In Mitre's CVE dictionary: CVE-2003-0361, CVE-2003-0360, CVE-2003-0362.
\n
More information:
\n
\n

gPS is a graphical application to watch system processes. In release\n1.1.0 of the gps package, several security vulnerabilities were fixed,\nas detailed in the changelog:

\n
    \n
  • bug fix on rgpsp connection source acceptation policy\n (it was allowing any host to connect even when the\n /etc/rgpsp.conf file told otherwise).\n It is working now, but on any real (\"production\")\n network I suggest you use IP filtering to enforce\n the policy (like ipchains or iptables).
    • \n
  • Several possibilities of buffer overflows have been\n fixed. Thanks to Stanislav Ievlev from ALT-Linux for\n pointing a lot of them.
    • \n
  • fixed misformatting of command line parameters in\n rgpsp protocol (command lines with newlines would\n break the protocol).
    • \n
  • fixed buffer overflow bug that caused rgpsp\n to SIGSEGV when stating processes with large\n command lines (>128 chars) [Linux only].
    • \n
\n

All of these problems affect Debian's gps package version 0.9.4-1 in\nDebian woody. Debian potato also contains a gps package (version\n0.4.1-2), but it is not affected by these problems, as the relevant\nfunctionality is not implemented in that version.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody1.

\n

The old stable distribution (potato) is not affected by these problems.

\n

For the unstable distribution (sid) these problems are fixed in\nversion 1.1.0-1.

\n

We recommend that you update your gps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gps/gps_0.9.4-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gps/rgpsp_0.9.4-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "308": "
\n

Debian Security Advisory

\n

DSA-308-1 gzip -- insecure temporary files

\n
\n
Date Reported:
\n
06 Jun 2003
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7845, BugTraq ID 7872.
In Mitre's CVE dictionary: CVE-1999-1332, CVE-2003-0367.
\n
More information:
\n
\n

Paul Szabo discovered that znew, a script included in the gzip\npackage, creates its temporary files without taking precautions to\navoid a symlink attack (CAN-2003-0367).

\n

The gzexe script has a similar vulnerability which was patched in an\nearlier release but inadvertently reverted.

\n

For the stable distribution (woody) both problems have been fixed in\nversion 1.3.2-3woody1.

\n

For the old stable distribution (potato) CAN-2003-0367 has been fixed\nin version 1.2.4-33.2. This version is not vulnerable to\nCVE-1999-1332 due to an earlier patch.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your gzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody1_sparc.deb
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.2.4-33.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "309": "
\n

Debian Security Advisory

\n

DSA-309-1 eterm -- buffer overflow

\n
\n
Date Reported:
\n
06 Jun 2003
\n
Affected Packages:
\n
\neterm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7708.
In Mitre's CVE dictionary: CVE-2003-0382.
\n
More information:
\n
\n

\"bazarr\" discovered that eterm is vulnerable to a buffer overflow of\nthe ETERMPATH environment variable. This bug can be exploited to gain\nthe privileges of the group \"utmp\" on a system where eterm is\ninstalled.

\n

For the stable distribution (woody), this problem has been fixed in\nversion 0.9.2-0pre2002042903.1.

\n

The old stable distribution (potato) is not affected by this bug.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your eterm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1.dsc
\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "310": "
\n

Debian Security Advisory

\n

DSA-310-1 xaos -- improper setuid-root execution

\n
\n
Date Reported:
\n
08 Jun 2003
\n
Affected Packages:
\n
\nxaos\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7838.
In Mitre's CVE dictionary: CVE-2003-0385.
\n
More information:
\n
\n

XaoS, a program for displaying fractal images, is installed setuid\nroot on certain architectures in order to use svgalib, which requires\naccess to the video hardware. However, it is not designed for secure\nsetuid execution, and can be exploited to gain root privileges.

\n

In these updated packages, the setuid bit has been removed from the\nxaos binary. Users who require the svgalib functionality should grant\nthese privileges only to a trusted group.

\n

This vulnerability is exploitable in version 3.0-18 (potato) on i386\nand alpha architectures, and in version 3.0-23 (woody) on the i386\narchitecture only.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.0-23woody1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 3.0-18potato1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1r-4.

\n

We recommend that you update your xaos package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.dsc
\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-18potato1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xaos/xaos_3.0-23woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "311": "
\n

Debian Security Advisory

\n

DSA-311-1 linux-kernel-2.4.18 -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Jun 2003
\n
Affected Packages:
\n
\nkernel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2002-0429, CVE-2003-0001, CVE-2003-0127, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0364.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in the Linux kernel.

\n

CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a binary compatibility interface\n (lcall).

\n

CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets.

\n

CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel.

\n

CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain.

\n

CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.

\n

CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service (\"kernel oops\").

\n

CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.

\n

CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions.

\n

This advisory covers only the i386 (Intel IA32) architectures. Other\narchitectures will be covered by separate advisories.

\n

For the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-9,\nkernel-image-2.4.18-1-i386 version 2.4.18-8, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody1.

\n

For the unstable distribution (sid) these problems are fixed in the\n2.4.20 series kernels based on Debian sources.

\n

We recommend that you update your kernel packages.

\n

If you are using the kernel installed by the installation system when\nthe \"bf24\" option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.

\n
\n| If \"uname -r\" shows: | Install this package:\n| 2.4.18-bf2.4         | kernel-image-2.4.18-bf2.4\n| 2.4.18-386           | kernel-image-2.4.18-1-386\n| 2.4.18-586tsc        | kernel-image-2.4.18-1-586tsc\n| 2.4.18-686           | kernel-image-2.4.18-1-686\n| 2.4.18-686-smp       | kernel-image-2.4.18-1-686-smp\n| 2.4.18-k6            | kernel-image-2.4.18-1-k6\n| 2.4.18-k7            | kernel-image-2.4.18-1-k7\n
\n

NOTE: that this kernel is not binary compatible with the previous\nversion. For this reason, the kernel has a different version number\nand will not be installed automatically as part of the normal upgrade\nprocess. Any custom modules will need to be rebuilt in order to work\nwith the new kernel. New PCMCIA modules are provided for all of the\nabove kernels.

\n

NOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-8.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-8_i386.deb
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody1.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody1_i386.deb
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-9_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-9_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcmcia-cs/pcmcia-modules-2.4.18-bf2.4_3.1.33-6woody1k5woody1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "312": "
\n

Debian Security Advisory

\n

DSA-312-1 kernel-patch-2.4.18-powerpc -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Jun 2003
\n
Affected Packages:
\n
\nkernel-patch-2.4.18-powerpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6535, BugTraq ID 7112, BugTraq ID 7600, BugTraq ID 7601, BugTraq ID 7791, BugTraq ID 7793, BugTraq ID 7797.
In Mitre's CVE dictionary: CVE-2002-0429, CVE-2003-0001, CVE-2003-0127, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0364.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in the Linux kernel.

\n

CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a binary compatibility interface\n (lcall).

\n

CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets.

\n

CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel.

\n

CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain.

\n

CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.

\n

CAN-2003-0247: Vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service (\"kernel oops\").

\n

CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.

\n

CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions.

\n

This advisory covers only the powerpc architecture. Other\narchitectures will be covered by separate advisories.

\n

For the stable distribution (woody) on the powerpc architecture, these\nproblems have been fixed in version 2.4.18-1woody1.

\n

For the unstable distribution (sid) these problems are fixed in\nversion 2.4.20-2.

\n

We recommend that you update your kernel packages.

\n

NOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody1_all.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "313": "
\n

Debian Security Advisory

\n

DSA-313-1 ethereal -- buffer overflows, integer overflows

\n
\n
Date Reported:
\n
11 Jun 2003
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7493, BugTraq ID 7494, BugTraq ID 7495.
In Mitre's CVE dictionary: CVE-2003-0356, CVE-2003-0357.
\n
More information:
\n
\n

Timo Sirainen discovered several vulnerabilities in ethereal, a\nnetwork traffic analyzer. These include one-byte buffer overflows in\nthe AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,\nSMPP, and TSP dissectors, and integer overflows in the Mount and PPP\ndissectors.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody4.

\n

The old stable distribution (potato) does not appear to contain these\nvulnerabilities.

\n

For the unstable distribution (sid) these problems are fixed in version\n0.9.12-1.

\n

We recommend that you update your ethereal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "314": "
\n

Debian Security Advisory

\n

DSA-314-1 atftp -- buffer overflow

\n
\n
Date Reported:
\n
11 Jun 2003
\n
Affected Packages:
\n
\natftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0380.
\n
More information:
\n
\n

Rick Patel discovered that atftpd is vulnerable to a buffer overflow\nwhen a long filename is sent to the server. An attacker could exploit\nthis bug remotely to execute arbitrary code on the server.

\n

For the stable distribution (woody), this problem has been fixed in\nversion 0.6.1.1.0woody1.

\n

The old stable distribution (potato) does not contain an atftp\npackage.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your atftp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "315": "
\n

Debian Security Advisory

\n

DSA-315-1 gnocatan -- buffer overflows, denial of service

\n
\n
Date Reported:
\n
11 Jun 2003
\n
Affected Packages:
\n
\ngnocatan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7877.
In Mitre's CVE dictionary: CVE-2003-0433.
\n
More information:
\n
\n

Bas Wijnen discovered that the gnocatan server is vulnerable to\nseveral buffer overflows which could be exploited to execute arbitrary\ncode on the server system.

\n

For the stable distribution (woody), this problem has been fixed in\nversion 0.6.1-5woody2.

\n

The old stable distribution (potato) does not contain a gnocatan package.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your gnocatan package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-data_0.6.1-5woody2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-help_0.6.1-5woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "316": "
\n

Debian Security Advisory

\n

DSA-316-1 nethack -- buffer overflow, incorrect permissions

\n
\n
Date Reported:
\n
11 Jun 2003
\n
Affected Packages:
\n
\nnethack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6806, BugTraq ID 7953.
In Mitre's CVE dictionary: CVE-2003-0358, CVE-2003-0359.
\n
More information:
\n
\n

The nethack and slashem packages are vulnerable to a buffer overflow exploited via a\nlong '-s' command line option. This vulnerability could be used by an\nattacker to gain gid 'games' on a system where nethack is installed.

\n

Additionally, some setgid binaries in the nethack package have\nincorrect permissions, which could allow a user who gains gid 'games'\nto replace these binaries, potentially causing other users to execute\nmalicious code when they run nethack.

\n

Note that slashem does not contain the file permission problem\nCAN-2003-0359.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.4.0-3.0woody3.

\n

For the old stable distribution (potato) these problems have been fixed in\nversion 3.3.0-7potato1.

\n

For the unstable distribution (sid) these problems are fixed in\nversion 3.4.1-1.

\n

We recommend that you update your nethack package.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.0.6E4F8-4.0woody3.

\n

For the old stable distribution (potato) these problems have been fixed in\nversion 0.0.5E7-3potato1.

\n

For the unstable distribution (sid) these problems are fixed in\nversion 0.0.6E4F8-6.

\n

We recommend that you update your slashem package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.dsc
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.3.0-7potato1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack_3.4.0-3.0woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-common_3.4.0-3.0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-gnome_3.4.0-3.0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-qt_3.4.0-3.0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nethack/nethack-x11_3.4.0-3.0woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "317": "
\n

Debian Security Advisory

\n

DSA-317-1 cupsys -- denial of service

\n
\n
Date Reported:
\n
11 Jun 2003
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7637.
In Mitre's CVE dictionary: CVE-2003-0195.
\n
More information:
\n
\n

The CUPS print server in Debian is vulnerable to a denial of service\nwhen an HTTP request is received without being properly terminated.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.0.4-12.2.

\n

For the unstable distribution (sid) this problem is fixed in\nversion 1.1.19final-1.

\n

We recommend that you update your cupsys package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.0.4-12.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.0.4-12.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1_1.0.4-12.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys1-dev_1.0.4-12.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "318": "
\n

Debian Security Advisory

\n

DSA-318-1 lyskom-server -- denial of service

\n
\n
Date Reported:
\n
12 Jun 2003
\n
Affected Packages:
\n
\nlyskom-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7893.
In Mitre's CVE dictionary: CVE-2003-0366.
\n
More information:
\n
\n

Calle Dybedahl discovered a bug in lyskom-server which could result in\na denial of service where an unauthenticated user could cause the\nserver to become unresponsive as it processes a large query.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.6-1woody1.

\n

The old stable distribution (potato) does not contain a lyskom-server package.

\n

For the unstable distribution (sid) this problem is fixed in version\n2.0.7-2.

\n

We recommend that you update your lyskom-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lyskom-server/lyskom-server_2.0.6-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "319": "
\n

Debian Security Advisory

\n

DSA-319-1 webmin -- session ID spoofing

\n
\n
Date Reported:
\n
12 Jun 2003
\n
Affected Packages:
\n
\nwebmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6915.
In Mitre's CVE dictionary: CVE-2003-0101.
\n
More information:
\n
\n

miniserv.pl in the webmin package does not properly handle\nmetacharacters, such as line feeds and carriage returns, in\nBase64-encoded strings used in Basic authentication. This\nvulnerability allows remote attackers to spoof a session ID, and\nthereby gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.94-7woody1.

\n

The old stable distribution (potato) does not contain a webmin package.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.070-1.

\n

We recommend that you update your webmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody1.dsc
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "320": "
\n

Debian Security Advisory

\n

DSA-320-1 mikmod -- buffer overflow

\n
\n
Date Reported:
\n
13 Jun 2003
\n
Affected Packages:
\n
\nmikmod\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7914.
In Mitre's CVE dictionary: CVE-2003-0427.
\n
More information:
\n
\n

Ingo Saitz discovered a bug in mikmod whereby a long filename inside\nan archive file can overflow a buffer when the archive is being read\nby mikmod.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.1.6-4woody3.

\n

For old stable distribution (potato) this problem has been fixed in\nversion 3.1.6-2potato3.

\n

For the unstable distribution (sid) this problem is fixed in version\n3.1.6-6.

\n

We recommend that you update your mikmod package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3.dsc
\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-2potato3_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3.dsc
\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mikmod/mikmod_3.1.6-4woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "321": "
\n

Debian Security Advisory

\n

DSA-321-1 radiusd-cistron -- buffer overflow

\n
\n
Date Reported:
\n
13 Jun 2003
\n
Affected Packages:
\n
\nradiusd-cistron\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7892.
In Mitre's CVE dictionary: CVE-2003-0450.
\n
More information:
\n
\n

radiusd-cistron contains a bug allowing a buffer overflow when a long\nNAS-Port attribute is received. This could allow a remote attacker to\nexecute arbitrary code on the server with the privileges of the RADIUS daemon\n(usually root).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.6.6-1woody1.

\n

For the old stable distribution (potato), this problem will be fixed\nin a later advisory.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your radiusd-cistron package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "322": "
\n

Debian Security Advisory

\n

DSA-322-1 typespeed -- buffer overflow

\n
\n
Date Reported:
\n
16 Jun 2003
\n
Affected Packages:
\n
\ntypespeed\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7891.
In Mitre's CVE dictionary: CVE-2003-0435.
\n
More information:
\n
\n

typespeed is a game which challenges the player to type words\ncorrectly and quickly. It contains a network play mode which allows\nplayers on different systems to play competitively. The network code\ncontains a buffer overflow which could allow a remote attacker to\nexecute arbitrary code under the privileges of the user invoking\ntypespeed, in addition to gid games.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.4.1-2.2.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 0.4.0-5.2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your typespeed package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.2_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "323": "
\n

Debian Security Advisory

\n

DSA-323-1 noweb -- insecure temporary files

\n
\n
Date Reported:
\n
16 Jun 2003
\n
Affected Packages:
\n
\nnoweb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7937.
In Mitre's CVE dictionary: CVE-2003-0381.
\n
More information:
\n
\n

Jakob Lell discovered a bug in the 'noroff' script included in noweb\nwhereby a temporary file was created insecurely. During a review,\nseveral other instances of this problem were found and fixed. Any of\nthese bugs could be exploited by a local user to overwrite arbitrary\nfiles owned by the user invoking the script.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.9a-7.3.

\n

For old stable distribution (potato) this problem has been fixed in\nversion 2.9a-5.1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your noweb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-5.1.dsc
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-5.1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-5.1_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-5.1_i386.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.2.dsc
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.3_mips.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "324": "
\n

Debian Security Advisory

\n

DSA-324-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jun 2003
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7878, BugTraq ID 7880, BugTraq ID 7881, BugTraq ID 7883.
In Mitre's CVE dictionary: CVE-2003-0428, CVE-2003-0429, CVE-2003-0431, CVE-2003-0432.
\n
More information:
\n
\n

Several of the packet dissectors in ethereal contain string handling\nbugs which could be exploited using a maliciously crafted packet to\ncause ethereal to consume excessive amounts of memory, crash, or\nexecute arbitrary code.

\n

These vulnerabilities were announced in the following Ethereal security\nadvisory:

\n

http://www.ethereal.com/appnotes/enpa-sa-00010.html

\n

Ethereal 0.9.4 in Debian 3.0 (woody) is affected by most of the\nproblems described in the advisory, including:

\n
    \n
  • The DCERPC dissector could try to allocate too much memory\n while trying to decode an NDR string.\n
  • Bad IPv4 or IPv6 prefix lengths could cause an overflow in the\n OSI dissector.\n
  • The tvb_get_nstringz0() routine incorrectly handled a\n zero-length buffer size.\n
  • The BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, and ISIS\n dissectors handled strings improperly.\n
\n

The following problems do not affect this version:

\n
    \n
  • The SPNEGO dissector could segfault while parsing an invalid\n ASN.1 value.\n
  • The RMI dissector handled strings improperly\n
\n

as these modules are not present.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody5.

\n

For the old stable distribution (potato) these problems will be fixed in a\nfuture advisory.

\n

For the unstable distribution (sid) these problems are fixed in\nversion 0.9.13-1.

\n

We recommend that you update your ethereal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "325": "
\n

Debian Security Advisory

\n

DSA-325-1 eldav -- insecure temporary file

\n
\n
Date Reported:
\n
19 Jun 2003
\n
Affected Packages:
\n
\neldav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7987.
In Mitre's CVE dictionary: CVE-2003-0438.
\n
More information:
\n
\n

eldav, a WebDAV client for Emacs, creates temporary files without\ntaking appropriate security precautions. This vulnerability could be\nexploited by a local user to create or overwrite files with the\nprivileges of the user running emacs and eldav.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.0.20020411-1woody1.

\n

The old stable distribution (potato) does not contain an eldav\npackage.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.7.2-1.

\n

We recommend that you update your eldav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eldav/eldav_0.0.20020411-1woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "326": "
\n

Debian Security Advisory

\n

DSA-326-1 orville-write -- buffer overflows

\n
\n
Date Reported:
\n
19 Jun 2003
\n
Affected Packages:
\n
\norville-write\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7988.
In Mitre's CVE dictionary: CVE-2003-0441.
\n
More information:
\n
\n

Orville Write, a replacement for the standard write(1) command,\ncontains a number of buffer overflows. These could be exploited to\ngain either gid tty or root privileges, depending on the configuration\nselected when the package is installed.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.53-4woody1.

\n

The old stable distribution (potato) does not contain an orville-write\npackage.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nSee Debian bug report #170747.

\n

We recommend that you update your orville-write package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/orville-write/orville-write_2.53-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "327": "
\n

Debian Security Advisory

\n

DSA-327-1 xbl -- buffer overflows

\n
\n
Date Reported:
\n
19 Jun 2003
\n
Affected Packages:
\n
\nxbl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7989.
In Mitre's CVE dictionary: CVE-2003-0451.
\n
More information:
\n
\n

Steve Kemp discovered several buffer overflows in xbl, a game, which\ncan be triggered by long command line arguments. This vulnerability\ncould be exploited by a local attacker to gain gid 'games'.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0k-3woody1.

\n

For the old stable distribution (potato) this problem has been fixed\nin version 1.0i-7potato1.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.0k-5.

\n

We recommend that you update your xbl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 2.2 (potato)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1.dsc
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0i-7potato1_sparc.deb
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "328": "
\n

Debian Security Advisory

\n

DSA-328-1 webfs -- buffer overflow

\n
\n
Date Reported:
\n
19 Jun 2003
\n
Affected Packages:
\n
\nwebfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7990.
In Mitre's CVE dictionary: CVE-2003-0445.
\n
More information:
\n
\n

webfs, a lightweight HTTP server for static content, contains a buffer\noverflow whereby a long Request-URI in an HTTP request could cause\narbitrary code to be executed.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.17.1.

\n

The old stable distribution (potato) does not contain a webfs package.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your webfs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1.dsc
\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "329": "
\n

Debian Security Advisory

\n

DSA-329-1 osh -- buffer overflows

\n
\n
Date Reported:
\n
20 Jun 2003
\n
Affected Packages:
\n
\nosh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7992, BugTraq ID 7993.
In Mitre's CVE dictionary: CVE-2003-0452.
\n
More information:
\n
\n

Steve Kemp discovered that osh, a shell intended to restrict the\nactions of the user, contains two buffer overflows, in processing\nenvironment variables and file redirections. These vulnerabilities\ncould be used to execute arbitrary code, overriding any restrictions\nplaced on the shell.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.7-11woody1.

\n

The old stable distribution (potato) is affected by this problem, and\nmay be fixed in a future advisory on a time-available basis.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.7-12.

\n

We recommend that you update your osh package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "330": "
\n

Debian Security Advisory

\n

DSA-330-1 tcptraceroute -- failure to drop root privileges

\n
\n
Date Reported:
\n
23 Jun 2003
\n
Affected Packages:
\n
\ntcptraceroute\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8020.
In Mitre's CVE dictionary: CVE-2003-0489.
\n
More information:
\n
\n

tcptraceroute is a setuid-root program which drops root privileges\nafter obtaining a file descriptor used for raw packet capture.\nHowever, it did not fully relinquish all privileges, and in the event\nof an exploitable vulnerability, root privileges could be regained.

\n

No current exploit is known, but this safeguard is being repaired in\norder to provide a measure of containment in the event that an\nexploitable flaw should be discovered.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2-2.

\n

The old stable distribution (potato) does not contain a tcptraceroute\npackage.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.4-4.

\n

We recommend that you update your tcptraceroute package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2.dsc
\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcptraceroute/tcptraceroute_1.2-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "331": "
\n

Debian Security Advisory

\n

DSA-331-1 imagemagick -- insecure temporary file

\n
\n
Date Reported:
\n
27 Jun 2003
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8057.
In Mitre's CVE dictionary: CVE-2003-0455.
\n
More information:
\n
\n

imagemagick's libmagick library, under certain circumstances, creates\ntemporary files without taking appropriate security precautions. This\nvulnerability could be exploited by a local user to create or\noverwrite files with the privileges of another user who is invoking a\nprogram using this library.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4:5.4.4.5-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4:5.5.7-1.

\n

We recommend that you update your imagemagick package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "332": "
\n

Debian Security Advisory

\n

DSA-332-1 linux-kernel-2.4.17 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jun 2003
\n
Affected Packages:
\n
\nkernel-source-2.4.17, kernel-patch-2.4.17-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4259, BugTraq ID 6535, BugTraq ID 7112, BugTraq ID 7600, BugTraq ID 7601, BugTraq ID 7791, BugTraq ID 7793, BugTraq ID 7797.
In Mitre's CVE dictionary: CVE-2002-0429, CVE-2003-0001, CVE-2003-0127, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0364.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in the Linux kernel.

\n
    \n
  • CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a binary compatibility interface\n (lcall)\n
    • \n
  • CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets\n
    • \n
  • CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel\n
    • \n
  • CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain\n
    • \n
  • CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.\n
    • \n
  • CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service (\"kernel oops\")\n
    • \n
  • CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.\n
    • \n
  • CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions\n
    • \n
\n

This advisory provides corrected source code for Linux 2.4.17, and\ncorrected binary kernel images for the mips and mipsel architectures.\nOther versions and architectures will be covered by separate\nadvisories.

\n

For the stable distribution (woody), these problems have been fixed in\nkernel-source-2.4.17 version 2.4.17-1woody1 and\nkernel-patch-2.4.17-mips version 2.4.17-0.020226.2.woody2.

\n

For the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-8.

\n

We recommend that you update your kernel packages.

\n

NOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody2_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody2_mipsel.deb
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "333": "
\n

Debian Security Advisory

\n

DSA-333-1 acm -- integer overflow

\n
\n
Date Reported:
\n
27 Jun 2003
\n
Affected Packages:
\n
\nacm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5356.
In Mitre's CVE dictionary: CVE-2002-0391.
\n
More information:
\n
\n

acm, a multi-player aerial combat simulation, uses a network protocol\nbased on the same RPC implementation used in many C libraries. This\nimplementation was found to contain an integer overflow vulnerability\nwhich could be exploited to execute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.0-3.woody.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.0-10.

\n

We recommend that you update your acm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "334": "
\n

Debian Security Advisory

\n

DSA-334-1 xgalaga -- buffer overflows

\n
\n
Date Reported:
\n
28 Jun 2003
\n
Affected Packages:
\n
\nxgalaga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8058.
In Mitre's CVE dictionary: CVE-2003-0454.
\n
More information:
\n
\n

Steve Kemp discovered several buffer overflows in xgalaga, a game,\nwhich can be triggered by a long HOME environment variable. This\nvulnerability could be exploited by a local attacker to gain gid\n'games'.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.34-19woody1.

\n

For the unstable distribution (sid) this problem is fixed in version\n2.0.34-22.

\n

We recommend that you update your xgalaga package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xgalaga/xgalaga_2.0.34-19woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "335": "
\n

Debian Security Advisory

\n

DSA-335-1 mantis -- incorrect permissions

\n
\n
Date Reported:
\n
28 Jun 2003
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8059.
In Mitre's CVE dictionary: CVE-2003-0499.
\n
More information:
\n
\n

mantis, a PHP/MySQL web based bug tracking system, stores the password\nused to access its database in a configuration file which is\nworld-readable. This could allow a local attacker to read the\npassword and gain read/write access to the database.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17.1-3.

\n

The old stable distribution (potato) does not contain a mantis\npackage.

\n

For the unstable distribution (sid) this problem is fixed in version\n0.17.5-6.

\n

We recommend that you update your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-3.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.17.1-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "336": "
\n

Debian Security Advisory

\n

DSA-336-1 linux-kernel-2.2.20 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Jun 2003
\n
Affected Packages:
\n
\nkernel-source-2.2.20, kernel-image-2.2.20-i386\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6420, BugTraq ID 4259, BugTraq ID 6535, BugTraq ID 7112, BugTraq ID 7600, BugTraq ID 7601, BugTraq ID 7791, BugTraq ID 7793, BugTraq ID 7797.
In Mitre's CVE dictionary: CVE-2002-1380, CVE-2002-0429, CVE-2003-0001, CVE-2003-0127, CVE-2003-0364, CVE-2003-0246, CVE-2003-0244, CVE-2003-0247, CVE-2003-0248.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in the Linux kernel.

\n
    \n
  • CAN-2002-1380: Linux kernel 2.2.x allows local users to cause a denial\n of service (crash) by using the mmap() function with a PROT_READ\n parameter to access non-readable memory pages through the /proc/pid/mem\n interface.
    • \n
  • CVE-2002-0429: The iBCS routines in arch/i386/kernel/traps.c for\n Linux kernels 2.4.18 and earlier on x86 systems allow local users to\n kill arbitrary processes via a binary compatibility interface\n (lcall)
    • \n
  • CAN-2003-0001: Multiple ethernet Network Interface Card (NIC) device\n drivers do not pad frames with null bytes, which allows remote\n attackers to obtain information from previous packets or kernel\n memory by using malformed packets
    • \n
  • CAN-2003-0127: The kernel module loader allows local users to gain\n root privileges by using ptrace to attach to a child process that is\n spawned by the kernel
    • \n
  • CAN-2003-0244: The route cache implementation in Linux 2.4, and the\n Netfilter IP conntrack module, allows remote attackers to cause a\n denial of service (CPU consumption) via packets with forged source\n addresses that cause a large number of hash table collisions related\n to the PREROUTING chain
    • \n
  • CAN-2003-0246: The ioperm system call in Linux kernel 2.4.20 and\n earlier does not properly restrict privileges, which allows local\n users to gain read or write access to certain I/O ports.
    • \n
  • CAN-2003-0247: vulnerability in the TTY layer of the Linux kernel\n 2.4 allows attackers to cause a denial of service (\"kernel oops\")
    • \n
  • CAN-2003-0248: The mxcsr code in Linux kernel 2.4 allows attackers\n to modify CPU state registers via a malformed address.
    • \n
  • CAN-2003-0364: The TCP/IP fragment reassembly handling in the Linux\n kernel 2.4 allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions
    • \n
\n

This advisory provides updated 2.2.20 kernel source, and binary kernel\nimages for the i386 architecture. Other architectures and kernel\nversions will be covered by separate advisories.

\n

For the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.2.20 version\n2.2.20-5woody2 and kernel-image-i386 version 2.2.20-5woody3.

\n

For the unstable distribution (sid) these problems are fixed in\nkernel-source-2.2.25 and kernel-image-2.2.25-i386 version 2.2.25-2.

\n

We recommend that you update your kernel packages.

\n

NOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.

\n

NOTE: These kernels are not binary-compatible with the previous\nversion. Any loadable modules will need to be recompiled in order to\nwork with the new kernel.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-doc-2.2.20_2.2.20-5woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody2_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20_2.2.20-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-compact_2.2.20-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-idepci_2.2.20-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20_2.2.20-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-compact_2.2.20-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-idepci_2.2.20-5woody3_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "337": "
\n

Debian Security Advisory

\n

DSA-337-1 gtksee -- buffer overflow

\n
\n
Date Reported:
\n
29 Jun 2003
\n
Affected Packages:
\n
\ngtksee\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8061.
In Mitre's CVE dictionary: CVE-2003-0444.
\n
More information:
\n
\n

Viliam Holub discovered a bug in gtksee whereby, when loading PNG\nimages of certain color depths, gtksee would overflow a heap-allocated\nbuffer. This vulnerability could be exploited by an attacker using a\ncarefully constructed PNG image to execute arbitrary code when the\nvictim loads the file in gtksee.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-6.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #76346.

\n

We recommend that you update your gtksee package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6.dsc
\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtksee/gtksee_0.5.0-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "338": "
\n

Debian Security Advisory

\n

DSA-338-1 proftpd -- SQL injection

\n
\n
Date Reported:
\n
29 Jun 2003
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7974.
In Mitre's CVE dictionary: CVE-2003-0500.
\n
More information:
\n
\n

runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL\nauthentication module is vulnerable to a SQL injection attack. This\nvulnerability could be exploited by a remote, unauthenticated attacker\nto execute arbitrary SQL statements, potentially exposing the\npasswords of other users, or to connect to ProFTPD as an arbitrary\nuser without supplying the correct password.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.4+1.2.5rc1-5woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.8-8.

\n

We recommend that you update your proftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.4+1.2.5rc1-5woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.4+1.2.5rc1-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.4+1.2.5rc1-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.4+1.2.5rc1-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.4+1.2.5rc1-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.4+1.2.5rc1-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "339": "
\n

Debian Security Advisory

\n

DSA-339-1 semi -- insecure temporary file

\n
\n
Date Reported:
\n
06 Jul 2003
\n
Affected Packages:
\n
\nsemi, wemi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8115.
In Mitre's CVE dictionary: CVE-2003-0440.
\n
More information:
\n
\n

NOTE: due to a combination of administrative problems, this advisory\nwas erroneously released with the identifier \"DSA-337-1\". DSA-337-1\ncorrectly refers to an earlier advisory regarding gtksee.

\n

semi, a MIME library for GNU Emacs, does not take appropriate\nsecurity precautions when creating temporary files. This bug could\npotentially be exploited to overwrite arbitrary files with the\nprivileges of the user running Emacs and semi, potentially with\ncontents supplied by the attacker.

\n

wemi is a fork of semi, and contains the same bug.

\n

For the stable distribution (woody) this problem has been fixed in\nsemi version 1.14.3.cvs.2001.08.10-1woody2 and wemi version\n1.14.0.20010802wemiko-1.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nsemi version 1.14.5+20030609-1. The unstable distribution does not\ncontain a wemi package.

\n

We recommend that you update your semi and wemi packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/semi/semi_1.14.3.cvs.2001.08.10-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/semi/semi_1.14.3.cvs.2001.08.10-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/semi/semi_1.14.3.cvs.2001.08.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wemi/wemi_1.14.0.20010802wemiko-1.3.dsc
\n
http://security.debian.org/pool/updates/main/w/wemi/wemi_1.14.0.20010802wemiko-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wemi/wemi_1.14.0.20010802wemiko.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/semi/semi_1.14.3.cvs.2001.08.10-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wemi/wemi_1.14.0.20010802wemiko-1.3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "340": "
\n

Debian Security Advisory

\n

DSA-340-1 x-face-el -- insecure temporary file

\n
\n
Date Reported:
\n
06 Jul 2003
\n
Affected Packages:
\n
\nx-face-el\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

NOTE: due to a combination of administrative problems, this advisory\nwas erroneously released with the identifier \"DSA-338-1\". DSA-338-1\ncorrectly refers to an earlier advisory regarding proftpd.

\n

x-face-el, a decoder for images included inline in X-Face email\nheaders, does not take appropriate security precautions when creating\ntemporary files. This bug could potentially be exploited to overwrite\narbitrary files with the privileges of the user running Emacs and\nx-face-el, potentially with contents supplied by the attacker.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.3.6.19-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.6.23-1.

\n

We recommend that you update your x-face-el package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/x-face-el/x-face-el_1.3.6.19-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/x-face-el/x-face-el_1.3.6.19-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/x-face-el/x-face-el_1.3.6.19.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/x-face-el/x-face-el_1.3.6.19-1woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "341": "
\n

Debian Security Advisory

\n

DSA-341-1 liece -- insecure temporary file

\n
\n
Date Reported:
\n
07 Jul 2003
\n
Affected Packages:
\n
\nliece\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8124.
In Mitre's CVE dictionary: CVE-2003-0537.
\n
More information:
\n
\n

liece, an IRC client for Emacs, does not take appropriate security\nprecautions when creating temporary files. This bug could potentially\nbe exploited to overwrite arbitrary files with the privileges of the\nuser running Emacs and liece, potentially with contents supplied\nby the attacker.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0+0.20020217cvs-2.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0+0.20030527cvs-1.

\n

We recommend that you update your liece package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/liece/liece_2.0+0.20020217cvs-2.1.dsc
\n
http://security.debian.org/pool/updates/main/l/liece/liece_2.0+0.20020217cvs-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/liece/liece_2.0+0.20020217cvs.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/liece/liece_2.0+0.20020217cvs-2.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/liece/liece-dcc_2.0+0.20020217cvs-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "342": "
\n

Debian Security Advisory

\n

DSA-342-1 mozart -- unsafe mailcap configuration

\n
\n
Date Reported:
\n
07 Jul 2003
\n
Affected Packages:
\n
\nmozart\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8125.
In Mitre's CVE dictionary: CVE-2003-0538.
\n
More information:
\n
\n

mozart, a development platform based on the Oz language, includes MIME\nconfiguration data which specifies that Oz applications should be\npassed to the Oz interpreter for execution. This means that file\nmanagers, web browsers, and other programs which honor the mailcap\nfile could automatically execute Oz programs downloaded from untrusted\nsources. Thus, a malicious Oz program could execute arbitrary code\nunder the uid of a user running a MIME-aware client program if the\nuser selected a file (for example, choosing a link in a web browser).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.3.20011204-3woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.5.20030212-2.

\n

We recommend that you update your mozart package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart-doc-html_1.2.3.20011204-3woody1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozart/mozart_1.2.3.20011204-3woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozart/mozart-contrib_1.2.3.20011204-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "343": "
\n

Debian Security Advisory

\n

DSA-343-1 skk, ddskk -- insecure temporary file

\n
\n
Date Reported:
\n
08 Jul 2003
\n
Affected Packages:
\n
\nskk, ddskk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8144.
In Mitre's CVE dictionary: CVE-2003-0539.
\n
More information:
\n
\n

skk (Simple Kana to Kanji conversion program), does not take\nappropriate security precautions when creating temporary files. This\nbug could potentially be exploited to overwrite arbitrary files with\nthe privileges of the user running Emacs and skk.

\n

ddskk is derived from the same code, and contains the same bug.

\n

For the stable distribution (woody) this problem has been fixed in\nskk version 10.62a-4woody1 and ddskk version 11.6.rel.0-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nddskk version 12.1.cvs.20030622-1, and skk will be fixed soon.

\n

We recommend that you update your skk and ddskk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/skk/skk_10.62a-4woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/skk/skkserv_10.62a-4woody1_sparc.deb
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/ddskk/ddskk_11.6.rel.0-2woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "344": "
\n

Debian Security Advisory

\n

DSA-344-2 unzip -- directory traversal

\n
\n
Date Reported:
\n
08 Jul 2003
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7550.
In Mitre's CVE dictionary: CVE-2003-0282.
\n
More information:
\n
\n

A directory traversal vulnerability in UnZip 5.50 allows attackers to\nbypass a check for relative pathnames (\"../\") by placing certain invalid\ncharacters between the two \".\" characters. The fix which was\nimplemented in DSA-344-1 may not have protected against all methods of\nexploiting this vulnerability.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.50-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.50-3.

\n

We recommend that you update your unzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "345": "
\n

Debian Security Advisory

\n

DSA-345-1 xbl -- buffer overflow

\n
\n
Date Reported:
\n
08 Jul 2003
\n
Affected Packages:
\n
\nxbl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8145.
In Mitre's CVE dictionary: CVE-2003-0535.
\n
More information:
\n
\n

Another buffer overflow was discovered in xbl, distinct from the one\naddressed in DSA-327 (CAN-2003-0451), involving the\n-display command\nline option. This vulnerability could be exploited by a local\nattacker to gain gid 'games'.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0k-3woody2.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.0k-6.

\n

We recommend that you update your xbl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xbl/xbl_1.0k-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "346": "
\n

Debian Security Advisory

\n

DSA-346-1 phpsysinfo -- directory traversal

\n
\n
Date Reported:
\n
08 Jul 2003
\n
Affected Packages:
\n
\nphpsysinfo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7275, BugTraq ID 7286.
In Mitre's CVE dictionary: CVE-2003-0536.
\n
More information:
\n
\n

Albert Puigsech Galicia ripe@7a69ezine.org reported that phpsysinfo,\na web-based program to display status information about the system,\ncontains two vulnerabilities which could allow local files to be read,\nor arbitrary PHP code to be executed, under the privileges of the web\nserver process (usually www-data). These vulnerabilities require\naccess to a writable directory on the system in order to be exploited.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0-3woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nSee Debian bug #200543.

\n

We recommend that you update your phpsysinfo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "347": "
\n

Debian Security Advisory

\n

DSA-347-1 teapop -- SQL injection

\n
\n
Date Reported:
\n
08 Jul 2003
\n
Affected Packages:
\n
\nteapop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8146.
In Mitre's CVE dictionary: CVE-2003-0515.
\n
More information:
\n
\n

teapop, a POP-3 server, includes modules for authenticating users\nagainst a PostgreSQL or MySQL database. These modules do not properly\nescape user-supplied strings before using them in SQL queries. This\nvulnerability could be exploited to execute arbitrary SQL code under the\nprivileges of the database user as which teapop has authenticated.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.3.4-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.3.5-2.

\n

We recommend that you update your teapop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/teapop/teapop_0.3.4-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-mysql_0.3.4-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/teapop/teapop-pgsql_0.3.4-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "348": "
\n

Debian Security Advisory

\n

DSA-348-1 traceroute-nanog -- integer overflow, buffer overflow

\n
\n
Date Reported:
\n
11 Jul 2003
\n
Affected Packages:
\n
\ntraceroute-nanog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7994.
In Mitre's CVE dictionary: CVE-2003-0453.
\n
More information:
\n
\n

traceroute-nanog, an enhanced version of the common traceroute\nprogram, contains an integer overflow bug which could be exploited to\nexecute arbitrary code. traceroute-nanog is setuid root, but drops\nroot privileges immediately after obtaining raw ICMP and raw IP\nsockets. Thus, exploitation of this bug provides only access to these\nsockets, and not root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 6.1.1-1.3.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nSee Debian bug #200875.

\n

We recommend that you update your traceroute-nanog package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3.dsc
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/traceroute-nanog/traceroute-nanog_6.1.1-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "349": "
\n

Debian Security Advisory

\n

DSA-349-1 nfs-utils -- buffer overflow

\n
\n
Date Reported:
\n
14 Jul 2003
\n
Affected Packages:
\n
\nnfs-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8179.
In Mitre's CVE dictionary: CVE-2003-0252.
\n
More information:
\n
\n

The logging code in nfs-utils contains an off-by-one buffer overrun\nwhen adding a newline to the string being logged. This vulnerability\nmay allow an attacker to execute arbitrary code or cause a denial of\nservice condition by sending certain RPC requests.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1:1.0-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1:1.0.3-2.

\n

We recommend that you update your nfs-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "350": "
\n

Debian Security Advisory

\n

DSA-350-1 falconseye -- buffer overflow

\n
\n
Date Reported:
\n
15 Jul 2003
\n
Affected Packages:
\n
\nfalconseye\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6806.
In Mitre's CVE dictionary: CVE-2003-0358.
\n
More information:
\n
\n

The falconseye package is vulnerable to a buffer overflow exploited\nvia a long -s command line option. This vulnerability could be used\nby an attacker to gain gid 'games' on a system where falconseye is\ninstalled.

\n

Note that falconseye does not contain the file permission error\nCAN-2003-0359 which affected some other nethack packages.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.9.3-7woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9.3-9.

\n

We recommend that you update your falconseye package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3.dsc
\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye-data_1.9.3-7woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/falconseye/falconseye_1.9.3-7woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "351": "
\n

Debian Security Advisory

\n

DSA-351-1 php4 -- cross-site scripting

\n
\n
Date Reported:
\n
16 Jul 2003
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7761.
In Mitre's CVE dictionary: CVE-2003-0442.
\n
More information:
\n
\n

The transparent session ID feature in the php4 package does not\nproperly escape user-supplied input before inserting it into the\ngenerated HTML page. An attacker could use this vulnerability to\nexecute embedded scripts within the context of the generated page.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4:4.1.2-6woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #200736.

\n

We recommend that you update your php4 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.1.2-6woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.1.2-6woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-6woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-6woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "352": "
\n

Debian Security Advisory

\n

DSA-352-1 fdclone -- insecure temporary directory

\n
\n
Date Reported:
\n
22 Jul 2003
\n
Affected Packages:
\n
\nfdclone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8247.
In Mitre's CVE dictionary: CVE-2003-0596.
\n
More information:
\n
\n

fdclone creates a temporary directory in /tmp as a workspace.\nHowever, if this directory already exists, the existing directory is\nused instead, regardless of its ownership or permissions. This would\nallow an attacker to gain access to fdclone's temporary files and\ntheir contents, or replace them with other files under the attacker's\ncontrol.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.00a-1woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.04-1.

\n

We recommend that you update your fdclone package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fdclone/fdclone_2.00a-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "353": "
\n

Debian Security Advisory

\n

DSA-353-1 sup -- insecure temporary file

\n
\n
Date Reported:
\n
29 Jul 2003
\n
Affected Packages:
\n
\nsup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6150.
In Mitre's CVE dictionary: CVE-2003-0606.
\n
More information:
\n
\n

sup, a package used to maintain collections of files in identical\nversions across machines, fails to take appropriate security\nprecautions when creating temporary files. A local attacker could\nexploit this vulnerability to overwrite arbitrary files with the\nprivileges of the user running sup.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.8-8woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.8-9.

\n

We recommend that you update your sup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "354": "
\n

Debian Security Advisory

\n

DSA-354-1 xconq -- buffer overflows

\n
\n
Date Reported:
\n
29 Jul 2003
\n
Affected Packages:
\n
\nxconq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8307.
In Mitre's CVE dictionary: CVE-2003-0607.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in xconq, in processing the\nUSER environment variable. In the process of fixing this bug, a\nsimilar problem was discovered with the DISPLAY environment\nvariable. This vulnerability could be exploited by a local attacker\nto gain gid 'games'.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 7.4.1-2woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #202963.

\n

We recommend that you update your xconq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq-common_7.4.1-2woody2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xconq/xconq-doc_7.4.1-2woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xconq/xconq_7.4.1-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "355": "
\n

Debian Security Advisory

\n

DSA-355-1 gallery -- cross-site scripting

\n
\n
Date Reported:
\n
30 Jul 2003
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8288.
In Mitre's CVE dictionary: CVE-2003-0614.
\n
More information:
\n
\n

Larry Nguyen discovered a cross site scripting vulnerability in gallery,\na web-based photo album written in php. This security flaw can allow a\nmalicious user to craft a URL that executes Javascript code on your\nwebsite.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.25-8woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.4-3.

\n

We recommend that you update your gallery package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "356": "
\n

Debian Security Advisory

\n

DSA-356-1 xtokkaetama -- buffer overflows

\n
\n
Date Reported:
\n
30 Jul 2003
\n
Affected Packages:
\n
\nxtokkaetama\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8312.
In Mitre's CVE dictionary: CVE-2003-0611.
\n
More information:
\n
\n

Steve Kemp discovered two buffer overflows in xtokkaetama, a puzzle\ngame, when processing the -display command line option and the\nXTOKKAETAMADIR environment variable. These vulnerabilities could be\nexploited by a local attacker to gain gid 'games'.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.0b-6woody1.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.0b-8.

\n

We recommend that you update your xtokkaetama package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "357": "
\n

Debian Security Advisory

\n

DSA-357-1 wu-ftpd -- remote root exploit

\n
\n
Date Reported:
\n
31 Jul 2003
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8315.
In Mitre's CVE dictionary: CVE-2003-0466.
\n
More information:
\n
\n

iSEC Security Research reports that wu-ftpd contains an off-by-one bug\nin the fb_realpath function which could be exploited by a logged-in user\n(local or anonymous) to gain root privileges. A demonstration exploit is\nreportedly available.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 2.6.2-3woody1.

\n

For the unstable distribution (sid) an update will be available shortly.

\n

We recommend you upgrade your wu-ftpd package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "358": "
\n

Debian Security Advisory

\n

DSA-358-4 linux-kernel-2.4.18 -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Jul 2003
\n
Affected Packages:
\n
\nlinux-kernel-i386, linux-kernel-alpha\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10330, BugTraq ID 8042, BugTraq ID 8233.
In Mitre's CVE dictionary: CVE-2003-0461, CVE-2003-0462, CVE-2003-0476, CVE-2003-0501, CVE-2003-0550, CVE-2003-0551, CVE-2003-0552, CVE-2003-0018, CVE-2003-0619, CVE-2003-0643.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in the Linux kernel.

\n
    \n
  • CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the\n exact number of characters used in serial links, which could allow\n local users to obtain potentially sensitive information such as the\n length of passwords. This bug has been fixed by restricting access\n to /proc/tty/driver/serial.
    • \n
  • CAN-2003-0462: A race condition in the way env_start and env_end\n pointers are initialized in the execve system call and used in\n fs/proc/base.c on Linux 2.4 allows local users to cause a denial of\n service (crash).
    • \n
  • CAN-2003-0476: The execve system call in Linux 2.4.x records the\n file descriptor of the executable process in the file table of the\n calling process, which allows local users to gain read access to\n restricted file descriptors.
    • \n
  • CAN-2003-0501: The /proc filesystem in Linux allows local users to\n obtain sensitive information by opening various entries in\n /proc/self before executing a setuid program, which causes the\n program to fail to change the ownership and permissions of those\n entries.
    • \n
  • CAN-2003-0550: The STP protocol, as enabled in Linux 2.4.x, does not\n provide sufficient security by design, which allows attackers to\n modify the bridge topology. This bug has been fixed by disabling\n STP by default.
    • \n
  • CAN-2003-0551: The STP protocol, as enabled in Linux 2.4.x, does not\n provide sufficient security by design, which allows attackers to\n modify the bridge topology.
    • \n
  • CAN-2003-0552: Linux 2.4.x allows remote attackers to spoof the\n bridge forwarding table via forged packets whose source addresses\n are the same as the target.
    • \n
  • CAN-2003-0018: Linux kernel 2.4.10 through 2.4.21-pre4 does not\n properly handle the O_DIRECT feature, which allows local attackers\n with write privileges to read portions of previously deleted files,\n or cause file system corruption. This bug has been fixed by\n disabling O_DIRECT.
    • \n
  • CAN-2003-0619: Integer signedness error in the decode_fh function of\n nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to\n cause a denial of service (kernel panic) via a negative size value\n within XDR data of an NFSv3 procedure call.
    • \n
\n

This advisory covers only the i386 and alpha architectures. Other\narchitectures will be covered by separate advisories.

\n

For the stable distribution (woody) on the i386 architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-13,\nkernel-image-2.4.18-1-i386 version 2.4.18-11, and\nkernel-image-2.4.18-i386bf version 2.4.18-5woody4.

\n

For the stable distribution (woody) on the alpha architecture, these\nproblems have been fixed in kernel-source-2.4.18 version 2.4.18-13 and\nkernel-image-2.4.18-1-alpha version 2.4.18-10.

\n

For the unstable distribution (sid) these problems are fixed in\nkernel-source-2.4.20 version 2.4.20-9.

\n

We recommend that you update your kernel packages.

\n

If you are using the kernel installed by the installation system when\nthe \"bf24\" option is selected (for a 2.4.x kernel), you should install\nthe kernel-image-2.4.18-bf2.4 package. If you installed a different\nkernel-image package after installation, you should install the\ncorresponding 2.4.18-1 kernel. You may use the table below as a\nguide.

\n
\n   | If \"uname -r\" shows: | Install this package:\n   | 2.4.18-bf2.4         | kernel-image-2.4.18-bf2.4\n   | 2.4.18-386           | kernel-image-2.4.18-1-386\n   | 2.4.18-586tsc        | kernel-image-2.4.18-1-586tsc\n   | 2.4.18-686           | kernel-image-2.4.18-1-686\n   | 2.4.18-686-smp       | kernel-image-2.4.18-1-686-smp\n   | 2.4.18-k6            | kernel-image-2.4.18-1-k6\n   | 2.4.18-k7            | kernel-image-2.4.18-1-k7\n
\n

NOTE: This kernel is binary compatible with the previous kernel\nsecurity update, but not binary compatible with the corresponding\nkernel included in Debian 3.0r1. If you have not already applied the\nprevious security update (kernel-image-2.4.18-bf2.4 version\n2.4.18-5woody1 or any of the 2.4.18-1-* kernels), then any custom\nmodules will need to be rebuilt in order to work with the new kernel.\nNew PCMCIA modules are provided for all of the above kernels.

\n

NOTE: A system reboot will be required immediately after the upgrade\nin order to replace the running kernel. Remember to read carefully\nand follow the instructions given during the kernel upgrade process.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-11.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-11.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-10.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-10.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-11_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody4_i386.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-10_alpha.deb
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-13_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-13_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "359": "
\n

Debian Security Advisory

\n

DSA-359-1 atari800 -- buffer overflows

\n
\n
Date Reported:
\n
31 Jul 2003
\n
Affected Packages:
\n
\natari800\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 203707.
In the Bugtraq database (at SecurityFocus): BugTraq ID 8322.
In Mitre's CVE dictionary: CVE-2003-0630.
\n
More information:
\n
\n

Steve Kemp discovered multiple buffer overflows in atari800, an Atari\nemulator. In order to directly access graphics hardware, one of the\naffected programs is setuid root. A local attacker could exploit this\nvulnerability to gain root privileges.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.2.2-1woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your atari800 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2.dsc
\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "360": "
\n

Debian Security Advisory

\n

DSA-360-1 xfstt -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Aug 2003
\n
Affected Packages:
\n
\nxfstt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8182, BugTraq ID 8255.
In Mitre's CVE dictionary: CVE-2003-0581, CVE-2003-0625.
\n
More information:
\n
\n

xfstt, a TrueType font server for the X window system was found to\ncontain two classes of vulnerabilities:

\n

CAN-2003-0581: a remote attacker could send requests crafted to\n trigger any of several buffer overruns, causing a denial of service or\n possibly executing arbitrary code on the server with the privileges\n of the \"nobody\" user.

\n

CAN-2003-0625: certain invalid data sent during the connection\n handshake could allow a remote attacker to read certain regions of\n memory belonging to the xfstt process. This information could be\n used for fingerprinting, or to aid in exploitation of a different\n vulnerability.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 1.2.1-3.

\n

For the unstable distribution (sid), CAN-2003-0581 is fixed in xfstt\n1.5-1, and CAN-2003-0625 will be fixed soon.

\n

We recommend that you update your xfstt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3.dsc
\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "361": "
\n

Debian Security Advisory

\n

DSA-361-2 kdelibs, kdelibs-crypto -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Aug 2003
\n
Affected Packages:
\n
\nkdelibs, kdelibs-crypto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7520, BugTraq ID 8297.
In Mitre's CVE dictionary: CVE-2003-0459, CVE-2003-0370.
\n
More information:
\n
\n

Two vulnerabilities were discovered in kdelibs:

\n
    \n
  • CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not\n remove authentication credentials from URLs of the\n \"user:password@host\" form in the HTTP-Referer header, which could\n allow remote web sites to steal the credentials for pages that link\n to the sites.
    • \n
  • CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not\n validate the Common Name (CN) field for X.509 Certificates, which\n could allow remote attackers to spoof certificates via a\n man-in-the-middle attack.
    • \n
\n

These vulnerabilities are described in the following security\nadvisories from KDE:

\n\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.2.2-13.woody.8 of kdelibs and 2.2.2-6woody2 of\nkdelibs-crypto.

\n

For the unstable distribution (sid) these problems have been fixed in\nkdelibs version 4:3.1.3-1. The unstable distribution does not contain\na separate kdelibs-crypto package.

\n

We recommend that you update your kdelibs and kdelibs-crypto\npackages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "362": "
\n

Debian Security Advisory

\n

DSA-362-1 mindi -- insecure temporary file

\n
\n
Date Reported:
\n
02 Aug 2003
\n
Affected Packages:
\n
\nmindi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8332.
In Mitre's CVE dictionary: CVE-2003-0617.
\n
More information:
\n
\n

mindi, a program for creating boot/root disks, does not take\nappropriate security precautions when creating temporary files. This\nbug could potentially be exploited to overwrite arbitrary files with\nthe privileges of the user running mindi.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.58.r5-1woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #203825.

\n

We recommend that you update your mindi package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mindi/mindi_0.58.r5-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi/mindi_0.58.r5-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mindi/mindi_0.58.r5.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mindi/mindi_0.58.r5-1woody1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "363": "
\n

Debian Security Advisory

\n

DSA-363-1 postfix -- denial of service, bounce-scanning

\n
\n
Date Reported:
\n
03 Aug 2003
\n
Affected Packages:
\n
\npostfix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0468, CVE-2003-0540.
\n
More information:
\n
\n

The postfix mail transport agent in Debian 3.0 contains two\nvulnerabilities:

\n
    \n
  • CAN-2003-0468: Postfix would allow an attacker to bounce-scan private\n networks or use the daemon as a DDoS tool by forcing the daemon to\n connect to an arbitrary service at an arbitrary IP address and\n either receiving a bounce message or observing queue operations to\n infer the status of the delivery attempt.
    • \n
  • CAN-2003-0540: a malformed envelope address can 1) cause the queue\n manager to lock up until an entry is removed from the queue and 2)\n lock up the smtp listener leading to a denial of service.
    • \n
\n

For the current stable distribution (woody) these problems have been\nfixed in version 1.1.11-0.woody3.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you update your postfix package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_1.1.11-0.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-doc_1.1.11-0.woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_1.1.11-0.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_1.1.11-0.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_1.1.11-0.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_1.1.11-0.woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "364": "
\n

Debian Security Advisory

\n

DSA-364-3 man-db -- buffer overflows, arbitrary command execution

\n
\n
Date Reported:
\n
04 Aug 2003
\n
Affected Packages:
\n
\nman-db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8303, BugTraq ID 8341.
In Mitre's CVE dictionary: CVE-2003-0620, CVE-2003-0645.
\n
More information:
\n
\n

man-db provides the standard man(1) command on Debian systems. During\nconfiguration of this package, the administrator is asked whether\nman(1) should run setuid to a dedicated user (\"man\") in order to\nprovide a shared cache of preformatted manual pages. The default is\nfor man(1) NOT to be setuid, and in this configuration no known\nvulnerability exists. However, if the user explicitly requests setuid\noperation, a local attacker could exploit either of the following bugs to\nexecute arbitrary code as the \"man\" user.

\n

Again, these vulnerabilities do not affect the default configuration,\nwhere man is not setuid.

\n
    \n
  • CAN-2003-0620: Multiple buffer overflows in man-db 2.4.1 and\n earlier, when installed setuid, allow local users to gain privileges\n via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to\n add_to_dirlist in manp.c, (2) a long pathname to ult_src in\n ult_src.c, (3) a long .so argument to test_for_include in ult_src.c,\n (4) a long MANPATH environment variable, or (5) a long PATH\n environment variable.
    • \n
  • CAN-2003-0645: Certain DEFINE directives in ~/.manpath, which\n contained commands to be executed, would be honored even when\n running setuid, allowing any user to execute commands as the\n \"man\" user.
    • \n
\n

For the current stable distribution (woody), these problems have been\nfixed in version 2.3.20-18.woody.4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.1-13.

\n

We recommend that you update your man-db package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.3.20-18.woody.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "365": "
\n

Debian Security Advisory

\n

DSA-365-1 phpgroupware -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Aug 2003
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8088.
In Mitre's CVE dictionary: CVE-2003-0504, CVE-2003-0599, CVE-2003-0657.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpgroupware:

\n
    \n
  • CAN-2003-0504: Multiple cross-site scripting (XSS) vulnerabilities\n in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to\n insert arbitrary HTML or web script, as demonstrated with a request\n to index.php in the addressbook module.
    • \n
  • CAN-2003-0599: Unknown vulnerability in the Virtual File System\n (VFS) capability for phpGroupWare 0.9.16preRC and versions before\n 0.9.14.004 with unknown implications, related to the VFS path being\n under the web document root.
    • \n
  • CAN-2003-0657: Multiple SQL injection vulnerabilities in the infolog\n module of phpgroupware could allow remote attackers to execute\n arbitrary SQL statements.
    • \n
\n

For the stable distribution (woody), these problems have been fixed in\nversion 0.9.14-0.RC3.2.woody2.

\n

For the unstable distribution (sid), these problems will be fixed\nsoon. Refer to Debian bug #201980.

\n

We recommend that you update your phpgroupware package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "366": "
\n

Debian Security Advisory

\n

DSA-366-1 eroaster -- insecure temporary file

\n
\n
Date Reported:
\n
05 Aug 2003
\n
Affected Packages:
\n
\neroaster\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8350.
In Mitre's CVE dictionary: CVE-2003-0656.
\n
More information:
\n
\n

eroaster, a frontend for burning CD-R media using cdrecord, does not\ntake appropriate security precautions when creating a temporary file\nfor use as a lockfile. This bug could potentially be exploited to\noverwrite arbitrary files with the privileges of the user running\neroaster.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.1.0.0.3-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.0-0.5-1.

\n

We recommend that you update your eroaster package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eroaster/eroaster_2.1.0.0.3-2woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "367": "
\n

Debian Security Advisory

\n

DSA-367-1 xtokkaetama -- buffer overflow

\n
\n
Date Reported:
\n
08 Aug 2003
\n
Affected Packages:
\n
\nxtokkaetama\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8337.
In Mitre's CVE dictionary: CVE-2003-0652.
\n
More information:
\n
\n

Another buffer overflow was discovered in xtokkaetama, involving the\n\"-nickname\" command line option. This vulnerability could be\nexploited by a local attacker to gain gid 'games'.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.0b-6woody2.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.0b-9.

\n

We recommend that you update your xtokkaetama package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xtokkaetama/xtokkaetama_1.0b-6woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "368": "
\n

Debian Security Advisory

\n

DSA-368-1 xpcd -- buffer overflow

\n
\n
Date Reported:
\n
08 Aug 2003
\n
Affected Packages:
\n
\nxpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8370.
In Mitre's CVE dictionary: CVE-2003-0649.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in xpcd-svga which can be\ntriggered by a long HOME environment variable. This vulnerability\ncould be exploited by a local attacker to gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your xpcd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "369": "
\n

Debian Security Advisory

\n

DSA-369-1 zblast -- buffer overflow

\n
\n
Date Reported:
\n
08 Aug 2003
\n
Affected Packages:
\n
\nzblast\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 7836.
In Mitre's CVE dictionary: CVE-2003-0613.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in zblast-svgalib, when saving\nthe high score file. This vulnerability could be exploited by a local\nuser to gain gid 'games', if they can achieve a high score.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.2pre-5woody2.

\n

For the unstable distribution (sid) this problem is fixed in version\n1.2.1-7.

\n

We recommend that you update your zblast package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast_1.2pre-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/z/zblast/zblast_1.2pre-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zblast/zblast_1.2pre.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-data_1.2pre-5woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-svgalib_1.2pre-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zblast/zblast-x11_1.2pre-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "370": "
\n

Debian Security Advisory

\n

DSA-370-1 pam-pgsql -- format string

\n
\n
Date Reported:
\n
08 Aug 2003
\n
Affected Packages:
\n
\npam-pgsql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8379.
In Mitre's CVE dictionary: CVE-2003-0672.
\n
More information:
\n
\n

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the\nusername to be used for authentication is used as a format string when\nwriting a log message. This vulnerability may allow an attacker to\nexecute arbitrary code with the privileges of the program requesting\nPAM authentication.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.5.2-3woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5.2-7.

\n

We recommend that you update your pam-pgsql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "371": "
\n

Debian Security Advisory

\n

DSA-371-1 perl -- cross-site scripting

\n
\n
Date Reported:
\n
11 Aug 2003
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8231.
In Mitre's CVE dictionary: CVE-2003-0615.
\n
More information:
\n
\n

A cross-site scripting vulnerability exists in the start_form()\nfunction in CGI.pm. This function outputs user-controlled data into\nthe action attribute of a form element without sanitizing it, allowing\na remote user to execute arbitrary web script within the context of\nthe generated page. Any program which uses this function in the\nCGI.pm module may be affected.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 5.6.1-8.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.8.0-19.

\n

We recommend that you update your perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "372": "
\n

Debian Security Advisory

\n

DSA-372-1 netris -- buffer overflow

\n
\n
Date Reported:
\n
16 Aug 2003
\n
Affected Packages:
\n
\nnetris\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8400.
In Mitre's CVE dictionary: CVE-2003-0685.
\n
More information:
\n
\n

Shaun Colley discovered a buffer overflow vulnerability in netris, a\nnetwork version of a popular puzzle game. A netris client connecting\nto an untrusted netris server could be sent an unusually long data\npacket, which would be copied into a fixed-length buffer without\nbounds checking. This vulnerability could be exploited to gain the\nprivileges of the user running netris in client mode, if they connect\nto a hostile netris server.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 0.5-4woody1.

\n

For the unstable distribution (sid) this problem is fixed in version\n0.52-1.

\n

We recommend that you update your netris package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netris/netris_0.5-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "373": "
\n

Debian Security Advisory

\n

DSA-373-1 autorespond -- buffer overflow

\n
\n
Date Reported:
\n
16 Aug 2003
\n
Affected Packages:
\n
\nautorespond\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8436.
In Mitre's CVE dictionary: CVE-2003-0654.
\n
More information:
\n
\n

Christian Jaeger discovered a buffer overflow in autorespond, an email\nautoresponder used with qmail. This vulnerability could potentially\nbe exploited by a remote attacker to gain the privileges of a user who\nhas configured qmail to forward messages to autorespond. This\nvulnerability is currently not believed to be exploitable due to\nincidental limits on the length of the problematic input, but there\nmay be situations in which these limits do not apply.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.2-2woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your autorespond package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1.dsc
\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/contrib/a/autorespond/autorespond_2.0.2-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "374": "
\n

Debian Security Advisory

\n

DSA-374-1 libpam-smb -- buffer overflow

\n
\n
Date Reported:
\n
26 Aug 2003
\n
Affected Packages:
\n
\nlibpam-smb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8491.
In Mitre's CVE dictionary: CVE-2003-0686.
\n
More information:
\n
\n

libpam-smb is a PAM authentication module which makes it possible to\nauthenticate users against a password database managed by Samba or a\nMicrosoft Windows server. If a long password is supplied, this can\ncause a buffer overflow which could be exploited to execute arbitrary\ncode with the privileges of the process which invokes PAM services.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.6-1.1woody1.

\n

The unstable distribution (sid) does not contain a libpam-smb\npackage.

\n

We recommend that you update your libpam-smb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpam-smb/libpam-smb_1.1.6-1.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "375": "
\n

Debian Security Advisory

\n

DSA-375-1 node -- buffer overflow, format string

\n
\n
Date Reported:
\n
29 Aug 2003
\n
Affected Packages:
\n
\nnode\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8512.
In Mitre's CVE dictionary: CVE-2003-0707, CVE-2003-0708.
\n
More information:
\n
\n

Morgan alias SM6TKY discovered and fixed several security related\nproblems in LinuxNode, an Amateur Packet Radio Node program. The\nbuffer overflow he discovered can be used to gain unauthorised root\naccess and can be remotely triggered.

\n

For the stable distribution (woody) this problem has been\nfixed in version 0.3.0a-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.3.2-1.

\n

We recommend that you upgrade your node packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/node/node_0.3.0a-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "376": "
\n

Debian Security Advisory

\n

DSA-376-2 exim -- buffer overflow

\n
\n
Date Reported:
\n
04 Sep 2003
\n
Affected Packages:
\n
\nexim, exim-tls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8518.
In Mitre's CVE dictionary: CVE-2003-0743.
\n
More information:
\n
\n

A buffer overflow exists in exim, which is the standard mail transport\nagent in Debian. By supplying a specially crafted HELO or EHLO\ncommand, an attacker could cause a constant string to be written past\nthe end of a buffer allocated on the heap. This vulnerability is not\nbelieved at this time to be exploitable to execute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nexim version 3.35-1woody2 and exim-tls version 3.35-3woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nexim version 3.36-8. The unstable distribution does not contain an\nexim-tls package.

\n

We recommend that you update your exim or exim-tls package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "377": "
\n

Debian Security Advisory

\n

DSA-377-1 wu-ftpd -- insecure program execution

\n
\n
Date Reported:
\n
04 Sep 2003
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-1999-0997.
\n
More information:
\n
\n

wu-ftpd, an FTP server, implements a feature whereby multiple files\ncan be fetched in the form of a dynamically constructed archive file,\nsuch as a tar archive. The names of the files to be included are\npassed as command line arguments to tar, without protection against\nthem being interpreted as command-line options. GNU tar supports\nseveral command line options which can be abused, by means of this\nvulnerability, to execute arbitrary programs with the privileges of\nthe wu-ftpd process.

\n

Georgi Guninski pointed out that this vulnerability exists in Debian\nwoody.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.6.2-3woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your wu-ftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "378": "
\n

Debian Security Advisory

\n

DSA-378-1 mah-jong -- buffer overflows, denial of service

\n
\n
Date Reported:
\n
07 Sep 2003
\n
Affected Packages:
\n
\nmah-jong\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8557, BugTraq ID 8558.
In Mitre's CVE dictionary: CVE-2003-0705, CVE-2003-0706.
\n
More information:
\n
\n

Nicolas Boullis discovered two vulnerabilities in mah-jong, a\nnetwork-enabled game.

\n
    \n
  • CAN-2003-0705 (buffer overflow)\n

    This vulnerability could be exploited by a remote attacker to\n execute arbitrary code with the privileges of the user running the\n mah-jong server.

    • \n
  • CAN-2003-0706 (denial of service)\n

    This vulnerability could be exploited by a remote attacker to cause\n the mah-jong server to enter a tight loop and stop responding to\n commands.

    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.4-2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.6-2.

\n

We recommend that you update your mah-jong package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.dsc
\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "379": "
\n

Debian Security Advisory

\n

DSA-379-1 sane-backends -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Sep 2003
\n
Affected Packages:
\n
\nsane-backends\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8593, BugTraq ID 8594, BugTraq ID 8595, BugTraq ID 8596, BugTraq ID 8597, BugTraq ID 8600.
In Mitre's CVE dictionary: CVE-2003-0773, CVE-2003-0774, CVE-2003-0775, CVE-2003-0776, CVE-2003-0777, CVE-2003-0778.
\n
More information:
\n
\n

Alexander Hvostov, Julien Blache and Aurelien Jarno discovered several\nsecurity-related problems in the sane-backends package, which contains\nan API library for scanners including a scanning daemon (in the\npackage libsane) that can be remotely exploited. These problems allow\na remote attacker to cause a segmentation fault and/or consume arbitrary\namounts of memory. The attack is successful, even if the attacker's\ncomputer isn't listed in saned.conf.

\n

You are only vulnerable if you actually run saned e.g. in xinetd or\ninetd. If the entries in the configuration file of xinetd or inetd\nrespectively are commented out or do not exist, you are safe.

\n

Try \"telnet localhost 6566\" on the server that may run saned.\nIf you\nget \"connection refused\" saned is not running and you are safe.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n

    \n
  • CAN-2003-0773:\n

    saned checks the identity (IP address) of the remote host only\n after the first communication took place (SANE_NET_INIT). So\n everyone can send that RPC, even if the remote host is not allowed\n to scan (not listed in saned.conf).

    • \n
  • CAN-2003-0774:\n

    saned lacks error checking nearly everywhere in the code. So\n connection drops are detected very late. If the drop of the\n connection isn't detected, the access to the internal wire buffer\n leaves the limits of the allocated memory. So random memory \"after\"\n the wire buffer is read which will be followed by a segmentation\n fault.

    • \n
  • CAN-2003-0775:\n

    If saned expects strings, it mallocs the memory necessary to store\n the complete string after it receives the size of the string. If\n the connection was dropped before transmitting the size, malloc\n will reserve an arbitrary size of memory. Depending on that size\n and the amount of memory available either malloc fails (->saned\n quits nicely) or a huge amount of memory is allocated. Swapping\n and OOM measures may occur depending on the kernel.

    • \n
  • CAN-2003-0776:\n

    saned doesn't check the validity of the RPC numbers it gets before\n getting the parameters.

    • \n
  • CAN-2003-0777:\n

    If debug messages are enabled and a connection is dropped,\n non-null-terminated strings may be printed and segmentation faults\n may occur.

    • \n
  • CAN-2003-0778:\n

    It's possible to allocate an arbitrary amount of memory on the\n server running saned even if the connection isn't dropped. At the\n moment this cannot easily be fixed according to the author.\n Better limit the total amount of memory saned may use (ulimit).

    • \n
\n

For the stable distribution (woody) this problem has been\nfixed in version 1.0.7-4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.11-1 and later.

\n

We recommend that you upgrade your libsane packages.

\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sane-backends/sane-backends_1.0.7-4.dsc
\n
http://security.debian.org/pool/updates/main/s/sane-backends/sane-backends_1.0.7-4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sane-backends/sane-backends_1.0.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1.0.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sane-backends/libsane-dev_1.0.7-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "380": "
\n

Debian Security Advisory

\n

DSA-380-1 xfree86 -- buffer overflows, denial of service

\n
\n
Date Reported:
\n
12 Sep 2003
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4396, BugTraq ID 8514, BugTraq ID 6940, BugTraq ID 6950.
In Mitre's CVE dictionary: CVE-2003-0063, CVE-2003-0071, CVE-2002-0164, CVE-2003-0730.
\n
More information:
\n
\n

Four vulnerabilities have been discovered in XFree86.

\n
    \n
  • CAN-2003-0063\n- xterm window title reporting escape sequence can deceive user\n

    The xterm package provides a terminal escape sequence that reports\n the window title by injecting it into the input buffer of the\n terminal window, as if the user had typed it. An attacker can craft\n an escape sequence that sets the title of a victim's xterm window to\n an arbitrary string (such as a shell command) and then reports that\n title. If the victim is at a shell prompt when this is done, the\n injected command will appear on the command line, ready to be run.\n Since it is not possible to embed a carriage return in the window\n title, the attacker would have to convince the victim to press Enter\n (or rely upon the victim's careless or confusion) for the shell or\n other interactive process to interpret the window title as user\n input. It is conceivable that the attacker could craft other escape\n sequences that might convince the victim to accept the injected\n input, however. The Common Vulnerabilities and Exposures project at\n cve.mitre.org has assigned the name\n CAN-2003-0063\n to this issue.

    \n

    To determine whether your version of xterm is vulnerable to abuse of\n the window title reporting feature, run the following command at a\n shell prompt from within an xterm window:

    \n
       echo -e \"\\e[21t\"
    \n

    (The terminal bell may ring, and the window title may be prefixed\n with an \"l\".)

    \n

    This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm. Consider the following:

    \n
       echo -e '\\e]2;s && echo rm -rf *\\a' > /tmp/sploit\n   echo -e '\\e[21t' >> /tmp/sploit\n   cat /tmp/sploit
    \n

    Debian has resolved this problem by disabling the window title\n reporting escape sequence in xterm; it is understood but ignored.\n The escape sequence to set the window title has not been disabled.

    \n

    A future release of the xterm package will have a configuration\n option to permit the user to turn the window title reporting feature\n back on, but it will default off.

    \n
    • \n
  • CAN-2003-0071\n- xterm susceptible to DEC UDK escape sequence denial-of-service attack\n

    The xterm package, since it emulates DEC VT-series text terminals,\n emulates a feature of DEC VT terminals known as \"User-Defined Keys\"\n (UDK for short). There is a bug in xterm's handling of DEC UDK\n escape sequences, however, and an ill-formed one can cause the xterm\n process to enter a tight loop. This causes the process to \"spin\",\n consuming CPU cycles uselessly, and refusing to handle signals (such\n as efforts to kill the process or close the window).

    \n

    To determine whether your version of xterm is vulnerable to this\n attack, run the following command at a shell prompt from within a\n \"sacrificial\" xterm window (i.e., one that doesn't have anything in\n the scrollback buffer you might need to see later):

    \n
       echo -e \"\\eP0;0|0A/17\\x9c\"
    \n

    This flaw is exploitable by anything that can send output to a\n terminal window, such as a text document. The xterm user has to\n take action to cause the escape sequence to be sent, however (such\n as by viewing a malicious text document with the \"cat\" command).\n Whether you are likely to be exposed to it depends on how you use\n xterm.

    \n

    Debian has resolved this problem by backporting an upstream fix\n to XFree86 4.1.0.

    \n
    • \n
  • CAN-2002-0164\n- flaw in X server's MIT-SHM extension permits user owning X session to read\nand write arbitrary shared memory segments\n

    Most X servers descended from the MIT/X Consortium/X.Org Sample\n Implementation, including XFree86's X servers, support an extension\n to the X protocol called MIT-SHM, which enables X clients running on\n the same host as the X server to operate more quickly and\n efficiently by taking advantage of an operating system feature\n called shared memory where it is available. The Linux kernel, for\n example, supports shared memory.

    \n

    Because the X server runs with elevated privileges, the operating\n system's built-in access control mechanisms are ineffective to\n police the X server's usage of segments of shared memory. The X\n server has to implement its own access control. This was\n imperfectly done in previous releases of XFree86 (and the MIT/X\n Consortium/X.Org Sample Implementation before it), leaving\n opportunities for malicious X clients to read and alter shared\n memory segments to which they should not have access. The Common\n Vulnerabilities and Exposures project at cve.mitre.org has assigned\n the name\n CAN-2002-0164\n to this issue.

    \n

    Debian's XFree86 4.1.0-16 packages shipped with an incomplete fix\n for the this flaw, only enforcing proper access control for X\n servers that were not started by a display manager (e.g., xdm).\n This update resolves that problem.

    \n

    The Debian Project knows of no exploits for this vulnerability. A\n malicious X client that abused the MIT-SHM extension could\n conceivably be written however, and run (deliberately or\n unwittingly) by a user able to run an X server on a host. The\n impact of this flaw depends on how shared memory is used on the\n system. See the ipcs(8) manual page for more information.

    \n

    Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.

    \n
    • \n
  • CAN-2003-0730\n- multiple integer overflows in the font libraries for XFree86 allow local or\nremote attackers to cause a denial of service or execute arbitrary code via\nheap-based and stack-based buffer overflow attacks\n

    Security researcher \"blexim\" wrote [paraphrased]:

    \n
    \n

    I have identified several bugs in the font libraries of the\n current version of the XFree86 source code. These bugs could\n potentially lead to the execution of arbitrary code by a remote\n user in any process which calls the functions in question. The\n functions are related to the transfer and enumeration of fonts\n from font servers to clients, limiting the range of the exposure\n caused by these bugs.

    \n

    Specifically, several sizing variables passed from a font server\n to a client are not adequately checked, causing calculations on\n them to result in erroneous values. These erroneous calculations\n can lead to buffers on the heap and stack overflowing, potentially\n leading to arbitrary code execution. As stated before, the risk\n is limited by the fact that only clients can be affected by these\n bugs, but in some (non-default) configurations, both xfs and the X\n server can act as clients to remote font servers. In these\n configurations, both xfs and the X server could be potentially\n compromised.

    \n
    \n

    The Common Vulnerabilities and Exposures project at cve.mitre.org\n has assigned the name\n CAN-2003-0730\n to this issue.

    \n

    The Debian Project knows of no exploits for this vulnerability. By\n default in Debian, X servers are configured to listen only to a\n locally-running font server, which is not even used if the xfs\n package is not installed. The Debian default configuration of xfs\n uses only font directories on the local host, and does not attempt\n to connect to any external font servers.

    \n

    Debian has resolved this problem by backporting an upstream fix to\n XFree86 4.1.0.

    \n
    • \n
\n

All of the above problems also affect the xfree86v3 packages (in the\ncase of the first two flaws, the xterm source code contains the flaws,\nbut no xterm package is produced). Due to resource limitations and a\nlack of upstream support for this legacy code, Debian is unable to\ncontinue supporting version 3.3.6 of XFree86. To avoid exposure to\nthe latter two flaws in this advisory, we recommend that you remove\nthe following packages if you have them installed:

\n
    \n
  • xserver-3dlabs
    • \n
  • xserver-8514
    • \n
  • xserver-agx
    • \n
  • xserver-common-v3
    • \n
  • xserver-fbdev
    • \n
  • xserver-i128
    • \n
  • xserver-mach32
    • \n
  • xserver-mach64
    • \n
  • xserver-mach8
    • \n
  • xserver-mono
    • \n
  • xserver-p9000
    • \n
  • xserver-s3
    • \n
  • xserver-s3v
    • \n
  • xserver-svga
    • \n
  • xserver-tga
    • \n
  • xserver-vga16
    • \n
  • xserver-w32
    • \n
\n

(You may also wish to remove the xext, xlib6, and xlib6-altdev packages,\nas support for them is being terminated along with the rest of the\nXFree86 3.3.6 packages, though they are not affected by the flaws in\nthis advisory.)

\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody1.

\n

For the unstable distribution (sid) all problems except\nCAN-2003-0730\nare fixed in version 4.2.1-11.\nCAN-2003-0730\nwill be fixed in 4.2.1-12, currently in preparation.

\n

We recommend that you update your xfree86 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "381": "
\n

Debian Security Advisory

\n

DSA-381-1 mysql -- buffer overflow

\n
\n
Date Reported:
\n
13 Sep 2003
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 210403.
In the Bugtraq database (at SecurityFocus): BugTraq ID 8590.
In Mitre's CVE dictionary: CVE-2003-0780.
\n
More information:
\n
\n

MySQL, a popular relational database system, contains a buffer\noverflow condition which could be exploited by a user who has\npermission to execute \"ALTER TABLE\" commands on the tables in the\n\"mysql\" database. If successfully exploited, this vulnerability\ncould allow the attacker to execute arbitrary code with the\nprivileges of the mysqld process (by default, user \"mysql\"). Since\nthe \"mysql\" database is used for MySQL's internal record keeping, by\ndefault the mysql administrator \"root\" is the only user with\npermission to alter its tables.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.23.49-8.5.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #210403.

\n

We recommend that you update your mysql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.5.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.5_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "382": "
\n

Debian Security Advisory

\n

DSA-382-3 ssh -- possible remote vulnerability

\n
\n
Date Reported:
\n
16 Sep 2003
\n
Affected Packages:
\n
\nssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0693, CVE-2003-0695, CVE-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24.
\n
More information:
\n
\n

A bug has been found in OpenSSH's buffer handling where a buffer could\nbe marked as grown when the actual reallocation failed.

\n

DSA-382-2:\nThis advisory is an addition to the earlier DSA-382-1 advisory: two more\nbuffer handling problems have been found in addition to the one\ndescribed in DSA-382-1. It is not known if these bugs are exploitable,\nbut as a precaution an upgrade is advised.

\n

DSA-382-3:\nThis advisory is an addition to the earlier DSA-382-1 and DSA-382-2\nadvisories: Solar Designer found four more bugs in OpenSSH that may be\nexploitable.

\n

For the Debian stable distribution (woody) these bugs have been fixed\nin version\n1:3.4p1-1.woody.3.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.4p1-1.woody.3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.4p1-1.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.4p1-1.woody.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "383": "
\n

Debian Security Advisory

\n

DSA-383-2 ssh-krb5 -- possible remote vulnerability

\n
\n
Date Reported:
\n
17 Sep 2003
\n
Affected Packages:
\n
\nssh-krb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8628.
In Mitre's CVE dictionary: CVE-2003-0693, CVE-2003-0695, CVE-2003-0682.
CERT's vulnerabilities, advisories and incident notes: VU#333628, CA-2003-24.
\n
More information:
\n
\n

Several bugs have been found in OpenSSH's buffer handling. It is not\nknown if these bugs are exploitable, but as a precaution an upgrade is\nadvised.

\n

DSA-383-2:\nThis advisory is an addition to the earlier DSA-383-1 advisory: Solar\nDesigner found four more bugs in OpenSSH that may be exploitable.

\n

For the Debian stable distribution these bugs have been fixed in version\n1:3.4p1-0woody4.

\n

We recommend that you update your ssh-krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.4p1-0woody4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.4p1-0woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

MD5 checksums of the listed files are available in the revised advisory.\n

\n\n
\n
", "384": "
\n

Debian Security Advisory

\n

DSA-384-1 sendmail -- buffer overflows

\n
\n
Date Reported:
\n
17 Sep 2003
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8641, BugTraq ID 8649.
In Mitre's CVE dictionary: CVE-2003-0681, CVE-2003-0694.
CERT's vulnerabilities, advisories and incident notes: CA-2003-25.
\n
More information:
\n
\n

Two vulnerabilities were reported in sendmail.

\n
    \n
  • CAN-2003-0681:\n

    A \"potential buffer overflow in ruleset parsing\" for Sendmail\n 8.12.9, when using the nonstandard rulesets (1) recipient (2),\n final, or (3) mailer-specific envelope recipients, has unknown\n consequences.

    • \n
  • CAN-2003-0694:\n

    The prescan function in Sendmail 8.12.9 allows remote attackers to\n execute arbitrary code via buffer overflow attacks, as demonstrated\n using the parseaddr function in parseaddr.c.

    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nsendmail version 8.12.3-6.6 and sendmail-wide version\n8.12.3+3.5Wbeta-5.5.

\n

For the unstable distribution (sid) these problems have been fixed in\nsendmail version 8.12.10-1.

\n

We recommend that you update your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-6.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-6.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-6.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail-wide/sendmail-wide_8.12.3+3.5Wbeta-5.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "385": "
\n

Debian Security Advisory

\n

DSA-385-1 hztty -- buffer overflows

\n
\n
Date Reported:
\n
18 Sep 2003
\n
Affected Packages:
\n
\nhztty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8656.
In Mitre's CVE dictionary: CVE-2003-0783.
\n
More information:
\n
\n

Jens Steube reported a pair of buffer overflow vulnerabilities in\nhztty, a program to translate Chinese character encodings in a\nterminal session. These vulnerabilities could be exploited by a local\nattacker to gain root privileges on a system where hztty is installed.

\n

Additionally, hztty had been incorrectly installed setuid root, when\nit only requires the privileges of group utmp. This has also been\ncorrected in this update.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0-5.2woody1.

\n

For the unstable distribution (sid) this problem will be fixed in\nversion 2.0-6.

\n

We recommend that you update your hztty package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "386": "
\n

Debian Security Advisory

\n

DSA-386-1 libmailtools-perl -- input validation bug

\n
\n
Date Reported:
\n
18 Sep 2003
\n
Affected Packages:
\n
\nlibmailtools-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6104.
In Mitre's CVE dictionary: CVE-2002-1271.
\n
More information:
\n
\n

The SuSE security team discovered during an audit a bug in\nMail::Mailer, a Perl module used for sending email, whereby\npotentially untrusted input is passed to a program such as mailx,\nwhich may interpret certain escape sequences as commands to be\nexecuted.

\n

This bug has been fixed by removing support for programs such as mailx\nas a transport for sending mail. Instead, alternative mechanisms are\nused.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.44-1woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your libmailtools-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/libmailtools-perl_1.44-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/libm/libmailtools-perl/mailtools_1.44-1woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "387": "
\n

Debian Security Advisory

\n

DSA-387-1 gopher -- buffer overflows

\n
\n
Date Reported:
\n
18 Sep 2003
\n
Affected Packages:
\n
\ngopher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8167, BugTraq ID 8168, BugTraq ID 8283.
In Mitre's CVE dictionary: CVE-2003-0805.
\n
More information:
\n
\n

gopherd, a gopher server from the University of Minnesota, contains a\nnumber of buffer overflows which could be exploited by a remote\nattacker to execute arbitrary code with the privileges of the gopherd\nprocess (the \"gopher\" user by default).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.0.3woody1.

\n

This program has been removed from the unstable distribution (sid).\ngopherd is deprecated, and users are recommended to use PyGopherd instead.

\n

We recommend that you update your gopherd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "388": "
\n

Debian Security Advisory

\n

DSA-388-1 kdebase -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Sep 2003
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8635, BugTraq ID 8636.
In Mitre's CVE dictionary: CVE-2003-0690, CVE-2003-0692.
\n
More information:
\n
\n

Two vulnerabilities were discovered in kdebase:

\n
    \n
  • CAN-2003-0690:\n

    KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred\n function call succeeds, which may allow attackers to gain root\n privileges by triggering error conditions within PAM modules, as\n demonstrated in certain configurations of the MIT pam_krb5 module.

    • \n
  • CAN-2003-0692:\n

    KDM in KDE 3.1.3 and earlier uses a weak session cookie generation\n algorithm that does not provide 128 bits of entropy, which allows\n attackers to guess session cookies via brute force methods and gain\n access to the user session.

    • \n
\n

These vulnerabilities are described in the following security\nadvisory from KDE:

\n

http://www.kde.org/info/security/advisory-20030916-1.txt

\n

For the current stable distribution (woody) these problems have been\nfixed in version 4:2.2.2-14.7.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you update your kdebase package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "389": "
\n

Debian Security Advisory

\n

DSA-389-1 ipmasq -- insecure packet filtering rules

\n
\n
Date Reported:
\n
20 Sep 2003
\n
Affected Packages:
\n
\nipmasq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8664.
In Mitre's CVE dictionary: CVE-2003-0785.
\n
More information:
\n
\n

ipmasq is a package which simplifies configuration of Linux IP\nmasquerading, a form of network address translation which allows a\nnumber of hosts to share a single public IP address. Due to use of\ncertain improper filtering rules, traffic arriving on the external\ninterface addressed for an internal host would be forwarded,\nregardless of whether it was associated with an established\nconnection. This vulnerability could be exploited by an attacker\ncapable of forwarding IP traffic with an arbitrary destination address\nto the external interface of a system with ipmasq installed.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 3.5.10c.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5.12.

\n

We recommend that you update your ipmasq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipmasq/ipmasq_3.5.10c.dsc
\n
http://security.debian.org/pool/updates/main/i/ipmasq/ipmasq_3.5.10c.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ipmasq/ipmasq_3.5.10c_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "390": "
\n

Debian Security Advisory

\n

DSA-390-1 marbles -- buffer overflow

\n
\n
Date Reported:
\n
26 Sep 2003
\n
Affected Packages:
\n
\nmarbles\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8710.
In Mitre's CVE dictionary: CVE-2003-0830.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in marbles, when processing\nthe HOME environment variable. This vulnerability could be exploited\nby a local user to gain gid 'games'.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 1.0.2-1woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your marbles package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/marbles/marbles_1.0.2-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "391": "
\n

Debian Security Advisory

\n

DSA-391-1 freesweep -- buffer overflow

\n
\n
Date Reported:
\n
28 Sep 2003
\n
Affected Packages:
\n
\nfreesweep\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0828.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in freesweep, when processing\nseveral environment variables. This vulnerability could be exploited\nby a local user to gain gid 'games'.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 0.88-4woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your freesweep package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "392": "
\n

Debian Security Advisory

\n

DSA-392-1 webfs -- buffer overflows, file and directory exposure

\n
\n
Date Reported:
\n
29 Sep 2003
\n
Affected Packages:
\n
\nwebfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8724, BugTraq ID 8726.
In Mitre's CVE dictionary: CVE-2003-0832, CVE-2003-0833.
\n
More information:
\n
\n

Jens Steube reported two vulnerabilities in webfs, a lightweight HTTP\nserver for static content.

\n

CAN-2003-0832 - When virtual hosting is enabled, a remote client\n could specify \"..\" as the hostname in a request, allowing retrieval\n of directory listings or files above the document root.

\n

CAN-2003-0833 - A long pathname could overflow a buffer allocated on\n the stack, allowing execution of arbitrary code. In order to exploit\n this vulnerability, it would be necessary to be able to create\n directories on the server in a location which could be accessed by\n the web server. In conjunction with CAN-2003-0832, this could be a\n world-writable directory such as /var/tmp.

\n

For the current stable distribution (woody) these problems have been fixed\nin version 1.17.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.20.

\n

We recommend that you update your webfs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2.dsc
\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/webfs/webfs_1.17.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "393": "
\n

Debian Security Advisory

\n

DSA-393-1 openssl -- denial of service

\n
\n
Date Reported:
\n
01 Oct 2003
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8732.
In Mitre's CVE dictionary: CVE-2003-0543, CVE-2003-0544.
CERT's vulnerabilities, advisories and incident notes: CA-2003-26.
\n
More information:
\n
\n

Dr. Stephen Henson (steve@openssl.org), using a test suite\nprovided by NISCC (http://www.niscc.gov.uk/), discovered a number of\nerrors in the OpenSSL\nASN1 code. Combined with an error that causes the OpenSSL code to parse\nclient certificates even when it should not, these errors can cause a\ndenial of service (DoS) condition on a system using the OpenSSL code,\ndepending on how that code is used. For example, even though apache-ssl\nand ssh link to OpenSSL libraries, they should not be affected by this\nvulnerability. However, other SSL-enabled applications may be\nvulnerable and an OpenSSL upgrade is recommended.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 0.9.6c-2.woody.4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.7c-1.

\n

We recommend that you update your openssl package. Note that you will\nneed to restart services which use the libssl library for this update\nto take effect.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "394": "
\n

Debian Security Advisory

\n

DSA-394-1 openssl095 -- ASN.1 parsing vulnerability

\n
\n
Date Reported:
\n
11 Oct 2003
\n
Affected Packages:
\n
\nopenssl095\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8732.
In Mitre's CVE dictionary: CVE-2003-0543, CVE-2003-0544, CVE-2003-0545.
\n
More information:
\n
\n

Steve Henson of the OpenSSL core team identified and prepared fixes\nfor a number of vulnerabilities in the OpenSSL ASN1 code that were\ndiscovered after running a test suite by British National\nInfrastructure Security Coordination Centre (NISCC).

\n

A bug in OpenSSLs SSL/TLS protocol was also identified which causes\nOpenSSL to parse a client certificate from an SSL/TLS client when it\nshould reject it as a protocol error.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CAN-2003-0543:\n

    Integer overflow in OpenSSL that allows remote attackers to cause a\n denial of service (crash) via an SSL client certificate with\n certain ASN.1 tag values.

    \n
  • CAN-2003-0544:\n

    OpenSSL does not properly track the number of characters in certain\n ASN.1 inputs, which allows remote attackers to cause a denial of\n service (crash) via an SSL client certificate that causes OpenSSL\n to read past the end of a buffer when the long form is used.

    \n
  • CAN-2003-0545:\n

    Double-free vulnerability allows remote attackers to cause a denial\n of service (crash) and possibly execute arbitrary code via an SSL\n client certificate with a certain invalid ASN.1 encoding. This bug\n was only present in OpenSSL 0.9.7 and is listed here only for\n reference.

    \n
\n

For the stable distribution (woody) this problem has been\nfixed in openssl095 version 0.9.5a-6.woody.3.

\n

This package is not present in the unstable (sid) or testing (sarge)\ndistribution.

\n

We recommend that you upgrade your libssl095a packages and restart\nservices using this library. Debian doesn't ship any packages that\nare linked against this library.

\n

The following commandline (courtesy of Ray Dassen) produces a list of\nnames of running processes that have libssl095 mapped into their\nmemory space:

\n
\n    find /proc -name maps -exec egrep -l 'libssl095' {} /dev/null \\; | sed -e 's/[^0-9]//g' | xargs --no-run-if-empty ps --no-headers -p | sed -e 's/^\\+//' -e 's/ \\+/ /g' | cut -d ' ' -f 5 | sort | uniq\n
\n

You should restart the associated services.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "395": "
\n

Debian Security Advisory

\n

DSA-395-1 tomcat4 -- incorrect input handling

\n
\n
Date Reported:
\n
15 Oct 2003
\n
Affected Packages:
\n
\ntomcat4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8824.
In Mitre's CVE dictionary: CVE-2003-0866.
\n
More information:
\n
\n

Aldrin Martoq has discovered a denial of service (DoS) vulnerability in\nApache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP\nconnector makes Tomcat reject further requests on this port until it is\nrestarted.

\n

For the current stable distribution (woody) this problem has been fixed\nin version 4.0.3-3woody3.

\n

For the unstable distribution (sid) this problem does not exist in the\ncurrent version 4.1.24-2.

\n

We recommend that you upgrade your tomcat4 packages and restart the\ntomcat server.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.dsc
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody3_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody3_all.deb
\n
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "396": "
\n

Debian Security Advisory

\n

DSA-396-1 thttpd -- missing input sanitizing, wrong calculation

\n
\n
Date Reported:
\n
29 Oct 2003
\n
Affected Packages:
\n
\nthttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8906, BugTraq ID 8924.
In Mitre's CVE dictionary: CVE-2002-1562, CVE-2003-0899.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in thttpd, a tiny HTTP\nserver.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CAN-2002-1562: Information leak\n

    Marcus Breiing discovered that if thttpd it is used for virtual\n hosting, and an attacker supplies a specially crafted \u201cHost:\u201d\n header with a pathname instead of a hostname, thttpd will reveal\n information about the host system. Hence, an attacker can browse\n the entire disk.

    • \n
  • CAN-2003-0899: Arbitrary code execution\n

    Joel S\u00f6derberg and Christer \u00d6berg discovered a remote overflow which\n allows an attacker to partially overwrite the EBP register and\n hence execute arbitrary code.

    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.21b-11.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.23beta1-2.3.

\n

We recommend that you upgrade your thttpd package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.dsc
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "397": "
\n

Debian Security Advisory

\n

DSA-397-1 postgresql -- buffer overflow

\n
\n
Date Reported:
\n
07 Nov 2003
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8741.
In Mitre's CVE dictionary: CVE-2003-0901.
\n
More information:
\n
\n

Tom Lane discovered a buffer overflow in the to_ascii function in\nPostgreSQL. This allows remote attackers to execute arbitrary code on\nthe host running the database.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody4.

\n

The unstable distribution (sid) does not contain this problem.

\n

We recommend that you upgrade your postgresql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "398": "
\n

Debian Security Advisory

\n

DSA-398-1 conquest -- buffer overflow

\n
\n
Date Reported:
\n
10 Nov 2003
\n
Affected Packages:
\n
\nconquest\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8996.
In Mitre's CVE dictionary: CVE-2003-0933.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in the environment variable\nhandling of conquest, a curses based, real-time, multi-player space\nwarfare game, which could lead a local attacker to gain unauthorised\naccess to the group conquest.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 7.1.1-6woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7.2-5.

\n

We recommend that you upgrade your conquest package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "399": "
\n

Debian Security Advisory

\n

DSA-399-1 epic4 -- buffer overflow

\n
\n
Date Reported:
\n
10 Nov 2003
\n
Affected Packages:
\n
\nepic4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8999.
In Mitre's CVE dictionary: CVE-2003-0328.
\n
More information:
\n
\n

Jeremy Nelson discovered a remotely exploitable buffer overflow in\nEPIC4, a popular client for Internet Relay Chat (IRC). A malicious\nserver could craft a reply which triggers the client to allocate a\nnegative amount of memory. This could lead to a denial of service if\nthe client only crashes, but may also lead to executing of arbitrary\ncode under the user id of the chatting user.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.2.20020219-2.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.11.20030409-2.

\n

We recommend that you upgrade your epic4 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.dsc
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "400": "
\n

Debian Security Advisory

\n

DSA-400-1 omega-rpg -- buffer overflow

\n
\n
Date Reported:
\n
11 Nov 2003
\n
Affected Packages:
\n
\nomega-rpg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9016.
In Mitre's CVE dictionary: CVE-2003-0932.
\n
More information:
\n
\n

Steve Kemp discovered a buffer overflow in the commandline and\nenvironment variable handling of omega-rpg, a text-based rogue-style\ngame of dungeon exploration, which could lead a local attacker to gain\nunauthorised access to the group games.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.90-pa9-7woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.90-pa9-11.

\n

We recommend that you upgrade your omega-rpg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/omega-rpg/omega-rpg_0.90-pa9-7woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "401": "
\n

Debian Security Advisory

\n

DSA-401-1 hylafax -- format strings

\n
\n
Date Reported:
\n
17 Nov 2003
\n
Affected Packages:
\n
\nhylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9005.
In Mitre's CVE dictionary: CVE-2003-0886.
\n
More information:
\n
\n

The SuSE Security Team discovered several exploitable formats string\nvulnerabilities in hylafax, a flexible client/server fax system, which\ncould lead to executing arbitrary code as root on the fax server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.1-1.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.1.8-1.

\n

We recommend that you upgrade your hylafax packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "402": "
\n

Debian Security Advisory

\n

DSA-402-1 minimalist -- unsanitised input

\n
\n
Date Reported:
\n
17 Nov 2003
\n
Affected Packages:
\n
\nminimalist\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9049.
In Mitre's CVE dictionary: CVE-2003-0902.
\n
More information:
\n
\n

A security-related problem has been discovered in minimalist, a\nmailing list manager, which allows a remote attacker to execute\narbitrary commands.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2-4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4-1.

\n

We recommend that you upgrade your minimalist package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/minimalist/minimalist_2.2-4.dsc
\n
http://security.debian.org/pool/updates/main/m/minimalist/minimalist_2.2-4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/minimalist/minimalist_2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/minimalist/minimalist_2.2-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "403": "
\n

Debian Security Advisory

\n

DSA-403-1 kernel-image-2.4.18-1-alpha, kernel-image-2.4.18-1-i386, kernel-source-2.4.18 -- local root exploit

\n
\n
Date Reported:
\n
01 Dec 2003
\n
Affected Packages:
\n
\nkernel-image-2.4.18-1-alpha
kernel-image-2.4.18-1-i386
kernel-source-2.4.18\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138.
In Mitre's CVE dictionary: CVE-2003-0961.
\n
More information:
\n
\n

Recently multiple servers of the Debian project were compromised using a\nDebian developers account and an unknown root exploit. Forensics\nrevealed a burneye encrypted exploit. Robert van der Meulen managed to\ndecrypt the binary which revealed a kernel exploit. Study of the exploit\nby the Red Hat and SuSE kernel and security teams quickly revealed that\nthe exploit used an integer overflow in the brk system call. Using\nthis bug it is possible for a userland program to trick the kernel into\ngiving access to the full kernel address space. This problem was found\nin September by Andrew Morton, but unfortunately that was too late for\nthe 2.4.22 kernel release.

\n

This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and\n2.6.0-test6 kernel tree. For Debian it has been fixed in version\n2.4.18-14 of the kernel source packages, version 2.4.18-12 of the i386\nkernel images and version 2.4.18-11 of the alpha kernel images.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-11.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "404": "
\n

Debian Security Advisory

\n

DSA-404-1 rsync -- heap overflow

\n
\n
Date Reported:
\n
04 Dec 2003
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9153.
In Mitre's CVE dictionary: CVE-2003-0962.
\n
More information:
\n
\n

The rsync team has received evidence that a vulnerability in all\nversions of rsync prior to 2.5.7, a fast remote file copy program, was\nrecently used in combination with a Linux kernel vulnerability to\ncompromise the security of a public rsync server.

\n

While this heap overflow vulnerability could not be used by itself to\nobtain root access on an rsync server, it could be used in combination\nwith the recently announced do_brk() vulnerability in the Linux kernel\nto produce a full remote compromise.

\n

Please note that this vulnerability only affects the use of rsync as\nan \"rsync server\". To see if you are running a rsync server you\nshould use the command \"netstat -a -n\" to see if you are listening on\nTCP port 873. If you are not listening on TCP port 873 then you are\nnot running an rsync server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.6-1.1.

\n

However, since the Debian infrastructure is not yet fully functional\nafter the recent break-in, packages for the unstable distribution are\nnot able to enter the archive for a while. Hence they were placed in\nJoey's home directory on the security machine.

\n

We recommend that you upgrade your rsync package immediately if you\nare providing remote sync services. If you are running testing and\nprovide remote sync services please use the packages for woody.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.dsc
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "405": "
\n

Debian Security Advisory

\n

DSA-405-1 xsok -- missing privilege release

\n
\n
Date Reported:
\n
30 Dec 2003
\n
Affected Packages:
\n
\nxsok\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9321.
In Mitre's CVE dictionary: CVE-2003-0949.
\n
More information:
\n
\n

Steve Kemp discovered a problem in xsok, a single player strategy game\nfor X11, related to the Sokoban game, which leads a user to execute\narbitrary commands under the GID of games.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.02-9woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.02-11.

\n

We recommend that you upgrade your xsok package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xsok/xsok_1.02-9woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "406": "
\n

Debian Security Advisory

\n

DSA-406-1 lftp -- buffer overflow

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nlftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9210.
In Mitre's CVE dictionary: CVE-2003-0963.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a buffer overflow in lftp, a set of\nsophisticated command-line FTP/HTTP client programs. An attacker\ncould create a carefully crafted directory on a website so that the\nexecution of an 'ls' or 'rels' command would lead to the execution of\narbitrary code on the client machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.9-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.6.10-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_2.4.9-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "407": "
\n

Debian Security Advisory

\n

DSA-407-1 ethereal -- buffer overflows

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9248, BugTraq ID 9249.
In Mitre's CVE dictionary: CVE-2003-0925, CVE-2003-0926, CVE-2003-0927, CVE-2003-1012, CVE-2003-1013.
\n
More information:
\n
\n

Several vulnerabilities were discovered upstream in ethereal, a\nnetwork traffic analyzer. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CAN-2003-0925\n

    A buffer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary code via a malformed GTP\n MSISDN string.

    \n
  • CAN-2003-0926\n

    Via certain malformed ISAKMP or MEGACO packets remote attackers are\n able to cause a denial of service (crash).

    \n
  • CAN-2003-0927\n

    A heap-based buffer overflow allows remote attackers to cause a\n denial of service (crash) and possibly execute arbitrary code via\n the SOCKS dissector.

    \n
  • CAN-2003-1012\n

    The SMB dissector allows remote attackers to cause a denial of\n service via a malformed SMB packet that triggers a segmentation\n fault during processing of selected packets.

    \n
  • CAN-2003-1013\n

    The Q.931 dissector allows remote attackers to cause a denial of\n service (crash) via a malformed Q.931, which triggers a null\n dereference.

    \n
\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.10.0-1.

\n

We recommend that you upgrade your ethereal and tethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "408": "
\n

Debian Security Advisory

\n

DSA-408-1 screen -- integer overflow

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nscreen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9117.
In Mitre's CVE dictionary: CVE-2003-0972.
\n
More information:
\n
\n

Timo Sirainen reported a vulnerability in screen, a terminal\nmultiplexor with VT100/ANSI terminal emulation, that can lead an\nattacker to gain group utmp privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.9.11-5woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.2-0.1.

\n

We recommend that you upgrade your screen package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/screen/screen_3.9.11-5woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "409": "
\n

Debian Security Advisory

\n

DSA-409-1 bind -- denial of service

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9114.
In Mitre's CVE dictionary: CVE-2003-0914.
CERT's vulnerabilities, advisories and incident notes: VU#734644.
\n
More information:
\n
\n

A vulnerability was discovered in BIND, a domain name server, whereby\na malicious name server could return authoritative negative responses\nwith a large TTL (time-to-live) value, thereby rendering a domain name\nunreachable. A successful attack would require that a vulnerable BIND\ninstance submit a query to a malicious nameserver.

\n

The bind9 package is not affected by this vulnerability.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1:8.3.3-2.0woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1:8.4.3-1.

\n

We recommend that you update your bind package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2.dsc
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind/bind-doc_8.3.3-2.0woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind/bind_8.3.3-2.0woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind/bind-dev_8.3.3-2.0woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "410": "
\n

Debian Security Advisory

\n

DSA-410-1 libnids -- buffer overflow

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nlibnids\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8905.
In Mitre's CVE dictionary: CVE-2003-0850.
\n
More information:
\n
\n

A vulnerability was discovered in libnids, a library used to analyze\nIP network traffic, whereby a carefully crafted TCP datagram could\ncause memory corruption and potentially execute arbitrary code with\nthe privileges of the user executing a program which uses libnids\n(such as dsniff).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.16-3woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your libnids package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids_1.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids-dev_1.16-3woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libn/libnids/libnids1_1.16-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "411": "
\n

Debian Security Advisory

\n

DSA-411-1 mpg321 -- format string vulnerability

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nmpg321\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9364.
In Mitre's CVE dictionary: CVE-2003-0969.
\n
More information:
\n
\n

A vulnerability was discovered in mpg321, a command-line mp3 player,\nwhereby user-supplied strings were passed to printf(3) unsafely. This\nvulnerability could be exploited by a remote attacker to overwrite\nmemory, and possibly execute arbitrary code. In order for this\nvulnerability to be exploited, mpg321 would need to play a malicious\nmp3 file (including via HTTP streaming).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.2.10.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.2.10.3.

\n

We recommend that you update your mpg321 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mpg321/mpg321_0.2.10.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "412": "
\n

Debian Security Advisory

\n

DSA-412-1 nd -- buffer overflows

\n
\n
Date Reported:
\n
05 Jan 2004
\n
Affected Packages:
\n
\nnd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0014.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in nd, a command-line WebDAV\ninterface, whereby long strings received from the remote server could\noverflow fixed-length buffers. This vulnerability could be exploited\nby a remote attacker in control of a malicious WebDAV server to\nexecute arbitrary code if the server was accessed by a vulnerable\nversion of nd.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.5.0-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.2-1.

\n

We recommend that you update your nd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "413": "
\n

Debian Security Advisory

\n

DSA-413-2 linux-kernel-2.4.18 -- missing boundary check

\n
\n
Date Reported:
\n
06 Jan 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.18, kernel-image-2.4.18-1-i386\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9356.
In Mitre's CVE dictionary: CVE-2003-0985.
\n
More information:
\n
\n

Paul Starzetz discovered a flaw in bounds checking in mremap() in the\nLinux kernel (present in version 2.4.x and 2.6.x) which may allow\na local attacker to gain root privileges.\nVersion 2.2 is not affected by this bug, since it doesn't support the\nMREMAP_FIXED flag (as clarified later).

\n

For the stable distribution (woody) this problem has been fixed in\nkernel-source version 2.4.18-14.1 and kernel-images versions\n2.4.18-12.1 and 2.4.18-5woody6 (bf) for the i386 architecture.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.

\n

We recommend that you upgrade your kernel packages. This problem has\nbeen fixed in the upstream version 2.4.24 as well.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody6.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody6_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "414": "
\n

Debian Security Advisory

\n

DSA-414-1 jabber -- denial of service

\n
\n
Date Reported:
\n
06 Jan 2004
\n
Affected Packages:
\n
\njabber\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9376.
In Mitre's CVE dictionary: CVE-2004-0013.
\n
More information:
\n
\n

A vulnerability was discovered in jabber, an instant messaging server,\nwhereby a bug in the handling of SSL connections could cause the\nserver process to crash, resulting in a denial of service.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.4.2a-1.1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.3-1.

\n

We recommend that you update your jabber package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/j/jabber/jabber_1.4.2a-1.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "415": "
\n

Debian Security Advisory

\n

DSA-415-1 zebra -- denial of service

\n
\n
Date Reported:
\n
06 Jan 2004
\n
Affected Packages:
\n
\nzebra\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9029.
In Mitre's CVE dictionary: CVE-2003-0795, CVE-2003-0858.
\n
More information:
\n
\n

Two vulnerabilities were discovered in zebra, an IP routing daemon:

\n
    \n
  • CAN-2003-0795 - a bug in the telnet CLI could allow a remote attacker\nto cause a zebra process to crash, resulting in a denial of service.
    • \n
  • CAN-2003-0858 - netlink messages sent by other users (rather than the\nkernel) would be accepted, leading to a denial of service.
    • \n
\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.92a-5woody2.

\n

The zebra package has been obsoleted in the unstable distribution by\nGNU Quagga, where this problem was fixed in version 0.96.4x-4.

\n

We recommend that you update your zebra package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra-doc_0.92a-5woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zebra/zebra_0.92a-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "416": "
\n

Debian Security Advisory

\n

DSA-416-1 fsp -- buffer overflow, directory traversal

\n
\n
Date Reported:
\n
06 Jan 2004
\n
Affected Packages:
\n
\nfsp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9377.
In Mitre's CVE dictionary: CVE-2003-1022, CVE-2004-0011.
\n
More information:
\n
\n

A vulnerability was discovered in fsp, client utilities for File Service Protocol (FSP), whereby a remote user could both\nescape from the FSP root directory (CAN-2003-1022), and also overflow\na fixed-length buffer to execute arbitrary code (CAN-2004-0011).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.81.b3-3.1woody1.

\n

For the unstable distribution, this problem is fixed in version\n2.81.b18-1.

\n

We recommend that you update your fsp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "417": "
\n

Debian Security Advisory

\n

DSA-417-1 linux-kernel-2.4.18-powerpc+alpha -- missing boundary check

\n
\n
Date Reported:
\n
07 Jan 2004
\n
Affected Packages:
\n
\nkernel-patch-2.4.18-powerpc, kernel-image-2.4.18-1-alpha\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9356.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985.
\n
More information:
\n
\n

Paul Starzetz discovered a flaw in bounds checking in mremap() in the\nLinux kernel (present in version 2.4.x and 2.6.x) which may allow a\nlocal attacker to gain root privileges. Version 2.2 is not affected\nby this bug.

\n

Andrew Morton discovered a missing boundary check for the brk system\ncall which can be used to craft a local root exploit.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.18-12 for the alpha architecture and in\nversion 2.4.18-1woody3 for the powerpc architecture.

\n

For the unstable distribution (sid) these problems will be fixed soon\nwith newly uploaded packages.

\n

We recommend that you upgrade your kernel packages. These problems have\nbeen fixed in the upstream version 2.4.24 as well.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-12.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-12.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-11_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-11_alpha.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody3_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "418": "
\n

Debian Security Advisory

\n

DSA-418-1 vbox3 -- privilege leak

\n
\n
Date Reported:
\n
07 Jan 2004
\n
Affected Packages:
\n
\nvbox3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 218288.
In the Bugtraq database (at SecurityFocus): BugTraq ID 9381.
In Mitre's CVE dictionary: CVE-2004-0015.
\n
More information:
\n
\n

A bug was discovered in vbox3, a voice response system for isdn4linux,\nwhereby root privileges were not properly relinquished before\nexecuting a user-supplied tcl script. By exploiting this\nvulnerability, a local user could gain root privileges.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.1.7.1.

\n

For the unstable distribution, this problem has been fixed in version 0.1.8.

\n

We recommend that you update your vbox3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1.dsc
\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vbox3/vbox3_0.1.7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "419": "
\n

Debian Security Advisory

\n

DSA-419-1 phpgroupware -- missing filename sanitising, SQL injection

\n
\n
Date Reported:
\n
09 Jan 2004
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9387, BugTraq ID 9386.
In Mitre's CVE dictionary: CVE-2004-0016, CVE-2004-0017.
\n
More information:
\n
\n

The authors of phpgroupware, a web based groupware system written in\nPHP, discovered several vulnerabilities. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CAN-2004-0016\n

    In the \"calendar\" module, \"save extension\" was not enforced for\n holiday files. As a result, server-side php scripts may be placed\n in directories that then could be accessed remotely and cause the\n webserver to execute those. This was resolved by enforcing the\n extension \".txt\" for holiday files.

    \n
  • CAN-2004-0017\n

    Some SQL injection problems (non-escaping of values used in SQL\n strings) the \"calendar\" and \"infolog\" modules.

    \n
\n

Additionally, the Debian maintainer adjusted the permissions on world\nwritable directories that were accidentally created by former postinst\nduring the installation.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.14-0.RC3.2.woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.14.007-4.

\n

We recommend that you upgrade your phpgroupware, phpgroupware-calendar\nand phpgroupware-infolog packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "420": "
\n

Debian Security Advisory

\n

DSA-420-1 jitterbug -- improperly sanitised input

\n
\n
Date Reported:
\n
12 Jan 2004
\n
Affected Packages:
\n
\njitterbug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9397.
In Mitre's CVE dictionary: CVE-2004-0028.
\n
More information:
\n
\n

Steve Kemp discovered a security related problem in jitterbug, a\nsimple CGI based bug tracking and reporting tool. Unfortunately the\nprogram executions do not properly sanitize input, which allows an\nattacker to execute arbitrary commands on the server hosting the bug\ndatabase. As mitigating factors these attacks are only available to\nnon-guest users, and accounts for these people must be setup by the\nadministrator making them \"trusted\".

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.6.2-4.2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.2-4.5.

\n

We recommend that you upgrade your jitterbug package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2.dsc
\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/j/jitterbug/jitterbug_1.6.2-4.2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "421": "
\n

Debian Security Advisory

\n

DSA-421-1 mod-auth-shadow -- password expiration

\n
\n
Date Reported:
\n
12 Jan 2004
\n
Affected Packages:
\n
\nmod-auth-shadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9404.
In Mitre's CVE dictionary: CVE-2004-0041.
\n
More information:
\n
\n

David B Harris discovered a problem with mod-auth-shadow, an Apache\nmodule which authenticates users against the system shadow password\ndatabase, where the expiration status of the user's account and\npassword were not enforced. This vulnerability would allow an\notherwise authorized user to successfully authenticate, when the\nattempt should be rejected due to the expiration parameters.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.3-3.1woody.1

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4-1.

\n

We recommend that you update your mod-auth-shadow package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "422": "
\n

Debian Security Advisory

\n

DSA-422-1 cvs -- remote vulnerability

\n
\n
Date Reported:
\n
13 Jan 2004
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

The account management of the CVS pserver (which is used to give remote\naccess to CVS repositories) uses a CVSROOT/passwd file in each\nrepository which contains the accounts and their authentication\ninformation as well as the name of the local unix account to use when a\npserver account is used. Since CVS performed no checking on what unix\naccount was specified anyone who could modify the CVSROOT/passwd\ncould gain access to all local users on the CVS server, including root.

\n

This has been fixed in upstream version 1.11.11 by preventing pserver\nfrom running as root. For Debian this problem is solved in version\n1.11.1p1debian-9 in two different ways:

\n
    \n
  • pserver is no longer allowed to use root to access repositories
    • \n
  • a new /etc/cvs-repouid is introduced which can be used by the\n system administrator to override the unix account used to access a\n repository. More information on this change can be found at\n http://www.wiggy.net/code/cvs-repouid/
    • \n
\n

Additionally, CVS pserver had a bug in parsing module requests which\ncould be used to create files and directories outside a repository.\nThis has been fixed upstream in version 1.11.11 and Debian version\n1.11.1p1debian-9.

\n

Finally, the umask used for \u201ccvs init\u201d and\n\u201ccvs-makerepos\u201d has been\nchanged to prevent repositories from being created with group write\npermissions.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "423": "
\n

Debian Security Advisory

\n

DSA-423-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jan 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.17-ia64\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10330, BugTraq ID 6535, BugTraq ID 6763, BugTraq ID 7112, BugTraq ID 8002, BugTraq ID 8042, BugTraq ID 8233, BugTraq ID 9138, BugTraq ID 9356.
In Mitre's CVE dictionary: CVE-2003-0001, CVE-2003-0018, CVE-2003-0127, CVE-2003-0461, CVE-2003-0462, CVE-2003-0476, CVE-2003-0501, CVE-2003-0550, CVE-2003-0551, CVE-2003-0552, CVE-2003-0961, CVE-2003-0985.
\n
More information:
\n
\n

The IA-64 maintainers fixed several security related bugs in the Linux\nkernel 2.4.17 used for the IA-64 architecture, mostly by backporting\nfixes from 2.4.18. The corrections are listed below with the\nidentification from the Common Vulnerabilities and Exposures (CVE)\nproject:

\n
    \n
  • CAN-2003-0001:\n

    Multiple ethernet network interface card (NIC) device drivers do\n not pad frames with null bytes, which allows remote attackers to\n obtain information from previous packets or kernel memory by using\n malformed packets, as demonstrated by Etherleak.

    \n
  • CAN-2003-0018:\n

    Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle\n the O_DIRECT feature, which allows local attackers with write\n privileges to read portions of previously deleted files, or cause\n file system corruption.

    \n
  • CAN-2003-0127:\n

    The kernel module loader in Linux kernel 2.2.x before 2.2.25, and\n 2.4.x before 2.4.21, allows local users to gain root privileges\n by using ptrace to attach to a child process which is spawned by\n the kernel.

    \n
  • CAN-2003-0461:\n

    The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals\n the exact number of characters used in serial links, which could\n allow local users to obtain potentially sensitive information such\n as the length of passwords.

    \n
  • CAN-2003-0462:\n

    A race condition in the way env_start and env_end pointers are\n initialized in the execve system call and used in fs/proc/base.c\n on Linux 2.4 allows local users to cause a denial of service\n (crash).

    \n
  • CAN-2003-0476:\n

    The execve system call in Linux 2.4.x records the file descriptor\n of the executable process in the file table of the calling\n process, which allows local users to gain read access to\n restricted file descriptors.

    \n
  • CAN-2003-0501:\n

    The /proc filesystem in Linux allows local users to obtain\n sensitive information by opening various entries in /proc/self\n before executing a setuid program, which causes the program to\n fail to change the ownership and permissions of those entries.

    \n
  • CAN-2003-0550:\n

    The STP protocol, as enabled in Linux 2.4.x, does not provide\n sufficient security by design, which allows attackers to modify\n the bridge topology.

    \n
  • CAN-2003-0551:\n

    The STP protocol implementation in Linux 2.4.x does not properly\n verify certain lengths, which could allow attackers to cause a\n denial of service.

    \n
  • CAN-2003-0552:\n

    Linux 2.4.x allows remote attackers to spoof the bridge Forwarding\n table via forged packets whose source addresses are the same as\n the target.

    \n
  • CAN-2003-0961:\n

    An integer overflow in brk system call (do_brk function) for Linux\n kernel 2.4.22 and earlier allows local users to gain root\n privileges.

    \n
  • CAN-2003-0985:\n

    The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6\n does not properly perform boundary checks, which allows local\n users to cause a denial of service and possibly gain privileges by\n causing a remapping of a virtual memory area (VMA) to create a\n zero length VMA.

    \n
\n

For the stable distribution (woody) this problem has been fixed in\nversion kernel-image-2.4.17-ia64 for the ia64 architecture. Other\narchitectures are already or will be fixed separately.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.15.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.15.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.15_all.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.15_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "424": "
\n

Debian Security Advisory

\n

DSA-424-1 mc -- buffer overflow

\n
\n
Date Reported:
\n
16 Jan 2004
\n
Affected Packages:
\n
\nmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8658.
In Mitre's CVE dictionary: CVE-2003-1023.
\n
More information:
\n
\n

A vulnerability was discovered in Midnight Commander, a file manager,\nwhereby a malicious archive (such as a .tar file) could cause\narbitrary code to be executed if opened by Midnight Commander.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 4.5.55-1.2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1:4.6.0-4.6.1-pre1-1.

\n

We recommend that you update your mc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2.dsc
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "425": "
\n

Debian Security Advisory

\n

DSA-425-1 tcpdump -- multiple vulnerabilities

\n
\n
Date Reported:
\n
16 Jan 2004
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9263, BugTraq ID 9243, BugTraq ID 9507.
In Mitre's CVE dictionary: CVE-2003-1029, CVE-2003-0989, CVE-2004-0055, CVE-2004-0057.
CERT's vulnerabilities, advisories and incident notes: VU#174086, VU#955526, VU#738518.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in tcpdump, a tool for\ninspecting network traffic. If a vulnerable version of tcpdump\nattempted to examine a maliciously constructed packet, a number of\nbuffer overflows could be exploited to crash tcpdump, or potentially\nexecute arbitrary code with the privileges of the tcpdump process.

\n\n

For the current stable distribution (woody) these problems have been\nfixed in version 3.6.2-2.7.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you update your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "426": "
\n

Debian Security Advisory

\n

DSA-426-1 netpbm-free -- insecure temporary files

\n
\n
Date Reported:
\n
18 Jan 2004
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9442.
In Mitre's CVE dictionary: CVE-2003-0924.
CERT's vulnerabilities, advisories and incident notes: VU#487102.
\n
More information:
\n
\n

netpbm is a graphics conversion toolkit made up of a large number of\nsingle-purpose programs. Many of these programs were found to create\ntemporary files in an insecure manner, which could allow a local\nattacker to overwrite files with the privileges of the user invoking a\nvulnerable netpbm tool.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 2:9.20-8.4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2:9.25-9.

\n

We recommend that you update your netpbm-free package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.4.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "427": "
\n

Debian Security Advisory

\n

DSA-427-1 linux-kernel-2.4.17-mips+mipsel -- missing boundary check

\n
\n
Date Reported:
\n
19 Jan 2004
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9356.
In Mitre's CVE dictionary: CVE-2003-0985.
\n
More information:
\n
\n

Paul Starzetz discovered a flaw in bounds checking in mremap() in the\nLinux kernel (present in version 2.4.x and 2.6.x) which may allow a\nlocal attacker to gain root privileges. Version 2.2 is not affected\nby this bug.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.17-0.020226.2.woody3 the mips and mipsel architectures.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.

\n

We recommend that you upgrade your kernel packages. This problem has\nbeen fixed in the upstream version 2.4.24 as well.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody3_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody3_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "428": "
\n

Debian Security Advisory

\n

DSA-428-1 slocate -- buffer overflow

\n
\n
Date Reported:
\n
20 Jan 2004
\n
Affected Packages:
\n
\nslocate\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8780.
In Mitre's CVE dictionary: CVE-2003-0848.
CERT's vulnerabilities, advisories and incident notes: VU#441956.
\n
More information:
\n
\n

A vulnerability was discovered in slocate, a program to index and\nsearch for files, whereby a specially crafted database could overflow\na heap-based buffer. This vulnerability could be exploited by a local\nattacker to gain the privileges of the \"slocate\" group, which can\naccess the global database containing a list of pathnames of all files\non the system, including those which should only be visible to\nprivileged users.

\n

This problem, and a category of potential similar problems, have been\nfixed by modifying slocate to drop privileges before reading a\nuser-supplied database.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.6-1.3.2.

\n

For the unstable distribution (sid) this problem will be fixed soon.\nRefer to Debian bug #226103\nfor status information.

\n

We recommend that you update your slocate package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2.dsc
\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "429": "
\n

Debian Security Advisory

\n

DSA-429-1 gnupg -- cryptographic weakness

\n
\n
Date Reported:
\n
26 Jan 2004
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9115.
In Mitre's CVE dictionary: CVE-2003-0971.
\n
More information:
\n
\n

Phong Nguyen identified a severe bug in the way GnuPG creates and uses\nElGamal keys for signing. This is a significant security failure\nwhich can lead to a compromise of almost all ElGamal keys used for\nsigning.

\n

This update disables the use of this type of key.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.0.6-4woody1.

\n

For the unstable distribution, this problem has been fixed in version\n1.2.4-1.

\n

We recommend that you update your gnupg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "430": "
\n

Debian Security Advisory

\n

DSA-430-1 trr19 -- missing privilege release

\n
\n
Date Reported:
\n
28 Jan 2004
\n
Affected Packages:
\n
\ntrr19\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9520.
In Mitre's CVE dictionary: CVE-2004-0047.
\n
More information:
\n
\n

Steve Kemp discovered a problem in trr19, a type trainer application\nfor GNU Emacs, which is written as a pair of setgid() binaries and\nwrapper programs which execute commands for GNU Emacs. However, the\nbinaries don't drop privileges before executing a command, allowing an\nattacker to gain access to the local group games.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0beta5-15woody1. The mipsel binary will be added later.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your trr19 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "431": "
\n

Debian Security Advisory

\n

DSA-431-1 perl -- information leak

\n
\n
Date Reported:
\n
01 Feb 2004
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9543.
In Mitre's CVE dictionary: CVE-2003-0618.
\n
More information:
\n
\n

Paul Szabo discovered a number of similar bugs in suidperl, a helper\nprogram to run perl scripts with setuid privileges. By exploiting\nthese bugs, an attacker could abuse suidperl to discover information\nabout files (such as testing for their existence and some of their\npermissions) that should not be accessible to unprivileged users.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 5.6.1-8.6.

\n

For the unstable distribution (sid), this problem will be fixed soon. Refer\nto Debian bug #220486.

\n

We recommend that you update your perl package if you have the\n\"perl-suid\" package installed.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.6_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.6_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "432": "
\n

Debian Security Advisory

\n

DSA-432-1 crawl -- buffer overflow

\n
\n
Date Reported:
\n
03 Feb 2004
\n
Affected Packages:
\n
\ncrawl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9566.
In Mitre's CVE dictionary: CVE-2004-0103.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit Project discovered a problem in\ncrawl, another console based dungeon exploration game, in the vein of\nnethack and rogue. The program uses several environment variables as\ninputs but doesn't apply a size check before copying one of them into\na fixed size buffer.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.0.0beta23-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.0beta26-4.

\n

We recommend that you upgrade your crawl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "433": "
\n

Debian Security Advisory

\n

DSA-433-1 kernel-patch-2.4.17-mips -- integer overflow

\n
\n
Date Reported:
\n
04 Feb 2004
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138.
In Mitre's CVE dictionary: CVE-2003-0961.
\n
More information:
\n
\n

Red Hat and SuSE kernel and security teams revealed an integer overflow\nin the do_brk() function of the Linux kernel allows local users to\ngain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.17-0.020226.2.woody4. Other architectures are already or\nwill be fixed separately.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith newly uploaded packages.

\n

We recommend that you upgrade your kernel image packages for the mips\nand mipsel architectures. This problem has been fixed in the upstream\nversion 2.4.23 as well and is also fixed in 2.4.24, of course.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody4_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody4_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "434": "
\n

Debian Security Advisory

\n

DSA-434-1 gaim -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Feb 2004
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9489.
In Mitre's CVE dictionary: CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008.
\n
More information:
\n
\n

Stefan Esser discovered several security related problems in Gaim, a\nmulti-protocol instant messaging client. Not all of them are\napplicable for the version in Debian stable, but affected the version\nin the unstable distribution at least. The problems were grouped for\nthe Common Vulnerabilities and Exposures as follows:

\n
    \n
  • CAN-2004-0005\n

    When the Yahoo Messenger handler decodes an octal value for email\n notification functions two different kinds of overflows can be\n triggered. When the MIME decoder decoded a quoted printable\n encoded string for email notification two other different kinds of\n overflows can be triggered. These problems only affect the\n version in the unstable distribution.

    \n
  • CAN-2004-0006\n

    When parsing the cookies within the HTTP reply header of a Yahoo\n web connection a buffer overflow can happen. When parsing the\n Yahoo Login Webpage the YMSG protocol overflows stack buffers if\n the web page returns oversized values. When splitting a URL into\n its parts a stack overflow can be caused. These problems only\n affect the version in the unstable distribution.

    \n

    When an oversized keyname is read from a Yahoo Messenger packet a\n stack overflow can be triggered. When Gaim is setup to use an HTTP\n proxy for connecting to the server a malicious HTTP proxy can\n exploit it. These problems affect all versions Debian ships.\n However, the connection to Yahoo doesn't work in the version in\n Debian stable.

    \n
  • CAN-2004-0007\n

    Internally data is copied between two tokens into a fixed size\n stack buffer without a size check. This only affects the version\n of gaim in the unstable distribution.

    \n
  • CAN-2004-0008\n

    When allocating memory for AIM/Oscar DirectIM packets an integer\n overflow can happen, resulting in a heap overflow. This only\n affects the version of gaim in the unstable distribution.

    \n
\n

For the stable distribution (woody) these problems has been fixed in\nversion 0.58-2.4.

\n

For the unstable distribution (sid) these problems has been fixed in\nversion 0.75-2.

\n

We recommend that you upgrade your gaim packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "435": "
\n

Debian Security Advisory

\n

DSA-435-1 mpg123 -- heap overflow

\n
\n
Date Reported:
\n
06 Feb 2004
\n
Affected Packages:
\n
\nmpg123\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8680.
In Mitre's CVE dictionary: CVE-2003-0865.
\n
More information:
\n
\n

A vulnerability was discovered in mpg123, a command-line mp3 player,\nwhereby a response from a remote HTTP server could overflow a buffer\nallocated on the heap, potentially permitting execution of arbitrary\ncode with the privileges of the user invoking mpg123. In order for\nthis vulnerability to be exploited, mpg123 would need to request an\nmp3 stream from a malicious remote server via HTTP.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.59r-13woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.59r-15.

\n

We recommend that you update your mpg123 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2.dsc
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2.diff.gz
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-13woody2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-13woody2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-13woody2_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "436": "
\n

Debian Security Advisory

\n

DSA-436-1 mailman -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Feb 2004
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9336, BugTraq ID 9620.
In Mitre's CVE dictionary: CVE-2003-0991, CVE-2003-0965, CVE-2003-0038.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in the mailman package:

\n
    \n
  • CAN-2003-0038 - potential cross-site scripting via certain CGI\n parameters (not known to be exploitable in this version)
    • \n
  • CAN-2003-0965 - cross-site scripting in the administrative\n interface
    • \n
  • CAN-2003-0991 - certain malformed email commands could cause the mailman\n process to crash
    • \n
\n

The cross-site scripting vulnerabilities could allow an attacker to\nperform administrative operations without authorization, by stealing a\nsession cookie.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.0.11-1woody7.

\n

For the unstable distribution (sid),\nCAN-2003-0965 is fixed in version 2.1.4-1, and\nCAN-2003-0038 in version 2.1.1-1.\nCAN-2003-0991 will be fixed soon.

\n

We recommend that you update your mailman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "437": "
\n

Debian Security Advisory

\n

DSA-437-1 cgiemail -- open mail relay

\n
\n
Date Reported:
\n
11 Feb 2004
\n
Affected Packages:
\n
\ncgiemail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5013.
In Mitre's CVE dictionary: CVE-2002-1575.
\n
More information:
\n
\n

A vulnerability was discovered in cgiemail, a CGI program used to\nemail the contents of an HTML form, whereby it could be used to send\nemail to arbitrary addresses. This type of vulnerability is commonly\nexploited to send unsolicited commercial email (spam).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.6-14woody1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6-20.

\n

We recommend that you update your cgiemail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cgiemail/cgiemail_1.6-14woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "438": "
\n

Debian Security Advisory

\n

DSA-438-1 linux-kernel-2.4.18-alpha+i386+powerpc -- missing function return value check

\n
\n
Date Reported:
\n
18 Feb 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.18
kernel-image-2.4.18-1-alpha
kernel-image-2.4.18-1-i386
kernel-image-2.4.18-i386bf
kernel-patch-2.4.18-powerpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to missing function return value check\nof internal functions a local attacker can gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.18-14.2 of kernel-source, version 2.4.18-14 of alpha\nimages, version 2.4.18-12.2 of i386 images, version 2.4.18-5woody7\nof i386bf images and version 2.4.18-1woody4 of powerpc images.

\n

Other architectures will probably mentioned in a separate advisory or\nare not affected (m68k).

\n

For the unstable distribution (sid) this problem is fixed in version\n2.4.24-3 for source, i386 and alpha images and version 2.4.22-10 for\npowerpc images.

\n

This problem is also fixed in the upstream version of Linux 2.4.25 and\n2.6.3.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-14.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-12.2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-14_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-12.2_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-12.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody7_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody4_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "439": "
\n

Debian Security Advisory

\n

DSA-439-1 linux-kernel-2.4.16-arm -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Feb 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.16-lart
kernel-image-2.4.16-netwinder
kernel-image-2.4.16-riscpc
kernel-patch-2.4.16-arm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the ARM kernel for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered\n a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.16-20040204 of lart, netwinder and riscpc image and in\nversion 20040204 of kernel-patch-2.4.16-arm.

\n

Other architectures will probably be mentioned in a separate advisory or\nare not affected (m68k).

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040204_all.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040204_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040204_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040204_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040204_arm.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "440": "
\n

Debian Security Advisory

\n

DSA-440-1 linux-kernel-2.4.17-powerpc-apus -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Feb 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.17, kernel-patch-2.4.17-apus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the PowerPC/Apus kernel for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered\n a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.17-4 of powerpc/apus images.

\n

Other architectures will probably be mentioned in a separate advisory or\nare not affected (m68k).

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody2_all.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-4_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "441": "
\n

Debian Security Advisory

\n

DSA-441-1 linux-kernel-2.4.17-mips+mipsel -- missing function return value check

\n
\n
Date Reported:
\n
18 Feb 2004
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to missing function return value check\nof internal functions a local attacker can gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.17-0.020226.2.woody5 for mips and mipsel kernel images.

\n

Other architectures will probably mentioned in a separate advisory or\nare not affected (m68k).

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith the next upload of a 2.4.19 kernel image and in version\n2.4.22-0.030928.3 for 2.4.22 for the mips and mipsel architectures.

\n

This problem is also fixed in the upstream version of Linux 2.4.25 and\n2.6.3.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody5_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody5_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "442": "
\n

Debian Security Advisory

\n

DSA-442-1 linux-kernel-2.4.17-s390 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Feb 2004
\n
Affected Packages:
\n
\nkernel-patch-2.4.17-s390, kernel-image-2.4.17-s390\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 4259, BugTraq ID 6535, BugTraq ID 7600, BugTraq ID 7601, BugTraq ID 7791, BugTraq ID 7793, BugTraq ID 7797, BugTraq ID 9138, BugTraq ID 9356, BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0001, CVE-2003-0244, CVE-2003-0246, CVE-2003-0247, CVE-2003-0248, CVE-2003-0364, CVE-2003-0961, CVE-2003-0985, CVE-2004-0077, CVE-2002-0429.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several security related problems have been fixed in the Linux kernel\n2.4.17 used for the S/390 architecture, mostly by backporting fixes\nfrom 2.4.18 and incorporating recent security fixes. The corrections\nare listed below with the identification from the Common\nVulnerabilities and Exposures (CVE) project:

\n
    \n
  • CVE-2002-0429:\n

    The iBCS routines in arch/i386/kernel/traps.c for Linux kernels\n 2.4.18 and earlier on x86 systems allow local users to kill\n arbitrary processes via a binary compatibility interface (lcall).

    \n
  • CAN-2003-0001:\n

    Multiple ethernet network interface card (NIC) device drivers do\n not pad frames with null bytes, which allows remote attackers to\n obtain information from previous packets or kernel memory by using\n malformed packets, as demonstrated by Etherleak.

    \n
  • CAN-2003-0244:\n

    The route cache implementation in Linux 2.4, and the Netfilter IP\n conntrack module, allows remote attackers to cause a denial of\n service (CPU consumption) via packets with forged source addresses\n that cause a large number of hash table collisions related to the\n PREROUTING chain.

    \n
  • CAN-2003-0246:\n

    The ioperm system call in Linux kernel 2.4.20 and earlier does not\n properly restrict privileges, which allows local users to gain read\n or write access to certain I/O ports.

    \n
  • CAN-2003-0247:\n

    A vulnerability in the TTY layer of the Linux kernel 2.4 allows\n attackers to cause a denial of service (\"kernel oops\").

    \n
  • CAN-2003-0248:\n

    The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU\n state registers via a malformed address.

    \n
  • CAN-2003-0364:\n

    The TCP/IP fragment reassembly handling in the Linux kernel 2.4\n allows remote attackers to cause a denial of service (CPU\n consumption) via certain packets that cause a large number of hash\n table collisions.

    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered\n a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.17-2.woody.3 of s390 images and in version\n0.0.20020816-0.woody.2 of the patch packages.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.2_all.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "443": "
\n

Debian Security Advisory

\n

DSA-443-1 xfree86 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Feb 2004
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9636, BugTraq ID 9652, BugTraq ID 9655, BugTraq ID 9701.
In Mitre's CVE dictionary: CVE-2003-0690, CVE-2004-0083, CVE-2004-0084, CVE-2004-0106, CVE-2004-0093, CVE-2004-0094.
\n
More information:
\n
\n

A number of vulnerabilities have been discovered in XFree86. The corrections\nare listed below with the identification from the Common\nVulnerabilities and Exposures (CVE) project:

\n
    \n
  • CAN-2004-0083:\n

    Buffer overflow in ReadFontAlias from dirfile.c of\n XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to\n execute arbitrary code via a font alias file (font.alias) with a long\n token, a different vulnerability than CAN-2004-0084.

    \n
  • CAN-2004-0084:\n

    Buffer overflow in the ReadFontAlias function in XFree86\n 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows\n local or remote authenticated users to execute arbitrary code via a\n malformed entry in the font alias (font.alias) file, a different\n vulnerability than CAN-2004-0083.

    \n
  • CAN-2004-0106:\n

    Miscellaneous additional flaws in XFree86's handling of\n font files.

    \n
  • CAN-2003-0690:\n

    xdm does not verify whether the pam_setcred function call\n succeeds, which may allow attackers to gain root privileges by\n triggering error conditions within PAM modules, as demonstrated in\n certain configurations of the MIT pam_krb5 module.

    \n
  • CAN-2004-0093, CAN-2004-0094:\n

    Denial-of-service attacks against the X\n server by clients using the GLX extension and Direct Rendering\n Infrastructure are possible due to unchecked client data (out-of-bounds\n array indexes [CAN-2004-0093] and integer signedness errors\n [CAN-2004-0094]).

    \n
\n

Exploitation of CAN-2004-0083, CAN-2004-0084, CAN-2004-0106,\nCAN-2004-0093 and CAN-2004-0094 would require a connection to the X\nserver. By default, display managers in Debian start the X server\nwith a configuration which only accepts local connections, but if the\nconfiguration is changed to allow remote connections, or X servers are\nstarted by other means, then these bugs could be exploited remotely.\nSince the X server usually runs with root privileges, these bugs could\npotentially be exploited to gain root privileges.

\n

No attack vector for CAN-2003-0690 is known at this time.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.1.0-16woody3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.3.0-2.

\n

We recommend that you update your xfree86 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody3.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "444": "
\n

Debian Security Advisory

\n

DSA-444-1 linux-kernel-2.4.17-ia64 -- missing function return value check

\n
\n
Date Reported:
\n
20 Feb 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.17-ia64\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to missing function return value check\nof internal functions a local attacker can gain root privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 011226.16 of ia64 kernel source and images.

\n

Other architectures are or will be mentioned in a separate advisory\nrespectively or are not affected (m68k).

\n

For the unstable distribution (sid) this problem will be fixed in version\n2.4.24-3.

\n

This problem is also fixed in the upstream version of Linux 2.4.25 and\n2.6.3.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.16.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.16.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.16_all.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.16_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "445": "
\n

Debian Security Advisory

\n

DSA-445-1 lbreakout2 -- buffer overflow

\n
\n
Date Reported:
\n
21 Feb 2004
\n
Affected Packages:
\n
\nlbreakout2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9712.
In Mitre's CVE dictionary: CVE-2004-0158.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a vulnerability in\nlbreakout2, a game, where proper bounds checking was not performed on\nenvironment variables. This bug could be exploited by a local\nattacker to gain the privileges of group \"games\".

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.2.2-1woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your lbreakout2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "446": "
\n

Debian Security Advisory

\n

DSA-446-1 synaesthesia -- insecure file creation

\n
\n
Date Reported:
\n
21 Feb 2004
\n
Affected Packages:
\n
\nsynaesthesia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9713.
In Mitre's CVE dictionary: CVE-2004-0160.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a vulnerability in\nsynaesthesia, a program which represents sounds visually.\nsynaesthesia created its configuration file while holding root\nprivileges, allowing a local user to create files owned by root and\nwritable by the user's primary group. This type of vulnerability can\nusually be easily exploited to execute arbitrary code with root\nprivileges by various means.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.1-2.1woody1.

\n

The unstable distribution (sid) is not affected by this problem, because\nsynaesthesia is no longer setuid.

\n

We recommend that you update your synaesthesia package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "447": "
\n

Debian Security Advisory

\n

DSA-447-1 hsftp -- format string

\n
\n
Date Reported:
\n
22 Feb 2004
\n
Affected Packages:
\n
\nhsftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9715.
In Mitre's CVE dictionary: CVE-2004-0159.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project\ndiscovered a format string\nvulnerability in hsftp. This vulnerability could be exploited by an\nattacker able to create files on a remote server with carefully\ncrafted names, to which a user would connect using hsftp. When the\nuser requests a directory listing, particular bytes in memory could be\noverwritten, potentially allowing arbitrary code to be executed with\nthe privileges of the user invoking hsftp.

\n

Note that while hsftp is installed setuid root, it only uses these\nprivileges to acquire locked memory, and then relinquishes them.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.11-1woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your hsftp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hsftp/hsftp_1.11-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "448": "
\n

Debian Security Advisory

\n

DSA-448-1 pwlib -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2004
\n
Affected Packages:
\n
\npwlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9406.
In Mitre's CVE dictionary: CVE-2004-0097.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in pwlib, a library used to\naid in writing portable applications, whereby a remote attacker could\ncause a denial of service or potentially execute arbitrary code. This\nlibrary is most notably used in several applications implementing the\nH.323 teleconferencing protocol, including the OpenH323 suite,\ngnomemeeting and asterisk.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.2.5-5woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.\nRefer to Debian Bug#233888 for details.

\n

We recommend that you update your pwlib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pwlib/pwlib_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pwlib/asnparser_1.2.5-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-1.2.0_1.2.5-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dbg_1.2.5-5woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pwlib/libpt-dev_1.2.5-5woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "449": "
\n

Debian Security Advisory

\n

DSA-449-1 metamail -- buffer overflow, format string bugs

\n
\n
Date Reported:
\n
24 Feb 2004
\n
Affected Packages:
\n
\nmetamail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9692.
In Mitre's CVE dictionary: CVE-2004-0104, CVE-2004-0105.
CERT's vulnerabilities, advisories and incident notes: VU#518518, VU#513062.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered two format string bugs (CAN-2004-0104) and\ntwo buffer overflow bugs (CAN-2004-0105) in metamail, an\nimplementation of MIME. An attacker could create a carefully-crafted\nmail message which will execute arbitrary code as the victim when it\nis opened and parsed through metamail.

\n

We have been devoting some effort to trying to avoid shipping metamail\nin the future. It became unmaintainable and these are probably not\nthe last of the vulnerabilities.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.7-45woody.2.

\n

For the unstable distribution (sid) these problems will be fixed in\nversion 2.7-45.2.

\n

We recommend that you upgrade your metamail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2.dsc
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "450": "
\n

Debian Security Advisory

\n

DSA-450-1 linux-kernel-2.4.19-mips -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Feb 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.19, kernel-patch-2.4.19-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138, BugTraq ID 9356, BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the mips kernel 2.4.19 for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered\n a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.19-0.020911.1.woody3 of mips images and version\n2.4.19-4.woody1 of kernel source.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith the next upload of a 2.4.19 kernel image and in version\n2.4.22-0.030928.3 for 2.4.22.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody3_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody3_mips.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "451": "
\n

Debian Security Advisory

\n

DSA-451-1 xboing -- buffer overflows

\n
\n
Date Reported:
\n
27 Feb 2004
\n
Affected Packages:
\n
\nxboing\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9764.
In Mitre's CVE dictionary: CVE-2004-0149.
\n
More information:
\n
\n

Steve Kemp discovered a number of buffer overflow vulnerabilities in\nxboing, a game, which could be exploited by a local attacker to gain\ngid \"games\".

\n

For the current stable distribution (woody) these problems have been\nfixed in version 2.4-26woody1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4-26.1.

\n

We recommend that you update your xboing package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xboing/xboing_2.4-26woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "452": "
\n

Debian Security Advisory

\n

DSA-452-1 libapache-mod-python -- denial of service

\n
\n
Date Reported:
\n
29 Feb 2004
\n
Affected Packages:
\n
\nlibapache-mod-python\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9129.
In Mitre's CVE dictionary: CVE-2003-0973.
\n
More information:
\n
\n

The Apache Software Foundation announced that some versions of\nmod_python contain a bug which, when processing a request with a\nmalformed query string, could cause the corresponding Apache child to\ncrash. This bug could be exploited by a remote attacker to cause a\ndenial of service.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2:2.7.8-0.0woody2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:2.7.10-1.

\n

We recommend that you update your libapache-mod-python package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "453": "
\n

Debian Security Advisory

\n

DSA-453-1 linux-kernel-2.2.20-i386+m68k+powerpc -- failing function and TLB flush

\n
\n
Date Reported:
\n
02 Mar 2004
\n
Affected Packages:
\n
\nkernel-source-2.2.20
kernel-image-2.2.20-i386
kernel-image-2.2.20-reiserfs-i386
kernel-image-2.2.20-amiga
kernel-image-2.2.20-atari
kernel-image-2.2.20-bvme6000
kernel-image-2.2.20-mac
kernel-image-2.2.20-mvme147
kernel-image-2.2.20-mvme16x
kernel-patch-2.2.20-powerpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.

\n

The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.

\n

For the stable distribution (woody) this problem has been fixed in\nthe following versions and architectures:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
packagearchversion
kernel-source-2.2.20source2.2.20-5woody3
kernel-image-2.2.20-i386i3862.2.20-5woody5
kernel-image-2.2.20-reiserfs-i386i3862.2.20-4woody1
kernel-image-2.2.20-amigam68k2.20-4
kernel-image-2.2.20-atarim68k2.2.20-3
kernel-image-2.2.20-bvme6000m68k2.2.20-3
kernel-image-2.2.20-macm68k2.2.20-3
kernel-image-2.2.20-mvme147m68k2.2.20-3
kernel-image-2.2.20-mvme16xm68k2.2.20-3
kernel-patch-2.2.20-powerpcpowerpc2.2.20-3woody1
\n

For the unstable distribution (sid) this problem will be fixed soon\nfor the architectures that still ship a 2.2.x kernel package.

\n

We recommend that you upgrade your Linux kernel package.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-i386_2.2.20-5woody5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-reiserfs-i386/kernel-image-2.2.20-reiserfs-i386_2.2.20-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-reiserfs-i386/kernel-image-2.2.20-reiserfs-i386_2.2.20-4woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-amiga/kernel-image-2.2.20-amiga_2.2.20-4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-amiga/kernel-image-2.2.20-amiga_2.2.20-4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-atari/kernel-image-2.2.20-atari_2.2.20-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-atari/kernel-image-2.2.20-atari_2.2.20-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-bvme6000/kernel-image-2.2.20-bvme6000_2.2.20-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-bvme6000/kernel-image-2.2.20-bvme6000_2.2.20-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mac/kernel-image-2.2.20-mac_2.2.20-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mac/kernel-image-2.2.20-mac_2.2.20-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme147/kernel-image-2.2.20-mvme147_2.2.20-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme147/kernel-image-2.2.20-mvme147_2.2.20-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme16x/kernel-image-2.2.20-mvme16x_2.2.20-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme16x/kernel-image-2.2.20-mvme16x_2.2.20-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-patch-2.2.20-powerpc_2.2.20-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-patch-2.2.20-powerpc_2.2.20-3woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-doc-2.2.20_2.2.20-5woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-patch-2.2.20-powerpc_2.2.20-3woody1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-compact_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-headers-2.2.20-idepci_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-compact_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-i386/kernel-image-2.2.20-idepci_2.2.20-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-reiserfs-i386/kernel-headers-2.2.20-reiserfs_2.2.20-4woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-reiserfs-i386/kernel-image-2.2.20-reiserfs_2.2.20-4woody1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-amiga/kernel-image-2.2.20-amiga_2.2.20-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-atari/kernel-image-2.2.20-atari_2.2.20-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-bvme6000/kernel-image-2.2.20-bvme6000_2.2.20-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mac/kernel-image-2.2.20-mac_2.2.20-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme147/kernel-image-2.2.20-mvme147_2.2.20-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.20-mvme16x/kernel-image-2.2.20-mvme16x_2.2.20-3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-headers-2.2.20_2.2.20-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-image-2.2.20-chrp_2.2.20-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-image-2.2.20-pmac_2.2.20-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.20-powerpc/kernel-image-2.2.20-prep_2.2.20-3woody1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "454": "
\n

Debian Security Advisory

\n

DSA-454-1 linux-kernel-2.2.22-alpha -- failing function and TLB flush

\n
\n
Date Reported:
\n
02 Mar 2004
\n
Affected Packages:
\n
\nkernel-source-2.2.22, kernel-image-2.2.22-alpha\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.

\n

The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.

\n

For the stable distribution (woody) this problem has been fixed in\nthe following versions and architectures:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
packagearchversion
kernel-source-2.2.22source2.2.22-1woody1
kernel-image-2.2.22-alphaalpha2.2.22-2
\n

For the unstable distribution (sid) this problem will be fixed soon\nfor the architectures that still ship a 2.2.x kernel package.

\n

We recommend that you upgrade your Linux kernel package.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.22/kernel-source-2.2.22_2.2.22-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.22/kernel-source-2.2.22_2.2.22-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.22/kernel-source-2.2.22_2.2.22.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-alpha_2.2.22-2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-alpha_2.2.22-2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.22/kernel-doc-2.2.22_2.2.22-1woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.22/kernel-source-2.2.22_2.2.22-1woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-headers-2.2.22_2.2.22-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-generic_2.2.22-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-jensen_2.2.22-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-nautilus_2.2.22-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.22-alpha/kernel-image-2.2.22-smp_2.2.22-2_alpha.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "455": "
\n

Debian Security Advisory

\n

DSA-455-1 libxml -- buffer overflows

\n
\n
Date Reported:
\n
03 Mar 2004
\n
Affected Packages:
\n
\nlibxml, libxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9718.
In Mitre's CVE dictionary: CVE-2004-0110.
\n
More information:
\n
\n

libxml2 is a library for manipulating XML files.

\n

Yuuichi Teranishi (\u5bfa\u897f \u88d5\u4e00)\ndiscovered a flaw in libxml, the GNOME XML library.\nWhen fetching a remote resource via FTP or HTTP, the library uses\nspecial parsing routines which can overflow a buffer if passed a very\nlong URL. If an attacker is able to find an application using libxml1\nor libxml2 that parses remote resources and allows the attacker to\ncraft the URL, then this flaw could be used to execute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.8.17-2woody1 of libxml and version 2.4.19-4woody1 of libxml2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.8.17-5 of libxml and version 2.6.6-1 of libxml2.

\n

We recommend that you upgrade your libxml1 and libxml2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "456": "
\n

Debian Security Advisory

\n

DSA-456-1 linux-kernel-2.2.19-arm -- failing function and TLB flush

\n
\n
Date Reported:
\n
06 Mar 2004
\n
Affected Packages:
\n
\nkernel-source-2.2.19
kernel-patch-2.2.19-arm
kernel-image-2.2.19-netwinder
kernel-image-2.2.19-riscpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.

\n

The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 20040303 of 2.2 kernel images for the arm architecture.

\n

For the unstable distribution (sid) this problem will be fixed soon\nfor the architectures that still ship a 2.2.x kernel package.

\n

We recommend that you upgrade your Linux kernel package.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://master.debian.org/~joey/stuff/2.2.19/kernel-source-2.2.19_2.2.19.1-4woody1.diff.gz
\n
http://master.debian.org/~joey/stuff/2.2.19/kernel-source-2.2.19_2.2.19.1-4woody1.dsc
\n
http://master.debian.org/~joey/stuff/2.2.19/kernel-source-2.2.19_2.2.19.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.19-arm/kernel-patch-2.2.19-arm_20040303.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.19-arm/kernel-patch-2.2.19-arm_20040303.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-netwinder/kernel-image-2.2.19-netwinder_20040303.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-netwinder/kernel-image-2.2.19-netwinder_20040303.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-riscpc/kernel-image-2.2.19-riscpc_20040303.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-riscpc/kernel-image-2.2.19-riscpc_20040303.tar.gz
\n
Architecture-independent component:\n
http://master.debian.org/~joey/stuff/2.2.19/kernel-doc-2.2.19_2.2.19.1-4woody1_all.deb
\n
http://master.debian.org/~joey/stuff/2.2.19/kernel-source-2.2.19_2.2.19.1-4woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.2.19-arm/kernel-patch-2.2.19-arm_20040303_all.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-netwinder/kernel-headers-2.2.19_20040303_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-netwinder/kernel-image-2.2.19-netwinder_20040303_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.19-riscpc/kernel-image-2.2.19-riscpc_20040303_arm.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "457": "
\n

Debian Security Advisory

\n

DSA-457-1 wu-ftpd -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Mar 2004
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9832.
In Mitre's CVE dictionary: CVE-2004-0148, CVE-2004-0185.
\n
More information:
\n
\n

Two vulnerabilities were discovered in wu-ftpd:

\n
    \n
  • CAN-2004-0148\n

    Glenn Stewart discovered that users could bypass the\n directory access restrictions imposed by the restricted-gid option by\n changing the permissions on their home directory. On a subsequent\n login, when access to the user's home directory was denied, wu-ftpd\n would fall back to the root directory.

    \n
  • CAN-2004-0185\n

    A buffer overflow existed in wu-ftpd's code which\n deals with S/key authentication.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.6.2-3woody4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.2-17.1.

\n

We recommend that you update your wu-ftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4.dsc
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "458": "
\n

Debian Security Advisory

\n

DSA-458-3 python2.2 -- buffer overflow

\n
\n
Date Reported:
\n
10 Oct 2004
\n
Affected Packages:
\n
\npython2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 248946, Bug 269548.
In the Bugtraq database (at SecurityFocus): BugTraq ID 9836.
In Mitre's CVE dictionary: CVE-2004-0150.
\n
More information:
\n
\n

This security advisory corrects DSA 458-2 which caused a problem in\nthe gethostbyaddr routine.

\n

The original advisory said:

\n
\n

Sebastian Schmidt discovered a buffer overflow bug in Python's\ngetaddrinfo function, which could allow an IPv6 address, supplied by a\nremote attacker via DNS, to overwrite memory on the stack.

\n

This bug only exists in python 2.2 and 2.2.1, and only when IPv6\nsupport is disabled. The python2.2 package in Debian woody meets\nthese conditions (the 'python' package does not).

\n
\n

For the stable distribution (woody), this bug has been fixed in\nversion 2.2.1-4.6.

\n

The testing and unstable distribution (sarge and sid) are not\naffected by this problem.

\n

We recommend that you update your python2.2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.6_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.6_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.6_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "459": "
\n

Debian Security Advisory

\n

DSA-459-1 kdelibs -- cookie path traversal

\n
\n
Date Reported:
\n
10 Mar 2004
\n
Affected Packages:
\n
\nkdelibs, kdelibs-crypto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9841.
In Mitre's CVE dictionary: CVE-2003-0592.
\n
More information:
\n
\n

A vulnerability was discovered in KDE where the path restrictions on\ncookies could be bypassed using encoded relative path components\n(e.g., \"/../\"). This means that a cookie which should only be sent by\nthe browser to an application running at /app1, the browser could\ninadvertently include it with a request sent to /app2 on the same\nserver.

\n

For the current stable distribution (woody) this problem has been\nfixed in kdelibs version 4:2.2.2-6woody3 and kdelibs-crypto version\n4:2.2.2-13.woody.9.

\n

For the unstable distribution (sid) this problem was fixed in kdelibs\nversion 4:3.1.3-1.

\n

We recommend that you update your kdelibs and kdelibs-crypto packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.9.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.9.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "460": "
\n

Debian Security Advisory

\n

DSA-460-1 sysstat -- insecure temporary file

\n
\n
Date Reported:
\n
10 Mar 2004
\n
Affected Packages:
\n
\nsysstat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9844.
In Mitre's CVE dictionary: CVE-2004-0108.
\n
More information:
\n
\n

Alan Cox discovered that the isag utility (which graphically displays\ndata collected by the sysstat tools), creates a temporary file without\ntaking proper precautions. This vulnerability could allow a local\nattacker to overwrite files with the privileges of the user invoking\nisag.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 5.0.1-1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you update your sysstat package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sysstat/isag_4.0.4-1woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sysstat/sysstat_4.0.4-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "461": "
\n

Debian Security Advisory

\n

DSA-461-1 calife -- buffer overflow

\n
\n
Date Reported:
\n
11 Mar 2004
\n
Affected Packages:
\n
\ncalife\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9756.
In Mitre's CVE dictionary: CVE-2004-0188.
\n
More information:
\n
\n

Leon Juranic discovered a buffer overflow related to the\ngetpass(3) library function in\ncalife, a program which provides super user privileges to specific\nusers. A local attacker could potentially\nexploit this vulnerability, given knowledge of a local user's password\nand the presence of at least one entry in /etc/calife.auth, to execute\narbitrary code with root privileges.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.8.4c-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.8.6-1.

\n

We recommend that you update your calife package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "462": "
\n

Debian Security Advisory

\n

DSA-462-1 xitalk -- missing privilege release

\n
\n
Date Reported:
\n
12 Mar 2004
\n
Affected Packages:
\n
\nxitalk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9851.
In Mitre's CVE dictionary: CVE-2004-0151.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit Project discovered a problem in\nxitalk, a talk intercept utility for the X Window System. A local\nuser can exploit this problem and execute arbitrary commands under the\nGID utmp. This could be used by an attacker to remove traces from the\nutmp file.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.11-9.1woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xitalk package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xitalk/xitalk_1.1.11-9.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "463": "
\n

Debian Security Advisory

\n

DSA-463-1 samba -- privilege escalation

\n
\n
Date Reported:
\n
12 Mar 2004
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9619.
In Mitre's CVE dictionary: CVE-2004-0186.
\n
More information:
\n
\n

Samba, a LanManager-like file and printer server for Unix, was found\nto contain a vulnerability whereby a local user could use the \"smbmnt\"\nutility, which is setuid root, to mount a file share from a remote\nserver which contained setuid programs under the control of the user.\nThese programs could then be executed to gain privileges on the local\nsystem.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.2.3a-13.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.2-2.

\n

We recommend that you update your samba package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-12.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-12.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "464": "
\n

Debian Security Advisory

\n

DSA-464-1 gdk-pixbuf -- broken image handling

\n
\n
Date Reported:
\n
16 Mar 2004
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9842.
In Mitre's CVE dictionary: CVE-2004-0111.
\n
More information:
\n
\n

Thomas Kristensen discovered a vulnerability in gdk-pixbuf (binary\npackage libgdk-pixbuf2), the GdkPixBuf image library for Gtk, that can\ncause the surrounding application to crash. To exploit this problem,\na remote attacker could send a carefully-crafted BMP file via mail,\nwhich would cause e.g. Evolution to crash but is probably not limited\nto Evolution.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17.0-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.22.0-3.

\n

We recommend that you upgrade your libgdk-pixbuf2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "465": "
\n

Debian Security Advisory

\n

DSA-465-1 openssl -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Mar 2004
\n
Affected Packages:
\n
\nopenssl
openssl094
openssl095\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9899.
In Mitre's CVE dictionary: CVE-2004-0079, CVE-2004-0081.
CERT's vulnerabilities, advisories and incident notes: VU#288574, VU#465542.
\n
More information:
\n
\n

Two vulnerabilities were discovered in openssl, an implementation of\nthe SSL protocol, using the Codenomicon TLS Test Tool. More\ninformation can be found in the following NISCC\nVulnerability Advisory and this OpenSSL\nadvisory. The Common Vulnerabilities and Exposures project\nidentified the following vulnerabilities:

\n
    \n
  • CAN-2004-0079\n

    Null-pointer assignment in the\n do_change_cipher_spec() function. A remote attacker could perform\n a carefully crafted SSL/TLS handshake against a server that used\n the OpenSSL library in such a way as to cause OpenSSL to crash.\n Depending on the application this could lead to a denial of\n service.

    \n
  • CAN-2004-0081\n

    A bug in older versions of OpenSSL 0.9.6 that\n can lead to a Denial of Service attack (infinite loop).

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nopenssl version 0.9.6c-2.woody.6, openssl094 version 0.9.4-6.woody.4\nand openssl095 version 0.9.5a-6.woody.5.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you update your openssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "466": "
\n

Debian Security Advisory

\n

DSA-466-1 linux-kernel-2.2.10-powerpc-apus -- failing function and TLB flush

\n
\n
Date Reported:
\n
18 Mar 2004
\n
Affected Packages:
\n
\nkernel-source-2.2.10, kernel-image-2.2.10-powerpc-apus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl\ndiscovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.

\n

The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.10-13woody1 of 2.2 kernel images for the powerpc/apus\narchitecture and in version 2.2.10-2 of Linux 2.2.10 source.

\n

For the unstable distribution (sid) this problem will be fixed soon\nwith the 2.4.20 kernel-image package for powerpc/apus. The old 2.2.10\nkernel image will be removed from Debian unstable.

\n

You are strongly advised to switch to the fixed 2.4.17 kernel-image\npackage for powerpc/apus from woody until the 2.4.20 kernel-image\npackage is fixed in the unstable distribution.

\n

We recommend that you upgrade your Linux kernel package.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.10/kernel-source-2.2.10_2.2.10-2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.10/kernel-source-2.2.10_2.2.10-2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.10/kernel-source-2.2.10_2.2.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.10-powerpc-apus/kernel-image-2.2.10-powerpc-apus_2.2.10-13woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.10-powerpc-apus/kernel-image-2.2.10-powerpc-apus_2.2.10-13woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.10/kernel-doc-2.2.10_2.2.10-2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.10/kernel-source-2.2.10_2.2.10-2_all.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.10-powerpc-apus/kernel-headers-2.2.10-apus_2.2.10-13woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.2.10-powerpc-apus/kernel-image-2.2.10-apus_2.2.10-13woody1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "467": "
\n

Debian Security Advisory

\n

DSA-467-1 ecartis -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Mar 2004
\n
Affected Packages:
\n
\necartis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 8420, BugTraq ID 8421.
In Mitre's CVE dictionary: CVE-2003-0781, CVE-2003-0782.
\n
More information:
\n
\n

Timo Sirainen discovered two vulnerabilities in ecartis, a mailing\nlist manager.

\n
    \n
  • CAN-2003-0781\n

    Failure to validate user input could lead to\n disclosure of mailing list passwords

    \n
  • CAN-2003-0782\n

    Multiple buffer overflows

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.129a+1.0.0-snap20020514-1.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.0+cvs.20030911.

\n

We recommend that you update your ecartis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2.dsc
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "468": "
\n

Debian Security Advisory

\n

DSA-468-1 emil -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Mar 2004
\n
Affected Packages:
\n
\nemil\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9974.
In Mitre's CVE dictionary: CVE-2004-0152, CVE-2004-0153.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a number of vulnerabilities in emil, a\nfilter for converting Internet mail messages. The vulnerabilities\nfall into two categories:

\n
    \n
  • CAN-2004-0152\n

    Buffer overflows in (1) the encode_mime function,\n (2) the encode_uuencode function, (3) the decode_uuencode\n function. These bugs could allow a carefully crafted email message\n to cause the execution of arbitrary code supplied with the message\n when it is acted upon by emil.

    \n
  • CAN-2004-0153\n

    Format string bugs in statements which print\n various error messages. The exploit potential of these bugs has\n not been established, and is probably configuration-dependent.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.1.0-beta9-11woody1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you update your emil package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1.dsc
\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/emil/emil_2.1.0-beta9-11woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "469": "
\n

Debian Security Advisory

\n

DSA-469-1 pam-pgsql -- missing input sanitising

\n
\n
Date Reported:
\n
29 Mar 2004
\n
Affected Packages:
\n
\npam-pgsql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 230875.
In Mitre's CVE dictionary: CVE-2004-0366.
\n
More information:
\n
\n

Primoz Bratanic discovered a bug in libpam-pgsql, a PAM module to\nauthenticate using a PostgreSQL database. The library does not escape\nall user-supplied data that are sent to the database. An attacker\ncould exploit this bug to insert SQL statements.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.5.2-3woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5.2-7.1.

\n

We recommend that you upgrade your libpam-pgsql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/pam-pgsql_0.5.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pam-pgsql/libpam-pgsql_0.5.2-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "470": "
\n

Debian Security Advisory

\n

DSA-470-1 linux-kernel-2.4.17-hppa -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Apr 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.17-hppa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138, BugTraq ID 9356, BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the hppa kernel 2.4.17 for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 32.3 of kernel-image-2.4.17-hppa.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.4.25-1 of kernel-image-2.4.25-hppa.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n

Vulnerability matrix for CAN-2004-0077

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.3_all.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.3_hppa.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "471": "
\n

Debian Security Advisory

\n

DSA-471-1 interchange -- missing input sanitising

\n
\n
Date Reported:
\n
02 Apr 2004
\n
Affected Packages:
\n
\ninterchange\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10005.
In Mitre's CVE dictionary: CVE-2004-0374.
\n
More information:
\n
\n

A vulnerability was discovered recently in Interchange, an e-commerce\nand general HTTP database display system. This vulnerability can be\nexploited by an attacker to expose the content of arbitrary variables.\nAn attacker may learn SQL access information for your Interchange\napplication and use this information to read and manipulate sensitive\ndata.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.8.3.20020306-1.woody.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.0.1-1.

\n

We recommend that you upgrade your interchange package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange-cat-foundation_4.8.3.20020306-1.woody.2_all.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/interchange-ui_4.8.3.20020306-1.woody.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "472": "
\n

Debian Security Advisory

\n

DSA-472-1 fte -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Apr 2004
\n
Affected Packages:
\n
\nfte\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 203871.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10041.
In Mitre's CVE dictionary: CVE-2003-0648.
CERT's vulnerabilities, advisories and incident notes: VU#900964, VU#354838.
\n
More information:
\n
\n

Steve Kemp and Jaguar discovered a number of buffer overflow\nvulnerabilities in vfte, a version of the fte editor which runs on the\nLinux console, found in the package fte-console. This program is\nsetuid root in order to perform certain types of low-level operations\non the console.

\n

Due to these bugs, setuid privilege has been removed from vfte, making\nit only usable by root. We recommend using the terminal version (in\nthe fte-terminal package) instead, which runs on any capable terminal\nincluding the Linux console.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.49.13-15woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.50.0-1.1.

\n

We recommend that you update your fte package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fte/fte_0.49.13-15woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-console_0.49.13-15woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-docs_0.49.13-15woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-terminal_0.49.13-15woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fte/fte-xwindow_0.49.13-15woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "473": "
\n

Debian Security Advisory

\n

DSA-473-1 oftpd -- denial of service

\n
\n
Date Reported:
\n
03 Apr 2004
\n
Affected Packages:
\n
\noftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 216871.
In the Bugtraq database (at SecurityFocus): BugTraq ID 9980.
In Mitre's CVE dictionary: CVE-2004-0376.
\n
More information:
\n
\n

A vulnerability was discovered in oftpd, an anonymous FTP server,\nwhereby a remote attacker could cause the oftpd process to crash by\nspecifying a large value in a PORT command.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.3.6-6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 20040304-1.

\n

We recommend that you update your oftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6.dsc
\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_hppa.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/oftpd/oftpd_0.3.6-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "474": "
\n

Debian Security Advisory

\n

DSA-474-1 squid -- ACL bypass

\n
\n
Date Reported:
\n
03 Apr 2004
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9778.
In Mitre's CVE dictionary: CVE-2004-0189.
\n
More information:
\n
\n

A vulnerability was discovered in squid, an Internet object cache,\nwhereby access control lists based on URLs could be bypassed\n(CAN-2004-0189). Two other bugs were also fixed with patches\nsquid-2.4.STABLE7-url_escape.patch (a buffer overrun which does not\nappear to be exploitable) and squid-2.4.STABLE7-url_port.patch (a\npotential denial of service).

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.5-1.

\n

We recommend that you update your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "475": "
\n

Debian Security Advisory

\n

DSA-475-1 linux-kernel-2.4.18-hppa -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Apr 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.18-hppa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9138, BugTraq ID 9356, BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2003-0961, CVE-2003-0985, CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Several local root exploits have been discovered recently in the Linux\nkernel. This security advisory updates the PA-RISC kernel 2.4.18 for\nDebian GNU/Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2003-0961:\n

    An integer overflow in brk() system call (do_brk() function) for\n Linux allows a local attacker to gain root privileges. Fixed\n upstream in Linux 2.4.23.

    \n
  • CAN-2003-0985:\n

    Paul Starzetz discovered a flaw in bounds checking in mremap() in\n the Linux kernel (present in version 2.4.x and 2.6.x) which may\n allow a local attacker to gain root privileges. Version 2.2 is not\n affected by this bug. Fixed upstream in Linux 2.4.24.

    \n
  • CAN-2004-0077:\n

    Paul Starzetz and Wojciech Purczynski of isec.pl discovered a\n critical security vulnerability in the memory management code of\n Linux inside the mremap(2) system call. Due to missing function\n return value check of internal functions a local attacker can gain\n root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3.

    \n
\n

Please note that the source package has to include a lot of updates in\norder to compile the package, which wasn't possible with the old\nsource package.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 62.1 of kernel-image-2.4.18-hppa.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.4.25-1 of kernel-image-2.4.25-hppa.

\n

We recommend that you upgrade your Linux kernel packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-source-2.4.18-hppa_62.1_all.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-headers-2.4.18-hppa_62.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.1_hppa.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "476": "
\n

Debian Security Advisory

\n

DSA-476-1 heimdal -- cross-realm

\n
\n
Date Reported:
\n
06 Apr 2004
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10035.
In Mitre's CVE dictionary: CVE-2004-0371.
\n
More information:
\n
\n

According to a security advisory from the heimdal project,\nheimdal, a suite of software implementing the Kerberos protocol, has\n\"a cross-realm vulnerability allowing someone with control over a\nrealm to impersonate anyone in the cross-realm trust path.\"

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.4e-7.woody.8.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.1-1.

\n

We recommend that you update your heimdal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.8.1.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.8.1_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.8.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "477": "
\n

Debian Security Advisory

\n

DSA-477-1 xine-ui -- insecure temporary file creation

\n
\n
Date Reported:
\n
06 Apr 2004
\n
Affected Packages:
\n
\nxine-ui\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9939, BugTraq ID 9939.
In Mitre's CVE dictionary: CVE-2004-0372.
\n
More information:
\n
\n

Shaun Colley discovered a problem in xine-ui, the xine video player\nuser interface. A script contained in the package to possibly remedy\na problem or report a bug does not create temporary files in a secure\nfashion. This could allow a local attacker to overwrite files with\nthe privileges of the user invoking xine.

\n

This update also removes the bug reporting facility since bug reports\ncan't be processed upstream anymore.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.8-5.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xine-ui package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.9.8-5.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "478": "
\n

Debian Security Advisory

\n

DSA-478-1 tcpdump -- denial of service

\n
\n
Date Reported:
\n
06 Apr 2004
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10003, BugTraq ID 10004, BugTraq ID 10003, BugTraq ID 10004.
In Mitre's CVE dictionary: CVE-2004-0183, CVE-2004-0184.
\n
More information:
\n
\n

tcpdump, a tool for network monitoring and data acquisition, was found\nto contain two vulnerabilities whereby tcpdump could be caused to\ncrash through attempts to read from invalid memory locations. This\nbug is triggered by certain invalid ISAKMP packets.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 3.6.2-2.8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.7.2-4.

\n

We recommend that you update your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "479": "
\n

Debian Security Advisory

\n

DSA-479-1 linux-kernel-2.4.18-alpha+i386+powerpc -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.18 kernel-image-2.4.18-1-alpha kernel-image-2.4.18-1-i386 kernel-image-2.4.18-i386bf kernel-patch-2.4.18-powerpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9570, BugTraq ID 10141, BugTraq ID 9691, BugTraq ID 9985, BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.18 for the alpha, i386 and powerpc\narchitectures. The Common Vulnerabilities and Exposures project\nidentifies the following problems that will be fixed with this update:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

The following security matrix explains which kernel versions for which\narchitectures are already fixed. Kernel images in the unstable Debian\ndistribution (sid) will be fixed soon.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Architecturestable (woody)unstable (sid)removed in sid
source2.4.18-14.32.4.25-3\u2014
alpha2.4.18-15soon\u2014
i3862.4.18-13soon\u2014
i386bf2.4.18-5woody8soon\u2014
powerpc2.4.18-1woody52.4.25-82.4.22
\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody8.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-i386bf_2.4.18-5woody8.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-15_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-headers-2.4.18-bf2.4_2.4.18-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-i386bf/kernel-image-2.4.18-bf2.4_2.4.18-5woody8_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody5_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "480": "
\n

Debian Security Advisory

\n

DSA-480-1 linux-kernel-2.4.17+2.4.18-hppa -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.17-hppa kernel-image-2.4.18-hppa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.17 and 2.4.18 for the hppa\n(PA-RISC) architecture. The Common Vulnerabilities and Exposures\nproject identifies the following problems that will be fixed with this\nupdate:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 32.4 for Linux 2.4.17 and in version 62.3 for Linux 2.4.18.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-hppa_62.3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-source-2.4.18-hppa_62.3_all.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-headers-2.4.18-hppa_62.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32_62.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-32-smp_62.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64_62.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-hppa/kernel-image-2.4.18-64-smp_62.3_hppa.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "481": "
\n

Debian Security Advisory

\n

DSA-481-1 linux-kernel-2.4.17-ia64 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nkernel-image-2.4.17-ia64\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.17 for the IA-64 architecture.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems that will be fixed with this update:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 011226.17 for Linux 2.4.17.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.4.25-5 for Linux 2.4.25 and in version 2.6.5-1 for Linux\n2.6.5.

\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.17.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.17.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.17_all.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.17_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "482": "
\n

Debian Security Advisory

\n

DSA-482-1 linux-kernel-2.4.17-apus+s390 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.17 kernel-patch-2.4.17-apus kernel-patch-2.4.17-s390 kernel-image-2.4.17-s390\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9570, BugTraq ID 10141, BugTraq ID 9691, BugTraq ID 9985, BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.17 for the PowerPC/apus and S/390\narchitectures. The Common Vulnerabilities and Exposures project\nidentifies the following problems that will be fixed with this update:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

The following security matrix explains which kernel versions for which\narchitectures are already fixed.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Architecturestable (woody)unstable (sid)
source2.4.17-1woody32.4.25-3
powerpc/apus2.4.17-52.4.25-2
s3902.4.17-2.woody.42.4.25-2 (and probably 2.4.21-3)
\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.3_all.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.4_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "483": "
\n

Debian Security Advisory

\n

DSA-483-1 mysql -- insecure temporary file creation

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10142, BugTraq ID 9976.
In Mitre's CVE dictionary: CVE-2004-0381, CVE-2004-0388.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in mysql, a common database\nsystem. Two scripts contained in the package don't create temporary\nfiles in a secure fashion. This could allow a local attacker to\noverwrite files with the privileges of the user invoking the MySQL\nserver, which is often the root user. The Common Vulnerabilities and\nExposures identifies the following problems:

\n
    \n
  • CAN-2004-0381\n

    The script mysqlbug in MySQL allows local users to overwrite\n arbitrary files via a symlink attack.

    \n
  • CAN-2004-0388\n

    The script mysqld_multi in MySQL allows local users to overwrite\n arbitrary files via a symlink attack.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.6.

\n

For the unstable distribution (sid) these problems will be fixed in\nversion 4.0.18-6 of mysql-dfsg.

\n

We recommend that you upgrade your mysql, mysql-dfsg and related\npackages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "484": "
\n

Debian Security Advisory

\n

DSA-484-1 xonix -- failure to drop privileges

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nxonix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10149.
In Mitre's CVE dictionary: CVE-2004-0157.
\n
More information:
\n
\n

Steve Kemp discovered a vulnerability in xonix, a game, where an\nexternal program was invoked while retaining setgid privileges. A\nlocal attacker could exploit this vulnerability to gain gid \"games\".

\n

For the current stable distribution (woody) this problem will be fixed\nin version 1.4-19woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your xonix package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xonix/xonix_1.4-19woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "485": "
\n

Debian Security Advisory

\n

DSA-485-1 ssmtp -- format string

\n
\n
Date Reported:
\n
14 Apr 2004
\n
Affected Packages:
\n
\nssmtp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10150.
In Mitre's CVE dictionary: CVE-2004-0156.
\n
More information:
\n
\n

Max Vozeler discovered two format string vulnerabilities in ssmtp, a\nsimple mail transport agent. Untrusted values in the functions die()\nand log_event() were passed to printf-like functions as format\nstrings. These vulnerabilities could potentially be exploited by a\nremote mail relay to gain the privileges of the ssmtp process\n(including potentially root).

\n

For the current stable distribution (woody) this problem will be fixed\nin version 2.50.6.1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your ssmtp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.dsc
\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/ssmtp/ssmtp_2.50.6.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "486": "
\n

Debian Security Advisory

\n

DSA-486-1 cvs -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Apr 2004
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10138, BugTraq ID 10140.
In Mitre's CVE dictionary: CVE-2004-0180, CVE-2004-0405.
\n
More information:
\n
\n

Two vulnerabilities have been discovered and fixed in CVS:

\n
    \n
  • CAN-2004-0180\n

    Sebastian Krahmer discovered a vulnerability whereby\n a malicious CVS pserver could create arbitrary files on the client\n system during an update or checkout operation, by supplying absolute\n pathnames in RCS diffs.

    \n
  • CAN-2004-0405\n

    Derek Robert Price discovered a vulnerability whereby\n a CVS pserver could be abused by a malicious client to view the\n contents of certain files outside of the CVS root directory using\n relative pathnames containing \"../\".

    \n
\n

For the current stable distribution (woody) these problems have been\nfixed in version 1.11.1p1debian-9woody2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you update your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "487": "
\n

Debian Security Advisory

\n

DSA-487-1 neon -- format string

\n
\n
Date Reported:
\n
16 Apr 2004
\n
Affected Packages:
\n
\nneon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10136.
In Mitre's CVE dictionary: CVE-2004-0179.
\n
More information:
\n
\n

Multiple format string vulnerabilities were discovered in neon, an\nHTTP and WebDAV client library. These vulnerabilities could\npotentially be exploited by a malicious WebDAV server to execute\narbitrary code with the privileges of the process using libneon.

\n

For the current stable distribution (woody) these problems have been\nfixed in version 0.19.3-2woody3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.24.5-1.

\n

We recommend that you update your neon package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "488": "
\n

Debian Security Advisory

\n

DSA-488-1 logcheck -- insecure temporary directory

\n
\n
Date Reported:
\n
16 Apr 2004
\n
Affected Packages:
\n
\nlogcheck\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10162.
In Mitre's CVE dictionary: CVE-2004-0404.
\n
More information:
\n
\n

Christian Jaeger reported a bug in logcheck which could potentially be\nexploited by a local user to overwrite files with root privileges.\nlogcheck utilized a temporary directory under /var/tmp without taking\nsecurity precautions. While this directory is created when logcheck\nis installed, and while it exists there is no vulnerability, if at\nany time this directory is removed, the potential for exploitation exists.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.1.1-13.1woody1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.1-13.2.

\n

We recommend that you update your logcheck package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/logcheck/logcheck-database_1.1.1-13.1woody1_all.deb
\n
http://security.debian.org/pool/updates/main/l/logcheck/logcheck_1.1.1-13.1woody1_all.deb
\n
http://security.debian.org/pool/updates/main/l/logcheck/logtail_1.1.1-13.1woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "489": "
\n

Debian Security Advisory

\n

DSA-489-1 linux-kernel-2.4.17-mips+mipsel -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.17 kernel-patch-2.4.17-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10141, BugTraq ID 10152, BugTraq ID 9570, BugTraq ID 9691, BugTraq ID 9985, BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.17 for the MIPS and MIPSel\narchitectures. The Common Vulnerabilities and Exposures project\nidentifies the following problems that will be fixed with this update:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

The following security matrix explains which kernel versions for which\narchitectures are already fixed and which will be removed instead.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Architecturestable (woody)unstable (sid)removed in sid
source2.4.17-1woody32.4.25-32.4.19-11
mips2.4.17-0.020226.2.woody62.4.25-0.040415.12.4.19-0.020911.8
mipsel2.4.17-0.020226.2.woody62.4.25-0.040415.12.4.19-0.020911.9
\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody6_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody6_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "490": "
\n

Debian Security Advisory

\n

DSA-490-1 zope -- arbitrary code execution

\n
\n
Date Reported:
\n
17 Apr 2004
\n
Affected Packages:
\n
\nzope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 5812.
In Mitre's CVE dictionary: CVE-2002-0688.
\n
More information:
\n
\n

A vulnerability has been discovered in the index support of the\nZCatalog plug-in in Zope, an open source web application server. A\nflaw in the security settings of ZCatalog allows anonymous users to\ncall arbitrary methods of catalog indexes. The vulnerability also\nallows untrusted code to do the same.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.5.1-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.6.0-0.1 and higher.

\n

We recommend that you upgrade your zope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope/zope_2.5.1-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "491": "
\n

Debian Security Advisory

\n

DSA-491-1 linux-kernel-2.4.19-mips -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.19 kernel-patch-2.4.19-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10141, BugTraq ID 10152, BugTraq ID 9570, BugTraq ID 9691, BugTraq ID 9985, BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.19 for the MIPS architecture. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems that will be fixed with this update:

\n
    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case an attacker could read sensitive data such\n as cryptographic keys which would otherwise never hit disk media.\n Theodore Ts'o developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

The following security matrix explains which kernel versions for which\narchitectures are already fixed and which will be removed instead.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Architecturestable (woody)unstable (sid)removed in sid
source2.4.19-4.woody22.4.25-32.4.19-11
mips2.4.19-0.020911.1.woody42.4.25-0.040415.12.4.19-0.020911.8
\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody4_all.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody4_mips.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "492": "
\n

Debian Security Advisory

\n

DSA-492-1 iproute -- denial of service

\n
\n
Date Reported:
\n
18 Apr 2004
\n
Affected Packages:
\n
\niproute\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 242994.
In the Bugtraq database (at SecurityFocus): BugTraq ID 9092.
In Mitre's CVE dictionary: CVE-2003-0856.
\n
More information:
\n
\n

Herbert Xu reported that local users could cause a denial of service\nagainst iproute, a set of tools for controlling networking in Linux\nkernels. iproute uses the netlink interface to communicate with the\nkernel, but failed to verify that the messages it received came from\nthe kernel (rather than from other user processes).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 20010824-8woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your iproute package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iproute/iproute_20010824-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "493": "
\n

Debian Security Advisory

\n

DSA-493-1 xchat -- buffer overflow

\n
\n
Date Reported:
\n
21 Apr 2004
\n
Affected Packages:
\n
\nxchat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 244184.
In Mitre's CVE dictionary: CVE-2004-0409.
\n
More information:
\n
\n

A buffer overflow has been discovered in the Socks-5 proxy code of\nXChat, an IRC client for X similar to AmIRC. This allows an attacker\nto execute arbitrary code on the users' machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.8.9-0woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.8-1.

\n

We recommend that you upgrade your xchat and related packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3.dsc
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-common_1.8.9-0woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xchat/xchat_1.8.9-0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-gnome_1.8.9-0woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xchat/xchat-text_1.8.9-0woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "494": "
\n

Debian Security Advisory

\n

DSA-494-1 ident2 -- buffer overflow

\n
\n
Date Reported:
\n
21 Apr 2004
\n
Affected Packages:
\n
\nident2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10192.
In Mitre's CVE dictionary: CVE-2004-0408.
\n
More information:
\n
\n

Jack <jack@rapturesecurity.org> discovered a buffer overflow in\nident2, an implementation of the ident protocol (RFC1413), where a\nbuffer in the child_service function was slightly too small to hold\nall of the data which could be written into it. This vulnerability\ncould be exploited by a remote attacker to execute arbitrary code with\nthe privileges of the ident2 daemon (by default, the \"identd\" user).

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.03-3woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your ident2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ident2/ident2_1.03-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "495": "
\n

Debian Security Advisory

\n

DSA-495-1 linux-kernel-2.4.16-arm -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2004
\n
Affected Packages:
\n
\nkernel-source-2.4.16 kernel-patch-2.4.16-arm kernel-image-2.4.16-lart kernel-image-2.4.16-netwinder kernel-image-2.4.16-riscpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10141, BugTraq ID 10152, BugTraq ID 7112, BugTraq ID 9570, BugTraq ID 9691, BugTraq ID 9985, BugTraq ID 10152.
In Mitre's CVE dictionary: CVE-2003-0127, CVE-2004-0003, CVE-2004-0010, CVE-2004-0109, CVE-2004-0177, CVE-2004-0178.
\n
More information:
\n
\n

Several serious problems have been discovered in the Linux kernel.\nThis update takes care of Linux 2.4.16 for the ARM architecture. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems that will be fixed with this update:

\n
    \n
  • CAN-2003-0127\n

    The kernel module loader allows local users to gain root\n privileges by using ptrace to attach to a child process that is\n spawned by the kernel.

    \n
  • CAN-2004-0003\n

    A vulnerability has been discovered in the R128 DRI driver in the Linux\n kernel which could potentially lead an attacker to gain\n unauthorised privileges. Alan Cox and Thomas Biege developed a\n correction for this.

    \n
  • CAN-2004-0010\n

    Arjan van de Ven discovered a stack-based buffer overflow in the\n ncp_lookup function for ncpfs in the Linux kernel, which could\n lead an attacker to gain unauthorised privileges. Petr Vandrovec\n developed a correction for this.

    \n
  • CAN-2004-0109\n

    zen-parse discovered a buffer overflow vulnerability in the\n ISO9660 filesystem component of Linux kernel which could be abused\n by an attacker to gain unauthorised root access. Sebastian\n Krahmer and Ernie Petrides developed a correction for this.

    \n
  • CAN-2004-0177\n

    Solar Designer discovered an information leak in the ext3 code of\n Linux. In a worst case a local attacker could obtain sensitive\n information (such as cryptographic keys in another worst case)\n which would otherwise never hit disk media. Theodore Ts'o\n developed a correction for this.

    \n
  • CAN-2004-0178\n

    Andreas Kies discovered a denial of service condition in the Sound\n Blaster driver in Linux. He also developed a correction for this.

    \n
\n

These problems are also fixed by upstream in Linux 2.4.26 and will be\nfixed in Linux 2.6.6.

\n

The following security matrix explains which kernel versions for which\narchitectures are already fixed and which will be removed instead.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Architecturestable (woody)unstable (sid)
source2.4.16-1woody22.4.25-3
arm/patch2004041920040316
arm/lart200404192.4.25-4
arm/netwinder200404192.4.25-4
arm/riscpc200404192.4.25-4
\n

We recommend that you upgrade your kernel packages immediately, either\nwith a Debian provided kernel or with a self compiled one.

\n

Vulnerability matrix for CAN-2004-0109

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040419.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040419.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.16-arm/kernel-patch-2.4.16-arm_20040419_all.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419_arm.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "496": "
\n

Debian Security Advisory

\n

DSA-496-1 eterm -- missing input sanitising

\n
\n
Date Reported:
\n
29 Apr 2004
\n
Affected Packages:
\n
\neterm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 244808.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10237.
In Mitre's CVE dictionary: CVE-2003-0068.
\n
More information:
\n
\n

H.D. Moore discovered several terminal emulator security issues. One\nof them covers escape codes that are interpreted by the terminal\nemulator. This could be exploited by an attacker to insert malicious\ncommands hidden for the user, who has to hit enter to continue, which\nwould also execute the hidden commands.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.2-0pre2002042903.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.2-6.

\n

We recommend that you upgrade your eterm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.dsc
\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eterm/eterm_0.9.2-0pre2002042903.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "497": "
\n

Debian Security Advisory

\n

DSA-497-1 mc -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Apr 2004
\n
Affected Packages:
\n
\nmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10242.
In Mitre's CVE dictionary: CVE-2004-0226, CVE-2004-0231, CVE-2004-0232.
\n
More information:
\n
\n

Jacub Jelinek discovered several vulnerabilities in the Midnight\nCommander, a powerful file manager for GNU/Linux systems. The\nproblems were classified as follows:

\n

CAN-2004-0226 Buffer overflows\n
CAN-2004-0231 Insecure temporary file and directory creations\n
CAN-2004-0232 Format string problems

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.5.55-1.2woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your mc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3.dsc
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "498": "
\n

Debian Security Advisory

\n

DSA-498-1 libpng -- out of bound access

\n
\n
Date Reported:
\n
30 Apr 2004
\n
Affected Packages:
\n
\nlibpng, libpng3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10244.
In Mitre's CVE dictionary: CVE-2004-0421.
\n
More information:
\n
\n

Steve Grubb discovered a problem in the Portable Network Graphics\nlibrary libpng which is utilised in several applications. When\nprocessing a broken PNG image, the error handling routine will access\nmemory that is out of bounds when creating an error message.\nDepending on machine architecture, bounds checking and other\nprotective measures, this problem could cause the program to crash if\na defective or intentionally prepared PNG image file is handled by\nlibpng.

\n

This could be used as a denial of service attack against various\nprograms that link against this library. The following commands will\nshow you which packages utilise this library and whose programs should\nprobably restarted after an upgrade:

\n
\n   apt-cache showpkg libpng2\n   apt-cache showpkg libpng3\n
\n

The following security matrix explains which package versions will\ncontain a correction.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Packagestable (woody)unstable (sid)
libpng1.0.12-3.woody.51.0.15-5
libpng31.2.1-1.1.woody.51.2.5.0-6
\n

We recommend that you upgrade your libpng and related packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "499": "
\n

Debian Security Advisory

\n

DSA-499-2 rsync -- directory traversal

\n
\n
Date Reported:
\n
02 Jun 2004
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10247.
In Mitre's CVE dictionary: CVE-2004-0426.
\n
More information:
\n
\n

A vulnerability was discovered in rsync, a file transfer program,\nwhereby a remote user could cause an rsync daemon to write files\noutside of the intended directory tree. This vulnerability is not\nexploitable when the daemon is configured with the 'chroot' option.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.5.5-0.5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.

\n

We recommend that you update your rsync package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5.dsc
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "500": "
\n

Debian Security Advisory

\n

DSA-500-1 flim -- insecure temporary file

\n
\n
Date Reported:
\n
01 May 2004
\n
Affected Packages:
\n
\nflim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10259.
In Mitre's CVE dictionary: CVE-2004-0422.
\n
More information:
\n
\n

Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library\nfor working with internet messages, where temporary files were created\nwithout taking appropriate precautions. This vulnerability could\npotentially be exploited by a local user to overwrite files with the\nprivileges of the user running emacs.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 1.14.3-9woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your flim package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flim/flim_1.14.3-9woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "501": "
\n

Debian Security Advisory

\n

DSA-501-1 exim -- buffer overflow

\n
\n
Date Reported:
\n
07 May 2004
\n
Affected Packages:
\n
\nexim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10290, BugTraq ID 10291.
In Mitre's CVE dictionary: CVE-2004-0399, CVE-2004-0400.
\n
More information:
\n
\n

Georgi Guninski discovered two stack-based buffer overflows. They can\nnot be exploited with the default configuration from the Debian\nsystem, though. The Common Vulnerabilities and Exposures project\nidentifies the following problems that are fixed with this update:

\n
    \n
  • CAN-2004-0399\n

    When \"sender_verify = true\" is configured in exim.conf a buffer\n overflow can happen during verification of the sender. This\n problem is fixed in exim 4.

    \n
  • CAN-2004-0400\n

    When headers_check_syntax is configured in exim.conf a buffer\n overflow can happen during the header check. This problem does\n also exist in exim 4.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.35-1woody3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.36-11 for exim 3 and in version 4.33-1 for exim 4.

\n

We recommend that you upgrade your exim package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "502": "
\n

Debian Security Advisory

\n

DSA-502-1 exim-tls -- buffer overflow

\n
\n
Date Reported:
\n
11 May 2004
\n
Affected Packages:
\n
\nexim-tls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10290, BugTraq ID 10291.
In Mitre's CVE dictionary: CVE-2004-0399, CVE-2004-0400.
\n
More information:
\n
\n

Georgi Guninski discovered two stack-based buffer overflows in exim\nand exim-tls. They cannot be exploited with the default\nconfiguration from the Debian system, though. The Common\nVulnerabilities and Exposures project identifies the following\nproblems that are fixed with this update:

\n
    \n
  • CAN-2004-0399\n

    When \"sender_verify = true\" is configured in exim.conf a buffer\n overflow can happen during verification of the sender. This\n problem is fixed in exim 4.\n

  • CAN-2004-0400\n

    When headers_check_syntax is configured in exim.conf a buffer\n overflow can happen during the header check. This problem does\n also exist in exim 4.\n

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.35-3woody2.

\n

The unstable distribution (sid) does not contain exim-tls anymore.\nThe functionality has been incorporated in the main exim versions\nwhich have these problems fixed in version 3.36-11 for exim 3 and in\nversion 4.33-1 for exim 4.

\n

We recommend that you upgrade your exim-tls package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "503": "
\n

Debian Security Advisory

\n

DSA-503-1 mah-jong -- missing argument check

\n
\n
Date Reported:
\n
13 May 2004
\n
Affected Packages:
\n
\nmah-jong\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10343.
In Mitre's CVE dictionary: CVE-2004-0458.
\n
More information:
\n
\n

A problem has been discovered in mah-jong, a variant of the original\nMah-Jong game, that can be utilised to crash the game server after\ndereferencing a NULL pointer. This bug be exploited by any client\nthat connects to the mah-jong server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.4-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.2-1.

\n

We recommend that you upgrade your mah-jong package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3.dsc
\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mah-jong/mah-jong_1.4-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "504": "
\n

Debian Security Advisory

\n

DSA-504-1 heimdal -- missing input sanitising

\n
\n
Date Reported:
\n
18 May 2004
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10288.
In Mitre's CVE dictionary: CVE-2004-0434.
\n
More information:
\n
\n

Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4\ncomponent of heimdal, a free implementation of Kerberos 5. The\nproblem is present in kadmind, a server for administrative access to\nthe Kerberos database. This problem could perhaps be exploited to\ncause the daemon to read a negative amount of data which could lead to\nunexpected behaviour.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.4e-7.woody.9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.2-1.

\n

We recommend that you upgrade your heimdal and related packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.9.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.9.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.9_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "505": "
\n

Debian Security Advisory

\n

DSA-505-1 cvs -- heap overflow

\n
\n
Date Reported:
\n
19 May 2004
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10384.
In Mitre's CVE dictionary: CVE-2004-0396.
\n
More information:
\n
\n

Stefan Esser discovered a heap overflow in the CVS server, which\nserves the popular Concurrent Versions System. Malformed \"Entry\"\nLines in combination with Is-modified and Unchanged can be used to\noverflow malloc()ed memory. This was proven to be exploitable.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-9woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.12.5-6.

\n

We recommend that you upgrade your cvs package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "506": "
\n

Debian Security Advisory

\n

DSA-506-1 neon -- buffer overflow

\n
\n
Date Reported:
\n
19 May 2004
\n
Affected Packages:
\n
\nneon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10385.
In Mitre's CVE dictionary: CVE-2004-0398.
\n
More information:
\n
\n

Stefan Esser discovered a problem in neon, an HTTP and WebDAV client\nlibrary. User input is copied into variables not large enough for all\ncases. This can lead to an overflow of a static heap variable.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.19.3-2woody5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.23.9.dfsg-2 and neon_0.24.6.dfsg-1.

\n

We recommend that you upgrade your libneon* packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody5.dsc
\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3-2woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/n/neon/neon_0.19.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/neon/libneon-dev_0.19.3-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/neon/libneon19_0.19.3-2woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "507": "
\n

Debian Security Advisory

\n

DSA-507-1 cadaver -- buffer overflow

\n
\n
Date Reported:
\n
19 May 2004
\n
Affected Packages:
\n
\ncadaver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10385.
In Mitre's CVE dictionary: CVE-2004-0398.
\n
More information:
\n
\n

Stefan Esser discovered a problem in neon, an HTTP and WebDAV client\nlibrary, which is also present in cadaver, a command-line client for\nWebDAV server. User input is copied into variables not large enough\nfor all cases. This can lead to an overflow of a static heap\nvariable.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.18.0-1woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.22.1-3.

\n

We recommend that you upgrade your cadaver package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "508": "
\n

Debian Security Advisory

\n

DSA-508-1 xpcd -- buffer overflow

\n
\n
Date Reported:
\n
22 May 2004
\n
Affected Packages:
\n
\nxpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10403.
In Mitre's CVE dictionary: CVE-2004-0402.
\n
More information:
\n
\n

Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD\nviewer. xpcd-svga, part of xpcd which uses svgalib to display\ngraphics on the console, would copy user-supplied data of arbitrary\nlength into a fixed-size buffer in the pcd_open function.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 2.08-8woody2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your xpcd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "509": "
\n

Debian Security Advisory

\n

DSA-509-1 gatos -- privilege escalation

\n
\n
Date Reported:
\n
29 May 2004
\n
Affected Packages:
\n
\ngatos\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10437.
In Mitre's CVE dictionary: CVE-2004-0395.
\n
More information:
\n
\n

Steve Kemp discovered a vulnerability in xatitv, one of the programs\nin the gatos package, which is used to display video with certain\nATI video cards.

\n

xatitv is installed setuid root in order to gain direct access to the\nvideo hardware. It normally drops root privileges after successfully\ninitializing itself. However, if initialization fails due to a\nmissing configuration file, root privileges are not dropped, and\nxatitv executes the system(3) function to launch its configuration\nprogram without sanitizing user-supplied environment variables.

\n

By exploiting this vulnerability, a local user could gain root\nprivileges if the configuration file does not exist. However, a\ndefault configuration file is supplied with the package, and so this\nvulnerability is not exploitable unless this file is removed by the\nadministrator.

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.0.5-6woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your gatos package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "510": "
\n

Debian Security Advisory

\n

DSA-510-1 jftpgw -- format string

\n
\n
Date Reported:
\n
29 May 2004
\n
Affected Packages:
\n
\njftpgw\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10438.
In Mitre's CVE dictionary: CVE-2004-0448.
\n
More information:
\n
\n

jaguar@felinemenace.org discovered a vulnerability in jftpgw, an FTP\nproxy program, whereby a remote user could potentially cause arbitrary\ncode to be executed with the privileges of the jftpgw server process.\nBy default, the server runs as user \"nobody\".

\n

CAN-2004-0448: format string vulnerability via syslog(3) in log()\nfunction

\n

For the current stable distribution (woody) this problem has been\nfixed in version 0.13.1-1woody1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.13.4-1.

\n

We recommend that you update your jftpgw package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/j/jftpgw/jftpgw_0.13.1-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "511": "
\n

Debian Security Advisory

\n

DSA-511-1 ethereal -- buffer overflows

\n
\n
Date Reported:
\n
30 May 2004
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9952.
In Mitre's CVE dictionary: CVE-2004-0176.
\n
More information:
\n
\n

Several buffer overflow vulnerabilities were discovered in ethereal, a\nnetwork traffic analyzer. These vulnerabilities are described in the\nethereal advisory \"enpa-sa-00013\". Of these, only some parts of\nCAN-2004-0176 affect the version of ethereal in Debian woody.\nCAN-2004-0367 and CAN-2004-0365 are not applicable to this version.

\n

For the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.10.3-1.

\n

We recommend that you update your ethereal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "512": "
\n

Debian Security Advisory

\n

DSA-512-1 gallery -- unauthenticated access

\n
\n
Date Reported:
\n
02 Jun 2004
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10451.
In Mitre's CVE dictionary: CVE-2004-0522.
\n
More information:
\n
\n

A vulnerability was discovered in gallery, a web-based photo album\nwritten in php, whereby a remote attacker could gain access to the\ngallery \"admin\" user without proper authentication. No CVE candidate\nwas available for this vulnerability at the time of release.

\n

For the current stable distribution (woody), these problems have been\nfixed in version 1.2.5-8woody2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.3-pl2-1.

\n

We recommend that you update your gallery package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody2.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "513": "
\n

Debian Security Advisory

\n

DSA-513-1 log2mail -- format string

\n
\n
Date Reported:
\n
03 Jun 2004
\n
Affected Packages:
\n
\nlog2mail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10460.
In Mitre's CVE dictionary: CVE-2004-0450.
\n
More information:
\n
\n

jaguar@felinemenace.org discovered a format string vulnerability in\nlog2mail, whereby a user able to log a specially crafted message to a\nlogfile monitored by log2mail (for example, via syslog) could cause\narbitrary code to be executed with the privileges of the log2mail\nprocess. By default, this process runs as user 'log2mail', which is a\nmember of group 'adm' (which has access to read system logfiles).

\n

CAN-2004-0450: log2mail format string vulnerability via syslog(3) in\nprintlog()

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.2.5.2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your log2mail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2.dsc
\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "514": "
\n

Debian Security Advisory

\n

DSA-514-1 kernel-image-sparc-2.2 -- failing function and TLB flush

\n
\n
Date Reported:
\n
04 Jun 2004
\n
Affected Packages:
\n
\nkernel-source-2.2.20, kernel-image-sparc-2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 9686.
In Mitre's CVE dictionary: CVE-2004-0077.
CERT's vulnerabilities, advisories and incident notes: VU#981222.
\n
More information:
\n
\n

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical\nsecurity vulnerability in the memory management code of Linux inside\nthe mremap(2) system call. Due to flushing the TLB (Translation\nLookaside Buffer, an address cache) too early it is possible for an\nattacker to trigger a local root exploit.

\n

The attack vectors for 2.4.x and 2.2.x kernels are exclusive for the\nrespective kernel series, though. We formerly believed that the\nexploitable vulnerability in 2.4.x does not exist in 2.2.x which is\nstill true. However, it turned out that a second (sort of)\nvulnerability is indeed exploitable in 2.2.x, but not in 2.4.x, with a\ndifferent exploit, of course.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 9woody1 of Linux 2.2 kernel images for the sparc architecture\nand in version 2.2.20-5woody3 of Linux 2.2.20 source.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 9.1 of Linux 2.2 kernel images for the sparc architecture.

\n

This problem has been fixed for other architectures already.

\n

We recommend that you upgrade your Linux kernel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-sparc-2.2_9woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-sparc-2.2_9woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-doc-2.2.20_2.2.20-5woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.2.20/kernel-source-2.2.20_2.2.20-5woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-headers-2.2.20-sparc_9woody1_all.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-2.2.20-sun4cdm_9woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-2.2.20-sun4dm-smp_9woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-2.2.20-sun4u_9woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.2/kernel-image-2.2.20-sun4u-smp_9woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "515": "
\n

Debian Security Advisory

\n

DSA-515-1 lha -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Jun 2004
\n
Affected Packages:
\n
\nlha\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10243.
In Mitre's CVE dictionary: CVE-2004-0234, CVE-2004-0235.
\n
More information:
\n
\n

Two vulnerabilities were discovered in lha:

\n
    \n
  • CAN-2004-0234 - Multiple stack-based buffer overflows in the\n get_header function in header.c for LHA 1.14 allow remote attackers\n or local users to execute arbitrary code via long directory or file\n names in an LHA archive, which triggers the overflow when testing\n or extracting the archive.\n
  • CAN-2004-0235 - Multiple directory traversal vulnerabilities in LHA\n 1.14 allow remote attackers or local users to create arbitrary\n files via an LHA archive containing filenames with (1) .. sequences\n or (2) absolute pathnames with double leading slashes\n (\"//absolute/path\").\n
\n

For the current stable distribution (woody), these problems have been\nfixed in version 1.14i-2woody1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.14i-8.

\n

We recommend that you update your lha package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1.dsc
\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/l/lha/lha_1.14i-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "516": "
\n

Debian Security Advisory

\n

DSA-516-1 postgresql -- buffer overflow

\n
\n
Date Reported:
\n
07 Jun 2004
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 247306.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10470.
In Mitre's CVE dictionary: CVE-2004-0547.
\n
More information:
\n
\n

A buffer overflow has been discovered in the ODBC driver of PostgreSQL,\nan object-relational SQL database, descended from POSTGRES. It is possible\nto exploit this problem and crash the surrounding application. Hence, a\nPHP script using php4-odbc can be utilised to crash the surrounding\nApache webserver. Other parts of postgresql are not affected.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 07.03.0200-3.

\n

We recommend that you upgrade your postgresql and related package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "517": "
\n

Debian Security Advisory

\n

DSA-517-1 cvs -- buffer overflow

\n
\n
Date Reported:
\n
10 Jun 2004
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10499.
In Mitre's CVE dictionary: CVE-2004-0414.
\n
More information:
\n
\n

Derek Robert Price discovered a potential buffer overflow\nvulnerability in the CVS server, based on a malformed Entry, which\nserves the popular Concurrent Versions System.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-9woody6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.12.9-1.

\n

We recommend that you upgrade your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "518": "
\n

Debian Security Advisory

\n

DSA-518-1 kdelibs -- unsanitised input

\n
\n
Date Reported:
\n
14 Jun 2004
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10358.
In Mitre's CVE dictionary: CVE-2004-0411.
\n
More information:
\n
\n

iDEFENSE identified a vulnerability in the Opera web browser that\ncould be used by remote attackers to create or truncate arbitrary\nfiles on the victims machine. The KDE team discovered that a similar\nvulnerability exists in KDE.

\n

A remote attacker could entice a user to open a carefully crafted\ntelnet URI which may either create or truncate a file in the victims\nhome directory. In KDE 3.2 and later versions the user is first\nexplicitly asked to confirm the opening of the telnet URI.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.10.

\n

We recommend that you upgrade your KDE libraries.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.10.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.10.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "519": "
\n

Debian Security Advisory

\n

DSA-519-1 cvs -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jun 2004
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10499.
In Mitre's CVE dictionary: CVE-2004-0416, CVE-2004-0417, CVE-2004-0418, CVE-2004-0778.
CERT's vulnerabilities, advisories and incident notes: VU#579225.
\n
More information:
\n
\n

Sebastian Krahmer and Stefan Esser discovered several vulnerabilities\nin the CVS server, which serves the popular Concurrent Versions\nSystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-9woody7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.12.9-1.

\n

We recommend that you upgrade your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "520": "
\n

Debian Security Advisory

\n

DSA-520-1 krb5 -- buffer overflows

\n
\n
Date Reported:
\n
16 Jun 2004
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10448.
In Mitre's CVE dictionary: CVE-2004-0523.
\n
More information:
\n
\n

In their advisory MITKRB5-SA-2004-001, the MIT Kerberos announced the\nexistence of buffer overflow vulnerabilities in the\nkrb5_aname_to_localname function. This function is only used if\naname_to_localname is enabled in the configuration (this is not\nenabled by default).

\n

For the current stable distribution (woody), this problem has been\nfixed in version 1.2.4-5woody5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.3-2.

\n

We recommend that you update your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody5.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "521": "
\n

Debian Security Advisory

\n

DSA-521-1 sup -- format string vulnerability

\n
\n
Date Reported:
\n
18 Jun 2004
\n
Affected Packages:
\n
\nsup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10571.
In Mitre's CVE dictionary: CVE-2004-0451.
\n
More information:
\n
\n

jaguar@felinemenace.org discovered a format string vulnerability in\nsup, a set of programs to synchronize collections of files across a\nnumber of machines, whereby a remote attacker could potentially cause\narbitrary code to be executed with the privileges of the supfilesrv\nprocess (this process does not run automatically by default).

\n

CAN-2004-0451: format string vulnerabilities in sup via syslog(3) in\nlogquit, logerr, loginfo functions

\n

For the current stable distribution (woody), this problem has been\nfixed in version 1.8-8woody2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your sup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sup/sup_1.8-8woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "522": "
\n

Debian Security Advisory

\n

DSA-522-1 super -- format string vulnerability

\n
\n
Date Reported:
\n
19 Jun 2004
\n
Affected Packages:
\n
\nsuper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10575.
In Mitre's CVE dictionary: CVE-2004-0579.
\n
More information:
\n
\n

Max Vozeler discovered a format string vulnerability in super, a\nprogram to allow specified users to execute commands with root\nprivileges. This vulnerability could potentially be exploited by a\nlocal user to execute arbitrary code with root privileges.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 3.16.1-1.2.

\n

For the unstable distribution (sid), this problem has been fixed\nin version 3.23.0-1.

\n

We recommend that you update your super package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.dsc
\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "523": "
\n

Debian Security Advisory

\n

DSA-523-1 www-sql -- buffer overflow

\n
\n
Date Reported:
\n
19 Jun 2004
\n
Affected Packages:
\n
\nwww-sql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10577.
In Mitre's CVE dictionary: CVE-2004-0455.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a buffer overflow vulnerability in www-sql,\na CGI program which enables the creation of dynamic web pages by\nembedding SQL statements in HTML. By exploiting this\nvulnerability, a local user could cause the execution of arbitrary\ncode by creating a web page and processing it with www-sql.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.5.7-17woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your www-sql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7-17woody1.dsc
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7-17woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-sql_0.5.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/www-sql/www-mysql_0.5.7-17woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/www-sql/www-pgsql_0.5.7-17woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "524": "
\n

Debian Security Advisory

\n

DSA-524-1 rlpr -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jun 2004
\n
Affected Packages:
\n
\nrlpr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10578.
In Mitre's CVE dictionary: CVE-2004-0393, CVE-2004-0454.
\n
More information:
\n
\n

jaguar@felinemenace.org discovered a format string vulnerability in\nrlpr, a utility for lpd printing without using /etc/printcap. While\ninvestigating this vulnerability, a buffer overflow was also\ndiscovered in related code. By exploiting one of these\nvulnerabilities, a local or remote user could potentially cause\narbitrary code to be executed with the privileges of 1) the rlprd\nprocess (remote), or 2) root (local).

\n

CAN-2004-0393: format string vulnerability via syslog(3) in msg()\nfunction in rlpr

\n

CAN-2004-0454: buffer overflow in msg() function in rlpr

\n

For the current stable distribution (woody), this problem has been\nfixed in version 2.02-7woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your rlpr package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1.dsc
\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rlpr/rlpr_2.02-7woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "525": "
\n

Debian Security Advisory

\n

DSA-525-1 apache -- buffer overflow

\n
\n
Date Reported:
\n
24 Jun 2004
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10508.
In Mitre's CVE dictionary: CVE-2004-0492.
\n
More information:
\n
\n

Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy\nmodule, whereby a remote user could potentially cause arbitrary code\nto be executed with the privileges of an Apache httpd child process\n(by default, user www-data). Note that this bug is only exploitable\nif the mod_proxy module is in use.

\n

Note that this bug exists in a module in the apache-common package,\nshared by apache, apache-ssl and apache-perl, so this update is\nsufficient to correct the bug for all three builds of Apache httpd.\nHowever, on systems using apache-ssl or apache-perl, httpd will not\nautomatically be restarted.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 1.3.26-0woody5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.31-2.

\n

We recommend that you update your apache package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "526": "
\n

Debian Security Advisory

\n

DSA-526-1 webmin -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jul 2004
\n
Affected Packages:
\n
\nwebmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10474.
In Mitre's CVE dictionary: CVE-2004-0582, CVE-2004-0583.
\n
More information:
\n
\n

Two vulnerabilities were discovered in webmin:

\n

CAN-2004-0582: Unknown vulnerability in Webmin 1.140 allows remote\n attackers to bypass access control rules and gain read access to\n configuration information for a module.

\n

CAN-2004-0583: The account lockout functionality in (1) Webmin 1.140\n and (2) Usermin 1.070 does not parse certain character strings, which\n allows remote attackers to conduct a brute force attack to guess user\n IDs and passwords.

\n

For the current stable distribution (woody), these problems have been\nfixed in version 0.94-7woody2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.150-1.

\n

We recommend that you update your webmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2.dsc
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody2_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody2_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "527": "
\n

Debian Security Advisory

\n

DSA-527-1 pavuk -- buffer overflow

\n
\n
Date Reported:
\n
03 Jul 2004
\n
Affected Packages:
\n
\npavuk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10633.
In Mitre's CVE dictionary: CVE-2004-0456.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a vulnerability in pavuk, a file retrieval\nprogram, whereby an oversized HTTP 305 response sent by a malicious\nserver could cause arbitrary code to be executed with the privileges\nof the pavuk process.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.9pl28-1woody1.

\n

pavuk is no longer included in the unstable distribution of Debian.

\n

We recommend that you update your pavuk package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pavuk/pavuk_0.9pl28-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "528": "
\n

Debian Security Advisory

\n

DSA-528-1 ethereal -- denial of service

\n
\n
Date Reported:
\n
17 Jul 2004
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0635.
\n
More information:
\n
\n

Several denial of service vulnerabilities were discovered in ethereal,\na network traffic analyzer. These vulnerabilities are described in the\nethereal advisory \"enpa-sa-00015\". Of these, only one (CAN-2004-0635)\naffects the version of ethereal in Debian woody. This vulnerability\ncould be exploited by a remote attacker to crash ethereal with an\ninvalid SNMP packet.

\n

For the current stable distribution (woody), these problems have been\nfixed in version 0.9.4-1woody8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.10.5-1.

\n

We recommend that you update your ethereal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "529": "
\n

Debian Security Advisory

\n

DSA-529-1 netkit-telnet-ssl -- format string

\n
\n
Date Reported:
\n
17 Jul 2004
\n
Affected Packages:
\n
\nnetkit-telnet-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0640.
\n
More information:
\n
\n

\"b0f\" discovered a format string vulnerability in netkit-telnet-ssl\nwhich could potentially allow a remote attacker to cause the execution\nof arbitrary code with the privileges of the telnet daemon (the\n'telnetd' user by default).

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.17.17+0.1-2woody1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.17.24+0.1-2.

\n

We recommend that you update your netkit-telnet-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "530": "
\n

Debian Security Advisory

\n

DSA-530-1 l2tpd -- buffer overflow

\n
\n
Date Reported:
\n
17 Jul 2004
\n
Affected Packages:
\n
\nl2tpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0649.
\n
More information:
\n
\n

Thomas Walpuski reported a buffer overflow in l2tpd, an implementation\nof the layer 2 tunneling protocol, whereby a remote attacker could\npotentially cause arbitrary code to be executed by transmitting a\nspecially crafted packet. The exploitability of this vulnerability\nhas not been verified.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.67-1.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.70-pre20031121-2.

\n

We recommend that you update your l2tpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2.dsc
\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "531": "
\n

Debian Security Advisory

\n

DSA-531-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jul 2004
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0594, CVE-2004-0595.
\n
More information:
\n
\n

Two vulnerabilities were discovered in php4:

\n
    \n
  • CAN-2004-0594\n

    The memory_limit functionality in PHP 4.x up to\n 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as\n when register_globals is enabled, allows remote attackers to\n execute arbitrary code by triggering a memory_limit abort during\n execution of the zend_hash_init function and overwriting a\n HashTable destructor pointer before the initialization of key data\n structures is complete.

    \n
  • CAN-2004-0595\n

    The strip_tags function in PHP 4.x up to 4.3.7, and\n 5.x up to 5.0.0RC3, does not filter null (\\0) characters within tag\n names when restricting input to allowed tags, which allows\n dangerous tags to be processed by web browsers such as Internet\n Explorer and Safari, which ignore null characters and facilitate\n the exploitation of cross-site scripting (XSS) vulnerabilities.

    \n
\n

For the current stable distribution (woody), these problems have been\nfixed in version 4.1.2-7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.3.8-1.

\n

We recommend that you update your php4 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.1.2-7_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.1.2-7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.0.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "532": "
\n

Debian Security Advisory

\n

DSA-532-2 libapache-mod-ssl -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jul 2004
\n
Affected Packages:
\n
\nlibapache-mod-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0488, CVE-2004-0700.
\n
More information:
\n
\n

Two vulnerabilities were discovered in libapache-mod-ssl:

\n
    \n
  • CAN-2004-0488\n

    Stack-based buffer overflow in the\n ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,\n when mod_ssl is configured to trust the issuing CA, may allow remote\n attackers to execute arbitrary code via a client certificate with a\n long subject DN.

    \n
  • CAN-2004-0700\n

    Format string vulnerability in the ssl_log function\n in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow\n remote attackers to execute arbitrary messages via format string\n specifiers in certain log messages for HTTPS.

    \n
\n

For the current stable distribution (woody), these problems have been\nfixed in version 2.8.9-2.4.

\n

For the unstable distribution (sid), CAN-2004-0488 was fixed in\nversion 2.8.18, and CAN-2004-0700 will be fixed soon.

\n

We recommend that you update your libapache-mod-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.4_all.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "533": "
\n

Debian Security Advisory

\n

DSA-533-1 courier -- cross-site scripting

\n
\n
Date Reported:
\n
22 Jul 2004
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10588.
In Mitre's CVE dictionary: CVE-2004-0591.
\n
More information:
\n
\n

A cross-site scripting vulnerability was discovered in sqwebmail, a\nweb mail application provided by the courier mail suite, whereby an\nattacker could cause web script to be executed within the security\ncontext of the sqwebmail application by injecting it via an email\nmessage.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 0.37.3-2.5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.45.4-4.

\n

We recommend that you update your courier package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.5_all.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "534": "
\n

Debian Security Advisory

\n

DSA-534-1 mailreader -- directory traversal

\n
\n
Date Reported:
\n
22 Jul 2004
\n
Affected Packages:
\n
\nmailreader\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 6055.
In Mitre's CVE dictionary: CVE-2002-1581.
\n
More information:
\n
\n

A directory traversal vulnerability was discovered in mailreader\nwhereby remote attackers could view arbitrary files with the\nprivileges of the nph-mr.cgi process (by default, www-data) via\nrelative paths and a null byte in the configLanguage parameter.

\n

For the current stable distribution (woody), this problem has been\nfixed in version 2.3.29-5woody1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you update your mailreader package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "535": "
\n

Debian Security Advisory

\n

DSA-535-1 squirrelmail -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Aug 2004
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 10246, BugTraq ID 10439.
In Mitre's CVE dictionary: CVE-2004-0519, CVE-2004-0520, CVE-2004-0521, CVE-2004-0639.
\n
More information:
\n
\n

Four vulnerabilities were discovered in squirrelmail:

\n
    \n
  • CAN-2004-0519\n

    Multiple cross-site scripting (XSS) vulnerabilities\n in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary\n script as other users and possibly steal authentication information\n via multiple attack vectors, including the mailbox parameter in\n compose.php.

    \n
  • CAN-2004-0520\n

    Cross-site scripting (XSS) vulnerability in mime.php\n for SquirrelMail before 1.4.3 allows remote attackers to insert\n arbitrary HTML and script via the content-type mail header, as\n demonstrated using read_body.php.

    \n
  • CAN-2004-0521\n

    SQL injection vulnerability in SquirrelMail before\n 1.4.3 RC1 allows remote attackers to execute unauthorized SQL\n statements, with unknown impact, probably via abook_database.php.

    \n
  • CAN-2004-0639\n

    Multiple cross-site scripting (XSS) vulnerabilities\n in Squirrelmail 1.2.10 and earlier allow remote attackers to inject\n arbitrary HTML or script via (1) the $mailer variable in\n read_body.php, (2) the $senderNames_part variable in\n mailbox_display.php, and possibly other vectors including (3) the\n $event_title variable or (4) the $event_text variable.

    \n
\n

For the current stable distribution (woody), these problems have been\nfixed in version 1:1.2.6-1.4.

\n

For the unstable distribution (sid), these problems have been fixed in\n2:1.4.3a-0.1 and earlier versions.

\n

We recommend that you update your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.4.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "536": "
\n

Debian Security Advisory

\n

DSA-536-1 libpng -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2004
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0597, CVE-2004-0598, CVE-2004-0599, CVE-2004-0768.
CERT's vulnerabilities, advisories and incident notes: VU#388984, VU#817368, VU#236656, VU#160448, VU#286464, VU#477512.
\n
More information:
\n
\n

Chris Evans discovered several vulnerabilities in libpng:

\n
    \n
  • CAN-2004-0597\n

    Multiple buffer overflows exist, including when\n handling transparency chunk data, which could be exploited to cause\n arbitrary code to be executed when a specially crafted PNG image is\n processed

    \n
  • CAN-2004-0598\n

    Multiple NULL pointer dereferences in\n png_handle_iCPP() and elsewhere could be exploited to cause an\n application to crash when a specially crafted PNG image is processed

    \n
  • CAN-2004-0599\n

    Multiple integer overflows in the png_handle_sPLT(),\n png_read_png() functions and elsewhere could be exploited to cause an\n application to crash, or potentially arbitrary code to be executed,\n when a specially crafted PNG image is processed

    \n

    In addition, a bug related to CAN-2002-1363 was fixed:

    \n
  • CAN-2004-0768\n

    A buffer overflow could be caused by incorrect\n calculation of buffer offsets, possibly leading to the execution of\n arbitrary code

    \n
\n

For the current stable distribution (woody), these problems have been\nfixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version\n1.0.12-3.woody.7.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you update your libpng and libpng3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.7.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "537": "
\n

Debian Security Advisory

\n

DSA-537-1 ruby -- insecure file permissions

\n
\n
Date Reported:
\n
16 Aug 2004
\n
Affected Packages:
\n
\nruby\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 260779.
In Mitre's CVE dictionary: CVE-2004-0755.
\n
More information:
\n
\n

Andres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell\naccess to the webserver to take over a session.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody3.

\n

For the unstable and testing distributions (sid and sarge) this\nproblem has been fixed in version 1.8.1+1.8.2pre1-4.

\n

We recommend that you upgrade your libruby package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "538": "
\n

Debian Security Advisory

\n

DSA-538-1 rsync -- unsanitised input processing

\n
\n
Date Reported:
\n
17 Aug 2004
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 265662.
In Mitre's CVE dictionary: CVE-2004-0792.
\n
More information:
\n
\n

The rsync developers have discovered a security related problem in\nrsync, a fast remote file copy program, which offers an attacker to\naccess files outside of the defined directory. To exploit this\npath-sanitizing bug, rsync has to run in daemon mode with the chroot\noption being disabled. It does not affect the normal send/receive\nfilenames that specify what files should be transferred. It does\naffect certain option paths that cause auxiliary files to be read or\nwritten.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.5.5-0.6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.6.2-3.

\n

We recommend that you upgrade your rsync package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6.dsc
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "539": "
\n

Debian Security Advisory

\n

DSA-539-1 kdelibs -- temporary directory vulnerability

\n
\n
Date Reported:
\n
17 Aug 2004
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0689.
\n
More information:
\n
\n

The SUSE security team was alerted that in some cases the integrity of\nsymlinks used by KDE are not ensured and that these symlinks can be\npointing to stale locations. This can be abused by a local attacker\nto create or truncate arbitrary files or to prevent KDE applications\nfrom functioning correctly.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.12.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.3.0-1.

\n

We recommend that you upgrade your kde packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.12.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.12.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.12_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "540": "
\n

Debian Security Advisory

\n

DSA-540-1 mysql -- insecure file creation

\n
\n
Date Reported:
\n
18 Aug 2004
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0457.
\n
More information:
\n
\n

Jeroen van Wolffelaar discovered an insecure\ntemporary file vulnerability in the mysqlhotcopy script when using the\nscp method which is part of the mysql-server package.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.23.49-8.7 of mysql.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.20-11 of mysql-dfsg.

\n

We recommend that you upgrade your mysql-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.7.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.7.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.7_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "541": "
\n

Debian Security Advisory

\n

DSA-541-1 icecast-server -- missing escape

\n
\n
Date Reported:
\n
24 Aug 2004
\n
Affected Packages:
\n
\nicecast-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0781.
\n
More information:
\n
\n

Markus W\u00f6rle discovered a cross site scripting problem in\nstatus-display (list.cgi) of the icecast internal webserver, an MPEG\nlayer III streaming server. The UserAgent variable is not properly\nhtml_escaped so that an attacker could cause the client to execute\narbitrary Java script commands.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.3.11-4.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.12-8.

\n

We recommend that you upgrade your icecast-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2.dsc
\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icecast-server/icecast-server_1.3.11-4.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "542": "
\n

Debian Security Advisory

\n

DSA-542-1 qt -- unsanitised input

\n
\n
Date Reported:
\n
30 Aug 2004
\n
Affected Packages:
\n
\nqt-copy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 267092.
In Mitre's CVE dictionary: CVE-2004-0691, CVE-2004-0692, CVE-2004-0693.
\n
More information:
\n
\n

Several vulnerabilities were discovered in recent versions of Qt, a\ncommonly used graphic widget set, used in KDE for example. The first\nproblem allows an attacker to execute arbitrary code, while the other\ntwo only seem to pose a denial of service danger. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CAN-2004-0691:\n

    Chris Evans has discovered a heap-based overflow when handling\n 8-bit RLE encoded BMP files.

    \n
  • CAN-2004-0692:\n

    Marcus Meissner has discovered a crash condition in the XPM\n handling code, which is not yet fixed in Qt 3.3.

    \n
  • CAN-2004-0693:\n

    Marcus Meissner has discovered a crash condition in the GIF\n handling code, which is not yet fixed in Qt 3.3.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.0.3-20020329-1woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.3.3-4 of qt-x11-free.

\n

We recommend that you upgrade your qt packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt-copy_3.0.3-20020329.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-doc_3.0.3-20020329-1woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-dev_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-dev_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-mysql_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mt-odbc_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-mysql_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqt3-odbc_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/libqxt0_3.0.3-20020329-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-copy/qt3-tools_3.0.3-20020329-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "543": "
\n

Debian Security Advisory

\n

DSA-543-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Aug 2004
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0642, CVE-2004-0643, CVE-2004-0644, CVE-2004-0772.
CERT's vulnerabilities, advisories and incident notes: VU#795632, VU#866472, VU#550464, VU#350792.
\n
More information:
\n
\n

The MIT Kerberos Development Team has discovered a number of\nvulnerabilities in the MIT Kerberos Version 5 software. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CAN-2004-0642 [VU#795632]\n

    A double-free error may allow unauthenticated remote attackers to\n execute arbitrary code on KDC or clients.

    \n
  • CAN-2004-0643 [VU#866472]\n

    Several double-free errors may allow authenticated attackers to\n execute arbitrary code on Kerberos application servers.

    \n
  • CAN-2004-0644 [VU#550464]\n

    A remotely exploitable denial of service vulnerability has been\n found in the KDC and libraries.

    \n
  • CAN-2004-0772 [VU#350792]\n

    Several double-free errors may allow remote attackers to execute\n arbitrary code on the server. This does not affect the version in\n woody.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.4-5woody6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.4-3.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody6.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "544": "
\n

Debian Security Advisory

\n

DSA-544-1 webmin -- insecure temporary directory

\n
\n
Date Reported:
\n
14 Sep 2004
\n
Affected Packages:
\n
\nwebmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0559.
\n
More information:
\n
\n

Ludwig Nussel discovered a problem in webmin, a web-based\nadministration toolkit. A temporary directory was used but without\nchecking for the previous owner. This could allow an attacker to\ncreate the directory and place dangerous symbolic links inside.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.94-7woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.160-1 of webmin and 1.090-1 of usermin.

\n

We recommend that you upgrade your webmin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.dsc
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-apache_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-bind8_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-burner_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-software_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cluster-useradmin_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-cpan_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-dhcpd_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-exports_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-fetchmail_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-heartbeat_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-inetd_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-jabber_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-lpadmin_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mon_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-mysql_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-nis_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postfix_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-postgresql_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ppp_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-qmailadmin_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-quota_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-raid_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-samba_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sendmail_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-software_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-squid_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-sshd_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-ssl_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-status_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-stunnel_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-wuftpd_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-xinetd_0.94-7woody3_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_0.94-7woody3_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-grub_0.94-7woody3_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "545": "
\n

Debian Security Advisory

\n

DSA-545-1 cupsys -- denial of service

\n
\n
Date Reported:
\n
15 Sep 2004
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0558.
\n
More information:
\n
\n

Alvaro Martinez Echevarria discovered a problem in CUPS, the Common\nUNIX Printing System. An attacker can easily disable browsing in CUPS\nby sending a specially crafted UDP datagram to port 631 where cupsd is\nrunning.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5woody6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.20final+rc1-6.

\n

We recommend that you upgrade your cups packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "546": "
\n

Debian Security Advisory

\n

DSA-546-1 gdk-pixbuf -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Sep 2004
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0753, CVE-2004-0782, CVE-2004-0788.
CERT's vulnerabilities, advisories and incident notes: VU#825374, VU#729894, VU#577654.
\n
More information:
\n
\n

Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf\nlibrary used in Gtk. It is possible for an attacker to execute\narbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an\nexternal package. For Gtk+2.0 it's part of the main gtk package.

\n

The Common Vulnerabilities and Exposures Project identifies the\nfollowing vulnerabilities:

\n\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.17.0-2woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.22.0-7.

\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "547": "
\n

Debian Security Advisory

\n

DSA-547-1 imagemagick -- buffer overflows

\n
\n
Date Reported:
\n
16 Sep 2004
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 268357.
In Mitre's CVE dictionary: CVE-2004-0827.
\n
More information:
\n
\n

Marcus Meissner from SUSE has discovered several buffer overflows in\nthe ImageMagick graphics library. An attacker could create a\nmalicious image or video file in AVI, BMP, or DIB format that could\ncrash the reading process. It might be possible that carefully\ncrafted images could also allow to execute arbitrary code with the\ncapabilities of the invoking process.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.0.6.2-1.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "548": "
\n

Debian Security Advisory

\n

DSA-548-2 imlib -- unsanitised input

\n
\n
Date Reported:
\n
16 Sep 2004
\n
Affected Packages:
\n
\nimlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0817.
\n
More information:
\n
\n

Marcus Meissner discovered a heap overflow error in imlib, an imaging\nlibrary for X and X11, that could be abused by an attacker to execute\narbitrary code on the victim's machine. The updated packages we have\nprovided in DSA 548-1 did not seem to be sufficient, which should be\nfixed by this update.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.9.14-2woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.14-16.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9.14-17 of imlib and in version 1.9.14-16.2 of imlib+png2.

\n

We recommend that you upgrade your imlib1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "549": "
\n

Debian Security Advisory

\n

DSA-549-1 gtk+ -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Sep 2004
\n
Affected Packages:
\n
\ngtk+2.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0782, CVE-2004-0783, CVE-2004-0788.
CERT's vulnerabilities, advisories and incident notes: VU#729894, VU#369358, VU#577654.
\n
More information:
\n
\n

Chris Evans discovered several problems in gdk-pixbuf, the GdkPixBuf\nlibrary used in Gtk. It is possible for an attacker to execute\narbitrary code on the victims machine. Gdk-pixbuf for Gtk+1.2 is an\nexternal package. For Gtk+2.0 it's part of the main gtk package.

\n

The Common Vulnerabilities and Exposures Project identifies the\nfollowing vulnerabilities:

\n\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0.2-5woody2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your Gtk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "550": "
\n

Debian Security Advisory

\n

DSA-550-1 wv -- buffer overflow

\n
\n
Date Reported:
\n
20 Sep 2004
\n
Affected Packages:
\n
\nwv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 264972.
In Mitre's CVE dictionary: CVE-2004-0645.
\n
More information:
\n
\n

iDEFENSE discovered a buffer overflow in the wv library, used to\nconvert and preview Microsoft Word documents. An attacker could\ncreate a specially crafted document that could lead wvHtml to execute\narbitrary code on the victims machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.7.1+rvt-2woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your wv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wv/wv_0.7.1+rvt-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "551": "
\n

Debian Security Advisory

\n

DSA-551-1 lukemftpd -- incorrect internal variable handling

\n
\n
Date Reported:
\n
21 Sep 2004
\n
Affected Packages:
\n
\nlukemftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0794.
\n
More information:
\n
\n

Przemyslaw Frasunek discovered a vulnerability in tnftpd or lukemftpd\nrespectively, the enhanced ftp daemon from NetBSD. An attacker could\nutilise this to execute arbitrary code on the server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1-2.2.

\n

We recommend that you upgrade your lukemftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "552": "
\n

Debian Security Advisory

\n

DSA-552-1 imlib2 -- unsanitised input

\n
\n
Date Reported:
\n
22 Sep 2004
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 271375.
In Mitre's CVE dictionary: CVE-2004-0802.
\n
More information:
\n
\n

Marcus Meissner discovered a heap overflow error in imlib2, an imaging\nlibrary for X and X11 and the successor of imlib, that may be utilised\nby an attacker to execute arbitrary code on the victims machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.5-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.0-12.4.

\n

We recommend that you upgrade your imlib2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "553": "
\n

Debian Security Advisory

\n

DSA-553-1 getmail -- symlink vulnerability

\n
\n
Date Reported:
\n
27 Sep 2004
\n
Affected Packages:
\n
\ngetmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 272561.
In Mitre's CVE dictionary: CVE-2004-0880, CVE-2004-0881.
\n
More information:
\n
\n

A security problem has been discovered in getmail, a POP3 and APOP\nmail gatherer and forwarder. An attacker with a shell account on the\nvictims host could utilise getmail to overwrite arbitrary files when\nit is running as root.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.3.7-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.2.5-1.

\n

We recommend that you upgrade your getmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.dsc
\n
http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/getmail/getmail_2.3.7-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "554": "
\n

Debian Security Advisory

\n

DSA-554-1 sendmail -- pre-set password

\n
\n
Date Reported:
\n
27 Sep 2004
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0833.
\n
More information:
\n
\n

Hugo Espuny discovered a problem in sendmail, a commonly used program\nto deliver electronic mail. When installing \"sasl-bin\" to use sasl in\nconnection with sendmail, the sendmail configuration script use fixed\nuser/pass information to initialise the sasl database. Any spammer\nwith Debian systems knowledge could utilise such a sendmail\ninstallation to relay spam.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 8.12.3-7.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.13.1-13.

\n

We recommend that you upgrade your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "555": "
\n

Debian Security Advisory

\n

DSA-555-1 freenet6 -- wrong file permissions

\n
\n
Date Reported:
\n
30 Sep 2004
\n
Affected Packages:
\n
\nfreenet6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 254709.
In Mitre's CVE dictionary: CVE-2004-0563.
\n
More information:
\n
\n

Simon Josefsson noticed that the tspc.conf configuration file in\nfreenet6, a client to configure an IPv6 tunnel to freenet6.net, is set\nworld readable. This file can contain the username and the password\nused to contact the IPv6 tunnelbroker freenet6.net.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.6-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0-2.2.

\n

We recommend that you upgrade your freenet6 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freenet6/freenet6_0.9.6-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "556": "
\n

Debian Security Advisory

\n

DSA-556-2 netkit-telnet -- invalid free(3)

\n
\n
Date Reported:
\n
18 Oct 2004
\n
Affected Packages:
\n
\nnetkit-telnet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 273694.
In Mitre's CVE dictionary: CVE-2004-0911.
\n
More information:
\n
\n

Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)\nwhereby a remote attacker could cause the telnetd process to free an\ninvalid pointer. This causes the telnet server process to crash,\nleading to a straightforward denial of service (inetd will disable the\nservice if telnetd is crashed repeatedly), or possibly the execution\nof arbitrary code with the privileges of the telnetd process (by\ndefault, the 'telnetd' user).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17-18woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17-26.

\n

We recommend that you upgrade your netkit-telnet package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "557": "
\n

Debian Security Advisory

\n

DSA-557-1 rp-pppoe -- missing privilege dropping

\n
\n
Date Reported:
\n
04 Oct 2004
\n
Affected Packages:
\n
\nrp-pppoe, pppoe\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0564.
\n
More information:
\n
\n

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet\ndriver from Roaring Penguin. When the program is running setuid root\n(which is not the case in a default Debian installation), an attacker\ncould overwrite any file on the file system.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.3-1.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5-4.

\n

We recommend that you upgrade your pppoe package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.dsc
\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "558": "
\n

Debian Security Advisory

\n

DSA-558-1 libapache-mod-dav -- null pointer dereference

\n
\n
Date Reported:
\n
06 Oct 2004
\n
Affected Packages:
\n
\nlibapache-mod-dav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0809.
\n
More information:
\n
\n

Julian Reschke reported a problem in mod_dav of Apache 2 in connection\nwith a NULL pointer dereference. When running in a threaded model,\nespecially with Apache 2, a segmentation fault can take out a whole\nprocess and hence create a denial of service for the whole server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.3-3.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.3-10 of libapache-mod-dav and in version 2.0.51-1 of\nApache 2.

\n

We recommend that you upgrade your mod_dav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-dav/libapache-mod-dav_1.0.3-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "559": "
\n

Debian Security Advisory

\n

DSA-559-1 net-acct -- insecure temporary file

\n
\n
Date Reported:
\n
06 Oct 2004
\n
Affected Packages:
\n
\nnet-acct\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 270359.
In Mitre's CVE dictionary: CVE-2004-0851.
\n
More information:
\n
\n

Stefan Nordhausen has identified a local security hole in net-acct, a\nuser-mode IP accounting daemon. Old and redundant code from some time\nway back in the past created a temporary file in an insecure fashion.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.71-5woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.71-7.

\n

We recommend that you upgrade your net-acct package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/net-acct/net-acct_0.71-5woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "560": "
\n

Debian Security Advisory

\n

DSA-560-1 lesstif1-1 -- integer and stack overflows

\n
\n
Date Reported:
\n
07 Oct 2004
\n
Affected Packages:
\n
\nlesstif1-1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0687, CVE-2004-0688.
CERT's vulnerabilities, advisories and incident notes: VU#537878, VU#882750.
\n
More information:
\n
\n

Chris Evans discovered several stack and integer overflows in the\nlibXpm library which is included in LessTif.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.93.18-5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.93.94-10.

\n

We recommend that you upgrade your lesstif packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18-5.dsc
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18-5.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1-1_0.93.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-doc_0.93.18-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-bin_0.93.18-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dbg_0.93.18-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif-dev_0.93.18-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lesstif1-1/lesstif1_0.93.18-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "561": "
\n

Debian Security Advisory

\n

DSA-561-1 xfree86 -- integer and stack overflows

\n
\n
Date Reported:
\n
11 Oct 2004
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0687, CVE-2004-0688.
CERT's vulnerabilities, advisories and incident notes: VU#537878, VU#882750.
\n
More information:
\n
\n

Chris Evans discovered several stack and integer overflows in the\nlibXpm library which is provided by X.Org, XFree86 and LessTif.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.0-16woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.3.0.dfsg.1-8.

\n

We recommend that you upgrade your libxpm packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody4.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "562": "
\n

Debian Security Advisory

\n

DSA-562-1 mysql -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Oct 2004
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0835, CVE-2004-0836, CVE-2004-0837.
\n
More information:
\n
\n

Several problems have been discovered in MySQL, a commonly used SQL\ndatabase on Unix servers. The following problems have been identified\nby the Common Vulnerabilities and Exposures Project:

\n
    \n
  • CAN-2004-0835\n

    Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks\n CREATE/INSERT rights of the old table instead of the new one.

    \n
    • \n
  • CAN-2004-0836\n

    Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect\n function.

    \n
    • \n
  • CAN-2004-0837\n

    Dean Ellis noticed that multiple threads ALTERing the same (or\n different) MERGE tables to change the UNION can cause the server\n to crash or stall.

    \n
    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.0.21-1.

\n

We recommend that you upgrade your mysql and related packages and\nrestart services linking against them (e.g. Apache/PHP).

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.8.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.8.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.8_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "563": "
\n

Debian Security Advisory

\n

DSA-563-3 cyrus-sasl -- unsanitised input

\n
\n
Date Reported:
\n
14 Oct 2004
\n
Affected Packages:
\n
\ncyrus-sasl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 275498.
In Mitre's CVE dictionary: CVE-2004-0884.
\n
More information:
\n
\n

This advisory is an addition to DSA 563-1 and 563-2 which weren't able\nto supersede the library on sparc and arm due to a different version\nnumber for them in the stable archive. Other architectures were\nupdated properly. Another problem was reported in connection with\nsendmail, though, which should be fixed with this update as well.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.5.27-3.1woody5.

\n

For reference the advisory text follows:

\n
\n

A vulnerability has been discovered in the Cyrus implementation of the\nSASL library, the Simple Authentication and Security Layer, a method\nfor adding authentication support to connection-based protocols. The\nlibrary honors the environment variable SASL_PATH blindly, which\nallows a local user to link against a malicious library to run\narbitrary code with the privileges of a setuid or setgid application.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of\ncyrus-sasl2.

\n
\n

We recommend that you upgrade your libsasl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27-3.1woody5.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27-3.1woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3.1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3.1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3.1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3.1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3.1woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "564": "
\n

Debian Security Advisory

\n

DSA-564-1 mpg123 -- missing user input sanitising

\n
\n
Date Reported:
\n
13 Oct 2004
\n
Affected Packages:
\n
\nmpg123\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0805.
\n
More information:
\n
\n

Davide Del Vecchio discovered a vulnerability in mpg123, a popular (but\nnon-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3\nfile could cause the header checks in mpg123 to fail, which could in\nturn allow arbitrary code to be executed with the privileges of the\nuser running mpg123.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.59r-13woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.59r-16.

\n

We recommend that you upgrade your mpg123 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3.dsc
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3.diff.gz
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-13woody3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-13woody3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-13woody3_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "565": "
\n

Debian Security Advisory

\n

DSA-565-1 sox -- buffer overflow

\n
\n
Date Reported:
\n
13 Oct 2004
\n
Affected Packages:
\n
\nsox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 262083.
In Mitre's CVE dictionary: CVE-2004-0557.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar has reported two vulnerabilities in SoX, a universal\nsound sample translator, which may be exploited by malicious people to\ncompromise a user's system with a specially crafted .wav file.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 12.17.3-4woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 12.17.4-9.

\n

We recommend that you upgrade your sox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sox/sox_12.17.3-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sox/sox-dev_12.17.3-4woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "566": "
\n

Debian Security Advisory

\n

DSA-566-1 cupsys -- unsanitised input

\n
\n
Date Reported:
\n
14 Oct 2004
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0923.
CERT's vulnerabilities, advisories and incident notes: VU#557062.
\n
More information:
\n
\n

An information leak has been detected in CUPS, the Common UNIX\nPrinting System, which may lead to the disclosure of sensitive\ninformation, such as user names and passwords which are written into\nlog files.

\n

The used patch only eliminates the authentication information in the\ndevice URI which is logged in the error_log file. It does not\neliminate the URI from the environment and process table, which is why\nthe CUPS developers recommend that system administrators do not code\nauthentication information in device URIs in the first place.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5woody7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.20final+rc1-9.

\n

We recommend that you upgrade your CUPS package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "567": "
\n

Debian Security Advisory

\n

DSA-567-1 tiff -- heap overflows

\n
\n
Date Reported:
\n
15 Oct 2004
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11406.
In Mitre's CVE dictionary: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886.
CERT's vulnerabilities, advisories and incident notes: VU#687568, VU#555304.
\n
More information:
\n
\n

Several problems have been discovered in libtiff, the Tag Image File\nFormat library for processing TIFF graphics files. An attacker could\nprepare a specially crafted TIFF graphic that would cause the client\nto execute arbitrary code or crash. The Common Vulnerabilities and\nExposures Project has identified the following problems:

\n
    \n
  • CAN-2004-0803\n

    Chris Evans discovered several problems in the RLE (run length\n encoding) decoders that could lead to arbitrary code execution.

    \n
    • \n
  • CAN-2004-0804\n

    Matthias Clasen discovered a division by zero through an integer\n overflow.

    \n
    • \n
  • CAN-2004-0886\n

    Dmitry V. Levin discovered several integer overflows that caused\n malloc issues which can result to either plain crash or memory\n corruption.

    \n
    • \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.5.5-6woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.6.1-2.

\n

We recommend that you upgrade your libtiff package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "568": "
\n

Debian Security Advisory

\n

DSA-568-1 cyrus-sasl-mit -- unsanitised input

\n
\n
Date Reported:
\n
16 Oct 2004
\n
Affected Packages:
\n
\ncyrus-sasl-mit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 275498.
In Mitre's CVE dictionary: CVE-2004-0884.
\n
More information:
\n
\n

A vulnerability has been discovered in the Cyrus implementation of the\nSASL library, the Simple Authentication and Security Layer, a method\nfor adding authentication support to connection-based protocols. The\nlibrary honors the environment variable SASL_PATH blindly, which\nallows a local user to link against a malicious library to run\narbitrary code with the privileges of a setuid or setgid application.

\n

The MIT version of the Cyrus implementation of the SASL library\nprovides bindings against MIT GSSAPI and MIT Kerberos4.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.5.24-15woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your libsasl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/cyrus-sasl-mit_1.5.24-15woody3.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/cyrus-sasl-mit_1.5.24-15woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/cyrus-sasl-mit_1.5.24.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-gssapi-mit_1.5.24-15woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl-mit/libsasl-krb4-mit_1.5.24-15woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "569": "
\n

Debian Security Advisory

\n

DSA-569-1 netkit-telnet-ssl -- invalid free(3)

\n
\n
Date Reported:
\n
18 Oct 2004
\n
Affected Packages:
\n
\nnetkit-telnet-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 273694.
In Mitre's CVE dictionary: CVE-2004-0911.
\n
More information:
\n
\n

Michal Zalewski discovered a bug in the netkit-telnet server (telnetd)\nwhereby a remote attacker could cause the telnetd process to free an\ninvalid pointer. This causes the telnet server process to crash,\nleading to a straightforward denial of service (inetd will disable the\nservice if telnetd is crashed repeatedly), or possibly the execution\nof arbitrary code with the privileges of the telnetd process (by\ndefault, the 'telnetd' user).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17.17+0.1-2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17.24+0.1-4.

\n

We recommend that you upgrade your netkit-telnet-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "570": "
\n

Debian Security Advisory

\n

DSA-570-1 libpng -- integer overflow

\n
\n
Date Reported:
\n
20 Oct 2004
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0599.
\n
More information:
\n
\n

Several integer overflows have been discovered by its upstream\ndevelopers in libpng, a commonly used library to display PNG graphics.\nThey could be exploited to cause arbitrary code to be executed when a\nspecially crafted PNG image is processed.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.12-3.woody.9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.15-8.

\n

We recommend that you upgrade your libpng packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12-3.woody.9.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.0.12.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2_1.0.12-3.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng2-dev_1.0.12-3.woody.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "571": "
\n

Debian Security Advisory

\n

DSA-571-1 libpng3 -- buffer overflows, integer overflow

\n
\n
Date Reported:
\n
20 Oct 2004
\n
Affected Packages:
\n
\nlibpng3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0599.
\n
More information:
\n
\n

Several integer overflows have been discovered by its upstream\ndevelopers in libpng, a commonly used library to display PNG graphics.\nThey could be exploited to cause arbitrary code to be executed when a\nspecially crafted PNG image is processed.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.1-1.1.woody.9.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.5.0-9.

\n

We recommend that you upgrade your libpng3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng-dev_1.2.1-1.1.woody.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng3/libpng3_1.2.1-1.1.woody.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "572": "
\n

Debian Security Advisory

\n

DSA-572-1 ecartis -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Oct 2004
\n
Affected Packages:
\n
\necartis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0913.
\n
More information:
\n
\n

A problem has been discovered in ecartis, a mailing-list manager,\nwhich allows an attacker in the same domain as the list admin to gain\nadministrator privileges and alter list settings.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.129a+1.0.0-snap20020514-1.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.0+cvs.20030911-8.

\n

We recommend that you upgrade your ecartis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3.dsc
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis_0.129a+1.0.0-snap20020514-1.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ecartis/ecartis-cgi_0.129a+1.0.0-snap20020514-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "573": "
\n

Debian Security Advisory

\n

DSA-573-1 cupsys -- integer overflows

\n
\n
Date Reported:
\n
21 Oct 2004
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0888.
\n
More information:
\n
\n

Chris Evans discovered several integer overflows in xpdf, that are\nalso present in CUPS, the Common UNIX Printing System, which can be\nexploited remotely by a specially crafted PDF document.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody10.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.1.20final+rc1-10.

\n

We recommend that you upgrade your CUPS packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "574": "
\n

Debian Security Advisory

\n

DSA-574-1 cabextract -- missing directory sanitising

\n
\n
Date Reported:
\n
28 Oct 2004
\n
Affected Packages:
\n
\ncabextract\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 277522.
In Mitre's CVE dictionary: CVE-2004-0916.
\n
More information:
\n
\n

The upstream developers discovered a problem in cabextract, a tool to\nextract cabinet files. The program was able to overwrite files in\nupper directories. This could lead an attacker to overwrite arbitrary\nfiles.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.2-2b.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1-1.

\n

We recommend that you upgrade your cabextract package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b.dsc
\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_0.2-2b_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "575": "
\n

Debian Security Advisory

\n

DSA-575-1 catdoc -- insecure temporary file

\n
\n
Date Reported:
\n
28 Oct 2004
\n
Affected Packages:
\n
\ncatdoc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 183525.
In Mitre's CVE dictionary: CVE-2003-0193.
\n
More information:
\n
\n

A temporary file problem has been discovered in xlsview from the\ncatdoc suite, convertors from Word to TeX and plain text, which could\nlead to local users being able to overwrite arbitrary files via a\nsymlink attack on predictable temporary file names.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.91.5-1.woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.91.5-2.

\n

We recommend that you upgrade your catdoc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3.dsc
\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "576": "
\n

Debian Security Advisory

\n

DSA-576-1 squid -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Oct 2004
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 133131.
In Mitre's CVE dictionary: CVE-1999-0710, CVE-2004-0918.
\n
More information:
\n
\n

Several security vulnerabilities have been discovered in Squid, the\ninternet object cache, the popular WWW proxy cache. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-1999-0710\n

    It is possible to bypass access lists and scan arbitrary hosts and\n ports in the network through cachemgr.cgi, which is installed by\n default. This update disables this feature and introduces a\n configuration file (/etc/squid/cachemgr.conf) to control\n this behavior.

    \n
  • CAN-2004-0918\n

    The asn_parse_header function (asn1.c) in the SNMP module for\n Squid allows remote attackers to cause a denial of service via\n certain SNMP packets with negative length fields that causes a\n memory allocation error.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-1.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "577": "
\n

Debian Security Advisory

\n

DSA-577-1 postgresql -- insecure temporary file

\n
\n
Date Reported:
\n
29 Oct 2004
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278336.
In Mitre's CVE dictionary: CVE-2004-0977.
\n
More information:
\n
\n

Trustix Security Engineers identified insecure temporary file creation\nin a script included in the postgresql suite, an object-relational SQL\ndatabase. This could lead an attacker to trick a user to overwrite\narbitrary files he has write access to.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7.4.6-1.

\n

We recommend that you upgrade your postgresql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "578": "
\n

Debian Security Advisory

\n

DSA-578-1 mpg123 -- buffer overflow

\n
\n
Date Reported:
\n
01 Nov 2004
\n
Affected Packages:
\n
\nmpg123\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0982.
\n
More information:
\n
\n

Carlos Barros has discovered a buffer overflow in the HTTP\nauthentication routine of mpg123, a popular (but non-free) MPEG layer\n1/2/3 audio player. If a user opened a malicious playlist or URL, an\nattacker might execute arbitrary code with the rights of the calling\nuser.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.59r-13woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.59r-17.

\n

We recommend that you upgrade your mpg123 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4.dsc
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4.diff.gz
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-13woody4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-13woody4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-13woody4_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-13woody4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-13woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "579": "
\n

Debian Security Advisory

\n

DSA-579-1 abiword -- buffer overflow

\n
\n
Date Reported:
\n
01 Nov 2004
\n
Affected Packages:
\n
\nabiword\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0645.
\n
More information:
\n
\n

A buffer overflow vulnerability has been discovered in the wv library,\nused for converting and previewing word documents. On exploitation an\nattacker could execute arbitrary code with the privileges of the user\nrunning the vulnerable application.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.2+cvs.2002.06.05-1woody2.

\n

The package in the unstable distribution (sid) is not affected.

\n

We recommend that you upgrade your abiword package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody2_all.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "580": "
\n

Debian Security Advisory

\n

DSA-580-1 iptables -- missing initialisation

\n
\n
Date Reported:
\n
01 Nov 2004
\n
Affected Packages:
\n
\niptables\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 219686.
In Mitre's CVE dictionary: CVE-2004-0986.
\n
More information:
\n
\n

Faheem Mitha noticed that the iptables command, an administration tool\nfor IPv4 packet filtering and NAT, did not always load the required\nmodules on its own as it was supposed to. This could lead to firewall\nrules not being loaded on system startup. This caused a failure in\nconnection with rules provided by lokkit at least.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.6a-5.0woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.11-4.

\n

We recommend that you upgrade your iptables package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.dsc
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iptables/iptables_1.2.6a-5.0woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iptables/iptables-dev_1.2.6a-5.0woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "581": "
\n

Debian Security Advisory

\n

DSA-581-1 xpdf -- integer overflows

\n
\n
Date Reported:
\n
02 Nov 2004
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278298.
In Mitre's CVE dictionary: CVE-2004-0888.
\n
More information:
\n
\n

Chris Evans discovered several integer overflows in xpdf, a viewer for\nPDF files, which can be exploited remotely by a specially crafted PDF\ndocument and lead to the execution of arbitrary code.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.00-3.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.00-9.

\n

We recommend that you upgrade your xpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "582": "
\n

Debian Security Advisory

\n

DSA-582-1 libxml -- buffer overflow

\n
\n
Date Reported:
\n
02 Nov 2004
\n
Affected Packages:
\n
\nlibxml, libxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0989.
\n
More information:
\n
\n

\"infamous41md\" discovered several buffer overflows in libxml and\nlibxml2, the XML C parser and toolkits for GNOME. Missing boundary\nchecks could cause several buffers to be overflown, which may cause\nthe client to execute arbitrary code.

\n

The following vulnerability matrix lists corrected versions of these\nlibraries:

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.8.17-2woody2 of libxml and in version 2.4.19-4woody2 of\nlibxml2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.8.17-9 of libxml and in version 2.6.11-5 of libxml2.

\n

These problems have also been fixed in version 2.6.15-1 of libxml2 in\nthe experimental distribution.

\n

We recommend that you upgrade your libxml packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "583": "
\n

Debian Security Advisory

\n

DSA-583-1 lvm10 -- insecure temporary directory

\n
\n
Date Reported:
\n
03 Nov 2004
\n
Affected Packages:
\n
\nlvm10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 279229.
In Mitre's CVE dictionary: CVE-2004-0972.
\n
More information:
\n
\n

Trustix developers discovered insecure temporary file creation in a\nsupplemental script in the lvm10 package that didn't check for\nexisting temporary directories, allowing local users to overwrite\nfiles via a symlink attack.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.4-5woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.8-8.

\n

We recommend that you upgrade your lvm10 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "584": "
\n

Debian Security Advisory

\n

DSA-584-1 dhcp -- format string vulnerability

\n
\n
Date Reported:
\n
04 Nov 2004
\n
Affected Packages:
\n
\ndhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1006.
\n
More information:
\n
\n

\"infamous41md\" noticed that the log functions in dhcp 2.x, which is\nstill distributed in the stable Debian release, contained pass\nparameters to function that use format strings. One use seems to be\nexploitable in connection with a malicious DNS server.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0pl5-11woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0pl5-19.1.

\n

We recommend that you upgrade your dhcp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-11woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-11woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-11woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "585": "
\n

Debian Security Advisory

\n

DSA-585-1 shadow -- programming error

\n
\n
Date Reported:
\n
05 Nov 2004
\n
Affected Packages:
\n
\nshadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1001.
\n
More information:
\n
\n

A vulnerability has been discovered in the shadow suite which provides\nprograms like chfn and chsh. It is possible for a user, who is logged\nin but has an expired password to alter his account information with\nchfn or chsh without having to change the password. The problem was\noriginally thought to be more severe.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 20000902-12woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.3-30.3.

\n

We recommend that you upgrade your passwd package (from the shadow\nsuite).

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "586": "
\n

Debian Security Advisory

\n

DSA-586-1 ruby -- infinite loop

\n
\n
Date Reported:
\n
08 Nov 2004
\n
Affected Packages:
\n
\nruby\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0983.
\n
More information:
\n
\n

The upstream developers of Ruby have corrected a problem in the CGI\nmodule for this language. Specially crafted requests could cause an\ninfinite loop and thus cause the program to eat up cpu cycles.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.8-12 of ruby1.6 and in version 1.8.1+1.8.2pre2-4 of\nruby1.8.

\n

We recommend that you upgrade your ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "587": "
\n

Debian Security Advisory

\n

DSA-587-1 freeamp -- buffer overflow

\n
\n
Date Reported:
\n
08 Nov 2004
\n
Affected Packages:
\n
\nfreeamp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0964.
\n
More information:
\n
\n

Luigi Auriemma discovered a buffer overflow condition in the playlist\nmodule of freeamp which could lead to arbitrary code execution.\nRecent versions of freeamp were renamed into zinf.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.1.1.0-4woody2.

\n

For the unstable distribution (sid) this problem does not exist in the\nzinf package as the code in question was rewritten.

\n

We recommend that you upgrade your freeamp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-doc_2.1.1.0-4woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp_2.1.1.0-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/freeamp-extras_2.1.1.0-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-alsa_2.1.1.0-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeamp/libfreeamp-esound_2.1.1.0-4woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "588": "
\n

Debian Security Advisory

\n

DSA-588-1 gzip -- insecure temporary files

\n
\n
Date Reported:
\n
08 Nov 2004
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11288.
In Mitre's CVE dictionary: CVE-2004-0970.
\n
More information:
\n
\n

Trustix developers discovered insecure temporary file creation in\nsupplemental scripts in the gzip package which may allow local users\nto overwrite files via a symlink attack.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3.2-3woody3.

\n

The unstable distribution (sid) is not affected by these problems.

\n

We recommend that you upgrade your gzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "589": "
\n

Debian Security Advisory

\n

DSA-589-1 libgd1 -- integer overflows

\n
\n
Date Reported:
\n
09 Nov 2004
\n
Affected Packages:
\n
\nlibgd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11523.
In Mitre's CVE dictionary: CVE-2004-0990.
\n
More information:
\n
\n

\"infamous41md\" discovered several integer overflows in the PNG image\ndecoding routines of the GD graphics library. This could lead to the\nexecution of arbitrary code on the victim's machine.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of\nlibgd2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libgd1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "590": "
\n

Debian Security Advisory

\n

DSA-590-1 gnats -- format string vulnerability

\n
\n
Date Reported:
\n
09 Nov 2004
\n
Affected Packages:
\n
\ngnats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278577.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10609.
In Mitre's CVE dictionary: CVE-2004-0623.
\n
More information:
\n
\n

Khan Shirani discovered a format string vulnerability in gnats, the\nGNU problem report management system. This problem may be exploited\nto execute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.999.beta1+cvs20020303-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0-7.

\n

We recommend that you upgrade your gnats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "591": "
\n

Debian Security Advisory

\n

DSA-591-1 libgd2 -- integer overflows

\n
\n
Date Reported:
\n
09 Nov 2004
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11523.
In Mitre's CVE dictionary: CVE-2004-0990.
\n
More information:
\n
\n

\"infamous41md\" discovered several integer overflows in the PNG image\ndecoding routines of the GD graphics library. This could lead to the\nexecution of arbitrary code on the victim's machine.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.8.4-17.woody3 of libgd1 and in version 2.0.1-10woody1 of\nlibgd2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "592": "
\n

Debian Security Advisory

\n

DSA-592-1 ez-ipupdate -- format string

\n
\n
Date Reported:
\n
12 Nov 2004
\n
Affected Packages:
\n
\nez-ipupdate\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0980.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in ez-ipupdate, a client for many dynamic\nDNS services. This problem can only be exploited if ez-ipupdate is\nrunning in daemon mode (most likely) with many but not all service\ntypes.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.0.11b5-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.11b8-8.

\n

We recommend that you upgrade your ez-ipupdate package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate_3.0.11b5-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "593": "
\n

Debian Security Advisory

\n

DSA-593-1 imagemagick -- buffer overflow

\n
\n
Date Reported:
\n
16 Nov 2004
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278401.
In Mitre's CVE dictionary: CVE-2004-0981.
\n
More information:
\n
\n

A vulnerability has been reported for ImageMagick, a commonly used\nimage manipulation library. Due to a boundary error within the EXIF\nparsing routine, a specially crafted graphic image could lead to the\nexecution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.0.6.2-1.5.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "594": "
\n

Debian Security Advisory

\n

DSA-594-1 apache -- buffer overflows

\n
\n
Date Reported:
\n
17 Nov 2004
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0940.
\n
More information:
\n
\n

Two vulnerabilities have been identified in the Apache 1.3 webserver:

\n
    \n
  • CAN-2004-0940\n

    \"Crazy Einstein\" has discovered a vulnerability in the\n \"mod_include\" module, which can cause a buffer to be overflown and\n could lead to the execution of arbitrary code.

    \n
  • NO VULN ID\n

    Larry Cashdollar has discovered a potential buffer overflow in the\n htpasswd utility, which could be exploited when user-supplied is\n passed to the program via a CGI (or PHP, or ePerl, ...) program.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3.26-0woody6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.33-2.

\n

We recommend that you upgrade your apache packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "595": "
\n

Debian Security Advisory

\n

DSA-595-1 bnc -- buffer overflow

\n
\n
Date Reported:
\n
24 Nov 2004
\n
Affected Packages:
\n
\nbnc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1052.
\n
More information:
\n
\n

Leon Juranic discovered that BNC, an IRC session bouncing proxy, does\nnot always protect buffers from being overwritten. This could\nexploited by a malicious IRC server to overflow a buffer of limited\nsize and execute arbitrary code on the client host.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.6.4-3.3.

\n

This package does not exist in the testing or unstable distributions.

\n

We recommend that you upgrade your bnc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3.dsc
\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bnc/bnc_2.6.4-3.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "596": "
\n

Debian Security Advisory

\n

DSA-596-2 sudo -- missing input sanitising

\n
\n
Date Reported:
\n
24 Nov 2004
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 281665.
In Mitre's CVE dictionary: CVE-2004-1051.
\n
More information:
\n
\n

Liam Helmer noticed that sudo, a program that provides limited super\nuser privileges to specific users, does not clean the environment\nsufficiently. Bash functions and the CDPATH variable are still passed\nthrough to the program running as privileged user, leaving\npossibilities to overload system routines. These vulnerabilities can\nonly be exploited by users who have been granted limited super user\nprivileges.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.6.6-1.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.6.8p3.

\n

We recommend that you upgrade your sudo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "597": "
\n

Debian Security Advisory

\n

DSA-597-1 cyrus-imapd -- buffer overflow

\n
\n
Date Reported:
\n
25 Nov 2004
\n
Affected Packages:
\n
\ncyrus-imapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 282681.
In Mitre's CVE dictionary: CVE-2004-1012, CVE-2004-1013.
\n
More information:
\n
\n

Stefan Esser discovered several security related problems in the Cyrus\nIMAP daemon. Due to a bug in the command parser it is possible to\naccess memory beyond the allocated buffer in two places which could\nlead to the execution of arbitrary code.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.5.19-9.2

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1.17-1.

\n

We recommend that you upgrade your cyrus-imapd package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-admin_1.5.19-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-common_1.5.19-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-dev_1.5.19-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-imapd_1.5.19-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-nntp_1.5.19-9.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd/cyrus-pop3d_1.5.19-9.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "598": "
\n

Debian Security Advisory

\n

DSA-598-1 yardradius -- buffer overflow

\n
\n
Date Reported:
\n
25 Nov 2004
\n
Affected Packages:
\n
\nyardradius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278384.
In Mitre's CVE dictionary: CVE-2004-0987.
\n
More information:
\n
\n

Max Vozeler noticed that yardradius, the YARD radius authentication\nand accounting server, contained a stack overflow similar to the one\nfrom radiusd which is referenced as CAN-2001-0534. This could lead to\nthe execution of arbitrary code as root.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.20-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.20-15.

\n

We recommend that you upgrade your yardradius package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/y/yardradius/yardradius_1.0.20-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "599": "
\n

Debian Security Advisory

\n

DSA-599-1 tetex-bin -- integer overflows

\n
\n
Date Reported:
\n
25 Nov 2004
\n
Affected Packages:
\n
\ntetex-bin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278298.
In Mitre's CVE dictionary: CVE-2004-0888.
\n
More information:
\n
\n

Chris Evans discovered several integer overflows in xpdf, that are\nalso present in tetex-bin, binary files for the teTeX distribution,\nwhich can be exploited remotely by a specially crafted PDF document\nand lead to the execution of arbitrary code.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 20011202-7.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.2-23.

\n

We recommend that you upgrade your tetex-bin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "600": "
\n

Debian Security Advisory

\n

DSA-600-1 samba -- arbitrary file access

\n
\n
Date Reported:
\n
07 Oct 2004
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0815.
\n
More information:
\n
\n

A vulnerability has been discovered in samba, a commonly used\nLanManager-like file and printer server for Unix. A remote attacker\nmay be able to gain access to files which exist outside of the share's\ndefined path. Such files must still be readable by the account used\nfor the connection, though.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.3a-14.1.

\n

In the unstable (sid) and testing (sarge) distributions this problem\nwas not present.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-14.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-14.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-14.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "601": "
\n

Debian Security Advisory

\n

DSA-601-1 libgd -- integer overflow

\n
\n
Date Reported:
\n
29 Nov 2004
\n
Affected Packages:
\n
\nlibgd1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0941, CVE-2004-0990.
\n
More information:
\n
\n

More potential integer overflows have been found in the GD graphics\nlibrary which weren't covered by our security advisory\nDSA 589. They\ncould be exploited by a specially crafted graphic and could lead to\nthe execution of arbitrary code on the victim's machine.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.8.4-17.woody4.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libgd1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "602": "
\n

Debian Security Advisory

\n

DSA-602-1 libgd2 -- integer overflow

\n
\n
Date Reported:
\n
29 Nov 2004
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0941, CVE-2004-0990.
\n
More information:
\n
\n

More potential integer overflows have been found in the GD graphics\nlibrary which weren't covered by our security advisory\nDSA 591. They\ncould be exploited by a specially crafted graphic and could lead to\nthe execution of arbitrary code on the victim's machine.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0.1-10woody2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "603": "
\n

Debian Security Advisory

\n

DSA-603-1 openssl -- insecure temporary file

\n
\n
Date Reported:
\n
01 Dec 2004
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0975.
\n
More information:
\n
\n

Trustix developers discovered insecure temporary file creation in a\nsupplemental script (der_chop) of the openssl package which may allow\nlocal users to overwrite files via a symlink attack.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.6c-2.woody.7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.7e-1.

\n

We recommend that you upgrade your openssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "604": "
\n

Debian Security Advisory

\n

DSA-604-1 hpsockd -- missing input sanitising

\n
\n
Date Reported:
\n
03 Dec 2004
\n
Affected Packages:
\n
\nhpsockd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11800.
In Mitre's CVE dictionary: CVE-2004-0993.
\n
More information:
\n
\n

\"infamous41md\" discovered a buffer overflow condition in hpsockd, the\nsocks server written at Hewlett-Packard. An exploit could cause the\nprogram to crash or may have worse effect.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.6.woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.14.

\n

We recommend that you upgrade your hpsockd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hpsockd/hpsockd_0.6.woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "605": "
\n

Debian Security Advisory

\n

DSA-605-1 viewcvs -- settings not honored

\n
\n
Date Reported:
\n
06 Dec 2004
\n
Affected Packages:
\n
\nviewcvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0915.
\n
More information:
\n
\n

Haris Sehic discovered several vulnerabilities in viewcvs, a utility\nfor viewing CVS and Subversion repositories via HTTP. When exporting\na repository as a tar archive the hide_cvsroot and forbidden settings\nwere not honoured enough.

\n

When upgrading the package for woody, please make a copy of your\n/etc/viewcvs/viewcvs.conf file if you have manually edited this file.\nUpon upgrade the debconf mechanism may alter it in a way so that\nviewcvs doesn't understand it anymore.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.9.2-4woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.2+cvs.1.0.dev.2004.07.28-1.2.

\n

We recommend that you upgrade your viewcvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/viewcvs/viewcvs_0.9.2-4woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "606": "
\n

Debian Security Advisory

\n

DSA-606-1 nfs-utils -- wrong signal handler

\n
\n
Date Reported:
\n
08 Dec 2004
\n
Affected Packages:
\n
\nnfs-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1014.
\n
More information:
\n
\n

SGI has discovered that rpc.statd from the nfs-utils package, the\nNetwork Status Monitor, did not ignore the \"SIGPIPE\". Hence, a client\nprematurely terminating the TCP connection could also terminate the\nserver process.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0-2woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your nfs-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody3.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "607": "
\n

Debian Security Advisory

\n

DSA-607-1 xfree86 -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Dec 2004
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0914.
\n
More information:
\n
\n

Several developers have discovered a number of problems in the libXpm\nlibrary which is provided by X.Org, XFree86 and LessTif. These bugs\ncan be exploited by remote and/or local attackers to gain access to\nthe system or to escalate their local privileges, by using a specially\ncrafted XPM image.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.0-16woody5.

\n

For the unstable distribution (sid) this problem will be fixed in\nversion 4.3.0.dfsg.1-9.

\n

We recommend that you upgrade your xlibs package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody5.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "608": "
\n

Debian Security Advisory

\n

DSA-608-1 zgv -- integer overflows, unsanitised input

\n
\n
Date Reported:
\n
14 Dec 2004
\n
Affected Packages:
\n
\nzgv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11556.
In Mitre's CVE dictionary: CVE-2004-1095, CVE-2004-0999.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in zgv, an SVGAlib\ngraphics viewer for the i386 architecture. The Common Vulnerabilities\nand Exposures Project identifies the following problems:

\n
    \n
  • CAN-2004-1095\n

    \"infamous41md\" discovered multiple\n integer overflows in zgv. Remote exploitation of an integer\n overflow vulnerability could allow the execution of arbitrary\n code.

    \n
  • CAN-2004-0999\n

    Mikulas Patocka discovered that malicious multiple-image (e.g.\n animated) GIF images can cause a segmentation fault in zgv.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 5.5-3woody1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your zgv package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "609": "
\n

Debian Security Advisory

\n

DSA-609-1 atari800 -- buffer overflows

\n
\n
Date Reported:
\n
14 Dec 2004
\n
Affected Packages:
\n
\natari800\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1076.
\n
More information:
\n
\n

Adam Zabrocki discovered multiple buffer overflows in atari800, an\nAtari emulator. In order to directly access graphics hardware, one of\nthe affected programs is installed setuid root. A local attacker\ncould exploit this vulnerability to gain root privileges.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.2-1woody3.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your atari800 package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3.dsc
\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/contrib/a/atari800/atari800_1.2.2-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "610": "
\n

Debian Security Advisory

\n

DSA-610-1 cscope -- insecure temporary file

\n
\n
Date Reported:
\n
17 Dec 2004
\n
Affected Packages:
\n
\ncscope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 282815.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11697.
In Mitre's CVE dictionary: CVE-2004-0996.
\n
More information:
\n
\n

A vulnerability has been discovered in cscope, a program to\ninteractively examine C source code, which may allow local users to\noverwrite files via a symlink attack.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 15.3-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 15.5-1.

\n

We recommend that you upgrade your cscope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "611": "
\n

Debian Security Advisory

\n

DSA-611-1 htget -- buffer overflow

\n
\n
Date Reported:
\n
20 Dec 2004
\n
Affected Packages:
\n
\nhtget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0852.
\n
More information:
\n
\n

\"infamous41md\" discovered a buffer overflow in htget, a file grabber\nthat will get files from HTTP servers. It is possible to overflow a\nbuffer and execute arbitrary code by accessing a malicious URL.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.93-1.1woody1.

\n

This package is not present in the testing and unstable distributions.

\n

We recommend that you upgrade your htget package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "612": "
\n

Debian Security Advisory

\n

DSA-612-1 a2ps -- unsanitised input

\n
\n
Date Reported:
\n
20 Dec 2004
\n
Affected Packages:
\n
\na2ps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 283134.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11025.
In Mitre's CVE dictionary: CVE-2004-1170.
\n
More information:
\n
\n

Rudolf Polzer discovered a vulnerability in a2ps, a converter and\npretty-printer for many formats to PostScript. The program did not\nescape shell meta characters properly which could lead to the\nexecution of arbitrary commands as a privileged user if a2ps is\ninstalled as a printer filter.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.13b-16woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1:4.13b-4.2.

\n

We recommend that you upgrade your a2ps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/a2ps/a2ps_4.13b-16woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "613": "
\n

Debian Security Advisory

\n

DSA-613-1 ethereal -- infinite loop

\n
\n
Date Reported:
\n
21 Dec 2004
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11943.
In Mitre's CVE dictionary: CVE-2004-1142.
\n
More information:
\n
\n

Brian Caswell discovered that an improperly formatted SMB packet could\nmake ethereal hang and eat CPU endlessly.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.10.8-1.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody9_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody9_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody9_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "614": "
\n

Debian Security Advisory

\n

DSA-614-1 xzgv -- integer overflows

\n
\n
Date Reported:
\n
21 Dec 2004
\n
Affected Packages:
\n
\nxzgv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0994.
\n
More information:
\n
\n

Luke \"infamous41md\" discovered multiple vulnerabilities in xzgv, a\npicture viewer for X11 with a thumbnail-based selector. Remote\nexploitation of an integer overflow vulnerability could allow the\nexecution of arbitrary code.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 0.7-6woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8-3.

\n

We recommend that you upgrade your xzgv package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "615": "
\n

Debian Security Advisory

\n

DSA-615-1 debmake -- insecure temporary files

\n
\n
Date Reported:
\n
22 Dec 2004
\n
Affected Packages:
\n
\ndebmake\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286382.
In Mitre's CVE dictionary: CVE-2004-1179.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\nnoticed that the debstd script from\ndebmake, a deprecated helper package for Debian packaging, created\ntemporary directories in an insecure manner. This can be exploited by\na malicious user to overwrite arbitrary files owned by the victim.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.6.10.woody.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.7.7.

\n

We recommend that you upgrade your debmake package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/debmake/debmake_3.6.10.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/d/debmake/debmake_3.6.10.woody.1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/debmake/debmake_3.6.10.woody.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "616": "
\n

Debian Security Advisory

\n

DSA-616-1 netkit-telnet-ssl -- format string

\n
\n
Date Reported:
\n
23 Dec 2004
\n
Affected Packages:
\n
\nnetkit-telnet-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0998.
\n
More information:
\n
\n

Joel Eriksson discovered a format string vulnerability in telnetd-ssl\nwhich may be able to lead to the execution of arbitrary code on the\nvictims machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17.17+0.1-2woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17.24+0.1-6.

\n

We recommend that you upgrade your telnetd-ssl package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "617": "
\n

Debian Security Advisory

\n

DSA-617-1 tiff -- insufficient input validation

\n
\n
Date Reported:
\n
24 Dec 2004
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1308.
\n
More information:
\n
\n

\"infamous41md\" discovered a problem in libtiff, the Tag Image File\nFormat library for processing TIFF graphics files. Upon reading a\nTIFF file it is possible to allocate a zero sized buffer and write to\nit which would lead to the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.5.5-6.woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.6.1-4.

\n

We recommend that you upgrade your libtiff packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody3.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "618": "
\n

Debian Security Advisory

\n

DSA-618-1 imlib -- buffer overflows, integer overflows

\n
\n
Date Reported:
\n
24 Dec 2004
\n
Affected Packages:
\n
\nimlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 284925.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11830.
In Mitre's CVE dictionary: CVE-2004-1025, CVE-2004-1026.
\n
More information:
\n
\n

Pavel Kankovsky discovered that several overflows found in the libXpm\nlibrary were also present in imlib, an imaging library for X and X11.\nAn attacker could create a carefully crafted image file in such a way\nthat it could cause an application linked with imlib to execute\narbitrary code when the file was opened by a victim. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.9.14-2woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.9.14-17.1 of imlib and in version 1.9.14-16.1 of imlib+png2\nwhich produces the imlib1 package.

\n

We recommend that you upgrade your imlib packages immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "619": "
\n

Debian Security Advisory

\n

DSA-619-1 xpdf -- buffer overflow

\n
\n
Date Reported:
\n
30 Dec 2004
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286742, Bug 286983.
In Mitre's CVE dictionary: CVE-2004-1125.
\n
More information:
\n
\n

An iDEFENSE security researcher discovered a buffer overflow in xpdf,\nthe portable document format (PDF) suite. A maliciously crafted PDF\nfile could exploit this problem, resulting in the execution of arbitrary\ncode.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.00-3.3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.00-11.

\n

We recommend that you upgrade your xpdf package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "620": "
\n

Debian Security Advisory

\n

DSA-620-1 perl -- insecure temporary files / directories

\n
\n
Date Reported:
\n
30 Dec 2004
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0452, CVE-2004-0976.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Perl, the popular\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2004-0452\n

    Jeroen van Wolffelaar discovered that the rmtree() function in the\n File::Path module removes directory trees in an insecure manner\n which could lead to the removal of arbitrary files and directories\n through a symlink attack.

    \n
  • CAN-2004-0976\n

    Trustix developers discovered several insecure uses of temporary\n files in many modules which allow a local attacker to overwrite\n files via a symlink attack.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 5.6.1-8.8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.8.4-5.

\n

We recommend that you upgrade your perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.8_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.8_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "621": "
\n

Debian Security Advisory

\n

DSA-621-1 cupsys -- buffer overflow

\n
\n
Date Reported:
\n
31 Dec 2004
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286988.
In Mitre's CVE dictionary: CVE-2004-1125.
\n
More information:
\n
\n

An iDEFENSE security researcher discovered a buffer overflow in xpdf,\nthe Portable Document Format (PDF) suite. Similar code is present in\nthe PDF processing part of CUPS. A maliciously crafted PDF file could\nexploit this problem, leading to the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5woody11.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.22-2.

\n

We recommend that you upgrade your cupsys packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "622": "
\n

Debian Security Advisory

\n

DSA-622-1 htmlheadline -- insecure temporary files

\n
\n
Date Reported:
\n
03 Jan 2005
\n
Affected Packages:
\n
\nhtmlheadline\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1181.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\nhas discovered multiple insecure uses\nof temporary files that could lead to overwriting arbitrary files via\na symlink attack.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 21.8-3.

\n

The unstable distribution (sid) does not contain this package.

\n

We recommend that you upgrade your htmlheadline package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.dsc
\n
http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/htmlheadline/htmlheadline_21.8-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "623": "
\n

Debian Security Advisory

\n

DSA-623-1 nasm -- buffer overflow

\n
\n
Date Reported:
\n
04 Jan 2005
\n
Affected Packages:
\n
\nnasm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 285889.
In Mitre's CVE dictionary: CVE-2004-1287.
\n
More information:
\n
\n

Jonathan Rockway discovered a buffer overflow in nasm, the\ngeneral-purpose x86 assembler, which could lead to the execution of\narbitrary code when compiling a maliciously crafted assembler source\nfile.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.98.28cvs-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.98.38-1.1.

\n

We recommend that you upgrade your nasm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "624": "
\n

Debian Security Advisory

\n

DSA-624-1 zip -- buffer overflow

\n
\n
Date Reported:
\n
05 Jan 2005
\n
Affected Packages:
\n
\nzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1010.
\n
More information:
\n
\n

A buffer overflow has been discovered in zip, the archiver for .zip\nfiles. When doing recursive folder compression the program did not\ncheck the resulting path length, which would lead to memory being\noverwritten. A malicious person could convince a user to create an\narchive containing a specially crafted path name, which could lead to\nthe execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.30-5woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.30-8.

\n

We recommend that you upgrade your zip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zip/zip_2.30-5woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "625": "
\n

Debian Security Advisory

\n

DSA-625-1 pcal -- buffer overflows

\n
\n
Date Reported:
\n
05 Jan 2005
\n
Affected Packages:
\n
\npcal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 287039.
In Mitre's CVE dictionary: CVE-2004-1289.
\n
More information:
\n
\n

Danny Lungstrom discovered two buffer overflows in pcal, a program to\ngenerate Postscript calendars, that could lead to the execution of\narbitrary code when compiling a calendar.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.7-8woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.8.0-1.

\n

We recommend that you upgrade your pcal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcal/pcal_4.7-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "626": "
\n

Debian Security Advisory

\n

DSA-626-1 tiff -- unsanitised input

\n
\n
Date Reported:
\n
06 Jan 2005
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1183.
\n
More information:
\n
\n

Dmitry V. Levin discovered a buffer overflow in libtiff, the Tag Image\nFile Format library for processing TIFF graphics files. Upon reading\na TIFF file it is possible to crash the application, and maybe also to\nexecute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.5.5-6.woody5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.6.1-5.

\n

We recommend that you upgrade your libtiff package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-6.woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-6.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-6.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-6.woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "627": "
\n

Debian Security Advisory

\n

DSA-627-1 namazu2 -- unsanitised input

\n
\n
Date Reported:
\n
06 Jan 2005
\n
Affected Packages:
\n
\nnamazu2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1318.
\n
More information:
\n
\n

A cross-site scripting vulnerability has been discovered in namazu2, a\nfull text search engine. An attacker could prepare specially crafted\ninput that would not be sanitised by namazu2 and hence displayed\nverbatim for the victim.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.10-1woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.14-1.

\n

We recommend that you upgrade your namazu2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2-common_2.0.10-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2-index-tools_2.0.10-1woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "628": "
\n

Debian Security Advisory

\n

DSA-628-1 imlib2 -- integer overflows

\n
\n
Date Reported:
\n
06 Jan 2005
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1026, CVE-2004-1025.
\n
More information:
\n
\n

Pavel Kankovsky discovered that several overflows found in the libXpm\nlibrary were also present in imlib and imlib2, imaging libraries for\nX11. An attacker could create a carefully crafted image file in such\na way that it could cause an application linked with imlib or imlib2\nto execute arbitrary code when the file was opened by a victim. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2004-1025\n

    Multiple heap-based buffer overflows. No such code is present in\n imlib2.

    \n
  • CAN-2004-1026\n

    Multiple integer overflows in the imlib library.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.0.5-2woody2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your imlib2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "629": "
\n

Debian Security Advisory

\n

DSA-629-1 krb5 -- buffer overflow

\n
\n
Date Reported:
\n
07 Jan 2005
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1189.
CERT's vulnerabilities, advisories and incident notes: VU#948033.
\n
More information:
\n
\n

A buffer overflow has been discovered in the MIT Kerberos 5\nadministration library (libkadm5srv) that could lead to the execution\nof arbitrary code upon exploitation by an authenticated user, not\nnecessarily one with administrative privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.4-5woody7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.6-1.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody7.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "630": "
\n

Debian Security Advisory

\n

DSA-630-1 lintian -- insecure temporary directory

\n
\n
Date Reported:
\n
10 Jan 2005
\n
Affected Packages:
\n
\nlintian\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286681.
In Mitre's CVE dictionary: CVE-2004-1000.
\n
More information:
\n
\n

Jeroen van Wolffelaar discovered a problem in lintian, the Debian\npackage checker. The program removes the working directory even if it\nwasn't created at program start, removing an unrelated file or\ndirectory a malicious user inserted via a symlink attack.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.20.17.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.23.6.

\n

We recommend that you upgrade your lintian package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.dsc
\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.20.17.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "631": "
\n

Debian Security Advisory

\n

DSA-631-1 kdelibs -- unsanitised input

\n
\n
Date Reported:
\n
10 Jan 2005
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 287201.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11827.
In Mitre's CVE dictionary: CVE-2004-1165.
\n
More information:
\n
\n

Thiago Macieira discovered a vulnerability in the kioslave library,\nwhich is part of kdelibs, which allows a remote attacker to execute\narbitrary FTP commands via an ftp:// URL that contains a URL-encoded\nnewline before the FTP command.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.13.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your kdelibs3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.13.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.13.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "632": "
\n

Debian Security Advisory

\n

DSA-632-1 linpopup -- buffer overflow

\n
\n
Date Reported:
\n
10 Jan 2005
\n
Affected Packages:
\n
\nlinpopup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 287044.
In Mitre's CVE dictionary: CVE-2004-1282.
\n
More information:
\n
\n

Stephen Dranger discovered a buffer overflow in linpopup, an X11 port\nof winpopup, running over Samba, that could lead to the execution of\narbitrary code when displaying a maliciously crafted message.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.0-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.0-7.

\n

We recommend that you upgrade your linpopup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linpopup/linpopup_1.2.0-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "633": "
\n

Debian Security Advisory

\n

DSA-633-1 bmv -- insecure temporary file

\n
\n
Date Reported:
\n
11 Jan 2005
\n
Affected Packages:
\n
\nbmv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2003-0014.
\n
More information:
\n
\n

Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for\nSVGAlib, discovered that temporary files are created in an insecure\nfashion. A malicious local user could cause arbitrary files to be\noverwritten by a symlink attack.

\n

For the stable distribution (woody) this problem has been\nfixed in version 1.2-14.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2-17.

\n

We recommend that you upgrade your bmv packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.dsc
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "634": "
\n

Debian Security Advisory

\n

DSA-634-1 hylafax -- weak hostname and username validation

\n
\n
Date Reported:
\n
11 Jan 2005
\n
Affected Packages:
\n
\nhylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1182.
\n
More information:
\n
\n

Patrice Fournier discovered a vulnerability in the authorisation\nsubsystem of hylafax, a flexible client/server fax system. A local or\nremote user guessing the contents of the hosts.hfaxd database could\ngain unauthorised access to the fax system.

\n

Some installations of hylafax may actually utilise the weak hostname\nand username validation for authorized uses. For example, hosts.hfaxd\nentries that may be common are

\n
\n  192.168.0\n  username:uid:pass:adminpass\n  user@host\n
\n

After updating, these entries will need to be modified in order to\ncontinue to function. Respectively, the correct entries should be

\n
\n  192.168.0.[0-9]+\n  username@:uid:pass:adminpass\n  user@host\n
\n

Unless such matching of \"username\" with \"otherusername\" and \"host\" with\n\"hostname\" is desired, the proper form of these entries should include\nthe delimiter and markers like this

\n
\n  @192.168.0.[0-9]+$\n  ^username@:uid:pass:adminpass\n  ^user@host$\n
\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.1-3.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.2.1-1.

\n

We recommend that you upgrade your hylafax packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.1.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "635": "
\n

Debian Security Advisory

\n

DSA-635-1 exim -- buffer overflow

\n
\n
Date Reported:
\n
12 Jan 2005
\n
Affected Packages:
\n
\nexim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 289046.
In Mitre's CVE dictionary: CVE-2005-0021.
\n
More information:
\n
\n

Philip Hazel announced a buffer overflow in the host_aton function in\nexim, the default mail-transport-agent in Debian, which can lead to the\nexecution of arbitrary code via an illegal IPv6 address.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.35-1woody4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.36-13 of exim and 4.34-10 of exim4.

\n

We recommend that you upgrade your exim and exim4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "636": "
\n

Debian Security Advisory

\n

DSA-636-1 glibc -- insecure temporary files

\n
\n
Date Reported:
\n
12 Jan 2005
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 279680, Bug 278278, Bug 205600.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11286.
In Mitre's CVE dictionary: CVE-2004-0968, CVE-2004-1382.
\n
More information:
\n
\n

Several insecure uses of temporary files have been discovered in\nsupport scripts in the libc6 package which provides the c library for\na GNU/Linux system. Trustix developers found that the catchsegv\nscript uses temporary files insecurely. Openwall developers\ndiscovered insecure temporary files in the glibcbug script. These\nscripts are vulnerable to a symlink attack.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.2.5-11.8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.3.2.ds1-20.

\n

We recommend that you upgrade your libc6 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "637": "
\n

Debian Security Advisory

\n

DSA-637-1 exim-tls -- buffer overflow

\n
\n
Date Reported:
\n
13 Jan 2005
\n
Affected Packages:
\n
\nexim-tls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 289046.
In Mitre's CVE dictionary: CVE-2005-0021.
\n
More information:
\n
\n

Philip Hazel announced a buffer overflow in the host_aton function in\nexim-tls, the SSL-enabled version of the default mail-transport-agent\nin Debian, which can lead to the execution of arbitrary code via an\nillegal IPv6 address.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.35-3woody3.

\n

In the unstable distribution (sid) this package does not exist\nanymore.

\n

We recommend that you upgrade your exim-tls package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "638": "
\n

Debian Security Advisory

\n

DSA-638-1 gopher -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Jan 2005
\n
Affected Packages:
\n
\ngopher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0560, CVE-2004-0561.
\n
More information:
\n
\n

\"jaguar\" has discovered two security relevant problems in gopherd, the\nGopher server in Debian which is part of the gopher package. The\nCommon Vulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CAN-2004-0560\n

    An integer overflow can happen when posting content of a specially\n calculated size.

    \n
  • CAN-2004-0561\n

    A format string vulnerability has been found in the log routine.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.0.3woody2.

\n

The unstable distribution (sid) does not contain a gopherd package.\nIt has been replaced by Pygopherd.

\n

We recommend that you upgrade your gopherd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "639": "
\n

Debian Security Advisory

\n

DSA-639-1 mc -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jan 2005
\n
Affected Packages:
\n
\nmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1004, CVE-2004-1005, CVE-2004-1009, CVE-2004-1090, CVE-2004-1091, CVE-2004-1092, CVE-2004-1093, CVE-2004-1174, CVE-2004-1175, CVE-2004-1176.
\n
More information:
\n
\n

Andrew V. Samoilov has noticed that several bugfixes which were\napplied to the source by upstream developers of mc, the midnight\ncommander, a file browser and manager, were not backported to the\ncurrent version of mc that Debian ships in their stable release. The\nCommon Vulnerabilities and Exposures Project identifies the following\nvulnerabilities:

\n\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.5.55-1.2woody5.

\n

For the unstable distribution (sid) these problems should already be\nfixed since they were backported from current versions.

\n

We recommend that you upgrade your mc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5.dsc
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "640": "
\n

Debian Security Advisory

\n

DSA-640-1 gatos -- buffer overflow

\n
\n
Date Reported:
\n
17 Jan 2005
\n
Affected Packages:
\n
\ngatos\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0016.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered a buffer overflow in xatitv, one of the\nprograms in the gatos package, that is used to display video with\ncertain ATI video cards. xatitv is installed setuid root in order to\ngain direct access to the video hardware.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.0.5-6woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.0.5-15.

\n

We recommend that you upgrade your gatos package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody3_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "641": "
\n

Debian Security Advisory

\n

DSA-641-1 playmidi -- buffer overflow

\n
\n
Date Reported:
\n
17 Jan 2005
\n
Affected Packages:
\n
\nplaymidi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0020.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that playmidi, a MIDI player, contains a\nsetuid root program with a buffer overflow that can be exploited by a\nlocal attacker.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4-4woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4debian-3.

\n

We recommend that you upgrade your playmidi package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "642": "
\n

Debian Security Advisory

\n

DSA-642-1 gallery -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jan 2005
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11602.
In Mitre's CVE dictionary: CVE-2004-1106.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in gallery, a web-based\nphoto album written in PHP4. The Common Vulnerabilities and Exposures\nproject identifies the following vulnerabilities:

\n
    \n
  • CAN-2004-1106\n

    Jim Paris discovered a cross site scripting vulnerability which\n allows code to be inserted by using specially formed URLs.

    \n
  • CVE-NOMATCH\n

    The upstream developers of gallery have fixed several cases of\n possible variable injection that could trick gallery to unintended\n actions, e.g. leaking database passwords.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.5-8woody3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.4-pl4-1.

\n

We recommend that you upgrade your gallery package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "643": "
\n

Debian Security Advisory

\n

DSA-643-1 queue -- buffer overflows

\n
\n
Date Reported:
\n
18 Jan 2005
\n
Affected Packages:
\n
\nqueue\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0555.
\n
More information:
\n
\n

\"jaguar\" of the Debian Security Audit Project has discovered several\nbuffer overflows in queue, a transparent load balancing system.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.30.1-4woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.30.1-5.

\n

We recommend that you upgrade your queue package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "644": "
\n

Debian Security Advisory

\n

DSA-644-1 chbg -- buffer overflow

\n
\n
Date Reported:
\n
18 Jan 2005
\n
Affected Packages:
\n
\nchbg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 285904.
In Mitre's CVE dictionary: CVE-2004-1264.
\n
More information:
\n
\n

Danny Lungstrom discovered a vulnerability in chbg, a tool to change\nbackground pictures. A maliciously crafted configuration/scenario\nfile could overflow a buffer and lead to the execution of arbitrary\ncode on the victim's machine.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.5-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5-4.

\n

We recommend that you upgrade your chbg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb
\n
HPPA:\n Cannot be updated due to compiler error.\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "645": "
\n

Debian Security Advisory

\n

DSA-645-1 cupsys -- buffer overflow

\n
\n
Date Reported:
\n
19 Jan 2005
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0064.
\n
More information:
\n
\n

iDEFENSE has reported a buffer overflow in xpdf, the portable document\nformat (PDF) suite. Similar code is present in the PDF processing\npart of CUPS. A maliciously crafted PDF file could exploit this\nproblem, resulting in the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.1.14-5woody12.

\n

In the unstable distribution (sid) CUPSYS does not use its own xpdf\nvariant anymore but uses xpdf-utils.

\n

We recommend that you upgrade your cups packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "646": "
\n

Debian Security Advisory

\n

DSA-646-1 imagemagick -- buffer overflow

\n
\n
Date Reported:
\n
19 Jan 2005
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0005.
\n
More information:
\n
\n

Andrei Nigmatulin discovered a buffer overflow in the PSD\nimage-decoding module of ImageMagick, a commonly used image\nmanipulation library. Remote exploitation with a carefully crafted\nimage could lead to the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.0.6.2-2.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "647": "
\n

Debian Security Advisory

\n

DSA-647-1 mysql -- insecure temporary files

\n
\n
Date Reported:
\n
19 Jan 2005
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0004.
\n
More information:
\n
\n

Javier Fernandez-Sanguino Pe\u00f1a from the Debian Security Audit Project\ndiscovered a temporary file vulnerability in the mysqlaccess script of\nMySQL that could allow an unprivileged user to let root overwrite\narbitrary files via a symlink attack and could also could unveil the\ncontents of a temporary file which might contain sensitive\ninformation.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.23.49-8.9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.23-3 of mysql-dfsg and in version 4.1.8a-6 of\nmysql-dfsg-4.1.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.9.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.9_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "648": "
\n

Debian Security Advisory

\n

DSA-648-1 xpdf -- buffer overflow

\n
\n
Date Reported:
\n
19 Jan 2005
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0064.
\n
More information:
\n
\n

iDEFENSE has reported a buffer overflow in xpdf, the portable document\nformat (PDF) suite. A maliciously crafted PDF file could exploit this\nproblem, resulting in the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.00-3.4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.00-12.

\n

We recommend that you upgrade your xpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "649": "
\n

Debian Security Advisory

\n

DSA-649-1 xtrlock -- buffer overflow

\n
\n
Date Reported:
\n
20 Jan 2005
\n
Affected Packages:
\n
\nxtrlock\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 278190, Bug 278191.
In Mitre's CVE dictionary: CVE-2005-0079.
\n
More information:
\n
\n

A buffer overflow has been discovered in xtrlock, a minimal X display\nlock program which can be exploited by a malicious local attacker to\ncrash the lock program and take over the desktop session.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0-6woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0-9.

\n

We recommend that you upgrade your xtrlock package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xtrlock/xtrlock_2.0-6woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "650": "
\n

Debian Security Advisory

\n

DSA-650-1 sword -- missing input sanitising

\n
\n
Date Reported:
\n
20 Jan 2005
\n
Affected Packages:
\n
\nsword\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0015.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered that due to missing input sanitising in\ndiatheke, a CGI script for making and browsing a bible website, it is\npossible to execute arbitrary commands via a specially crafted URL.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.5.3-3woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your diatheke package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.3-3woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.3-3woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-runtime_1.5.3-3woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword1_1.5.3-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "651": "
\n

Debian Security Advisory

\n

DSA-651-1 squid -- buffer overflow, integer overflow

\n
\n
Date Reported:
\n
20 Jan 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0094, CVE-2005-0095.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures Project identifies the following vulnerabilities:

\n
    \n
  • CAN-2005-0094\n

    \"infamous41md\" discovered a buffer overflow in the parser for\n Gopher responses which will lead to memory corruption and usually\n crash Squid.

    \n
  • CAN-2005-0095\n

    \"infamous41md\" discovered an integer overflow in the receiver of\n WCCP (Web Cache Communication Protocol) messages. An attacker\n could send a specially crafted UDP datagram that will cause Squid\n to crash.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-4.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "652": "
\n

Debian Security Advisory

\n

DSA-652-1 unarj -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jan 2005
\n
Affected Packages:
\n
\nunarj\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 281922.
In Mitre's CVE dictionary: CVE-2004-0947, CVE-2004-1027.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in unarj, a non-free ARJ\nunarchive utility. The Common Vulnerabilities and Exposures Project\nidentifies the following vulnerabilities:

\n
    \n
  • CAN-2004-0947\n

    A buffer overflow has been discovered when handling long file\n names contained in an archive. An attacker could create a\n specially crafted archive which could cause unarj to crash or\n possibly execute arbitrary code when being extracted by a victim.

    \n
  • CAN-2004-1027\n

    A directory traversal vulnerability has been found so that an\n attacker could create a specially crafted archive which would\n create files in the parent directory when being extracted by a\n victim. When used recursively, this vulnerability could be used\n to overwrite critical system files and programs.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.43-3woody1.

\n

For the unstable distribution (sid) these problems don't apply since\nunstable/non-free does not contain the unarj package.

\n

We recommend that you upgrade your unarj package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.dsc
\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "653": "
\n

Debian Security Advisory

\n

DSA-653-1 ethereal -- buffer overflow

\n
\n
Date Reported:
\n
21 Jan 2005
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0084.
\n
More information:
\n
\n

A buffer overflow has been detected in the X11 dissector of ethereal,\na commonly used network traffic analyser. A remote attacker may be\nable to overflow a buffer using a specially crafted IP packet. More\nproblems have been discovered which don't apply to the version in\nwoody but are fixed in sid as well.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody11.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.10.9-1.

\n

We recommend that you upgrade your ethereal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "654": "
\n

Debian Security Advisory

\n

DSA-654-1 enscript -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jan 2005
\n
Affected Packages:
\n
\nenscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186.
\n
More information:
\n
\n

Erik Sj\u00f6lund has discovered several security relevant problems in\nenscript, a program to convert ASCII text into Postscript and other\nformats. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities:

\n
    \n
  • CAN-2004-1184\n

    Unsanitised input can cause the execution of arbitrary commands\n via EPSF pipe support. This has been disabled, also upstream.

    \n
  • CAN-2004-1185\n

    Due to missing sanitising of filenames it is possible that a\n specially crafted filename can cause arbitrary commands to be\n executed.

    \n
  • CAN-2004-1186\n

    Multiple buffer overflows can cause the program to crash.

    \n
\n

Usually, enscript is only run locally, but since it is executed inside\nof viewcvs some of the problems mentioned above can easily be turned\ninto a remote vulnerability.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.6.3-1.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.6.4-6.

\n

We recommend that you upgrade your enscript package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.dsc
\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "655": "
\n

Debian Security Advisory

\n

DSA-655-1 zhcon -- missing privilege release

\n
\n
Date Reported:
\n
25 Jan 2005
\n
Affected Packages:
\n
\nzhcon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0072.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that zhcon, a fast console CJK system using\nthe Linux framebuffer, accesses a user-controlled configuration file\nwith elevated privileges. Thus, it is possible to read arbitrary\nfiles.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.2-4woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your zhcon package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.dsc
\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zhcon/zhcon_0.2-4woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "656": "
\n

Debian Security Advisory

\n

DSA-656-1 vdr -- insecure file access

\n
\n
Date Reported:
\n
25 Jan 2005
\n
Affected Packages:
\n
\nvdr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0071.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Team has\ndiscovered that the vdr daemon which is used for video disk recorders\nfor DVB cards can overwrite arbitrary files.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.0-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.6-6.

\n

We recommend that you upgrade your vdr package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vdr/vdr_1.0.0-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vdr/vdr-daemon_1.0.0-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vdr/vdr-kbd_1.0.0-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vdr/vdr-lirc_1.0.0-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vdr/vdr-rcu_1.0.0-1woody2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "657": "
\n

Debian Security Advisory

\n

DSA-657-1 xine-lib -- buffer overflow

\n
\n
Date Reported:
\n
25 Jan 2005
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11205.
In Mitre's CVE dictionary: CVE-2004-1379.
\n
More information:
\n
\n

A heap overflow has been discovered in the DVD subpicture decoder of\nxine-lib. An attacker could cause arbitrary code to be executed on\nthe victims host by supplying a malicious MPEG. By tricking users to\nview a malicious network stream, this is remotely exploitable.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1-rc6a-1.

\n

We recommend that you upgrade your libxine packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "658": "
\n

Debian Security Advisory

\n

DSA-658-1 libdbi-perl -- insecure temporary file

\n
\n
Date Reported:
\n
25 Jan 2005
\n
Affected Packages:
\n
\nlibdbi-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0077.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit Project\ndiscovered that the DBI library, the Perl5 database interface, creates\na temporary PID file in an insecure manner. This can be exploited by a\nmalicious user to overwrite arbitrary files owned by the person\nexecuting the parts of the library.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.21-2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.46-6.

\n

We recommend that you upgrade your libdbi-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libd/libdbi-perl/libdbi-perl_1.21-2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "659": "
\n

Debian Security Advisory

\n

DSA-659-1 libpam-radius-auth -- information leak, integer underflow

\n
\n
Date Reported:
\n
26 Jan 2005
\n
Affected Packages:
\n
\nlibpam-radius-auth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1340, CVE-2005-0108.
\n
More information:
\n
\n

Two problems have been discovered in the libpam-radius-auth package,\nthe PAM RADIUS authentication module. The Common Vulnerabilities and\nExposures Project identifies the following problems:

\n
    \n
  • CAN-2004-1340\n

    The Debian package accidentally installed its configuration file\n /etc/pam_radius_auth.conf world-readable. Since it may possibly\n contain secrets all local users are able to read them if the\n administrator hasn't adjusted file permissions. This problem is\n Debian specific.

    \n
  • CAN-2005-0108\n

    Leon Juranic discovered an integer underflow in the mod_auth_radius\n module for Apache which is also present in libpam-radius-auth.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3.14-1.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.16-3.

\n

We recommend that you upgrade your libpam-radius-auth package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpam-radius-auth/libpam-radius-auth_1.3.14-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "660": "
\n

Debian Security Advisory

\n

DSA-660-1 kdebase -- missing return value check

\n
\n
Date Reported:
\n
26 Jan 2005
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0078.
\n
More information:
\n
\n

Rapha\u00ebl Enrici discovered that the KDE screensaver can crash under\ncertain local circumstances. This can be exploited by an attacker\nwith physical access to the workstation to take over the desktop\nsession.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-14.9.

\n

This problem has been fixed upstream in KDE 3.0.5 and is therefore\nfixed in the unstable (sid) and testing (sarge) distributions already.

\n

We recommend that you upgrade your kscreensaver package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.9_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "661": "
\n

Debian Security Advisory

\n

DSA-661-2 f2c -- insecure temporary files

\n
\n
Date Reported:
\n
20 Apr 2005
\n
Affected Packages:
\n
\nf2c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0017, CVE-2005-0018.
\n
More information:
\n
\n

Dan McMahill noticed that our advisory DSA 661-1 did not correct\nthe multiple insecure files problem, hence, this update. For\ncompleteness below is the original advisory text:

\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that f2c and fc, which are both part of the f2c package, a\nfortran 77 to C/C++ translator, open temporary files insecurely and\nare hence vulnerable to a symlink attack. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CAN-2005-0017\n

    Multiple insecure temporary files in the f2c translator.

    \n
  • CAN-2005-0018\n

    Two insecure temporary files in the f2 shell script.

    \n
\n
\n

For the stable distribution (woody) and all others including testing\nthis problem has been fixed in version 20010821-3.2.

\n

We recommend that you upgrade your f2c package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.dsc
\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/f2c/f2c_20010821-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "662": "
\n

Debian Security Advisory

\n

DSA-662-2 squirrelmail -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Mar 2005
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 292714, Bug 295836.
In Mitre's CVE dictionary: CVE-2005-0104, CVE-2005-0152.
\n
More information:
\n
\n

Andrew Archibald discovered that the last update to squirrelmail which\nwas intended to fix several problems caused a regression which got\nexposed when the user hits a session timeout. \u00a0For completeness below\nis the original advisory text:

\n
\n

Several vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-0104\n

    Upstream developers noticed that an unsanitised variable could\n lead to cross site scripting.

    \n
  • CAN-2005-0152\n

    Grant Hollingworth discovered that under certain circumstances URL\n manipulation could lead to the execution of arbitrary code with\n the privileges of www-data. This problem only exists in version\n 1.2.6 of Squirrelmail.

    \n
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.6-3.

\n

For the unstable distribution (sid) the problem that affects unstable\nhas been fixed in version 1.4.4-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "663": "
\n

Debian Security Advisory

\n

DSA-663-1 prozilla -- buffer overflows

\n
\n
Date Reported:
\n
01 Feb 2005
\n
Affected Packages:
\n
\nprozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 11734.
In Mitre's CVE dictionary: CVE-2004-1120.
\n
More information:
\n
\n

Several buffer overflows have been discovered in prozilla, a\nmulti-threaded download accelerator which could be exploited by a\nremote attacker to execute arbitrary code on the victim's machine. An\nexploit for prozilla is already in the wild.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3.6-3woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.7.3-1.

\n

We recommend that you upgrade your prozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "664": "
\n

Debian Security Advisory

\n

DSA-664-1 cpio -- broken file permissions

\n
\n
Date Reported:
\n
02 Feb 2005
\n
Affected Packages:
\n
\ncpio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-1999-1572.
\n
More information:
\n
\n

It has been discovered, that cpio, a program to manage archives of\nfiles, creates output files with -O and -F with broken permissions due\nto a reset zero umask which allows local users to read or overwrite\nthose files.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.2-39woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your cpio package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "665": "
\n

Debian Security Advisory

\n

DSA-665-1 ncpfs -- missing privilege release

\n
\n
Date Reported:
\n
04 Feb 2005
\n
Affected Packages:
\n
\nncpfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0013.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered several bugs in ncpfs that provides utilities\nto use resources from NetWare servers of which one also applies to the\nstable Debian distribution. Due to accessing a configuration file\nwithout further checks with root permissions it is possible to read\narbitrary files.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.0.18-10woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your ncpfs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ncpfs/ipx_2.2.0.18-10woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ncpfs/ncpfs_2.2.0.18-10woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "666": "
\n

Debian Security Advisory

\n

DSA-666-1 python2.2 -- design flaw

\n
\n
Date Reported:
\n
04 Feb 2005
\n
Affected Packages:
\n
\npython2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0089.
\n
More information:
\n
\n

The Python development team has discovered a flaw in their language\npackage. The SimpleXMLRPCServer library module could permit remote\nattackers unintended access to internals of the registered object or\nits module or possibly other modules. The flaw only affects Python\nXML-RPC servers that use the register_instance() method to register an\nobject without a _dispatch() method. Servers using only\nregister_function() are not affected.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.1-4.7. No other version of Python in woody is affected.

\n

For the testing (sarge) and unstable (sid) distributions the following\nmatrix explains which version will contain the correction in which\nversion:

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0testingunstable
Python 2.22.2.3-142.2.3-14
Python 2.32.3.4-202.3.4+2.3.5c1-2
Python 2.42.4-52.4-5
\n

We recommend that you upgrade your Python packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.7_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.7_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.7_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "667": "
\n

Debian Security Advisory

\n

DSA-667-1 squid -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Feb 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0173, CVE-2005-0175, CVE-2005-0194, CVE-2005-0211.
CERT's vulnerabilities, advisories and incident notes: VU#924198, VU#625878, VU#886006.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Squid, the internet\nobject cache, the popular WWW proxy cache. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CAN-2005-0173\n

    LDAP is very forgiving about spaces in search filters and this\n could be abused to log in using several variants of the login\n name, possibly bypassing explicit access controls or confusing\n accounting.

    \n
  • CAN-2005-0175\n

    Cache pollution/poisoning via HTTP response splitting has been\n discovered.

    \n
  • CAN-2005-0194\n

    The meaning of the access controls becomes somewhat confusing if\n any of the referenced ACLs (access control lists) is declared\n empty, without any members.

    \n
  • CAN-2005-0211\n

    The length argument of the WCCP recvfrom() call is larger than it\n should be. An attacker may send a larger than normal WCCP packet\n that could overflow a buffer.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.7-7.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "668": "
\n

Debian Security Advisory

\n

DSA-668-1 postgresql -- privilege escalation

\n
\n
Date Reported:
\n
04 Feb 2005
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 293125.
In Mitre's CVE dictionary: CVE-2005-0227.
\n
More information:
\n
\n

John Heasman and others discovered a bug in the PostgreSQL engine\nwhich would allow any user load an arbitrary local library into it.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 7.2.1-2woody7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7.4.7-1.

\n

We recommend that you upgrade your postgresql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "669": "
\n

Debian Security Advisory

\n

DSA-669-1 php3 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Feb 2005
\n
Affected Packages:
\n
\nphp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0594, CVE-2004-0595.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in php4 which also apply to\nthe version of php3 in the stable Debian distribution. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2004-0594\n

    The memory_limit functionality allows remote attackers to execute\n arbitrary code under certain circumstances.

    \n
  • CAN-2004-0595\n

    The strip_tags function does not filter null (\\0) characters\n within tag names when restricting input to allowed tags, which\n allows dangerous tags to be processed by some web browsers which\n could lead to cross-site scripting (XSS) vulnerabilities.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.0.18-23.1woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.0.18-27.

\n

We recommend that you upgrade your php3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php3/php3-doc_3.0.18-23.1woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "670": "
\n

Debian Security Advisory

\n

DSA-670-1 emacs20 -- format string

\n
\n
Date Reported:
\n
08 Feb 2005
\n
Affected Packages:
\n
\nemacs20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0100.
\n
More information:
\n
\n

Max Vozeler discovered several format string vulnerabilities in the\nmovemail utility of Emacs, the well-known editor. Via connecting to a\nmalicious POP server an attacker can execute arbitrary code under the\nprivileges of group mail.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 20.7-13.3.

\n

The unstable distribution (sid) does not contain an Emacs20 package\nanymore.

\n

We recommend that you upgrade your emacs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.dsc
\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20-el_20.7-13.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "671": "
\n

Debian Security Advisory

\n

DSA-671-1 xemacs21 -- format string

\n
\n
Date Reported:
\n
08 Feb 2005
\n
Affected Packages:
\n
\nxemacs21\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0100.
\n
More information:
\n
\n

Max Vozeler discovered several format string vulnerabilities in the\nmovemail utility of Emacs, the well-known editor. Via connecting to a\nmalicious POP server an attacker can execute arbitrary code under the\nprivileges of group mail.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 21.4.6-8woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 21.4.16-2.

\n

We recommend that you upgrade your emacs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-support_21.4.6-8woody2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-supportel_21.4.6-8woody2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21_21.4.6-8woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-bin_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-mule-canna-wnn_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-gnome-nomule_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-mule-canna-wnn_21.4.6-8woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xemacs21/xemacs21-nomule_21.4.6-8woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "672": "
\n

Debian Security Advisory

\n

DSA-672-1 xview -- buffer overflows

\n
\n
Date Reported:
\n
09 Feb 2005
\n
Affected Packages:
\n
\nxview\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0076.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that programs linked against xview are\nvulnerable to a number of buffer overflows in the XView library. When\nthe overflow is triggered in a program which is installed setuid root\na malicious user could perhaps execute arbitrary code as privileged\nuser.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.2p1.4-16woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.2p1.4-19.

\n

We recommend that you upgrade your xview packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "673": "
\n

Debian Security Advisory

\n

DSA-673-1 evolution -- integer overflow

\n
\n
Date Reported:
\n
10 Feb 2005
\n
Affected Packages:
\n
\nevolution\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 12354.
In Mitre's CVE dictionary: CVE-2005-0102.
\n
More information:
\n
\n

Max Vozeler discovered an integer overflow in a helper application\ninside of Evolution, a free groupware suite. A local attacker could\ncause the setuid root helper to execute arbitrary code with elevated\nprivileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.5-1woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.3-1.2.

\n

We recommend that you upgrade your evolution package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "674": "
\n

Debian Security Advisory

\n

DSA-674-3 mailman -- cross-site scripting, directory traversal

\n
\n
Date Reported:
\n
21 Feb 2005
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1177, CVE-2005-0202.
\n
More information:
\n
\n

Due to an incompatibility between Python 1.5 and 2.1 the last mailman\nupdate did not run with Python 1.5 anymore. This problem is corrected\nwith this update. This advisory only updates the packages updated\nwith DSA 674-2. The version in unstable is not affected since it is\nnot supposed to work with Python 1.5 anymore. For completeness below\nis the original advisory text:

\n
\n

Two security related problems have been discovered in mailman,\nweb-based GNU mailing list manager. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2004-1177\n

    Florian Weimer discovered a cross-site scripting vulnerability in\n mailman's automatically generated error messages. An attacker\n could craft a URL containing JavaScript (or other content\n embedded into HTML) which triggered a mailman error page that\n would include the malicious code verbatim.

    \n
  • CAN-2005-0202\n

    Several listmasters have noticed unauthorised access to archives\n of private lists and the list configuration itself, including the\n users passwords. Administrators are advised to check the\n webserver logfiles for requests that contain \"/...../\" and the\n path to the archives or configuration. This does only seem to\n affect installations running on web servers that do not strip\n slashes, such as Apache 1.3.

    \n
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0.11-1woody11.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1.5-6.

\n

We recommend that you upgrade your mailman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "675": "
\n

Debian Security Advisory

\n

DSA-675-1 hztty -- privilege escalation

\n
\n
Date Reported:
\n
10 Feb 2005
\n
Affected Packages:
\n
\nhztty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0019.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that hztty, a converter for GB, Big5 and zW/HZ\nChinese encodings in a tty session, can be triggered to execute\narbitrary commands with group utmp privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0-5.2woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0-6.1.

\n

We recommend that you upgrade your hztty package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2.dsc
\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "676": "
\n

Debian Security Advisory

\n

DSA-676-1 xpcd -- buffer overflow

\n
\n
Date Reported:
\n
11 Feb 2005
\n
Affected Packages:
\n
\nxpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0074.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered a buffer overflow in pcdsvgaview, an SVGA\nPhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display\ngraphics on the Linux console for which root permissions are required.\nA malicious user could overflow a fixed-size buffer and may cause the\nprogram to execute arbitrary code with elevated privileges.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.08-8woody3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xpcd-svga package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.dsc
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-svga_2.08-8woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd_2.08-8woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpcd/xpcd-gimp_2.08-8woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "677": "
\n

Debian Security Advisory

\n

DSA-677-1 sympa -- buffer overflow

\n
\n
Date Reported:
\n
11 Feb 2005
\n
Affected Packages:
\n
\nsympa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0073.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that a support script of sympa, a mailing list\nmanager, is running setuid sympa and vulnerable to a buffer overflow.\nThis could potentially lead to the execution of arbitrary code under\nthe sympa user id.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.3.3-3woody2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your sympa package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sympa/wwsympa_3.3.3-3woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_3.3.3-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "678": "
\n

Debian Security Advisory

\n

DSA-678-1 netkit-rwho -- missing input validation

\n
\n
Date Reported:
\n
11 Feb 2005
\n
Affected Packages:
\n
\nnetkit-rwho\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-1180.
\n
More information:
\n
\n

\"Vlad902\" discovered a vulnerability in the rwhod program that can be\nused to crash the listening process. The broadcasting one is\nunaffected. This vulnerability only affects little endian\narchitectures (i.e. on Debian: alpha, arm, ia64, i386, mipsel,\nand s390).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17-4woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17-8.

\n

We recommend that you upgrade your rwhod package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/netkit-rwho_0.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwho_0.17-4woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-rwho/rwhod_0.17-4woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "679": "
\n

Debian Security Advisory

\n

DSA-679-1 toolchain-source -- insecure temporary files

\n
\n
Date Reported:
\n
14 Feb 2005
\n
Affected Packages:
\n
\ntoolchain-source\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0159.
\n
More information:
\n
\n

Sean Finney discovered several insecure temporary file uses in\ntoolchain-source, the GNU binutils and GCC source code and scripts.\nThese bugs can lead a local attacker with minimal knowledge to trick\nthe admin into overwriting arbitrary files via a symlink attack. The\nproblems exist inside the Debian-specific tpkg-* scripts.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.0.4-1woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.4-5.

\n

We recommend that you upgrade your toolchain-source package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "680": "
\n

Debian Security Advisory

\n

DSA-680-1 htdig -- unsanitised input

\n
\n
Date Reported:
\n
14 Feb 2005
\n
Affected Packages:
\n
\nhtdig\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0085.
\n
More information:
\n
\n

Michael Krax discovered a cross site scripting vulnerability in\nht://dig, a web search system for an intranet or small internet.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.1.6-3woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1.6-11.

\n

We recommend that you upgrade your htdig package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.1.6-3woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.1.6-3woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "681": "
\n

Debian Security Advisory

\n

DSA-681-1 synaesthesia -- privilege escalation

\n
\n
Date Reported:
\n
14 Feb 2005
\n
Affected Packages:
\n
\nsynaesthesia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0070.
\n
More information:
\n
\n

Erik Sj\u00f6lund and Devin Carraway discovered that synaesthesia, a\nprogram for representing sounds visually, accesses user-controlled\nconfiguration and mixer files with elevated privileges. Thus, it is\npossible to read arbitrary files.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.1-2.1woody3.

\n

For the testing (sarge) and unstable (sid) distribution this problem\ndoes not exist since synaesthesia is not installed setuid root\nanymore.

\n

We recommend that you upgrade your synaesthesia package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3.dsc
\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/synaesthesia/synaesthesia_2.1-2.1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "682": "
\n

Debian Security Advisory

\n

DSA-682-1 awstats -- missing input sanitizing

\n
\n
Date Reported:
\n
15 Feb 2005
\n
Affected Packages:
\n
\nawstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 294488.
In Mitre's CVE dictionary: CVE-2005-0363.
\n
More information:
\n
\n

In addition to CAN-2005-0116 more vulnerabilities have been found in\nawstats, a powerful and featureful web server log analyzer with a CGI\nfrontend. Missing input sanitising can cause arbitrary commands to be\nexecuted.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.0-0.woody.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.2-1.2.

\n

We recommend that you upgrade your awstats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_4.0-0.woody.2.dsc
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_4.0-0.woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_4.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_4.0-0.woody.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "683": "
\n

Debian Security Advisory

\n

DSA-683-1 postgresql -- buffer overflows

\n
\n
Date Reported:
\n
15 Feb 2005
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0245, CVE-2005-0247.
\n
More information:
\n
\n

Several buffer overflows have been discovered in PL/PgSQL as part of\nthe PostgreSQL engine which could lead to the execution of arbitrary\ncode.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 7.2.1-2woody8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 7.4.7-2.

\n

We recommend that you upgrade your postgresql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.2.1-2woody8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/odbc-postgresql_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/pgaccess_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.2.1-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/python-pygresql_7.2.1-2woody8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "684": "
\n

Debian Security Advisory

\n

DSA-684-1 typespeed -- format string

\n
\n
Date Reported:
\n
16 Feb 2005
\n
Affected Packages:
\n
\ntypespeed\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0105.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nproblem in typespeed, a touch-typist trainer disguised as game. This\ncould lead to a local attacker executing arbitrary code as group\ngames.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.4.1-2.3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your typespeed package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "685": "
\n

Debian Security Advisory

\n

DSA-685-1 emacs21 -- format string

\n
\n
Date Reported:
\n
17 Feb 2005
\n
Affected Packages:
\n
\nemacs21\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0100.
\n
More information:
\n
\n

Max Vozeler discovered several format string vulnerabilities in the\nmovemail utility of Emacs, the well-known editor. Via connecting to a\nmalicious POP server an attacker can execute arbitrary code under the\nprivileges of group mail.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 21.2-1woody3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 21.3+1-9.

\n

We recommend that you upgrade your emacs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-el_21.2-1woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.2-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "686": "
\n

Debian Security Advisory

\n

DSA-686-1 gftp -- missing input sanitising

\n
\n
Date Reported:
\n
17 Feb 2005
\n
Affected Packages:
\n
\ngftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0372.
\n
More information:
\n
\n

Albert Puigsech Galicia discovered a directory traversal vulnerability\nin a proprietary FTP client (CAN-2004-1376) which is also present in\ngftp, a GTK+ FTP client. A malicious server could provide a specially\ncrafted filename that could cause arbitrary files to be overwritten or\ncreated by the client.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.0.11-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.18-1.

\n

We recommend that you upgrade your gftp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gftp/gftp_2.0.11-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-common_2.0.11-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-gtk_2.0.11-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gftp/gftp-text_2.0.11-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "687": "
\n

Debian Security Advisory

\n

DSA-687-1 bidwatcher -- format string

\n
\n
Date Reported:
\n
18 Feb 2005
\n
Affected Packages:
\n
\nbidwatcher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0158.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in bidwatcher, a tool for watching and\nbidding on eBay auctions. This problem can be triggered remotely by a\nweb server of eBay, or someone pretending to be eBay, sending certain\ndata back. As of version 1.3.17 the program uses cURL and is not\nvulnerable anymore.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.3.3-1woody1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your bidwatcher package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "688": "
\n

Debian Security Advisory

\n

DSA-688-1 squid -- missing input sanitising

\n
\n
Date Reported:
\n
23 Feb 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0446.
\n
More information:
\n
\n

Upstream developers have discovered several problems in squid, the\nInternet object cache, the popular WWW proxy cache. A remote attacker\ncan cause squid to crash via certain DNS responses.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.4.6-2woody7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.8-3.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "689": "
\n

Debian Security Advisory

\n

DSA-689-1 libapache-mod-python -- missing input sanitizing

\n
\n
Date Reported:
\n
23 Feb 2005
\n
Affected Packages:
\n
\nlibapache-mod-python\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0088.
\n
More information:
\n
\n

Graham Dumpleton discovered a flaw which can affect anyone using the\npublisher handle of the Apache Software Foundation's mod_python. The\npublisher handle lets you publish objects inside modules to make them\ncallable via URL. The flaw allows a carefully crafted URL to obtain\nextra information that should not be visible (information leak).

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.7.8-0.0woody5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.7.10-4 of libapache-mod-python and in version 3.1.3-3 of\nlibapache2-mod-python.

\n

We recommend that you upgrade your libapache-mod-python package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-python/libapache-mod-python_2.7.8-0.0woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "690": "
\n

Debian Security Advisory

\n

DSA-690-1 bsmtpd -- missing input sanitising

\n
\n
Date Reported:
\n
25 Feb 2005
\n
Affected Packages:
\n
\nbsmtpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0107.
\n
More information:
\n
\n

Bastian Blank discovered a vulnerability in bsmtpd, a batched SMTP mailer for\nsendmail and postfix. Unsanitised addresses can cause the execution\nof arbitrary commands during alleged mail delivery.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.3pl8b-12woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3pl8b-16.

\n

We recommend that you upgrade your bsmtpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.dsc
\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bsmtpd/bsmtpd_2.3pl8b-12woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "691": "
\n

Debian Security Advisory

\n

DSA-691-1 abuse -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Mar 2005
\n
Affected Packages:
\n
\nabuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0098, CVE-2005-0099.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in abuse, the SDL port of\nthe Abuse action game. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CAN-2005-0098\n

    Erik Sj\u00f6lund discovered several buffer overflows in the command line\n handling, which could lead to the execution of arbitrary code with\n elevated privileges since it is installed setuid root.

    \n
  • CAN-2005-0099\n

    Steve Kemp discovered that abuse creates some files without\n dropping privileges first, which may lead to the creation and\n overwriting of arbitrary files.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.00+-3woody4.

\n

The unstable distribution (sid) does not contain an abuse package anymore.

\n

We recommend that you upgrade your abuse package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4.dsc
\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abuse/abuse_2.00+-3woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "692": "
\n

Debian Security Advisory

\n

DSA-692-1 kdenetwork -- design flaw

\n
\n
Date Reported:
\n
08 Mar 2005
\n
Affected Packages:
\n
\nkdenetwork\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0205.
\n
More information:
\n
\n

The KDE team fixed a bug in kppp in 2002 which was now discovered to be\nexploitable by iDEFENSE. By opening a sufficiently large number of\nfile descriptors before executing kppp which is installed setuid root a\nlocal attacker is able to take over privileged file descriptors.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-14.7.

\n

The testing (sarge) and unstable (sid) distributions are not affected\nsince KDE 3.2 already contained the correction.

\n

We recommend that you upgrade your kppp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.dsc
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "693": "
\n

Debian Security Advisory

\n

DSA-693-1 luxman -- buffer overflow

\n
\n
Date Reported:
\n
14 Mar 2005
\n
Affected Packages:
\n
\nluxman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 12797.
In Mitre's CVE dictionary: CVE-2005-0385.
\n
More information:
\n
\n

Kevin Finisterre discovered a buffer overflow in luxman, an SVGA based\nPacMan clone, that could lead to the execution of arbitrary commands\nas root.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.41-17.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.41-20.

\n

We recommend that you upgrade your luxman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.2.dsc
\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "694": "
\n

Debian Security Advisory

\n

DSA-694-1 xloadimage -- missing input sanitising, integer overflow

\n
\n
Date Reported:
\n
21 Mar 2005
\n
Affected Packages:
\n
\nxloadimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 298926.
In Mitre's CVE dictionary: CVE-2005-0638, CVE-2005-0639.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in xloadimage, an image\nviewer for X11. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-0638\n

    Tavis Ormandy of the Gentoo Linux Security Audit Team has reported\n a flaw in the handling of compressed images, where shell\n meta-characters are not adequately escaped.

    \n
  • CAN-2005-0639\n

    Insufficient validation of image properties have been\n discovered which could potentially result in buffer management\n errors.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.1-10woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.1-14.2.

\n

We recommend that you upgrade your xloadimage package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "695": "
\n

Debian Security Advisory

\n

DSA-695-1 xli -- buffer overflow, input sanitising, integer overflow

\n
\n
Date Reported:
\n
21 Mar 2005
\n
Affected Packages:
\n
\nxli\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 298039.
In the Bugtraq database (at SecurityFocus): BugTraq ID 3006.
In Mitre's CVE dictionary: CVE-2001-0775, CVE-2005-0638, CVE-2005-0639.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in xli, an image viewer\nfor X11. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CAN-2001-0775\n

    A buffer overflow in the decoder for FACES format images could be\n exploited by an attacker to execute arbitrary code. This problem\n has already been fixed in xloadimage in\n DSA 069.

    \n
  • CAN-2005-0638\n

    Tavis Ormandy of the Gentoo Linux Security Audit Team has reported\n a flaw in the handling of compressed images, where shell\n meta-characters are not adequately escaped.

    \n
  • CAN-2005-0639\n

    Insufficient validation of image properties in have been\n discovered which could potentially result in buffer management\n errors.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.17.0-11woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.17.0-18.

\n

We recommend that you upgrade your xli package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "696": "
\n

Debian Security Advisory

\n

DSA-696-1 perl -- design flaw

\n
\n
Date Reported:
\n
22 Mar 2005
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286905, Bug 286922.
In Mitre's CVE dictionary: CVE-2005-0448.
\n
More information:
\n
\n

Paul Szabo discovered another vulnerability in the File::Path::rmtree\nfunction of perl, the popular scripting language. When a process is\ndeleting a directory tree, a different user could exploit a race\ncondition to create setuid binaries in this directory tree, provided\nthat he already had write permissions in any subdirectory of that\ntree.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 5.6.1-8.9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.8.4-8.

\n

We recommend that you upgrade your perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.9_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "697": "
\n

Debian Security Advisory

\n

DSA-697-1 netkit-telnet -- buffer overflow

\n
\n
Date Reported:
\n
29 Mar 2005
\n
Affected Packages:
\n
\nnetkit-telnet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0469.
\n
More information:
\n
\n

Ga\u00ebl Delalleau discovered a buffer overflow in the handling of\nthe LINEMODE suboptions in telnet clients. This can lead to the\nexecution of arbitrary code when connected to a malicious server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17-18woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17-28.

\n

We recommend that you upgrade your telnet package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17-18woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/netkit-telnet_0.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnet_0.17-18woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet/telnetd_0.17-18woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "698": "
\n

Debian Security Advisory

\n

DSA-698-1 mc -- buffer overflow

\n
\n
Date Reported:
\n
29 Mar 2005
\n
Affected Packages:
\n
\nmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0763.
\n
More information:
\n
\n

An unfixed buffer overflow has been discovered by Andrew V. Samoilov\nin mc, the midnight commander, a file browser and manager. This update\nalso fixes a regression from\nDSA 497.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.5.55-1.2woody6.

\n

For the unstable distribution (sid) this problem has already been fixed.

\n

We recommend that you upgrade your mc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.dsc
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "699": "
\n

Debian Security Advisory

\n

DSA-699-1 netkit-telnet-ssl -- buffer overflow

\n
\n
Date Reported:
\n
29 Mar 2005
\n
Affected Packages:
\n
\nnetkit-telnet-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0469.
CERT's vulnerabilities, advisories and incident notes: VU#291924.
\n
More information:
\n
\n

Ga\u00ebl Delalleau discovered a buffer overflow in the handling of\nthe LINEMODE suboptions in telnet clients. This can lead to the\nexecution of arbitrary code when connected to a malicious server.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.17.17+0.1-2woody4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.17.24+0.1-8.

\n

We recommend that you upgrade your telnet-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.dsc
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1-2woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/netkit-telnet-ssl_0.17.17+0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnet-ssl_0.17.17+0.1-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netkit-telnet-ssl/telnetd-ssl_0.17.17+0.1-2woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "700": "
\n

Debian Security Advisory

\n

DSA-700-1 mailreader -- missing input sanitising

\n
\n
Date Reported:
\n
30 Mar 2005
\n
Affected Packages:
\n
\nmailreader\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0386.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\ncross-site scripting problem in mailreader, a simple, but powerful WWW\nmail reader system, when displaying messages of the MIME types\ntext/enriched or text/richtext.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.3.29-5woody2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.29-11.

\n

We recommend that you upgrade your mailreader package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody2.dsc
\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2.3.29-5woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "701": "
\n

Debian Security Advisory

\n

DSA-701-2 samba -- integer overflows

\n
\n
Date Reported:
\n
21 Apr 2005
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 302378.
In Mitre's CVE dictionary: CVE-2004-1154.
CERT's vulnerabilities, advisories and incident notes: VU#226184.
\n
More information:
\n
\n

It has been discovered that the last security update for Samba, a\nLanManager like file and printer server for GNU/Linux and Unix-like\nsystems caused the daemon to crash upon reload. This has been fixed.\nFor reference below is the original advisory text:

\n
\n

Greg MacManus discovered an integer overflow in the smb daemon from\nSamba, a LanManager like file and printer server for GNU/Linux and\nUnix-like systems. Requesting a very large number of access control\ndescriptors from the server could exploit the integer overflow, which\nmay result in a buffer overflow which could lead to the execution of\narbitrary code with root privileges. Upstream developers have\ndiscovered more possible integer overflows that are fixed with this\nupdate as well.

\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.2.3a-15.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.0.10-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_2.2.3a-15_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_2.2.3a-15_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_2.2.3a-15_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "702": "
\n

Debian Security Advisory

\n

DSA-702-1 imagemagick -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Apr 2005
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 297990.
In the Bugtraq database (at SecurityFocus): BugTraq ID 12875.
In Mitre's CVE dictionary: CVE-2005-0397, CVE-2005-0759, CVE-2005-0760, CVE-2005-0762.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in ImageMagick, a\ncommonly used image manipulation library. These problems can be\nexploited by a carefully crafted graphic image. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-0397\n

    Tavis Ormandy discovered a format string vulnerability in the\n filename handling code which allows a remote attacker to cause a\n denial of service and possibly execute arbitrary code.

    \n
  • CAN-2005-0759\n

    Andrei Nigmatulin discovered a denial of service condition which\n can be caused by an invalid tag in a TIFF image.

    \n
  • CAN-2005-0760\n

    Andrei Nigmatulin discovered that the TIFF decoder is vulnerable\n to accessing memory out of bounds which will result in a\n segmentation fault.

    \n
  • CAN-2005-0762\n

    Andrei Nigmatulin discovered a buffer overflow in the SGI parser\n which allows a remote attacker to execute arbitrary code via a\n specially crafted SGI image file.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 5.4.4.5-1woody6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 6.0.6.2-2.2.

\n

We recommend that you upgrade your imagemagick package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "703": "
\n

Debian Security Advisory

\n

DSA-703-1 krb5 -- buffer overflows

\n
\n
Date Reported:
\n
01 Apr 2005
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0468, CVE-2005-0469.
CERT's vulnerabilities, advisories and incident notes: VU#341908, VU#291924.
\n
More information:
\n
\n

Several problems have been discovered in telnet clients that could be\nexploited by malicious daemons the client connects to. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-0468\n

    Ga\u00ebl Delalleau discovered a buffer overflow in the env_opt_add()\n function that allow a remote attacker to execute arbitrary code.

    \n
  • CAN-2005-0469\n

    Ga\u00ebl Delalleau discovered a buffer overflow in the handling of the\n LINEMODE suboptions in telnet clients. This can lead to the\n execution of arbitrary code when connected to a malicious server.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.4-5woody8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.6-1.

\n

We recommend that you upgrade your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody8.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "704": "
\n

Debian Security Advisory

\n

DSA-704-1 remstats -- tempfile, missing input sanitising

\n
\n
Date Reported:
\n
04 Apr 2005
\n
Affected Packages:
\n
\nremstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0387, CVE-2005-0388.
\n
More information:
\n
\n

Jens Steube discovered several vulnerabilities in remstats, the remote\nstatistics system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-0387\n

    When processing uptime data on the unix-server a temporary file is\n opened in an insecure fashion which could be used for a symlink\n attack to create or overwrite arbitrary files with the permissions\n of the remstats user.

    \n
  • CAN-2005-0388\n

    The remoteping service can be exploited to execute arbitrary\n commands due to missing input sanitising.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.00a4-8woody1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.13a-5.

\n

We recommend that you upgrade your remstats packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1.dsc
\n
http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-doc_1.00a4-8woody1_all.deb
\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-servers_1.00a4-8woody1_all.deb
\n
http://security.debian.org/pool/updates/main/r/remstats/remstats_1.00a4-8woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/remstats/remstats-bintools_1.00a4-8woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "705": "
\n

Debian Security Advisory

\n

DSA-705-1 wu-ftpd -- missing input sanitising

\n
\n
Date Reported:
\n
04 Apr 2005
\n
Affected Packages:
\n
\nwu-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0256, CVE-2003-0854.
\n
More information:
\n
\n

Several denial of service conditions have been discovered in wu-ftpd,\nthe popular FTP daemon. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CAN-2005-0256\n

    Adam Zabrocki discovered a denial of service condition in wu-ftpd\n that could be exploited by a remote user and cause the server to\n slow down by resource exhaustion.

    \n
  • CAN-2003-0854\n

    Georgi Guninski discovered that /bin/ls may be called from within\n wu-ftpd in a way that will result in large memory consumption and\n hence slow down the server.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.6.2-3woody5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.2-19.

\n

We recommend that you upgrade your wu-ftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5.dsc
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd-academ_2.6.2-3woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wu-ftpd/wu-ftpd_2.6.2-3woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "706": "
\n

Debian Security Advisory

\n

DSA-706-1 axel -- buffer overflow

\n
\n
Date Reported:
\n
13 Apr 2005
\n
Affected Packages:
\n
\naxel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 13059.
In Mitre's CVE dictionary: CVE-2005-0390.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nbuffer overflow in axel, a light download accelerator. When reading\nremote input the program did not check if a part of the input can\noverflow a buffer and maybe trigger the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0a-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0b-1.

\n

We recommend that you upgrade your axel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/axel/axel-kapt_1.0a-1woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/axel/axel_1.0a-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "707": "
\n

Debian Security Advisory

\n

DSA-707-1 mysql -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Apr 2005
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 285276, Bug 296674, Bug 300158.
In the Bugtraq database (at SecurityFocus): BugTraq ID 12781.
In Mitre's CVE dictionary: CVE-2004-0957, CVE-2005-0709, CVE-2005-0710, CVE-2005-0711.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in MySQL, a popular\ndatabase. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CAN-2004-0957\n

    Sergei Golubchik discovered a problem in the access handling for\n similar named databases. If a user is granted privileges to a\n database with a name containing an underscore (\"_\"), the user also\n gains privileges to other databases with similar names.

    \n
  • CAN-2005-0709\n

    Stefano Di Paola discovered that MySQL allows remote\n authenticated users with INSERT and DELETE privileges to execute\n arbitrary code by using CREATE FUNCTION to access libc calls.

    \n
  • CAN-2005-0710\n

    Stefano Di Paola discovered that MySQL allows remote authenticated\n users with INSERT and DELETE privileges to bypass library path\n restrictions and execute arbitrary libraries by using INSERT INTO\n to modify the mysql.func table.

    \n
  • CAN-2005-0711\n

    Stefano Di Paola discovered that MySQL uses predictable file names\n when creating temporary tables, which allows local users with\n CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via\n a symlink attack.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 3.23.49-8.11.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.0.24-5 of mysql-dfsg and in version 4.1.10a-6 of\nmysql-dfsg-4.1.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.11.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.11_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "708": "
\n

Debian Security Advisory

\n

DSA-708-1 php3 -- missing input sanitising

\n
\n
Date Reported:
\n
15 Apr 2005
\n
Affected Packages:
\n
\nphp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 302701.
In Mitre's CVE dictionary: CVE-2005-0525.
\n
More information:
\n
\n

An iDEFENSE researcher discovered two problems in the image processing\nfunctions of PHP, a server-side, HTML-embedded scripting language, of\nwhich one is present in PHP3 as well. When reading a JPEG image, PHP\ncan be tricked into an endless loop due to insufficient input\nvalidation.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.0.18-23.1woody3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.18-31.

\n

We recommend that you upgrade your php3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php3/php3-doc_3.0.18-23.1woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php3/php3_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-gd_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-imap_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-ldap_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-magick_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mhash_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-mysql_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-snmp_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-cgi-xml_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-dev_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-gd_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-imap_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-ldap_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-magick_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mhash_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-mysql_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-snmp_3.0.18-23.1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php3/php3-xml_3.0.18-23.1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "709": "
\n

Debian Security Advisory

\n

DSA-709-1 libexif -- buffer overflow

\n
\n
Date Reported:
\n
15 Apr 2005
\n
Affected Packages:
\n
\nlibexif\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 298464.
In Mitre's CVE dictionary: CVE-2005-0664.
\n
More information:
\n
\n

Sylvain Defresne discovered a buffer overflow in libexif, a library\nthat parses EXIF files (such as JPEG files with extra tags). This bug\ncould be exploited to crash the application and maybe to execute\narbitrary code as well.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.5.0-1woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.9-5.

\n

We recommend that you upgrade your libexif package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.5.0-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif5_0.5.0-1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "710": "
\n

Debian Security Advisory

\n

DSA-710-1 gtkhtml -- null pointer dereference

\n
\n
Date Reported:
\n
18 Apr 2005
\n
Affected Packages:
\n
\ngtkhtml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 279726.
In Mitre's CVE dictionary: CVE-2003-0541.
\n
More information:
\n
\n

Alan Cox discovered a problem in gtkhtml, an HTML rendering widget\nused by the Evolution mail reader. Certain malformed messages could\ncause a crash due to a null pointer dereference.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.2-1.woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.4-6.2.

\n

We recommend that you upgrade your gtkhtml package and restart\nEvolution.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-data_1.0.2-1.woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtkhtml/gtkhtml_1.0.2-1.woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml-dev_1.0.2-1.woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtkhtml/libgtkhtml20_1.0.2-1.woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "711": "
\n

Debian Security Advisory

\n

DSA-711-1 info2www -- missing input sanitising

\n
\n
Date Reported:
\n
19 Apr 2005
\n
Affected Packages:
\n
\ninfo2www\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 281655.
In Mitre's CVE dictionary: CVE-2004-1341.
\n
More information:
\n
\n

Nicolas Gregoire discovered a cross-site scripting vulnerability in\ninfo2www, a converter for info files to HTML. A malicious person\ncould place a harmless looking link on the web that could cause\narbitrary commands to be executed in the browser of the victim user.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.2.2.9-20woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.2.9-23.

\n

We recommend that you upgrade your info2www package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2.9-20woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2.9-20woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2.9-20woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "712": "
\n

Debian Security Advisory

\n

DSA-712-1 geneweb -- insecure file operations

\n
\n
Date Reported:
\n
19 Apr 2005
\n
Affected Packages:
\n
\ngeneweb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 304405.
In Mitre's CVE dictionary: CVE-2005-0391.
\n
More information:
\n
\n

Tim Dijkstra discovered a problem during the upgrade of geneweb, a\ngenealogy software with web interface. The maintainer scripts\nautomatically converted files without checking their permissions and\ncontent, which could lead to the modification of arbitrary files.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.06-2woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.10-7.

\n

We recommend that you upgrade your geneweb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/geneweb/geneweb_4.06-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/geneweb/gwtp_4.06-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "713": "
\n

Debian Security Advisory

\n

DSA-713-1 junkbuster -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Apr 2005
\n
Affected Packages:
\n
\njunkbuster\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1108, CVE-2005-1109.
\n
More information:
\n
\n

Several bugs have been found in junkbuster, a HTTP proxy and filter.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CAN-2005-1108\n

    James Ranson discovered that an attacker can modify the referrer\n setting with a carefully crafted URL by accidentally overwriting a\n global variable.

    \n
  • CAN-2005-1109\n

    Tavis Ormandy from the Gentoo Security Team discovered several\n heap corruptions due to inconsistent use of an internal function\n that can crash the daemon or possibly lead to the execution of\n arbitrary code.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0.2-0.2woody1.

\n

The unstable distribution (sid) doesn't contain the junkbuster package\nanymore.

\n

We recommend that you upgrade your junkbuster package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1.dsc
\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/j/junkbuster/junkbuster_2.0.2-0.2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "714": "
\n

Debian Security Advisory

\n

DSA-714-1 kdelibs -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2005
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1046.
\n
More information:
\n
\n

KDE security team discovered several vulnerabilities in the PCX and\nother image file format readers in the KDE core libraries, some of\nthem exploitable to execute arbitrary code. To a small extent the\npackages in woody are affected as well.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.2.2-13.woody.14.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.3.2-5.

\n

We recommend that you upgrade your kdelibs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.14.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.14_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.14_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "715": "
\n

Debian Security Advisory

\n

DSA-715-1 cvs -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Apr 2005
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 260200.
In Mitre's CVE dictionary: CVE-2004-1342, CVE-2004-1343.
CERT's vulnerabilities, advisories and incident notes: VU#327037.
\n
More information:
\n
\n

Several problems have been discovered in the CVS server, which serves\nthe popular Concurrent Versions System. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2004-1342\n

    Maks Polunin and Alberto Garcia discovered independently that\n using the pserver access method in connection with the repouid\n patch that Debian uses it is possible to bypass the password and\n gain access to the repository in question.

    \n
  • CAN-2004-1343\n

    Alberto Garcia discovered that a remote user can cause the cvs\n server to crash when the cvs-repouids file exists but does not\n contain a mapping for the current repository, which can be used as\n a denial of service attack.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.11.1p1debian-10.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.12.9-11.

\n

We recommend that you upgrade your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "716": "
\n

Debian Security Advisory

\n

DSA-716-1 gaim -- denial of service

\n
\n
Date Reported:
\n
27 Apr 2005
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0472.
\n
More information:
\n
\n

It has been discovered that certain malformed SNAC packets sent by\nother AIM or ICQ users can trigger an infinite loop in Gaim, a\nmulti-protocol instant messaging client, and hence lead to a denial of\nservice of the client.

\n

Two more denial of service conditions have been discovered in newer\nversions of Gaim which are fixed in the package in sid but are not\npresent in the package in woody.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.58-2.5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.1.3-1.

\n

We recommend that you upgrade your gaim packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "717": "
\n

Debian Security Advisory

\n

DSA-717-1 lsh-utils -- buffer overflow, typo

\n
\n
Date Reported:
\n
27 Apr 2005
\n
Affected Packages:
\n
\nlsh-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 211662.
In Mitre's CVE dictionary: CVE-2003-0826, CVE-2005-0814.
\n
More information:
\n
\n

Several security relevant problems have been discovered in lsh, the\nalternative secure shell v2 (SSH2) protocol server. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CAN-2003-0826\n

    Bennett Todd discovered a heap buffer overflow in lshd which could\n lead to the execution of arbitrary code.

    \n
  • CAN-2005-0814\n

    Niels M\u00f6ller discovered a denial of service condition in lshd.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.2.5-2woody3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.1-2.

\n

We recommend that you upgrade your lsh-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils-doc_1.2.5-2woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_i386.deb
\n
Intel IA-64:\n Package does not build anymore and hence cannot be updated.\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_1.2.5-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_1.2.5-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_1.2.5-2woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "718": "
\n

Debian Security Advisory

\n

DSA-718-2 ethereal -- buffer overflow

\n
\n
Date Reported:
\n
28 Apr 2005
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0739.
\n
More information:
\n
\n

[\u00a0This version lists the correct packages in the packages\nsection.\u00a0]

\n

A buffer overflow has been detected in the IAPP dissector of Ethereal,\na commonly used network traffic analyser. A remote attacker may be\nable to overflow a buffer using a specially crafted packet. More\nproblems have been discovered which don't apply to the version in\nwoody but are fixed in sid as well.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody12.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.10.10-1.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "719": "
\n

Debian Security Advisory

\n

DSA-719-1 prozilla -- format string problems

\n
\n
Date Reported:
\n
28 Apr 2005
\n
Affected Packages:
\n
\nprozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 12635.
In Mitre's CVE dictionary: CVE-2005-0523.
\n
More information:
\n
\n

Several format string problems have been discovered in prozilla, a\nmulti-threaded download accelerator, that can be exploited by a\nmalicious server to execute arbitrary code with the rights of the user\nrunning prozilla.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.3.6-3woody2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.7.4-1.

\n

We recommend that you upgrade your prozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "720": "
\n

Debian Security Advisory

\n

DSA-720-1 smartlist -- wrong input processing

\n
\n
Date Reported:
\n
03 May 2005
\n
Affected Packages:
\n
\nsmartlist\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0157.
\n
More information:
\n
\n

Jeroen van Wolffelaar noticed that the confirm add-on of SmartList,\nthe listmanager used on lists.debian.org, which is used on that host\nas well, could be tricked to subscribe arbitrary addresses to the\nlists.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.15-5.woody.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.15-18.

\n

We recommend that you upgrade your smartlist package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1.dsc
\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/smartlist/smartlist_3.15-5.woody.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "721": "
\n

Debian Security Advisory

\n

DSA-721-1 squid -- design flaw

\n
\n
Date Reported:
\n
06 May 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 307132.
In Mitre's CVE dictionary: CVE-2005-1345.
\n
More information:
\n
\n

Michael Bhola discovered a bug in Squid, the popular WWW proxy cache.\nSquid does not trigger a fatal error when it identifies missing or\ninvalid ACLs in the http_access configuration, which could lead to\nless restrictive ACLs than intended by the administrator.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 2.4.6-2woody8.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.9-7.

\n

We recommend that you upgrade your squid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "722": "
\n

Debian Security Advisory

\n

DSA-722-1 smail -- buffer overflow

\n
\n
Date Reported:
\n
09 May 2005
\n
Affected Packages:
\n
\nsmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 301428.
In Mitre's CVE dictionary: CVE-2005-0892.
\n
More information:
\n
\n

A buffer overflow has been discovered in Smail, an electronic mail\ntransport system, which allows remote attackers and local users to\nexecute arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 3.2.0.114-4woody1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.2.0.115-7.

\n

We recommend that you upgrade your smail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/smail/smail_3.2.0.114-4woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "723": "
\n

Debian Security Advisory

\n

DSA-723-1 xfree86 -- buffer overflow

\n
\n
Date Reported:
\n
09 May 2005
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 298939.
In the Bugtraq database (at SecurityFocus): BugTraq ID 12714.
In Mitre's CVE dictionary: CVE-2005-0605.
\n
More information:
\n
\n

A buffer overflow has been discovered in the Xpm library which is used\nin XFree86. A remote attacker could provide a specially crafted XPM\nimage that could lead to the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.0-16woody6.

\n

For the unstable distribution (sid) this problem will be fixed in\nversion 4.3.0.dfsg.1-13, which is currently in preparation.

\n

We recommend that you upgrade your xfree86 and associated packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody6.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "724": "
\n

Debian Security Advisory

\n

DSA-724-1 phpsysinfo -- design flaw

\n
\n
Date Reported:
\n
18 May 2005
\n
Affected Packages:
\n
\nphpsysinfo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 301118.
In Mitre's CVE dictionary: CVE-2005-0870.
\n
More information:
\n
\n

Maksymilian Arciemowicz discovered several cross site scripting issues\nin phpsysinfo, a PHP based host information application.

\n

For the stable distribution (woody) these problems have been fixed in\nversion 2.0-3woody2.

\n

For the testing (sarge) and unstable (sid) distribution these problems\nhave been fixed in version 2.3-3.

\n

We recommend that you upgrade your phpsysinfo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "725": "
\n

Debian Security Advisory

\n

DSA-725-2 ppxp -- missing privilege release

\n
\n
Date Reported:
\n
19 May 2005
\n
Affected Packages:
\n
\nppxp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0392.
\n
More information:
\n
\n

Jens Steube discovered that ppxp, yet another PPP program, does not\nrelease root privileges when opening potentially user supplied log\nfiles. This can be tricked into opening a root shell.

\n

For the old stable distribution (woody) this problem has been\nfixed in version 0.2001080415-6woody2 (DSA 725-1).

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.2001080415-10sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.2001080415-11.

\n

We recommend that you upgrade your ppxp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.dsc
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "726": "
\n

Debian Security Advisory

\n

DSA-726-1 oops -- format string vulnerability

\n
\n
Date Reported:
\n
20 May 2005
\n
Affected Packages:
\n
\noops\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 307360.
In Mitre's CVE dictionary: CVE-2005-1121.
\n
More information:
\n
\n

A format string vulnerability has been discovered in the MySQL/PgSQL\nauthentication module of Oops, a caching HTTP proxy server written\nfor performance.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.5.19.cvs.20010818-0.1woody1

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your oops package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "727": "
\n

Debian Security Advisory

\n

DSA-727-1 libconvert-uulib-perl -- buffer overflow

\n
\n
Date Reported:
\n
20 May 2005
\n
Affected Packages:
\n
\nlibconvert-uulib-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1349.
\n
More information:
\n
\n

Mark Martinec and Robert Lewis discovered a buffer overflow in\nConvert::UUlib, a Perl interface to the uulib library, which may\nresult in the execution of arbitrary code.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 0.201-2woody1.

\n

For the testing (sarge) and unstable (sid) distributions this problem\nhas been fixed in version 1.0.5.1-1.

\n

We recommend that you upgrade your libconvert-uulib-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/libconvert-uulib-perl_0.201-2woody1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "728": "
\n

Debian Security Advisory

\n

DSA-728-2 qpopper -- missing privilege release

\n
\n
Date Reported:
\n
26 May 2005
\n
Affected Packages:
\n
\nqpopper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1151, CVE-2005-1152.
\n
More information:
\n
\n

This advisory does only cover updated packages for Debian 3.0\nalias woody. For reference below is the original advisory text:

\n
\n

Two bugs have been discovered in qpopper, an enhanced Post Office\nProtocol (POP3) server. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CAN-2005-1151\n

    Jens Steube discovered that while processing local files owned or\n provided by a normal user privileges weren't dropped, which could\n lead to the overwriting or creation of arbitrary files as root.

    \n
  • CAN-2005-1152\n

    The upstream developers noticed that qpopper could be tricked to\n creating group- or world-writable files.

    \n
\n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 4.0.4-2.woody.5.

\n

For the testing distribution (sarge) these problems have been fixed in\nversion 4.0.5-4sarge1.

\n

For the unstable distribution (sid) these problems will be fixed in\nversion 4.0.5-4sarge1.

\n

We recommend that you upgrade your qpopper package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.4-2.woody.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.4-2.woody.5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "729": "
\n

Debian Security Advisory

\n

DSA-729-1 php4 -- missing input sanitising

\n
\n
Date Reported:
\n
26 May 2005
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 302701.
In Mitre's CVE dictionary: CVE-2005-0525.
\n
More information:
\n
\n

An iDEFENSE researcher discovered two problems in the image processing\nfunctions of PHP, a server-side, HTML-embedded scripting language, of\nwhich one is present in woody as well. When reading a JPEG image, PHP\ncan be tricked into an endless loop due to insufficient input\nvalidation.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 4.1.2-7.woody4.

\n

For the testing distribution (sarge) these problems have been fixed in\nversion 4.3.10-10.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.3.10-10.

\n

We recommend that you upgrade your php4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.1.2-7.woody4_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.1.2-7.woody4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "730": "
\n

Debian Security Advisory

\n

DSA-730-1 bzip2 -- race condition

\n
\n
Date Reported:
\n
27 May 2005
\n
Affected Packages:
\n
\nbzip2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 303300.
In Mitre's CVE dictionary: CVE-2005-0953.
\n
More information:
\n
\n

Imran Ghory discovered a race condition in bzip2, a high-quality\nblock-sorting file compressor and decompressor. When decompressing a\nfile in a directory an attacker has access to, bunzip2 could be\ntricked to set the file permissions to a different file the user has\npermissions to.

\n

For the stable distribution (woody) this problem has been fixed in\nversion 1.0.2-1.woody2.

\n

For the testing distribution (sarge) this problem has been fixed in\nversion 1.0.2-6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.2-6.

\n

We recommend that you upgrade your bzip2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2.dsc
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "731": "
\n

Debian Security Advisory

\n

DSA-731-1 krb4 -- buffer overflows

\n
\n
Date Reported:
\n
02 Jun 2005
\n
Affected Packages:
\n
\nkrb4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0468, CVE-2005-0469.
CERT's vulnerabilities, advisories and incident notes: VU#341908, VU#291924.
\n
More information:
\n
\n

Several problems have been discovered in telnet clients that could be\nexploited by malicious daemons the client connects to. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-0468\n

    Ga\u00ebl Delalleau discovered a buffer overflow in the env_opt_add()\n function that allow a remote attacker to execute arbitrary code.

    \n
  • CAN-2005-0469\n

    Ga\u00ebl Delalleau discovered a buffer overflow in the handling of the\n LINEMODE suboptions in telnet clients. This can lead to the\n execution of arbitrary code when connected to a malicious server.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 1.1-8-2.4.

\n

For the testing distribution (sarge) these problems have been fixed in\nversion 1.2.2-11.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.2-11.2.

\n

We recommend that you upgrade your krb4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.4.dsc
\n
http://security.debian.org/pool/updates/main/k/krb4/krb4_1.1-8-2.4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-docs_1.1-8-2.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-services_1.1-8-2.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-user_1.1-8-2.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-x11_1.1-8-2.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth1_1.1-8-2.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-clients-x_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-dev-common_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kdc_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-kip_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/kerberos4kth-servers-x_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libacl1-kerberos4kth_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkadm1-kerberos4kth_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkdb-1-kerberos4kth_1.1-8-2.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb4/libkrb-1-kerberos4kth_1.1-8-2.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "732": "
\n

Debian Security Advisory

\n

DSA-732-1 mailutils -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jun 2005
\n
Affected Packages:
\n
\nmailutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1520, CVE-2005-1521, CVE-2005-1522, CVE-2005-1523.
\n
More information:
\n
\n

\"infamous41md\" discovered several vulnerabilities in the GNU mailutils\npackage which contains utilities for handling mail. These problems\ncan lead to a denial of service or the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities.

\n
    \n
  • CAN-2005-1520\n

    Buffer overflow mail header handling may allow a remote attacker\n to execute commands with the privileges of the targeted user.

    \n
  • CAN-2005-1521\n

    Combined integer and heap overflow in the fetch routine can lead\n to the execution of arbitrary code.

    \n
  • CAN-2005-1522\n

    Denial of service in the fetch routine.

    \n
  • CAN-2005-1523\n

    Format string vulnerability can lead to the execution of arbitrary\n code.

    \n
\n

For the stable distribution (woody) these problems have been fixed in\nversion 20020409-1woody2.

\n

For the testing distribution (sarge) these problems have been fixed in\nversion 0.6.1-4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.6.1-4.

\n

We recommend that you upgrade your mailutils packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_20020409-1woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_20020409-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_20020409-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_20020409-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_20020409-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_20020409-1woody2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "733": "
\n

Debian Security Advisory

\n

DSA-733-1 crip -- insecure temporary files

\n
\n
Date Reported:
\n
30 Jun 2005
\n
Affected Packages:
\n
\ncrip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-0393.
\n
More information:
\n
\n

Justin Rye discovered that crip, a terminal-based ripper, encoder and\ntagger tool, utilises temporary files in an insecure fashion in its\nhelper scripts.

\n

The old stable distribution (woody) does not provide the crip package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.5-1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5-1sarge2.

\n

We recommend that you upgrade your crip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.diff.gz
\n
http://ftp.debian.org/debian/pool/main/c/crip/crip_3.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "734": "
\n

Debian Security Advisory

\n

DSA-734-1 gaim -- denial of service

\n
\n
Date Reported:
\n
05 Jul 2005
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1269, CVE-2005-1934.
\n
More information:
\n
\n

Two denial of service problems have been discovered in Gaim, a\nmulti-protocol instant messaging client. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CAN-2005-1269\n

    A malformed Yahoo filename can result in a crash of the application.

    \n
  • CAN-2005-1934\n

    A malformed MSN message can lead to incorrect memory allocation\n resulting in a crash of the application.

    \n
\n

The old stable distribution (woody) does not seem to be affected.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.2.1-1.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.1-1.

\n

We recommend that you upgrade your gaim package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "735": "
\n

Debian Security Advisory

\n

DSA-735-1 sudo -- pathname validation race

\n
\n
Date Reported:
\n
01 Jul 2005
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 315115.
In Mitre's CVE dictionary: CVE-2005-1993.
\n
More information:
\n
\n

A local user who has been granted permission to run commands via sudo\ncould run arbitrary commands as a privileged user due to a flaw in\nsudo's pathname validation. This bug only affects configurations which\nhave restricted user configurations prior to an ALL directive in the\nconfiguration file. A workaround is to move any ALL directives to the\nbeginning of the sudoers file; see the advisory at\nhttp://www.sudo.ws/sudo/alerts/path_race.html for more information.

\n

For the old stable Debian distribution (woody), this problem has been\nfixed in version 1.6.6-1.3woody1.

\n

For the current stable distribution\n(sarge), this problem has been fixed in version 1.6.8p7-1.1sarge1.

\n

Note that packages are not yet ready for certain architectures; these\nwill be released as they become available.

\n

We recommend that you upgrade your sudo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_alpha.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_alpha.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "736": "
\n

Debian Security Advisory

\n

DSA-736-1 spamassassin -- remote denial of service

\n
\n
Date Reported:
\n
01 Jul 2005
\n
Affected Packages:
\n
\nspamassassin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 314447.
In Mitre's CVE dictionary: CVE-2005-1266.
\n
More information:
\n
\n

A vulnerability was recently found in the way that SpamAssassin parses\ncertain email headers. This vulnerability could cause SpamAssassin to\nconsume a large number of CPU cycles when processing messages containing\nthese headers, leading to a potential denial of service (DOS) attack.

\n

The version of SpamAssassin in the old stable distribution (woody) is\nnot vulnerable.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 3.0.3-2. Note that packages are not yet ready for certain\narchitectures; these will be released as they become available.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.4-1.

\n

We recommend that you upgrade your sarge or sid spamassassin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "737": "
\n

Debian Security Advisory

\n

DSA-737-1 clamav -- remote denial of service

\n
\n
Date Reported:
\n
05 Jul 2005
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1922, CVE-2005-1923, CVE-2005-2056, CVE-2005-2070.
\n
More information:
\n
\n

A number of potential remote denial of service vulnerabilities have been identified in\nClamAV. In addition to the four issues identified by CVE ID above, there\nare fixes for issues in libclamav/cvd.c and libclamav/message.c.\nTogether, these issues could allow a carefully crafted message to crash\na ClamAV scanner or exhaust various resources on the machine running the\nscanner.

\n

For the stable distribution (sarge), these problems have been fixed in\nversion 0.84-2.sarge.1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "738": "
\n

Debian Security Advisory

\n

DSA-738-1 razor -- remote denial of service

\n
\n
Date Reported:
\n
05 Jul 2005
\n
Affected Packages:
\n
\nrazor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2024.
\n
More information:
\n
\n

A vulnerability was discovered in the way that Razor parses certain\nemail headers that could potentially be used to crash the Razor program,\ncausing a denial of service.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 2.670-1sarge2.

\n

The old stable distribution (woody) is not affected by this issue.

\n

We recommend that you upgrade your razor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "739": "
\n

Debian Security Advisory

\n

DSA-739-1 trac -- missing input sanitising

\n
\n
Date Reported:
\n
06 Jul 2005
\n
Affected Packages:
\n
\ntrac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 13990.
In Mitre's CVE dictionary: CVE-2005-2147.
\n
More information:
\n
\n

Stefan Esser discovered an input validation flaw within Trac, a wiki\nand issue tracking system, that allows download/upload of files and\ntherefore can lead to remote code execution in some configurations.

\n

The old stable distribution (woody) does not contain the trac package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1-3sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.4-1.

\n

We recommend that you upgrade your trac package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "740": "
\n

Debian Security Advisory

\n

DSA-740-1 zlib -- remote denial of service

\n
\n
Date Reported:
\n
06 Jul 2005
\n
Affected Packages:
\n
\nzlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2096.
\n
More information:
\n
\n

An error in the way zlib handles the inflation of certain compressed\nfiles can cause a program which uses zlib to crash when opening an\ninvalid file.

\n

This problem does not affect the old stable distribution (woody).

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 1.2.2-4.sarge.1.

\n

For the unstable distribution, this problem has been fixed in version\n1.2.2-7.

\n

We recommend that you upgrade your zlib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.dsc
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "741": "
\n

Debian Security Advisory

\n

DSA-741-1 bzip2 -- infinite loop

\n
\n
Date Reported:
\n
07 Jul 2005
\n
Affected Packages:
\n
\nbzip2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 310803.
In Mitre's CVE dictionary: CVE-2005-1260.
\n
More information:
\n
\n

Chris Evans discovered that a specially crafted archive can trigger an\ninfinite loop in bzip2, a high-quality block-sorting file compressor.\nDuring uncompression this results in an indefinitely growing output\nfile which will finally fill up the disk. On systems that\nautomatically decompress bzip2 archives this can cause a denial of\nservice.

\n

For the oldstable distribution (woody) this problem has been fixed in\nversion 1.0.2-1.woody5.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.2-7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.2-7.

\n

We recommend that you upgrade your bzip2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5.dsc
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.2-1.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.2-1.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.2-1.woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "742": "
\n

Debian Security Advisory

\n

DSA-742-1 cvs -- buffer overflow

\n
\n
Date Reported:
\n
07 Jul 2005
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 305254.
In Mitre's CVE dictionary: CVE-2005-0753.
\n
More information:
\n
\n

Derek Price, the current maintainer of CVS, discovered a buffer\noverflow in the CVS server, that serves the popular Concurrent\nVersions System, which could lead to the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-12.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.12.9-13.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.12.9-13.

\n

We recommend that you upgrade your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "743": "
\n

Debian Security Advisory

\n

DSA-743-1 ht -- buffer overflows, integer overflows

\n
\n
Date Reported:
\n
08 Jul 2005
\n
Affected Packages:
\n
\nht\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1545, CVE-2005-1546.
\n
More information:
\n
\n

Several problems have been discovered in ht, a viewer, editor and\nanalyser for various executables, that may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-1545\n

    Tavis Ormandy of the Gentoo Linux Security Team discovered an\n integer overflow in the ELF parser.

    \n
  • CAN-2005-1546\n

    The authors have discovered a buffer overflow in the PE parser.

    \n
\n

For the old stable distribution (woody) these problems have been fixed\nin version 0.5.0-1woody4. For the HP Precision architecture, you are\nadvised not to use this package anymore since we cannot provide\nupdated packages as it doesn't compile anymore.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.0-2sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8.0-3.

\n

We recommend that you upgrade your ht package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "744": "
\n

Debian Security Advisory

\n

DSA-744-1 fuse -- programming error

\n
\n
Date Reported:
\n
08 Jul 2005
\n
Affected Packages:
\n
\nfuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 311634.
In the Bugtraq database (at SecurityFocus): BugTraq ID 13857.
In Mitre's CVE dictionary: CVE-2005-1858.
\n
More information:
\n
\n

Sven Tantau discovered a security problem in fuse, a filesystem in\nuserspace, that can be exploited by malicious, local users to disclose\npotentially sensitive information.

\n

The old stable distribution (woody) does not contain the fuse package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.1-4sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.0-1.

\n

We recommend that you upgrade your fuse package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-source_2.2.1-4sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "745": "
\n

Debian Security Advisory

\n

DSA-745-1 drupal -- input validation errors

\n
\n
Date Reported:
\n
10 Jul 2005
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1921, CVE-2005-2106, CVE-2005-2116.
\n
More information:
\n
\n

Two input validation errors were discovered in drupal and its bundled\nxmlrpc module. These errors can lead to the execution of arbitrary\ncommands on the web server running drupal.

\n

drupal was not included in the old stable distribution (woody).

\n

For the current stable distribution (sarge), these problems have been\nfixed in version 4.5.3-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.5.4-1.

\n

We recommend that you upgrade your drupal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "746": "
\n

Debian Security Advisory

\n

DSA-746-1 phpgroupware -- input validation error

\n
\n
Date Reported:
\n
13 Jul 2005
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1921.
\n
More information:
\n
\n

A vulnerability had been identified in the xmlrpc library included with\nphpgroupware, a web-based application including email, calendar and\nother groupware functionality. This vulnerability could lead to the\nexecution of arbitrary commands on the server running phpgroupware.

\n

The security team is continuing to investigate the version of\nphpgroupware included with the old stable distribution (woody). At this\ntime we recommend disabling phpgroupware or upgrading to the current\nstable distribution (sarge).

\n

For the current stable distribution (sarge) this problem has been fixed\nin version 0.9.16.005-3.sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.16.006-1.

\n

We recommend that you upgrade your phpgroupware package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge0_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge0_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "747": "
\n

Debian Security Advisory

\n

DSA-747-1 egroupware -- input validation error

\n
\n
Date Reported:
\n
10 Jul 2005
\n
Affected Packages:
\n
\negroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1921.
\n
More information:
\n
\n

A vulnerability has been identified in the xmlrpc library included in\nthe egroupware package. This vulnerability could lead to the execution\nof arbitrary commands on the server running egroupware.

\n

The old stable distribution (woody) did not include egroupware.

\n

For the current stable distribution (sarge), this problem is fixed in\nversion 1.0.0.007-2.dfsg-2sarge1.

\n

For the unstable distribution (sid), this problem is fixed in version\n1.0.0.007-3.dfsg-1.

\n

We recommend that you upgrade your egroupware package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "748": "
\n

Debian Security Advisory

\n

DSA-748-1 ruby1.8 -- bad default value

\n
\n
Date Reported:
\n
10 Jul 2005
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1992.
\n
More information:
\n
\n

A vulnerability has been discovered in ruby1.8 that could allow arbitrary\ncommand execution on a server running the ruby xmlrpc server.

\n

The old stable distribution (woody) did not include ruby1.8.

\n

This problem is fixed for the current stable distribution (sarge) in\nversion 1.8.2-7sarge1.

\n

This problem is fixed for the unstable distribution in version 1.8.2-8.

\n

We recommend that you upgrade your ruby1.8 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "749": "
\n

Debian Security Advisory

\n

DSA-749-1 ettercap -- format string error

\n
\n
Date Reported:
\n
10 Jul 2005
\n
Affected Packages:
\n
\nettercap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1796.
\n
More information:
\n
\n

A vulnerability was discovered in the ettercap package which could allow\na remote attacker to execute arbitrary code on the system running\nettercap.

\n

The old stable distribution (woody) did not include ettercap.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 0.7.1-1sarge1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.7.3-1.

\n

We recommend that you upgrade your ettercap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "750": "
\n

Debian Security Advisory

\n

DSA-750-1 dhcpcd -- out-of-bound memory access

\n
\n
Date Reported:
\n
11 Jul 2005
\n
Affected Packages:
\n
\ndhcpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1848.
\n
More information:
\n
\n

\"infamous42md\" discovered that dhcpcd, a DHCP client for automatically\nconfiguring IPv4 networking, can be tricked into reading past the end\nof the supplied DHCP buffer which could lead to the daemon crashing.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.3.22pl4-21sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.22pl4-22.

\n

We recommend that you upgrade your dhcpcd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "751": "
\n

Debian Security Advisory

\n

DSA-751-1 squid -- IP spoofing

\n
\n
Date Reported:
\n
11 Jul 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 309504.
In Mitre's CVE dictionary: CVE-2005-1519.
\n
More information:
\n
\n

The upstream developers have discovered a bug in the DNS lookup code\nof Squid, the popular WWW proxy cache. When the DNS client UDP port\n(assigned by the operating system at startup) is unfiltered and the\nnetwork is not protected from IP spoofing, malicious users can spoof\nDNS lookups which could result in users being redirected to arbitrary\nweb sites.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.4.6-2woody9.

\n

For the stable distribution (sarge) this problem has already been\nfixed in version 2.5.9-9.

\n

For the unstable distribution (sid) this problem has already been\nfixed in version 2.5.9-9.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "752": "
\n

Debian Security Advisory

\n

DSA-752-1 gzip -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Jul 2005
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 305255.
In Mitre's CVE dictionary: CVE-2005-0988, CVE-2005-1228.
\n
More information:
\n
\n

Two problems have been discovered in gzip, the GNU compression\nutility. The Common Vulnerabilities and Exposures project identifies\nthe following problems.

\n
    \n
  • CAN-2005-0988\n

    Imran Ghory discovered a race condition in the permissions setting\n code in gzip. When decompressing a file in a directory an\n attacker has access to, gunzip could be tricked to set the file\n permissions to a different file the user has permissions to.

    \n
  • CAN-2005-1228\n

    Ulf H\u00e4rnhammar discovered a path traversal vulnerability in\n gunzip. When gunzip is used with the -N option an attacker could\n use\n this vulnerability to create files in an arbitrary directory with\n the permissions of the user.

    \n
\n

For the oldstable distribution (woody) these problems have been fixed in\nversion 1.3.2-3woody5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-10.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.5-10.

\n

We recommend that you upgrade your gzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.2-3woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "753": "
\n

Debian Security Advisory

\n

DSA-753-1 gedit -- format string

\n
\n
Date Reported:
\n
12 Jul 2005
\n
Affected Packages:
\n
\ngedit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1686.
\n
More information:
\n
\n

A format string vulnerability has been discovered in gedit, a\nlight-weight text editor for GNOME, that may allow attackers to cause\na denial of service (application crash) via a binary file with format\nstring specifiers in the filename. Since gedit supports opening files\nvia \"http://\" URLs (through GNOME vfs) and other schemes, this might\nbe a remotely exploitable vulnerability.

\n

The old stable distribution (woody) is not vulnerable to this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.3-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.10.3-1.

\n

We recommend that you upgrade your gedit package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit-common_2.8.3-4sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gedit/gedit-dev_2.8.3-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "754": "
\n

Debian Security Advisory

\n

DSA-754-1 centericq -- insecure temporary file

\n
\n
Date Reported:
\n
13 Jul 2005
\n
Affected Packages:
\n
\ncentericq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14144.
In Mitre's CVE dictionary: CVE-2005-1914.
\n
More information:
\n
\n

Eric Romang discovered that centericq, a text-mode multi-protocol\ninstant messenger client, creates some temporary files with\npredictable filenames and is hence vulnerable to symlink attacks by\nlocal attackers.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.20.0-7.

\n

We recommend that you upgrade your centericq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "755": "
\n

Debian Security Advisory

\n

DSA-755-1 tiff -- buffer overflow

\n
\n
Date Reported:
\n
13 Jul 2005
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 309739.
In Mitre's CVE dictionary: CVE-2005-1544.
\n
More information:
\n
\n

Frank Warmerdam discovered a stack-based buffer overflow in libtiff,\nthe Tag Image File Format library for processing TIFF graphics files\nthat can lead to the execution of arbitrary code via malformed TIFF\nfiles.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.7.2-3.

\n

We recommend that you upgrade your libtiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "756": "
\n

Debian Security Advisory

\n

DSA-756-1 squirrelmail -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Jul 2005
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 314374, Bug 317094.
In Mitre's CVE dictionary: CVE-2005-1769, CVE-2005-2095.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-1769\n

    Martijn Brinkers discovered cross-site scripting vulnerabilities\n that allow remote attackers to inject arbitrary web script or HTML\n in the URL and e-mail messages.

    \n
  • CAN-2005-2095\n

    James Bercegay of GulfTech Security discovered a vulnerability in\n the variable handling which could lead to attackers altering other\n people's preferences and possibly reading them, writing files at\n any location writable for www-data and cross site scripting.

    \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.2.6-4.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.4-6sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.4-6sarge1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-4_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-6sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "757": "
\n

Debian Security Advisory

\n

DSA-757-1 krb5 -- buffer overflow, double-free memory

\n
\n
Date Reported:
\n
17 Jul 2005
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1689, CVE-2005-1174, CVE-2005-1175.
CERT's vulnerabilities, advisories and incident notes: VU#259798, VU#885830, VU#623332.
\n
More information:
\n
\n

Daniel Wachdorf reported two problems in the MIT krb5 distribution used\nfor network authentication. First, the KDC program from the krb5-kdc\npackage can corrupt the heap by trying to free memory which has already\nbeen freed on receipt of a certain TCP connection. This vulnerability\ncan cause the KDC to crash, leading to a denial of service.\n[CAN-2005-1174] Second, under certain rare circumstances this type of\nrequest can lead to a buffer overflow and remote code execution.\n[CAN-2005-1175]

\n

Additionally, Magnus Hagander reported another problem in which the\nkrb5_recvauth function can in certain circumstances free previously\nfreed memory, potentially leading to the execution of remote code.\n[CAN-2005-1689]

\n

All of these vulnerabilities are believed difficult to exploit, and no\nexploits have yet been discovered.

\n

For the old stable distribution (woody), these problems have been fixed\nin version 1.2.4-5woody10. Note that woody's KDC does not have TCP\nsupport and is not vulnerable to CAN-2005-1174.

\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.3.6-2sarge2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-4.

\n

We recommend that you upgrade your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody10.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.2.4-5woody10.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.2.4-5woody10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.2.4-5woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.2.4-5woody10_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "758": "
\n

Debian Security Advisory

\n

DSA-758-1 heimdal -- buffer overflow

\n
\n
Date Reported:
\n
18 Jul 2005
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2040.
\n
More information:
\n
\n

A buffer overflow has been discovered in the telnet server from\nHeimdal, a free implementation of Kerberos 5, that could lead to the\nexecution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.4e-7.woody.10.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6.3-10sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.3-11.

\n

We recommend that you upgrade your heimdal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.10.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.10.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.10_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.10_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.6.3-10sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "759": "
\n

Debian Security Advisory

\n

DSA-759-1 phppgadmin -- missing input sanitising

\n
\n
Date Reported:
\n
18 Jul 2005
\n
Affected Packages:
\n
\nphppgadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14142.
In Mitre's CVE dictionary: CVE-2005-2256.
\n
More information:
\n
\n

A vulnerability has been discovered in phppgadmin, a set of PHP\nscripts to administrate PostgreSQL over the WWW, that can lead to\ndisclose sensitive information. Successful exploitation requires that\n\"magic_quotes_gpc\" is disabled.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.5.2-5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5.4.

\n

We recommend that you upgrade your phppgadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.dsc
\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_3.5.2-5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "760": "
\n

Debian Security Advisory

\n

DSA-760-1 ekg -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jul 2005
\n
Affected Packages:
\n
\nekg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 317027, Bug 318059.
In Mitre's CVE dictionary: CVE-2005-1850, CVE-2005-1851, CVE-2005-1916.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in ekg, a console Gadu\nGadu client, an instant messaging program. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CAN-2005-1850\n

    Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary\n file creation in contributed scripts.

    \n
  • CAN-2005-1851\n

    Marcin Owsiany and Wojtek Kaniewski discovered potential shell\n command injection in a contributed script.

    \n
  • CAN-2005-1916\n

    Eric Romang discovered insecure temporary file creation and\n arbitrary command execution in a contributed script that can be\n exploited by a local attacker.

    \n
\n

The old stable distribution (woody) does not contain an ekg package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.5+20050411-4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5+20050712+1.6rc2-1.

\n

We recommend that you upgrade your ekg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.dsc
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "761": "
\n

Debian Security Advisory

\n

DSA-761-2 heartbeat -- insecure temporary files

\n
\n
Date Reported:
\n
19 Jul 2005
\n
Affected Packages:
\n
\nheartbeat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2231.
\n
More information:
\n
\n

The security update DSA 761-1 for heartbeat contained a bug which caused a\nregression. \u00a0This problem is corrected with this advisory. \u00a0For\ncompleteness below please find the original advisory text:

\n
\n

Eric Romang discovered several insecure temporary file creations in\nheartbeat, the subsystem for High-Availability Linux.

\n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.4.9.0l-7.3.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.2.3-9sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.3-12.

\n

We recommend that you upgrade your heartbeat package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.dsc
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.dsc
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "762": "
\n

Debian Security Advisory

\n

DSA-762-1 affix -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jul 2005
\n
Affected Packages:
\n
\naffix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318327, Bug 318328.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14230.
In Mitre's CVE dictionary: CVE-2005-2250, CVE-2005-2277.
\n
More information:
\n
\n

Kevin Finisterre discovered two problems in the Bluetooth FTP client\nfrom affix, user space utilities for the Affix Bluetooth protocol\nstack. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities:

\n
    \n
  • CAN-2005-2250\n

    A buffer overflow allows remote attackers to execute arbitrary\n code via a long filename in an OBEX file share.

    \n
  • CAN-2005-2277\n

    Missing input sanitising before executing shell commands allow an\n attacker to execute arbitrary commands as root.

    \n
\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.1.1-2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1.2-2.

\n

We recommend that you upgrade your affix package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.dsc
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "763": "
\n

Debian Security Advisory

\n

DSA-763-1 zlib -- remote DoS

\n
\n
Date Reported:
\n
20 Jul 2005
\n
Affected Packages:
\n
\nzlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1849.
\n
More information:
\n
\n

Markus Oberhumer discovered a flaw in the way zlib, a library used for\nfile compression and decompression, handles invalid input. This flaw can\ncause programs which use zlib to crash when opening an invalid file.

\n

This problem does not affect the old stable distribution (woody).

\n

For the current stable distribution (sarge), this problem has been fixed\nin version 1.2.2-4.sarge.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.3-1.

\n

We recommend that you upgrade your zlib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.dsc
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_arm.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_i386.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_m68k.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mips.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_s390.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1-dev_1.2.2-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-udeb_1.2.2-4.sarge.2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/lib64z1_1.2.2-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "764": "
\n

Debian Security Advisory

\n

DSA-764-1 cacti -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jul 2005
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 316590, Bug 315703.
In Mitre's CVE dictionary: CVE-2005-1524, CVE-2005-1525, CVE-2005-1526, CVE-2005-2148, CVE-2005-2149.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in cacti, a round-robin\ndatabase (RRD) tool that helps create graphs from database\ninformation. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:

\n
    \n
  • CAN-2005-1524\n

    Maciej Piotr Falkiewicz and an anonymous researcher discovered an\n input validation bug that allows an attacker to include arbitrary\n PHP code from remote sites which will allow the execution of\n arbitrary code on the server running cacti.

    \n
  • CAN-2005-1525\n

    Due to missing input validation cacti allows a remote attacker to\n insert arbitrary SQL statements.

    \n
  • CAN-2005-1526\n

    Maciej Piotr Falkiewicz discovered an input validation bug that\n allows an attacker to include arbitrary PHP code from remote sites\n which will allow the execution of arbitrary code on the server\n running cacti.

    \n
  • CAN-2005-2148\n

    Stefan Esser discovered that the update for the above mentioned\n vulnerabilities does not perform proper input validation to\n protect against common attacks.

    \n
  • CAN-2005-2149\n

    Stefan Esser discovered that the update for CAN-2005-1525 allows\n remote attackers to modify session information to gain privileges\n and disable the use of addslashes to protect against SQL\n injection.

    \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.6.7-2.5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6f-2.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.6.7-2.5_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "765": "
\n

Debian Security Advisory

\n

DSA-765-1 heimdal -- buffer overflow

\n
\n
Date Reported:
\n
22 Jul 2005
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 305574.
In Mitre's CVE dictionary: CVE-2005-0469.
CERT's vulnerabilities, advisories and incident notes: VU#291924.
\n
More information:
\n
\n

Ga\u00ebl Delalleau discovered a buffer overflow in the handling of the\nLINEMODE suboptions in telnet clients. Heimdal, a free implementation\nof Kerberos 5, also contains such a client. This can lead to the\nexecution of arbitrary code when connected to a malicious server.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.4e-7.woody.11.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6.3-10.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.3-10.

\n

We recommend that you upgrade your heimdal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.11.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e-7.woody.11.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.4e.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.4e-7.woody.11_all.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-lib_0.4e-7.woody.11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-5-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libcomerr1-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libotp0-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libroken9-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libsl0-heimdal_0.4e-7.woody.11_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libss0-heimdal_0.4e-7.woody.11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "766": "
\n

Debian Security Advisory

\n

DSA-766-1 webcalendar -- authorisation failure

\n
\n
Date Reported:
\n
26 Jul 2005
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 315671.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14072.
In Mitre's CVE dictionary: CVE-2005-2320.
\n
More information:
\n
\n

A vulnerability has been discovered in webcalendar, a PHP based\nmulti-user calendar, that can lead to the disclosure of sensitive\ninformation to unauthorised parties.

\n

The old stable distribution (woody) does not contain the webcalendar package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.45-6.

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "767": "
\n

Debian Security Advisory

\n

DSA-767-1 ekg -- integer overflows

\n
\n
Date Reported:
\n
27 Jul 2005
\n
Affected Packages:
\n
\nekg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1852.
\n
More information:
\n
\n

Marcin Slusarz discovered two integer overflow vulnerabilities in\nlibgadu, a library provided and used by ekg, a console Gadu Gadu\nclient, an instant messaging program, that could lead to the execution\nof arbitrary code.

\n

The library is also used by other packages such as kopete, which\nshould be restarted to take effect of this update.

\n

The old stable distribution (woody) does not contain an ekg package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.5+20050411-5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5+20050718+1.6rc3-1.

\n

We recommend that you upgrade your ekg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.dsc
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "768": "
\n

Debian Security Advisory

\n

DSA-768-1 phpbb2 -- missing input validation

\n
\n
Date Reported:
\n
27 Jul 2005
\n
Affected Packages:
\n
\nphpbb2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 317739.
In Mitre's CVE dictionary: CVE-2005-2161.
\n
More information:
\n
\n

A cross-site scripting vulnerability has been detected in phpBB2, a\nfully featured and skinnable flat webforum software, that allows\nremote attackers to inject arbitrary web script or HTML via nested\ntags.

\n

The old stable distribution (woody) does not contain phpbb2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.13-6sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.13-6sarge1.

\n

We recommend that you upgrade your phpbb2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "769": "
\n

Debian Security Advisory

\n

DSA-769-1 gaim -- memory alignment bug

\n
\n
Date Reported:
\n
29 Jul 2005
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2370.
\n
More information:
\n
\n

Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment\nerror in libgadu (from ekg, console Gadu Gadu client, an instant\nmessaging program) which is included in gaim, a multi-protocol instant\nmessaging client, as well. This can not be exploited on the x86\narchitecture but on others, e.g. on Sparc and lead to a bus error,\nin other words a denial of service.

\n

The old stable distribution (woody) does not seem to be affected by\nthis problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-1.4.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your gaim package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "770": "
\n

Debian Security Advisory

\n

DSA-770-1 gopher -- insecure tmpfile creating

\n
\n
Date Reported:
\n
29 Jul 2005
\n
Affected Packages:
\n
\ngopher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1853.
\n
More information:
\n
\n

John Goerzen discovered that gopher, a client for the Gopher\nDistributed Hypertext protocol, creates temporary files in an insecure\nfashion.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.0.3woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.7sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.9.

\n

We recommend that you upgrade your gopher package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "771": "
\n

Debian Security Advisory

\n

DSA-771-1 pdns -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Aug 2005
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318798.
In Mitre's CVE dictionary: CVE-2005-2301, CVE-2005-2302.
\n
More information:
\n
\n

Several problems have been discovered in pdns, a versatile nameserver\nthat can lead to a denial of service. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2301\n

    Norbert Sendetzky and Jan de Groot discovered that the LDAP backend\n did not properly escape all queries, allowing it to fail and not\n answer queries anymore.

    \n
  • CAN-2005-2302\n

    Wilco Baan discovered that queries from clients without recursion\n permission can temporarily blank out domains to clients with\n recursion permitted. This enables outside users to blank out a\n domain temporarily to normal users.

    \n
\n

The old stable distribution (woody) does not contain pdns packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.9.17-13sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.9.18-1.

\n

We recommend that you upgrade your pdns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "772": "
\n

Debian Security Advisory

\n

DSA-772-1 apt-cacher -- missing input sanitising

\n
\n
Date Reported:
\n
03 Aug 2005
\n
Affected Packages:
\n
\napt-cacher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1854.
\n
More information:
\n
\n

Eduard Bloch discovered a bug in apt-cacher, a caching system for\nDebian package and source files, that could allow remote attackers to\nexecute arbitrary commands on the caching host as user www-data.

\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.10.

\n

We recommend that you upgrade your apt-cacher package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apt-cacher/apt-cacher_0.9.4sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "773": "
\n

Debian Security Advisory

\n

DSA-773-1 amd64 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Aug 2005
\n
Affected Packages:
\n
\nseveral\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This advisory adds security support for the stable amd64 distribution.\nIt covers all security updates since the release of sarge, which were\nmissing updated packages for the not yet official amd64 port. Future\nsecurity advisories will include updates for this port as well.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
DSA 762: several vulnerabilities\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_amd64.deb
\n
DSA 754: insecure temporary file\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_amd64.deb
\n
DSA 737: remote denial of service\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.1_amd64.deb
\n
DSA 733: insecure temporary files\n
http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_amd64.deb
\n
DSA 742: buffer overflow\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-11_amd64.deb
\n
DSA 750: out-of-bound memory access\n
http://security.debian.org/pool/updates/main/d/dhcpcd/dhcpcd_1.3.22pl4-21sarge1_amd64.deb
\n
DSA 760, DSA 767: several vulnerabilities\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-5_amd64.deb
\n
DSA 749: format string error\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap_0.7.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-common_0.7.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ettercap/ettercap-gtk_0.7.1-1sarge1_amd64.deb
\n
DSA 744: programming error\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.2.1-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.2.1-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.2.1-4sarge2_amd64.deb
\n
DSA 734, DSA 7699: denial of service, memory alignment bug\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.4_amd64.deb
\n
DSA 753: format string\n
http://security.debian.org/pool/updates/main/g/gedit/gedit_2.8.3-4sarge1_amd64.deb
\n
DSA 770: insecure tmpfile creation\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_amd64.deb
\n
DSA 761: insecure temporary files\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_amd64.deb
\n
DSA 758, DSA 765: buffer overflows\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge1_amd64.deb
\n
DSA 743: buffer overflows, integer overflows\n
http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_amd64.deb
\n
DSA 757: buffer overflow, double-free memory\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge2_amd64.deb
\n
DSA 771: several vulnerabilities\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_amd64.deb
\n
DSA 725: missing privilege release\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_amd64.deb
\n
DSA 728: missing privilege release\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper_4.0.5-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qpopper/qpopper-drac_4.0.5-4sarge1_amd64.deb
\n
DSA 738: remote denial of service\n
http://security.debian.org/pool/updates/main/r/razor/razor_2.670-1sarge2_amd64.deb
\n
DSA 748: bad default value\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge1_amd64.deb
\n
DSA 736: remote denial of service\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2_amd64.deb
\n
DSA 735: pathname validation race\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_amd64.deb
\n
DSA-740, DSA 763: remote denial of service\n
http://security.debian.org/pool/updates/main/z/zlib/zlib-bin_1.2.2-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g_1.2.2-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zlib/zlib1g-dev_1.2.2-4.sarge.2_amd64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "774": "
\n

Debian Security Advisory

\n

DSA-774-1 fetchmail -- buffer overflow

\n
\n
Date Reported:
\n
12 Aug 2005
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 212762.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14349.
In Mitre's CVE dictionary: CVE-2005-2335.
\n
More information:
\n
\n

Edward Shornock discovered a bug in the UIDL handling code of\nfetchmail, a common POP3, APOP and IMAP mail fetching utility. A\nmalicious POP3 server could exploit this problem and inject arbitrary\ncode that will be executed on the victim host. If fetchmail is\nrunning as root, this becomes a root exploit.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.2.5-12sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.2.5-16.

\n

We recommend that you upgrade your fetchmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "775": "
\n

Debian Security Advisory

\n

DSA-775-1 mozilla-firefox -- frame injection spoofing

\n
\n
Date Reported:
\n
15 Aug 2005
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14242.
In Mitre's CVE dictionary: CVE-2004-0718, CVE-2005-1937.
\n
More information:
\n
\n

A vulnerability has been discovered in Mozilla and Mozilla Firefox\nthat allows remote attackers to inject arbitrary Javascript from one\npage into the frameset of another site. Thunderbird is not affected\nby this and Galeon will be automatically fixed as it uses Mozilla\ncomponents.

\n

The old stable distribution (woody) does not contain Mozilla Firefox\npackages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.4-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.6-1.

\n

We recommend that you upgrade your mozilla-firefox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "776": "
\n

Debian Security Advisory

\n

DSA-776-1 clamav -- integer overflows, infinite loop

\n
\n
Date Reported:
\n
16 Aug 2005
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14359.
In Mitre's CVE dictionary: CVE-2005-2450.
\n
More information:
\n
\n

Several bugs were discovered in Clam AntiVirus, the antivirus scanner\nfor Unix, designed for integration with mail servers to perform\nattachment scanning. The following problems were identified:

\n
    \n
  • CAN-2005-2450\n

    Neel Mehta and Alex Wheeler discovered that Clam AntiVirus is\n vulnerable to integer overflows when handling the TNEF, CHM and\n FSG file formats.

    \n
  • CVE-NOMATCH\n

    Mark Pizzolato fixed a possible infinite loop that could cause a\n denial of service.

    \n
\n

The old stable distribution (woody) is not affected as it doesn't contain clamav.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.86.2-1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.2_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.2_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "777": "
\n

Debian Security Advisory

\n

DSA-777-1 mozilla -- frame injection spoofing

\n
\n
Date Reported:
\n
17 Aug 2005
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14242.
In Mitre's CVE dictionary: CVE-2004-0718, CVE-2005-1937.
\n
More information:
\n
\n

A vulnerability has been discovered in Mozilla and Mozilla Firefox\nthat allows remote attackers to inject arbitrary Javascript from one\npage into the frameset of another site. Thunderbird is not affected\nby this and Galeon will be automatically fixed as it uses Mozilla\ncomponents.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.7.8-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.7.10-1.

\n

We recommend that you upgrade your Mozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "778": "
\n

Debian Security Advisory

\n

DSA-778-1 mantis -- missing input sanitising

\n
\n
Date Reported:
\n
19 Aug 2005
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14604.
In Mitre's CVE dictionary: CVE-2005-2556, CVE-2005-2557, CVE-2005-3090.
\n
More information:
\n
\n

Two security related problems have been discovered in Mantis, a\nweb-based bug tracking system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2556\n

    A remote attacker could supply a specially crafted URL to scan\n arbitrary ports on arbitrary hosts that may not be accessible\n otherwise.

    \n
  • CAN-2005-2557\n

    A remote attacker was able to insert arbitrary HTML code in bug\n reports, hence, cross site scripting.

    \n
  • CAN-2005-3090\n

    A remote attacker was able to insert arbitrary HTML code in bug\n reports, hence, cross site scripting.

    \n
\n

The old stable distribution (woody) does not seem to be affected by\nthese problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.19.2-4.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "779": "
\n

Debian Security Advisory

\n

DSA-779-2 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Aug 2005
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318061.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14242.
In Mitre's CVE dictionary: CVE-2005-2260, CVE-2005-2261, CVE-2005-2262, CVE-2005-2263, CVE-2005-2264, CVE-2005-2265, CVE-2005-2266, CVE-2005-2267, CVE-2005-2268, CVE-2005-2269, CVE-2005-2270.
\n
More information:
\n
\n

We experienced that the update for Mozilla Firefox from DSA 779-1\nunfortunately was a regression in several cases. \u00a0Since the usual\npraxis of backporting apparently does not work, this update is\nbasically version 1.0.6 with the version number rolled back, and hence\nstill named 1.0.4-*. \u00a0For completeness below is the original advisory\ntext:

\n
\n

Several problems have been discovered in Mozilla Firefox, a\nlightweight web browser based on Mozilla. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CAN-2005-2260\n

    The browser user interface does not properly distinguish between\n user-generated events and untrusted synthetic events, which makes\n it easier for remote attackers to perform dangerous actions that\n normally could only be performed manually by the user.

    \n
  • CAN-2005-2261\n

    XML scripts ran even when Javascript disabled.

    \n
  • CAN-2005-2262\n

    The user can be tricked to executing arbitrary JavaScript code by\n using a JavaScript URL as wallpaper.

    \n
  • CAN-2005-2263\n

    It is possible for a remote attacker to execute a callback\n function in the context of another domain (i.e. frame).

    \n
  • CAN-2005-2264\n

    By opening a malicious link in the sidebar it is possible for\n remote attackers to steal sensitive information.

    \n
  • CAN-2005-2265\n

    Missing input sanitising of InstallVersion.compareTo() can cause\n the application to crash.

    \n
  • CAN-2005-2266\n

    Remote attackers could steal sensitive information such as cookies\n and passwords from web sites by accessing data in alien frames.

    \n
  • CAN-2005-2267\n

    By using standalone applications such as Flash and QuickTime to\n open a javascript: URL, it is possible for a remote attacker to\n steal sensitive information and possibly execute arbitrary code.

    \n
  • CAN-2005-2268\n

    It is possible for a Javascript dialog box to spoof a dialog box\n from a trusted site and facilitates phishing attacks.

    \n
  • CAN-2005-2269\n

    Remote attackers could modify certain tag properties of DOM nodes\n that could lead to the execution of arbitrary script or code.

    \n
  • CAN-2005-2270\n

    The Mozilla browser family does not properly clone base objects,\n which allows remote attackers to execute arbitrary code.

    \n
\n
\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.

\n

We recommend that you upgrade your Mozilla Firefox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "780": "
\n

Debian Security Advisory

\n

DSA-780-1 kdegraphics -- wrong input sanitising

\n
\n
Date Reported:
\n
22 Aug 2005
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2097.
\n
More information:
\n
\n

A bug has been discovered in the font handling code in xpdf, which is\nalso present in kpdf, the PDF viewer for KDE. A specially crafted PDF\nfile could cause infinite resource consumption, in terms of both CPU\nand disk space.

\n

The oldstable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-2sarge1.

\n

For the unstable distribution (sid) this problem will be fixed as soon\nas the necessary libraries have made their C++ ABI transition.

\n

We recommend that you upgrade your kpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "781": "
\n

Debian Security Advisory

\n

DSA-781-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Aug 2005
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318728.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14242, BugTraq ID 14242.
In Mitre's CVE dictionary: CVE-2005-0989, CVE-2005-1159, CVE-2005-1160, CVE-2005-1532, CVE-2005-2261, CVE-2005-2265, CVE-2005-2266, CVE-2005-2269, CVE-2005-2270.
\n
More information:
\n
\n

Several problems have been discovered in Mozilla Thunderbird, the\nstandalone mail client of the Mozilla suite. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-0989\n

    Remote attackers could read portions of heap memory into a\n Javascript string via the lambda replace method.

    \n
  • CAN-2005-1159\n

    The Javascript interpreter could be tricked to continue execution\n at the wrong memory address, which may allow attackers to cause a\n denial of service (application crash) and possibly execute\n arbitrary code.

    \n
  • CAN-2005-1160\n

    Remote attackers could override certain properties or methods of\n DOM nodes and gain privileges.

    \n
  • CAN-2005-1532\n

    Remote attackers could override certain properties or methods due\n to missing proper limitation of Javascript eval and Script objects\n and gain privileges.

    \n
  • CAN-2005-2261\n

    XML scripts ran even when Javascript disabled.

    \n
  • CAN-2005-2265\n

    Missing input sanitising of InstallVersion.compareTo() can cause\n the application to crash.

    \n
  • CAN-2005-2266\n

    Remote attackers could steal sensitive information such as cookies\n and passwords from web sites by accessing data in alien frames.

    \n
  • CAN-2005-2269\n

    Remote attackers could modify certain tag properties of DOM nodes\n that could lead to the execution of arbitrary script or code.

    \n
  • CAN-2005-2270\n

    The Mozilla browser family does not properly clone base objects,\n which allows remote attackers to execute arbitrary code.

    \n
\n

The old stable distribution (woody) is not affected by these problems\nsince it does not contain Mozilla Thunderbird packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.

\n

We recommend that you upgrade your Mozilla Thunderbird package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "782": "
\n

Debian Security Advisory

\n

DSA-782-1 bluez-utils -- missing input sanitising

\n
\n
Date Reported:
\n
23 Aug 2005
\n
Affected Packages:
\n
\nbluez-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 323365.
In Mitre's CVE dictionary: CVE-2005-2547.
\n
More information:
\n
\n

Henryk Pl\u00f6tz discovered a vulnerability in bluez-utils, tools and\ndaemons for Bluetooth. Due to missing input sanitising it is possible\nfor an attacker to execute arbitrary commands supplied as device name\nfrom the remote device.

\n

The old stable distribution (woody) is not affected by this problem\nsince it doesn't contain bluez-utils packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.15-1.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.19-1.

\n

We recommend that you upgrade your bluez-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.dsc
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/contrib/b/bluez-utils/bluez-bcm203x_2.15-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-cups_2.15-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-pcmcia-support_2.15-1.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bluez-utils/bluez-utils_2.15-1.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "783": "
\n

Debian Security Advisory

\n

DSA-783-1 mysql-dfsg-4.1 -- insecure temporary file

\n
\n
Date Reported:
\n
24 Aug 2005
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 319526.
In the Bugtraq database (at SecurityFocus): BugTraq ID 13660.
In Mitre's CVE dictionary: CVE-2005-1636.
\n
More information:
\n
\n

Eric Romang discovered a temporary file vulnerability in a script\naccompanied with MySQL, a popular database, that allows an attacker to\nexecute arbitrary SQL commands when the server is installed or\nupdated.

\n

The old stable distribution (woody) as well as mysql-dfsg are not\naffected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.1.11a-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.1.12 for mysql-dfsg-4.1 and 5.0.11beta-3 of mysql-dfsg-5.0.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "784": "
\n

Debian Security Advisory

\n

DSA-784-1 courier -- programming error

\n
\n
Date Reported:
\n
25 Aug 2005
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 320290.
In Mitre's CVE dictionary: CVE-2005-2151.
\n
More information:
\n
\n

A problem has been discovered in the Courier Mail Server. DNS\nfailures were not handled properly when looking up Sender Policy\nFramework (SPF) records, which could allow attackers to cause memory\ncorruption. The default configuration on Debian has SPF checking\ndisabled, so most machines are not vulnerable. This is explained in\nthe \"courier\" manpage, section SENDER POLICY FRAMEWORK KEYWORDS.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.47-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.47-6.

\n

We recommend that you upgrade your courier-mta package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "785": "
\n

Debian Security Advisory

\n

DSA-785-1 libpam-ldap -- authentication bypass

\n
\n
Date Reported:
\n
25 Aug 2005
\n
Affected Packages:
\n
\nlibpam-ldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2641, CVE-2005-2069.
CERT's vulnerabilities, advisories and incident notes: VU#778916.
\n
More information:
\n
\n

It has been discovered that libpam-ldap, the Pluggable Authentication\nModule allowing LDAP interfaces, ignores the result of an attempt to\nauthenticate against an LDAP server that does not set an optional data\nfield.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 178-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 178-1sarge1.

\n

We recommend that you upgrade your libpam-ldap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "786": "
\n

Debian Security Advisory

\n

DSA-786-1 simpleproxy -- format string vulnerability

\n
\n
Date Reported:
\n
26 Aug 2005
\n
Affected Packages:
\n
\nsimpleproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1857.
CERT's vulnerabilities, advisories and incident notes: VU#139421.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in simpleproxy, a simple TCP proxy, that\ncan be exploited via replies from remote HTTP proxies.

\n

The old stable distribution (woody) is not affected.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.2-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.2-4.

\n

We recommend that you upgrade your simpleproxy package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/simpleproxy/simpleproxy_3.2-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "787": "
\n

Debian Security Advisory

\n

DSA-787-1 backup-manager -- insecure permissions and tempfile

\n
\n
Date Reported:
\n
26 Aug 2005
\n
Affected Packages:
\n
\nbackup-manager\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 308897, Bug 315582.
In Mitre's CVE dictionary: CVE-2005-1855, CVE-2005-1856.
\n
More information:
\n
\n

Two bugs have been found in backup-manager, a command-line driven\nbackup utility. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-1855\n

    Jeroen Vermeulen discovered that backup files are created with\n default permissions making them world readable, even though they\n may contain sensitive information.

    \n
  • CAN-2005-1856\n

    Sven Joachim discovered that the optional CD-burning feature of\n backup-manager uses a hardcoded filename in a world-writable\n directory for logging. This can be subject to a symlink attack.

    \n
\n

The old stable distribution (woody) does not provide the\nbackup-manager package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.5.7-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.5.8-2.

\n

We recommend that you upgrade your backup-manager package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "788": "
\n

Debian Security Advisory

\n

DSA-788-1 kismet -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2005
\n
Affected Packages:
\n
\nkismet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2626, CVE-2005-2627.
\n
More information:
\n
\n

Several security related problems have been discovered in kismet, a\nwireless 802.11b monitoring tool. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2626\n

    Insecure handling of unprintable characters in the SSID.

    \n
  • CAN-2005-2627\n

    Multiple integer underflows could allow remote attackers to\n execute arbitrary code.

    \n
\n

The old stable distribution (woody) does not seem to be affected by\nthese problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2005.04.R1-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2005.08.R1-1.

\n

We recommend that you upgrade your kismet package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kismet/kismet_2005.04.R1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "789": "
\n

Debian Security Advisory

\n

DSA-789-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2005
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 323366.
In Mitre's CVE dictionary: CVE-2005-1751, CVE-2005-1921, CVE-2005-2498.
\n
More information:
\n
\n

Several security related problems have been found in PHP4, the\nserver-side, HTML-embedded scripting language. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-1751\n

    Eric Romang discovered insecure temporary files in the shtool\n utility shipped with PHP that can exploited by a local attacker to\n overwrite arbitrary files. Only this vulnerability affects\n packages in oldstable.

    \n
  • CAN-2005-1921\n

    GulfTech has discovered that PEAR XML_RPC is vulnerable to a\n remote PHP code execution vulnerability that may allow an attacker\n to compromise a vulnerable server.

    \n
  • CAN-2005-2498\n

    Stefan Esser discovered another vulnerability in the XML-RPC\n libraries that allows injection of arbitrary PHP code into eval()\n statements.

    \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 4.1.2-7.woody5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.3.10-16.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.4.0-2.

\n

We recommend that you upgrade your PHP packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.1.2-7.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.1.2-7.woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/caudium-php4_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.1.2-7.woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.1.2-7.woody5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-16.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-16.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-16_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-16_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-16_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "790": "
\n

Debian Security Advisory

\n

DSA-790-1 phpldapadmin -- programming error

\n
\n
Date Reported:
\n
30 Aug 2005
\n
Affected Packages:
\n
\nphpldapadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 322423.
In Mitre's CVE dictionary: CVE-2005-2654.
\n
More information:
\n
\n

Alexander Gerasiov discovered that phpldapadmin, a web based interface\nfor administering LDAP servers, allows anybody to access the LDAP\nserver anonymously, even if this is disabled in the configuration with\nthe \"disable_anon_bind\" statement.

\n

The old stable distribution (woody) is not vulnerable to this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.5-3sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.6c-5.

\n

We recommend that you upgrade your phpldapadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "791": "
\n

Debian Security Advisory

\n

DSA-791-1 maildrop -- missing privilege release

\n
\n
Date Reported:
\n
30 Aug 2005
\n
Affected Packages:
\n
\nmaildrop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325135.
In Mitre's CVE dictionary: CVE-2005-2655.
\n
More information:
\n
\n

Max Vozeler discovered that the lockmail program from maildrop, a\nsimple mail delivery agent with filtering abilities, does not drop\ngroup privileges before executing commands given on the commandline,\nallowing an attacker to execute arbitrary commands with privileges of\nthe group mail.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.5.3-1.1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.3-2.

\n

We recommend that you upgrade your maildrop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_1.5.3-1.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "792": "
\n

Debian Security Advisory

\n

DSA-792-1 pstotext -- missing input sanitising

\n
\n
Date Reported:
\n
31 Aug 2005
\n
Affected Packages:
\n
\npstotext\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 319758.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14378.
In Mitre's CVE dictionary: CVE-2005-2536.
\n
More information:
\n
\n

Max Vozeler discovered that pstotext, a utility to extract text from\nPostScript and PDF files, did not execute ghostscript with the -dSAFER\nargument, which prevents potential malicious operations to happen.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.8g-5woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9-2.

\n

We recommend that you upgrade your pstotext package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.8g-5woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "793": "
\n

Debian Security Advisory

\n

DSA-793-1 courier -- missing input sanitising

\n
\n
Date Reported:
\n
01 Sep 2005
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325631, Bug 327727.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14676.
In Mitre's CVE dictionary: CVE-2005-2724, CVE-2005-2769.
\n
More information:
\n
\n

Jakob Balle discovered a vulnerability in the handling of attachments\nin sqwebmail, a web mail application provided by the courier mail\nsuite, which can be exploited by an attacker to conduct script\ninsertion attacks.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.37.3-2.6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.47-4sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.47-8.

\n

We recommend that you upgrade your sqwebmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.6.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.6_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "794": "
\n

Debian Security Advisory

\n

DSA-794-1 polygen -- programming error

\n
\n
Date Reported:
\n
01 Sep 2005
\n
Affected Packages:
\n
\npolygen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325468.
In Mitre's CVE dictionary: CVE-2005-2656.
\n
More information:
\n
\n

Justin Rye noticed that polygen generates precompiled grammar objects\nworld-writable, which can be exploited by a local attacker to at least\nfill up the filesystem.

\n

The old stable distribution (woody) does not contain the polygen package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.6-7sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.6-9.

\n

We recommend that you upgrade your polygen package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/polygen/polygen-data_1.0.6-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/polygen/polygen_1.0.6-7sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "795": "
\n

Debian Security Advisory

\n

DSA-795-2 proftpd -- potential code execution

\n
\n
Date Reported:
\n
01 Sep 2005
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2390.
\n
More information:
\n
\n

infamous42md reported that proftpd suffers from two format string\nvulnerabilities. In the first, a user with the ability to create a\ndirectory could trigger the format string error if there is a\nproftpd shutdown message configured to use the \"%C\", \"%R\", or \"%U\"\nvariables. In the second, the error is triggered if mod_sql is used\nto retrieve messages from a database and if format strings have been\ninserted into the database by a user with permission to do so.

\n

The old stable distribution (woody) is not affected by these\nvulnerabilities.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.10-15sarge1. There was an error in the packages originally\nprepared for i386, which was corrected in 1.2.10-15sarge1.0.1 for i386.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.10-20.

\n

We recommend that you upgrade your proftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1.0.1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.0.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "796": "
\n

Debian Security Advisory

\n

DSA-796-1 affix -- remote command execution

\n
\n
Date Reported:
\n
01 Sep 2005
\n
Affected Packages:
\n
\naffix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2716.
\n
More information:
\n
\n

Kevin Finisterre reports that affix, a package used to manage\nbluetooth sessions under Linux, uses the popen call in an unsafe\nfashion. A remote attacker can exploit this vulnerability to execute\narbitrary commands on a vulnerable system.

\n

The old stable distribution (woody) does not contain the affix\npackage.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.1-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.2-3.

\n

We recommend that you upgrade your affix package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "797": "
\n

Debian Security Advisory

\n

DSA-797-2 zsync -- denial of service

\n
\n
Date Reported:
\n
01 Sep 2005
\n
Affected Packages:
\n
\nzsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1849, CVE-2005-2096.
\n
More information:
\n
\n

zsync, a file transfer program, includes a modified local copy of\nthe zlib library, and is vulnerable to certain bugs fixed previously\nin the zlib package.

\n

There was a build error for the sarge i386 proftpd packages released in\nDSA 797-1. A new build, zsync_0.3.3-1.sarge.1.2, has been prepared to\ncorrect this error. The packages for other architectures are unaffected.

\n

The old stable distribution (woody) does not contain the zsync\npackage.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.3.3-1.sarge.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.4.0-2.

\n

We recommend that you upgrade your zsync package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.dsc
\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zsync/zsync_0.3.3-1.sarge.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "798": "
\n

Debian Security Advisory

\n

DSA-798-1 phpgroupware -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Sep 2005
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2498, CVE-2005-2600, CVE-2005-2761.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpgroupware, a web\nbased groupware system written in PHP. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2498\n

    Stefan Esser discovered another vulnerability in the XML-RPC\n libraries that allows injection of arbitrary PHP code into eval()\n statements. The XMLRPC component has been disabled.

    \n
  • CAN-2005-2600\n

    Alexander Heidenreich discovered a cross-site scripting problem\n in the tree view of FUD Forum Bulletin Board Software, which is\n also present in phpgroupware.

    \n
  • CAN-2005-2761\n

    A global cross-site scripting fix has also been included that\n protects against potential malicious scripts embedded in CSS and\n xmlns in various parts of the application and modules.

    \n
\n

This update also contains a postinst bugfix that has been approved for\nthe next update to the stable release.

\n

For the old stable distribution (woody) these problems don't apply.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.16.005-3.sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.16.008.

\n

We recommend that you upgrade your phpgroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "799": "
\n

Debian Security Advisory

\n

DSA-799-1 webcalendar -- remote code execution

\n
\n
Date Reported:
\n
02 Sep 2005
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

A trivially-exploitable bug was discovered in webcalendar that\nallows an attacker to execute arbitrary code with the privileges of\nthe HTTP daemon on a system running a vulnerable version.

\n

The old stable distribution (woody) does not contain the webcalendar\npackage.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge2.

\n

For the unstable distribution (sid) this problem will be fixed\nshortly.

\n

We recommend that you upgrade your webcalendar package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "800": "
\n

Debian Security Advisory

\n

DSA-800-1 pcre3 -- integer overflow

\n
\n
Date Reported:
\n
02 Sep 2005
\n
Affected Packages:
\n
\npcre3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324531.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14620.
In Mitre's CVE dictionary: CVE-2005-2491.
\n
More information:
\n
\n

An integer overflow with subsequent buffer overflow has been detected\nin PCRE, the Perl Compatible Regular Expressions library, which allows\nan attacker to execute arbitrary code.

\n

Since several packages link dynamically to this library you are\nadvised to restart the corresponding services or programs\nrespectively. The command \u201capt-cache showpkg libpcre3\u201d will list\nthe corresponding packages in the \"Reverse Depends:\" section.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.4-1.1woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.5-1.2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.3-1.

\n

We recommend that you upgrade your libpcre3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4-1.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_3.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_3.4-1.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_3.4-1.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_3.4-1.1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5-1.2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5-1.2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5-1.2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5-1.2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5-1.2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "801": "
\n

Debian Security Advisory

\n

DSA-801-1 ntp -- programming error

\n
\n
Date Reported:
\n
05 Sep 2005
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2496.
\n
More information:
\n
\n

SuSE developers discovered that ntp confuses the given group id with\nthe group id of the given user when called with a group id on the\ncommandline that is specified as a string and not as a numeric gid,\nwhich causes ntpd to run with different privileges than intended.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.2.0a+stable-2sarge1.

\n

The unstable distribution (sid) is not affected by this problem.

\n

We recommend that you upgrade your ntp-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.0a+stable-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "802": "
\n

Debian Security Advisory

\n

DSA-802-1 cvs -- insecure temporary files

\n
\n
Date Reported:
\n
07 Sep 2005
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325106.
In Mitre's CVE dictionary: CVE-2005-2693.
\n
More information:
\n
\n

Marcus Meissner discovered that the cvsbug program from CVS, which\nserves the popular Concurrent Versions System, uses temporary files in\nan insecure fashion.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.11.1p1debian-13.

\n

In the stable distribution (sarge) the cvs package does not expose the\ncvsbug program anymore.

\n

In the unstable distribution (sid) the cvs package does not expose the\ncvsbug program anymore.

\n

We recommend that you upgrade your cvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.dsc
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "803": "
\n

Debian Security Advisory

\n

DSA-803-1 apache -- programming error

\n
\n
Date Reported:
\n
08 Sep 2005
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 322607.
In Mitre's CVE dictionary: CVE-2005-2088.
\n
More information:
\n
\n

A vulnerability has been discovered in the Apache web server. When it\nis acting as an HTTP proxy, it allows remote attackers to poison the\nweb cache, bypass web application firewall protection, and conduct\ncross-site scripting attacks, which causes Apache to incorrectly\nhandle and forward the body of the request.

\n

The fix for this bug is contained in the apache-common package which means\nthat there isn't any need for a separate update of the apache-perl and\napache-ssl package.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.3.26-0woody7.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.3.33-6sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.33-8.

\n

We recommend that you upgrade your Apache package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.26-0woody7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.26-0woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.26-0woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.26-0woody7_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "804": "
\n

Debian Security Advisory

\n

DSA-804-1 kdelibs -- insecure permissions

\n
\n
Date Reported:
\n
08 Sep 2005
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1920.
\n
More information:
\n
\n

KDE developers have reported a vulnerability in the backup file\nhandling of Kate and Kwrite. The backup files are created with\ndefault permissions, even if the original file had more strict\npermissions set. This could disclose information unintendedly.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-6.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.4.1-1.

\n

We recommend that you upgrade your kdelibs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "805": "
\n

Debian Security Advisory

\n

DSA-805-1 apache2 -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Sep 2005
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 316173, Bug 320048, Bug 320063, Bug 326435.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14660.
In Mitre's CVE dictionary: CVE-2005-1268, CVE-2005-2088, CVE-2005-2700, CVE-2005-2728.
CERT's vulnerabilities, advisories and incident notes: VU#744929.
\n
More information:
\n
\n

Several problems have been discovered in Apache2, the next generation,\nscalable, extendable web server. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-1268\n

    Marc Stern discovered an off-by-one error in the mod_ssl\n Certificate Revocation List (CRL) verification callback. When\n Apache is configured to use a CRL this can be used to cause a\n denial of service.

    \n
  • CAN-2005-2088\n

    A vulnerability has been discovered in the Apache web server.\n When it is acting as an HTTP proxy, it allows remote attackers to\n poison the web cache, bypass web application firewall protection,\n and conduct cross-site scripting attacks, which causes Apache to\n incorrectly handle and forward the body of the request.

    \n
  • CAN-2005-2700\n

    A problem has been discovered in mod_ssl, which provides strong\n cryptography (HTTPS support) for Apache that allows remote\n attackers to bypass access restrictions.

    \n
  • CAN-2005-2728\n

    The byte-range filter in Apache 2.0 allows remote attackers to\n cause a denial of service via an HTTP header with a large Range\n field.

    \n
\n

The old stable distribution (woody) does not contain Apache2 packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.54-5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.54-5.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "806": "
\n

Debian Security Advisory

\n

DSA-806-1 gcvs -- insecure temporary files

\n
\n
Date Reported:
\n
09 Sep 2005
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325106.
In Mitre's CVE dictionary: CVE-2005-2693.
\n
More information:
\n
\n

Marcus Meissner discovered that the cvsbug program from gcvs, the\nGraphical frontend for CVS, which serves the popular Concurrent\nVersions System, uses temporary files in an insecure fashion.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.0a7-2woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0final-5sarge1.

\n

The unstable distribution (sid) does not expose the cvsbug program.

\n

We recommend that you upgrade your gcvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0a7-2woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gcvs/gcvs_1.0final-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "807": "
\n

Debian Security Advisory

\n

DSA-807-1 libapache-mod-ssl -- acl restriction bypass

\n
\n
Date Reported:
\n
12 Sep 2005
\n
Affected Packages:
\n
\nlibapache-mod-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14721.
In Mitre's CVE dictionary: CVE-2005-2700.
CERT's vulnerabilities, advisories and incident notes: VU#744929.
\n
More information:
\n
\n

A problem has been discovered in mod_ssl, which provides strong\ncryptography (HTTPS support) for Apache that allows remote attackers\nto bypass access restrictions.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.8.9-2.5.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.22-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.8.24-1.

\n

We recommend that you upgrade your libapache-mod-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.9-2.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.9-2.5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl-doc_2.8.22-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-ssl/libapache-mod-ssl_2.8.22-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "808": "
\n

Debian Security Advisory

\n

DSA-808-1 tdiary -- design error

\n
\n
Date Reported:
\n
12 Sep 2005
\n
Affected Packages:
\n
\ntdiary\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2411.
\n
More information:
\n
\n

Yutaka Oiwa and Hiromitsu Takagi discovered a Cross-Site Request\nForgery (CSRF) vulnerability in tdiary, a new generation weblog that\ncan be exploited by remote attackers to alter the users information.

\n

The old stable distribution (woody) does not contain tdiary packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.1-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.2-1.

\n

We recommend that you upgrade your tdiary packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.0.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.0.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.0.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-contrib_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-mode_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-plugin_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-theme_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.0.1-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "809": "
\n

Debian Security Advisory

\n

DSA-809-2 squid -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Sep 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 320035.
In Mitre's CVE dictionary: CVE-2005-2794, CVE-2005-2796.
\n
More information:
\n
\n

Certain aborted requests that trigger an assertion in squid, the\npopular WWW proxy cache, may allow remote attackers to cause a denial\nof service. \u00a0This update also fixes a regression caused by\nDSA 751.\nFor completeness below is the original advisory text:

\n
\n

Several vulnerabilities have been discovered in Squid, the popular WWW\nproxy cache. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-2794\n

    Certain aborted requests that trigger an assert may allow remote\n attackers to cause a denial of service.

    \n
  • CAN-2005-2796\n

    Specially crafted requests can cause a denial of service.

    \n
\n
\n

For the oldstable distribution (woody) this problem has been fixed in\nversion 2.4.6-2woody10.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.5.9-10sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.5.10-5.

\n

We recommend that you upgrade your squid package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.4.6-2woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.4.6-2woody10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.4.6-2woody10_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "810": "
\n

Debian Security Advisory

\n

DSA-810-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Sep 2005
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14242.
In Mitre's CVE dictionary: CVE-2004-0718, CVE-2005-1937, CVE-2005-2260, CVE-2005-2261, CVE-2005-2263, CVE-2005-2265, CVE-2005-2266, CVE-2005-2268, CVE-2005-2269, CVE-2005-2270.
\n
More information:
\n
\n

Several problems have been discovered in Mozilla, the web browser of\nthe Mozilla suite. Since the usual praxis of backporting apparently\ndoes not work for this package, this update is basically version\n1.7.10 with the version number rolled back, and hence still named\n1.7.8. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CAN-2004-0718, CAN-2005-1937\n

    A vulnerability has been discovered in Mozilla that allows remote\n attackers to inject arbitrary Javascript from one page into the\n frameset of another site.

    • \n
  • CAN-2005-2260\n

    The browser user interface does not properly distinguish between\n user-generated events and untrusted synthetic events, which makes\n it easier for remote attackers to perform dangerous actions that\n normally could only be performed manually by the user.

    • \n
  • CAN-2005-2261\n

    XML scripts ran even when Javascript disabled.

    • \n
  • CAN-2005-2263\n

    It is possible for a remote attacker to execute a callback\n function in the context of another domain (i.e. frame).

    • \n
  • CAN-2005-2265\n

    Missing input sanitising of InstallVersion.compareTo() can cause\n the application to crash.

    • \n
  • CAN-2005-2266\n

    Remote attackers could steal sensitive information such as cookies\n and passwords from web sites by accessing data in alien frames.

    • \n
  • CAN-2005-2268\n

    It is possible for a Javascript dialog box to spoof a dialog box\n from a trusted site and facilitates phishing attacks.

    • \n
  • CAN-2005-2269\n

    Remote attackers could modify certain tag properties of DOM nodes\n that could lead to the execution of arbitrary script or code.

    • \n
  • CAN-2005-2270\n

    The Mozilla browser family does not properly clone base objects,\n which allows remote attackers to execute arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.7.10-1.

\n

We recommend that you upgrade your Mozilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "811": "
\n

Debian Security Advisory

\n

DSA-811-2 common-lisp-controller -- design error

\n
\n
Date Reported:
\n
14 Sep 2005
\n
Affected Packages:
\n
\ncommon-lisp-controller\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2657.
\n
More information:
\n
\n

The bugfix for the problem mentioned below contained an error that\ncaused third party programs to fail. \u00a0The problem is corrected by this\nupdate. \u00a0For completeness we're including the original advisory\ntext:

\n
\n

Fran\u00e7ois-Ren\u00e9 Rideau discovered a bug in common-lisp-controller, a\nCommon Lisp source and compiler manager, that allows a local user to\ncompile malicious code into a cache directory which is executed by\nanother user if that user has not used Common Lisp before.

\n
\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.15sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.18.

\n

We recommend that you upgrade your common-lisp-controller package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3.dsc
\n
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/common-lisp-controller/common-lisp-controller_4.15sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "812": "
\n

Debian Security Advisory

\n

DSA-812-1 turqstat -- buffer overflow

\n
\n
Date Reported:
\n
15 Sep 2005
\n
Affected Packages:
\n
\nturqstat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2658.
\n
More information:
\n
\n

Peter Karlsson discovered a buffer overflow in Turquoise SuperStat, a\nprogram for gathering statistics from Fidonet and Usenet, that can be\nexploited by a specially crafted NNTP server.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.2.1woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.4-1.

\n

We recommend that you upgrade your turqstat package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "813": "
\n

Debian Security Advisory

\n

DSA-813-1 centericq -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Sep 2005
\n
Affected Packages:
\n
\ncentericq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14415.
In Mitre's CVE dictionary: CVE-2005-2369, CVE-2005-2370, CVE-2005-2448.
\n
More information:
\n
\n

Several problems have been discovered in libgadu which is also part of\ncentericq, a text-mode multi-protocol instant messenger client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-2369\n

    Multiple integer signedness errors may allow remote attackers to\n cause a denial of service or execute arbitrary code.

    • \n
  • CAN-2005-2370\n

    Memory alignment errors may allows remote attackers to cause a\n denial of service on certain architectures such as sparc.

    • \n
  • CAN-2005-2448\n

    Several endianess errors may allow remote attackers to cause a\n denial of service.

    • \n
\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.20.0-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.20.0-9.

\n

We recommend that you upgrade your centericq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "814": "
\n

Debian Security Advisory

\n

DSA-814-1 lm-sensors -- insecure temporary file

\n
\n
Date Reported:
\n
15 Sep 2005
\n
Affected Packages:
\n
\nlm-sensors\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324193.
In Mitre's CVE dictionary: CVE-2005-2672.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that a script of lm-sensors,\nutilities to read temperature/voltage/fan sensors, creates a temporary\nfile with a predictable filename, leaving it vulnerable for a symlink\nattack.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.9.1-1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.9.1-7.

\n

We recommend that you upgrade your lm-sensors package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-386_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-586tsc_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-686-smp_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k6_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-2-k7-smp_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "815": "
\n

Debian Security Advisory

\n

DSA-815-1 kdebase -- programming error

\n
\n
Date Reported:
\n
16 Sep 2005
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2494.
\n
More information:
\n
\n

Ilja van Sprundel discovered a serious lock file handling error in\nkcheckpass that can, in some configurations, be used to gain root\naccess.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.4.2-3.

\n

We recommend that you upgrade your kdebase-bin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.3.2-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.3.2-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/xfonts-konsole_3.3.2-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "816": "
\n

Debian Security Advisory

\n

DSA-816-1 xfree86 -- integer overflow

\n
\n
Date Reported:
\n
19 Sep 2005
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2495.
CERT's vulnerabilities, advisories and incident notes: VU#102441.
\n
More information:
\n
\n

S\u00f8ren Sandmann discovered a bug in memory allocation for pixmap images,\nthat can cause a crash of the X server or to execute arbitrary code.

\n

The update for the old stable distribution (woody) also contains a\ndifferent correction for multiple vulnerabilities in libXpm (DSA 607, CAN-2004-0914,\nBug#309143),\nsince the old fix contained a regression.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.1.0-16woody7.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.3.0.dfsg.1-14sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.8.2.dfsg.1-7 of X.Org.

\n

We recommend that you upgrade your xfree86 and xorg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody7.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0-16woody7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-pex_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g-dev_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlib6g_4.1.0-16woody7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.1.0-16woody7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa3-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xprt_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.1.0-16woody7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.1.0-16woody7_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "817": "
\n

Debian Security Advisory

\n

DSA-817-1 python2.2 -- integer overflow

\n
\n
Date Reported:
\n
22 Sep 2005
\n
Affected Packages:
\n
\npython2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324531.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14620.
In Mitre's CVE dictionary: CVE-2005-2491.
\n
More information:
\n
\n

An integer overflow with a subsequent buffer overflow has been detected\nin PCRE, the Perl Compatible Regular Expressions library, which allows\nan attacker to execute arbitrary code, and is also present in Python.\nExploiting this vulnerability requires an attacker to specify the used\nregular expression.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.2.1-4.8.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.3dfsg-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.3dfsg-4.

\n

We recommend that you upgrade your python2.2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.1-4.8_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.1-4.8_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-elisp_2.2.1-4.8_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.1-4.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.1-4.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.1-4.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.1-4.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.1-4.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.1-4.8_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.2/idle-python2.2_2.2.3dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-doc_2.2.3dfsg-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-examples_2.2.3dfsg-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.3dfsg-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-dev_2.2.3dfsg-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-gdbm_2.2.3dfsg-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-mpz_2.2.3dfsg-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-tk_2.2.3dfsg-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.2/python2.2-xmlbase_2.2.3dfsg-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "818": "
\n

Debian Security Advisory

\n

DSA-818-1 kdeedu -- insecure temporary files

\n
\n
Date Reported:
\n
22 Sep 2005
\n
Affected Packages:
\n
\nkdeedu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2101.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that langen2kvhtml from the\nkvoctrain package from the kdeedu suite creates temporary files in an\ninsecure fashion. This leaves them open for symlink attacks.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-3.sarge.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.4.2-1.

\n

We recommend that you upgrade your kvoctrain package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu_3.3.2-3.sarge.1.dsc
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu_3.3.2-3.sarge.1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu-data_3.3.2-3.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu-doc-html_3.3.2-3.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kdeedu_3.3.2-3.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres-data_3.3.2-3.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars-data_3.3.2-3.sarge.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdeedu/kalzium_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kbruch_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/keduca_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/khangman_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kig_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kiten_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klatin_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/klettres_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmessedwords_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kmplot_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kpercentage_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kstars_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/ktouch_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kturtle_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kverbos_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kvoctrain_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/kwordquiz_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu-dev_3.3.2-3.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdeedu/libkdeedu1_3.3.2-3.sarge.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "819": "
\n

Debian Security Advisory

\n

DSA-819-1 python2.1 -- integer overflow

\n
\n
Date Reported:
\n
23 Sep 2005
\n
Affected Packages:
\n
\npython2.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324531.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14620.
In Mitre's CVE dictionary: CVE-2005-2491.
\n
More information:
\n
\n

An integer overflow with a subsequent buffer overflow has been detected\nin PCRE, the Perl Compatible Regular Expressions library, which allows\nan attacker to execute arbitrary code, and is also present in Python.\nExploiting this vulnerability requires an attacker to specify the used\nregular expression.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.1.3-3.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.3dfsg-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.3dfsg-3.

\n

We recommend that you upgrade your python2.1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.1/idle-python2.1_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/idle_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-dev_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-doc_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-elisp_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-examples_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-gdbm_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-mpz_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-tk_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python-xmlbase_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-doc_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-elisp_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-examples_2.1.3-3.4_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python_2.1.3-3.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3-3.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3-3.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.1/idle-python2.1_2.1.3dfsg-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-doc_2.1.3dfsg-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-examples_2.1.3dfsg-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3dfsg-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-dev_2.1.3dfsg-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-gdbm_2.1.3dfsg-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-mpz_2.1.3dfsg-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-tk_2.1.3dfsg-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.1/python2.1-xmlbase_2.1.3dfsg-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "820": "
\n

Debian Security Advisory

\n

DSA-820-1 courier -- missing input sanitising

\n
\n
Date Reported:
\n
24 Sep 2005
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 327181.
In Mitre's CVE dictionary: CVE-2005-2820.
\n
More information:
\n
\n

Jakob Balle discovered that with \"Conditional Comments\" in Internet\nExplorer it is possible to hide javascript code in comments that will\nbe executed when the browser views a malicious email via sqwebmail.\nSuccessful exploitation requires that the user is using Internet\nExplorer.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.37.3-2.7.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.47-4sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.47-9.

\n

We recommend that you upgrade your sqwebmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.7.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.7_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "821": "
\n

Debian Security Advisory

\n

DSA-821-1 python2.3 -- integer overflow

\n
\n
Date Reported:
\n
28 Sep 2005
\n
Affected Packages:
\n
\npython2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324531.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14620.
In Mitre's CVE dictionary: CVE-2005-2491.
\n
More information:
\n
\n

An integer overflow with a subsequent buffer overflow has been detected\nin PCRE, the Perl Compatible Regular Expressions library, which allows\nan attacker to execute arbitrary code, and is also present in Python.\nExploiting this vulnerability requires an attacker to specify the used\nregular expression.

\n

The old stable distribution (woody) does not contain python2.3 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.3.5-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.5-8.

\n

We recommend that you upgrade your python2.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "822": "
\n

Debian Security Advisory

\n

DSA-822-1 gtkdiskfree -- insecure temporary file creation

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\ngtkdiskfree\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2918.
\n
More information:
\n
\n

Eric Romang discovered that gtkdiskfree, a GNOME program that shows\nfree and used space on filesystems, creates a temporary file in an\ninsecure fashion.

\n

The old stable distribution (woody) does not contain the gtkdiskfree\npackage.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.3-4sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your gtkdiskfree package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtkdiskfree/gtkdiskfree_1.9.3-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "823": "
\n

Debian Security Advisory

\n

DSA-823-1 util-linux -- privilege escalation

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\nutil-linux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 328141, Bug 329063.
In Mitre's CVE dictionary: CVE-2005-2876.
\n
More information:
\n
\n

David Watson discovered a bug in mount as provided by util-linux and\nother packages such as loop-aes-utils that allows local users to\nbypass filesystem access restrictions by re-mounting it read-only.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.11n-7woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.12p-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.12p-8.

\n

We recommend that you upgrade your util-linux package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.dsc
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.11n-7woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.11n-7woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.11n-7woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.11n-7woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "824": "
\n

Debian Security Advisory

\n

DSA-824-1 clamav -- infinite loop, buffer overflow

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 328660.
In Mitre's CVE dictionary: CVE-2005-2919, CVE-2005-2920.
CERT's vulnerabilities, advisories and incident notes: VU#363713.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The following problems were\nidentified:

\n
    \n
  • CAN-2005-2919\n

    A potentially infinite loop could lead to a denial of service.

    • \n
  • CAN-2005-2920\n

    A buffer overflow could lead to a denial of service.

    • \n
\n

The old stable distribution (woody) does not contain ClamAV packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.87-1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.4_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.4_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "825": "
\n

Debian Security Advisory

\n

DSA-825-1 loop-aes-utils -- privilege escalation

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\nloop-aes-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2876.
\n
More information:
\n
\n

David Watson discovered a bug in mount as provided by util-linux and\nother packages such as loop-aes-utils that allows local users to\nbypass filesystem access restrictions by re-mounting it read-only.

\n

The old stable distribution (woody) does not contain loop-aes-utils\npackages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.12p-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.12p-9.

\n

We recommend that you upgrade your loop-aes-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "826": "
\n

Debian Security Advisory

\n

DSA-826-1 helix-player -- multiple vulnerabilities

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\nhelix-player\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 316276, Bug 330364.
In Mitre's CVE dictionary: CVE-2005-1766, CVE-2005-2710.
\n
More information:
\n
\n

Multiple security vulnerabilities have been identified in the\nhelix-player media player that could allow an attacker to execute code\non the victim's machine via specially crafted network resources.

\n
    \n
  • CAN-2005-1766\n

    Buffer overflow in the RealText parser could allow remote code\n execution via a specially crafted RealMedia file with a long\n RealText string.

    • \n
  • CAN-2005-2710\n

    Format string vulnerability in Real HelixPlayer and RealPlayer 10\n allows remote attackers to execute arbitrary code via the image\n handle attribute in a RealPix (.rp) or RealText (.rt) file.

    • \n
\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-1sarge1

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.6-1

\n

We recommend that you upgrade your helix-player package.

\n

helix-player was distributed only on the i386 and powerpc architectures

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "827": "
\n

Debian Security Advisory

\n

DSA-827-1 backupninja -- insecure temporary file

\n
\n
Date Reported:
\n
29 Sep 2005
\n
Affected Packages:
\n
\nbackupninja\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3111.
\n
More information:
\n
\n

Moritz Muehlenhoff discovered the handler code for backupninja creates\na temporary file with a predictable filename, leaving it vulnerable to\na symlink attack.

\n

The old stable distribution (woody) does not contain the backupninja package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.5-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8-2.

\n

We recommend that you upgrade your backupninja package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/backupninja/backupninja_0.5-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "828": "
\n

Debian Security Advisory

\n

DSA-828-1 squid -- authentication handling

\n
\n
Date Reported:
\n
30 Sep 2005
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2917.
\n
More information:
\n
\n

Upstream developers of squid, the popular WWW proxy cache, have\ndiscovered that changes in the authentication scheme are not handled\nproperly when given certain request sequences while NTLM\nauthentication is in place, which may cause the daemon to restart.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.5.9-10sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.10-6.

\n

We recommend that you upgrade your squid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.5.9-10sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.5.9-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.5.9-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.5.9-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "829": "
\n

Debian Security Advisory

\n

DSA-829-1 mysql -- buffer overflow

\n
\n
Date Reported:
\n
30 Sep 2005
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14509.
In Mitre's CVE dictionary: CVE-2005-2558.
\n
More information:
\n
\n

A stack-based buffer overflow in the init_syms function of MySQL, a\npopular database, has been discovered that allows remote authenticated\nusers who can create user-defined functions to execute arbitrary code\nvia a long function_name field. The ability to create user-defined\nfunctions is not typically granted to untrusted users.

\n

The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
\n
\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.14.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.14.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.14_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.14_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.14_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "830": "
\n

Debian Security Advisory

\n

DSA-830-1 ntlmaps -- wrong permissions

\n
\n
Date Reported:
\n
30 Sep 2005
\n
Affected Packages:
\n
\nntlmaps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2962.
\n
More information:
\n
\n

Drew Parsons noticed that the post-installation script of ntlmaps, an\nNTLM authorisation proxy server, changes the permissions of the\nconfiguration file to be world-readable. It contains the user name\nand password of the Windows NT system that ntlmaps connects to and,\nhence, leaks them to local users.

\n

The old stable distribution (woody) does not contain an ntlmaps package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.9-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.9-4.

\n

We recommend that you upgrade your ntlmaps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntlmaps/ntlmaps_0.9.9-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "831": "
\n

Debian Security Advisory

\n

DSA-831-1 mysql-dfsg -- buffer overflow

\n
\n
Date Reported:
\n
30 Sep 2005
\n
Affected Packages:
\n
\nmysql-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14509.
In Mitre's CVE dictionary: CVE-2005-2558.
\n
More information:
\n
\n

A stack-based buffer overflow in the init_syms function of MySQL, a\npopular database, has been discovered that allows remote authenticated\nusers who can create user-defined functions to execute arbitrary code\nvia a long function_name field. The ability to create user-defined\nfunctions is not typically granted to untrusted users.

\n

The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
\n
\n

We recommend that you upgrade your mysql-dfsg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "832": "
\n

Debian Security Advisory

\n

DSA-832-1 gopher -- buffer overflows

\n
\n
Date Reported:
\n
30 Sep 2005
\n
Affected Packages:
\n
\ngopher\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2772.
\n
More information:
\n
\n

Several buffer overflows have been discovered in gopher, a\ntext-oriented client for the Gopher Distributed Hypertext protocol,\nthat can be exploited by a malicious Gopher server.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.0.3woody4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.7sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.11.

\n

We recommend that you upgrade your gopher package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "833": "
\n

Debian Security Advisory

\n

DSA-833-2 mysql-dfsg-4.1 -- buffer overflow

\n
\n
Date Reported:
\n
01 Oct 2005
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14509.
In Mitre's CVE dictionary: CVE-2005-2558.
\n
More information:
\n
\n

This update only covers binary packages for the big endian MIPS\narchitecture that was mysteriously forgotten in the earlier update.\nFor completeness below is the original advisory text:

\n
\n

A stack-based buffer overflow in the init_syms function of MySQL, a\npopular database, has been discovered that allows remote authenticated\nusers who can create user-defined functions to execute arbitrary code\nvia a long function_name field. The ability to create user-defined\nfunctions is not typically granted to untrusted users.

\n
\n

The following vulnerability matrix explains which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.14n/an/a
mysql-dfsgn/a4.0.24-10sarge14.0.24-10sarge1
mysql-dfsg-4.1n/a4.1.11a-4sarge24.1.14-2
mysql-dfsg-5.0n/an/a5.0.11beta-3
\n
\n

We recommend that you upgrade your mysql-dfsg-4.1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "834": "
\n

Debian Security Advisory

\n

DSA-834-1 prozilla -- buffer overflow

\n
\n
Date Reported:
\n
01 Oct 2005
\n
Affected Packages:
\n
\nprozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2961.
\n
More information:
\n
\n

Tavis Ormandy discovered a buffer overflow in prozilla, a\nmulti-threaded download accelerator, which may be exploited to execute\narbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.3.6-3woody3.

\n

The stable distribution (sarge) does not contain prozilla packages.

\n

The unstable distribution (sid) does not contain prozilla packages.

\n

We recommend that you upgrade your prozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/prozilla/prozilla_1.3.6-3woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "835": "
\n

Debian Security Advisory

\n

DSA-835-1 cfengine -- insecure temporary files

\n
\n
Date Reported:
\n
01 Oct 2005
\n
Affected Packages:
\n
\ncfengine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2960, CVE-2005-3137.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered several insecure temporary\nfile uses in cfengine, a tool for configuring and maintaining\nnetworked machines, that can be exploited by a symlink attack to\noverwrite arbitrary files owned by the user executing cfengine, which\nis probably root.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.6.3-9woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.6.5-1sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your cfengine package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.3-9woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.5-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "836": "
\n

Debian Security Advisory

\n

DSA-836-1 cfengine2 -- insecure temporary files

\n
\n
Date Reported:
\n
01 Oct 2005
\n
Affected Packages:
\n
\ncfengine2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2960, CVE-2005-3137.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered insecure temporary file use\nin cfengine2, a tool for configuring and maintaining networked\nmachines, that can be exploited by a symlink attack to overwrite\narbitrary files owned by the user executing cfengine, which is\nprobably root.

\n

The oldstable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.1.14-1sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your cfengine2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2-doc_2.1.14-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "837": "
\n

Debian Security Advisory

\n

DSA-837-1 mozilla-firefox -- buffer overflow

\n
\n
Date Reported:
\n
02 Oct 2005
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 327452.
In Mitre's CVE dictionary: CVE-2005-2871.
\n
More information:
\n
\n

Tom Ferris discovered a bug in the IDN hostname handling of Mozilla\nFirefox, which is also present in the other browsers from the same\nfamily that allows remote attackers to cause a denial of service and\npossibly execute arbitrary code via a hostname with dashes.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.4-2sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.6-5.

\n

We recommend that you upgrade your mozilla-firefox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "838": "
\n

Debian Security Advisory

\n

DSA-838-1 mozilla-firefox -- multiple vulnerabilities

\n
\n
Date Reported:
\n
02 Oct 2005
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2701, CVE-2005-2702, CVE-2005-2703, CVE-2005-2704, CVE-2005-2705, CVE-2005-2706, CVE-2005-2707.
\n
More information:
\n
\n

Multiple security vulnerabilities have been identified in the\nmozilla-firefox web browser. These vulnerabilities could allow an\nattacker to execute code on the victim's machine via specially crafted\nnetwork resources.

\n
    \n
  • CAN-2005-2701\n

    Heap overrun in XBM image processing

    • \n
  • CAN-2005-2702\n

    Denial of service (crash) and possible execution of arbitrary\n\tcode via Unicode sequences with \"zero-width non-joiner\"\n\tcharacters.

    • \n
  • CAN-2005-2703\n

    XMLHttpRequest header spoofing

    • \n
  • CAN-2005-2704\n

    Object spoofing using XBL <implements>

    • \n
  • CAN-2005-2705\n

    JavaScript integer overflow

    • \n
  • CAN-2005-2706\n

    Privilege escalation using about: scheme

    • \n
  • CAN-2005-2707\n

    Chrome window spoofing allowing windows to be created without\n\tUI components such as a URL bar or status bar that could be\n\tused to carry out phishing attacks

    • \n
\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.0.4-2sarge5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.7-1.

\n

We recommend that you upgrade your mozilla-firefox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "839": "
\n

Debian Security Advisory

\n

DSA-839-1 apachetop -- insecure temporary file

\n
\n
Date Reported:
\n
04 Oct 2005
\n
Affected Packages:
\n
\napachetop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2660.
\n
More information:
\n
\n

Eric Romang discovered an insecurely created temporary file in\napachetop, a realtime monitoring tool for the Apache webserver that\ncould be exploited with a symlink attack to overwrite arbitrary files\nwith the user id that runs apachetop.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.12.5-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.12.5-5.

\n

We recommend that you upgrade your apachetop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apachetop/apachetop_0.12.5-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "840": "
\n

Debian Security Advisory

\n

DSA-840-1 drupal -- missing input sanitising

\n
\n
Date Reported:
\n
04 Oct 2005
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2498.
\n
More information:
\n
\n

Stefan Esser of the Hardened-PHP Project reported a serious vulnerability\nin the third-party XML-RPC library included with some Drupal versions. An\nattacker could execute arbitrary PHP code on a target site. This update\npulls in the latest XML-RPC version from upstream.

\n

The old stable distribution (woody) is not affected by this problem since\nno drupal is included.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.5.3-4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.5.5-1.

\n

We recommend that you upgrade your drupal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "841": "
\n

Debian Security Advisory

\n

DSA-841-1 mailutils -- format string vulnerability

\n
\n
Date Reported:
\n
04 Oct 2005
\n
Affected Packages:
\n
\nmailutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2878.
\n
More information:
\n
\n

A format string vulnerability has been discovered in GNU mailutils\nwhich contains utilities for handling mail that allows a remote\nattacker to execute arbitrary code on the IMAP server.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6.1-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.90-3.

\n

We recommend that you upgrade your mailutils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-doc_0.6.1-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/libmailutils0-dev_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-comsatd_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-imap4d_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-mh_0.6.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mailutils/mailutils-pop3d_0.6.1-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "842": "
\n

Debian Security Advisory

\n

DSA-842-1 egroupware -- missing input sanitising

\n
\n
Date Reported:
\n
04 Oct 2005
\n
Affected Packages:
\n
\negroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 323350.
In Mitre's CVE dictionary: CVE-2005-2498.
\n
More information:
\n
\n

Stefan Esser discovered a vulnerability in the XML-RPC libraries which\nare also present in egroupware, a web-based groupware suite, that\nallows injection of arbitrary PHP code into eval() statements.

\n

The old stable distribution (woody) does not contain egroupware packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.0.007-2.dfsg-2sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.0.009.dfsg-1.

\n

We recommend that you upgrade your egroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "843": "
\n

Debian Security Advisory

\n

DSA-843-1 arc -- insecure temporary file

\n
\n
Date Reported:
\n
05 Oct 2005
\n
Affected Packages:
\n
\narc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2945, CVE-2005-2992.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the ARC archive program\nunder Unix. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-2945\n

    Eric Romang discovered that the ARC archive program under Unix\n creates a temporary file with insecure permissions which may lead\n to an attacker stealing sensitive information.

    • \n
  • CAN-2005-2992\n

    Joey Schulze discovered that the temporary file was created in an\n insecure fashion as well, leaving it open to a classic symlink\n attack.

    • \n
\n

The old stable distribution (woody) does not contain arc packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 5.21l-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.21m-1.

\n

We recommend that you upgrade your arc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "844": "
\n

Debian Security Advisory

\n

DSA-844-1 mod-auth-shadow -- programming error

\n
\n
Date Reported:
\n
05 Oct 2005
\n
Affected Packages:
\n
\nmod-auth-shadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 323789.
In Mitre's CVE dictionary: CVE-2005-2963.
\n
More information:
\n
\n

A vulnerability in mod_auth_shadow, an Apache module that lets users\nperform HTTP authentication against /etc/shadow, has been discovered.\nThe module runs for all locations that use the 'require group'\ndirective which would bypass access restrictions controlled by another\nauthorisation mechanism, such as AuthGroupFile file, if the username\nis listed in the password file and in the gshadow file in the proper\ngroup and the supplied password matches against the one in the shadow\nfile.

\n

This update requires an explicit \"AuthShadow on\" statement if website\nauthentication should be checked against /etc/shadow.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.3-3.1woody.2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4-2.

\n

We recommend that you upgrade your libapache-mod-auth-shadow package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3-3.1woody.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.3-3.1woody.2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/mod-auth-shadow_1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mod-auth-shadow/libapache-mod-auth-shadow_1.4-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "845": "
\n

Debian Security Advisory

\n

DSA-845-1 mason -- programming error

\n
\n
Date Reported:
\n
06 Oct 2005
\n
Affected Packages:
\n
\nmason\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 222384.
In Mitre's CVE dictionary: CVE-2005-3118.
\n
More information:
\n
\n

Christoph Martin noticed that upon configuration mason, which\ninteractively creates a Linux packet filtering firewall, does not\ninstall the init script to actually load the firewall during system\nboot. This will leave the machine without a firewall after a reboot.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.13.0.92-2woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.0-2.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.0-3.

\n

We recommend that you upgrade your mason package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mason/mason_0.13.0.92-2woody1_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mason/mason_1.0.0-2.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "846": "
\n

Debian Security Advisory

\n

DSA-846-1 cpio -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Oct 2005
\n
Affected Packages:
\n
\ncpio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 306693, Bug 305372.
In Mitre's CVE dictionary: CVE-2005-1111, CVE-2005-1229.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in cpio, a program to manage\narchives of files. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-1111\n

    Imran Ghory discovered a race condition in setting the file\n permissions of files extracted from cpio archives. A local\n attacker with write access to the target directory could exploit\n this to alter the permissions of arbitrary files the extracting\n user has write permissions for.

    • \n
  • CAN-2005-1229\n

    Imran Ghory discovered that cpio does not sanitise the path of\n extracted files even if the --no-absolute-filenames option was\n specified. This can be exploited to install files in arbitrary\n locations where the extracting user has write permissions to.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 2.4.2-39woody2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.5-1.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6-6.

\n

We recommend that you upgrade your cpio package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.4.2-39woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.dsc
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.5-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "847": "
\n

Debian Security Advisory

\n

DSA-847-1 dia -- missing input sanitising

\n
\n
Date Reported:
\n
08 Oct 2005
\n
Affected Packages:
\n
\ndia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 330890.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15000.
In Mitre's CVE dictionary: CVE-2005-2966.
\n
More information:
\n
\n

Joxean Koret discovered that the Python SVG import plugin in dia, a\nvector-oriented diagram editor, does not properly sanitise data read\nfrom an SVG file and is hence vulnerable to execute arbitrary Python\ncode.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.94.0-7sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.94.0-15.

\n

We recommend that you upgrade your dia package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.94.0-7sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "848": "
\n

Debian Security Advisory

\n

DSA-848-1 masqmail -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Oct 2005
\n
Affected Packages:
\n
\nmasqmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2662, CVE-2005-2663.
\n
More information:
\n
\n

Jens Steube discovered two vulnerabilities in masqmail, a mailer for\nhosts without permanent internet connection. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CAN-2005-2662\n

    When sending failed mail messages, the address is not sanitised,\n which allows a local attacker to execute arbitrary commands as the\n mail user.

    • \n
  • CAN-2005-2663\n

    When opening the log file, masqmail does not relinquish\n privileges, which allows a local attacker to overwrite arbitrary\n files via a symlink attack.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.1.16-2.2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.2.20-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.2.20-1sarge1.

\n

We recommend that you upgrade your masqmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2.dsc
\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.2.20-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "849": "
\n

Debian Security Advisory

\n

DSA-849-1 shorewall -- programming error

\n
\n
Date Reported:
\n
08 Oct 2005
\n
Affected Packages:
\n
\nshorewall\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318946.
In Mitre's CVE dictionary: CVE-2005-2317.
\n
More information:
\n
\n

\"Supernaut\" noticed that shorewall, the Shoreline Firewall, could\ngenerate an iptables configuration which is significantly more\npermissive than the rule set given in the shorewall configuration, if\nMAC verification are used in a non-default manner.

\n

When MACLIST_DISPOSITION is set to ACCEPT in the shorewall.conf file,\nall packets from hosts which fail the MAC verification pass through\nthe firewall, without further checks. When MACLIST_TTL is set to a\nnon-zero value, packets from hosts which pass the MAC verification\npass through the firewall, again without further checks.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.3-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4.1-2.

\n

We recommend that you upgrade your shorewall package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shorewall/shorewall_2.2.3-2.dsc
\n
http://security.debian.org/pool/updates/main/s/shorewall/shorewall_2.2.3-2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shorewall/shorewall_2.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/shorewall/shorewall_2.2.3-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "850": "
\n

Debian Security Advisory

\n

DSA-850-1 tcpdump -- infinite loop

\n
\n
Date Reported:
\n
09 Oct 2005
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1279.
\n
More information:
\n
\n

\"Vade 79\" discovered that the BGP dissector in tcpdump, a powerful\ntool for network monitoring and data acquisition, does not properly\nhandle RT_ROUTING_INFO. A specially crafted BGP packet can cause a\ndenial of service via an infinite loop.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.6.2-2.9.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.8.3-4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.8.3-4.

\n

We recommend that you upgrade your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "851": "
\n

Debian Security Advisory

\n

DSA-851-1 openvpn -- programming errors

\n
\n
Date Reported:
\n
09 Oct 2005
\n
Affected Packages:
\n
\nopenvpn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 324167.
In Mitre's CVE dictionary: CVE-2005-2531, CVE-2005-2532, CVE-2005-2533, CVE-2005-2534.
\n
More information:
\n
\n

Several security related problems have been discovered in openvpn, a\nVirtual Private Network daemon. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2531\n

    Wrong processing of failed certificate authentication when running\n with \"verb 0\" and without TLS authentication can lead to a denial\n of service by disconnecting the wrong client.

    • \n
  • CAN-2005-2532\n

    Wrong handling of packets that can't be decrypted on the server\n can lead to the disconnection of unrelated clients.

    • \n
  • CAN-2005-2533\n

    When running in \"dev tap\" Ethernet bridging mode, openvpn can\n exhaust its memory by receiving a large number of spoofed MAC\n addresses and hence denying service.

    • \n
  • CAN-2005-2534\n

    Simultaneous TCP connections from multiple clients with the same\n client certificate can cause a denial of service when\n --duplicate-cn is not enabled.

    • \n
\n

The old stable distribution (woody) does not contain openvpn packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.2-1.

\n

We recommend that you upgrade your openvpn package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "852": "
\n

Debian Security Advisory

\n

DSA-852-1 up-imapproxy -- format string vulnerabilities

\n
\n
Date Reported:
\n
09 Oct 2005
\n
Affected Packages:
\n
\nup-imapproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2661.
\n
More information:
\n
\n

Steve Kemp discovered two format string vulnerabilities in\nup-imapproxy, an IMAP protocol proxy, which may lead remote attackers\nto the execution of arbitrary code.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.2.3-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.4-2.

\n

We recommend that you upgrade your imapproxy package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/up-imapproxy_1.2.3-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/up-imapproxy_1.2.3-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/up-imapproxy_1.2.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/up-imapproxy/imapproxy_1.2.3-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "853": "
\n

Debian Security Advisory

\n

DSA-853-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Oct 2005
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2360, CVE-2005-2361, CVE-2005-2363, CVE-2005-2364, CVE-2005-2365, CVE-2005-2366, CVE-2005-2367.
\n
More information:
\n
\n

Several security problems have been discovered in ethereal, a commonly\nused network traffic analyser. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CAN-2005-2360\n

    Memory allocation errors in the LDAP dissector can cause a denial\n of service.

    • \n
  • CAN-2005-2361\n

    Various errors in the AgentX, PER, DOCSIS, RADIUS, Telnet, IS-IS,\n HTTP, DCERPC, DHCP and SCTP dissectors can cause a denial of\n service.

    • \n
  • CAN-2005-2363\n

    Various errors in the SMPP, 802.3, H1 and DHCP dissectors can\n cause a denial of service.

    • \n
  • CAN-2005-2364\n

    Null pointer dereferences in the WBXML and GIOP dissectors can\n cause a denial of service.

    • \n
  • CAN-2005-2365\n

    A buffer overflow and null pointer dereferences in the SMB\n dissector can cause a denial of service.

    • \n
  • CAN-2005-2366\n

    Wrong address calculation in the BER dissector can cause an\n infinite loop or abortion.

    • \n
  • CAN-2005-2367\n

    Format string vulnerabilities in several dissectors allow\n remote attackers to write to arbitrary memory locations and thus\n gain privileges.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody13.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.10.12-2.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody13_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody13_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody13_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody13_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "854": "
\n

Debian Security Advisory

\n

DSA-854-1 tcpdump -- infinite loop

\n
\n
Date Reported:
\n
09 Oct 2005
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1267.
\n
More information:
\n
\n

Simon Nielsen discovered that the BGP dissector in tcpdump, a powerful\ntool for network monitoring and data acquisition, does not properly\nhandle a -1 return value from an internal function that decodes data\npackets. A specially crafted BGP packet can cause a denial of service\nvia an infinite loop.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.8.3-5sarge1.

\n

We recommend that you upgrade your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "855": "
\n

Debian Security Advisory

\n

DSA-855-1 weex -- format string vulnerability

\n
\n
Date Reported:
\n
10 Oct 2005
\n
Affected Packages:
\n
\nweex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332424.
In Mitre's CVE dictionary: CVE-2005-3150.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in weex, a non-interactive FTP client for\nupdating web pages, that could be exploited to execute arbitrary code\non the clients machine.

\n

For the oldstable distribution (woody) this problem has been fixed in\nversion 2.6.1-4woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.6.1-6sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.6.1-6sarge1.

\n

We recommend that you upgrade your weex package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2.dsc
\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-4woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/weex/weex_2.6.1-6sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "856": "
\n

Debian Security Advisory

\n

DSA-856-1 py2play -- design error

\n
\n
Date Reported:
\n
10 Oct 2005
\n
Affected Packages:
\n
\npy2play\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 326976.
In Mitre's CVE dictionary: CVE-2005-2875.
\n
More information:
\n
\n

Arc Riley discovered that py2play, a peer-to-peer network game engine,\nis able to execute arbitrary code received from the p2p game network\nit is connected to without any security checks.

\n

The old stable distribution (woody) does not contain py2play packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.1.7-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.1.8-1.

\n

We recommend that you upgrade your py2play package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/py2play/py2play_0.1.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/py2play/python-2play_0.1.7-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "857": "
\n

Debian Security Advisory

\n

DSA-857-1 graphviz -- insecure temporary file

\n
\n
Date Reported:
\n
10 Oct 2005
\n
Affected Packages:
\n
\ngraphviz\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15050.
In Mitre's CVE dictionary: CVE-2005-4803.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered insecure temporary file\ncreation in graphviz, a rich set of graph drawing tools, that can be\nexploited to overwrite arbitrary files by a local attacker.

\n

For the old stable distribution (woody) this problem probably persists\nbut the package is non-free.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.1-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.1-1sarge1.

\n

We recommend that you upgrade your graphviz package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz_2.2.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-dev_2.2.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphviz/graphviz-doc_2.2.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "858": "
\n

Debian Security Advisory

\n

DSA-858-1 xloadimage -- buffer overflows

\n
\n
Date Reported:
\n
10 Oct 2005
\n
Affected Packages:
\n
\nxloadimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332524.
In Mitre's CVE dictionary: CVE-2005-3178.
\n
More information:
\n
\n

Ariel Berkman discovered several buffer overflows in xloadimage, a\ngraphics file viewer for X11, that can be exploited via large image\ntitles and cause the execution of arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 4.1-10woody2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.1-14.3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.1-15.

\n

We recommend that you upgrade your xloadimage package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.dsc
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "859": "
\n

Debian Security Advisory

\n

DSA-859-1 xli -- buffer overflows

\n
\n
Date Reported:
\n
10 Oct 2005
\n
Affected Packages:
\n
\nxli\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332524.
In Mitre's CVE dictionary: CVE-2005-3178.
\n
More information:
\n
\n

Ariel Berkman discovered several buffer overflows in xloadimage, which\nare also present in xli, a command line utility for viewing images in\nX11, and could be exploited via large image titles and cause the\nexecution of arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.17.0-11woody2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.17.0-18sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your xli package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.dsc
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "860": "
\n

Debian Security Advisory

\n

DSA-860-1 ruby -- programming error

\n
\n
Date Reported:
\n
11 Oct 2005
\n
Affected Packages:
\n
\nruby\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332742.
In Mitre's CVE dictionary: CVE-2005-2337.
CERT's vulnerabilities, advisories and incident notes: VU#160012.
\n
More information:
\n
\n

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
\n
\n

We recommend that you upgrade your ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "861": "
\n

Debian Security Advisory

\n

DSA-861-1 uw-imap -- buffer overflow

\n
\n
Date Reported:
\n
11 Oct 2005
\n
Affected Packages:
\n
\nuw-imap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2933.
\n
More information:
\n
\n

\"infamous41md\" discovered a buffer overflow in uw-imap, the University\nof Washington's IMAP Server that allows attackers to execute arbitrary\ncode.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2002edebian1-11sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2002edebian1-11sarge1.

\n

We recommend that you upgrade your uw-imap packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.dsc
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-11sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-11sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-11sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-11sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-11sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-11sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-11sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-11sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-11sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "862": "
\n

Debian Security Advisory

\n

DSA-862-1 ruby1.6 -- programming error

\n
\n
Date Reported:
\n
11 Oct 2005
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332742.
In Mitre's CVE dictionary: CVE-2005-2337.
CERT's vulnerabilities, advisories and incident notes: VU#160012.
\n
More information:
\n
\n

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
\n
\n

We recommend that you upgrade your ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "863": "
\n

Debian Security Advisory

\n

DSA-863-1 xine-lib -- format string vulnerability

\n
\n
Date Reported:
\n
12 Oct 2005
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332919.
In Mitre's CVE dictionary: CVE-2005-2967.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered a\nformat string vulnerability in the CDDB processing component of\nxine-lib, the xine video/media player library, that could lead to the\nexecution of arbitrary code caused by a malicious CDDB entry.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your libxine0 and libxine1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody4.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "864": "
\n

Debian Security Advisory

\n

DSA-864-1 ruby1.8 -- programming error

\n
\n
Date Reported:
\n
13 Oct 2005
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332742.
In Mitre's CVE dictionary: CVE-2005-2337.
CERT's vulnerabilities, advisories and incident notes: VU#160012.
\n
More information:
\n
\n

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
ruby1.6.7-3woody5n/an/a
ruby1.6n/a1.6.8-12sarge11.6.8-13
ruby1.8n/a1.8.2-7sarge21.8.3-1
\n
\n

We recommend that you upgrade your ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "865": "
\n

Debian Security Advisory

\n

DSA-865-1 hylafax -- insecure temporary files

\n
\n
Date Reported:
\n
13 Oct 2005
\n
Affected Packages:
\n
\nhylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3069.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that several scripts of the\nhylafax suite, a flexible client/server fax software, create temporary\nfiles and directories in an insecure fashion, leaving them vulnerable\nto symlink exploits.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.1.1-3.2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.2.1-5sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.2.2-1.

\n

We recommend that you upgrade your hylafax packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-3.2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "866": "
\n

Debian Security Advisory

\n

DSA-866-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Oct 2005
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 327366, Bug 329778.
In Mitre's CVE dictionary: CVE-2005-2871, CVE-2005-2701, CVE-2005-2702, CVE-2005-2703, CVE-2005-2704, CVE-2005-2705, CVE-2005-2706, CVE-2005-2707, CVE-2005-2968.
\n
More information:
\n
\n

Several security-related problems have been discovered in Mozilla and\nderived programs. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-2871\n

    Tom Ferris discovered a bug in the IDN hostname handling of\n Mozilla that allows remote attackers to cause a denial of service\n and possibly execute arbitrary code via a hostname with dashes.

    • \n
  • CAN-2005-2701\n

    A buffer overflow allows remote attackers to execute arbitrary\n code via an XBM image file that ends in a large number of spaces\n instead of the expected end tag.

    • \n
  • CAN-2005-2702\n

    Mats Palmgren discovered a buffer overflow in the Unicode string\n parser that allows a specially crafted Unicode sequence to\n overflow a buffer and cause arbitrary code to be executed.

    • \n
  • CAN-2005-2703\n

    Remote attackers could spoof HTTP headers of XML HTTP requests\n via XMLHttpRequest and possibly use the client to exploit\n vulnerabilities in servers or proxies.

    • \n
  • CAN-2005-2704\n

    Remote attackers could spoof DOM objects via an XBL control that\n implements an internal XPCOM interface.

    • \n
  • CAN-2005-2705\n

    Georgi Guninski discovered an integer overflow in the JavaScript\n engine that might allow remote attackers to execute arbitrary\n code.

    • \n
  • CAN-2005-2706\n

    Remote attackers could execute Javascript code with chrome\n privileges via an about: page such as about:mozilla.

    • \n
  • CAN-2005-2707\n

    Remote attackers could spawn windows without user interface\n components such as the address and status bar that could be used\n to conduct spoofing or phishing attacks.

    • \n
  • CAN-2005-2968\n

    Peter Zelezny discovered that shell metacharacters are not\n properly escaped when they are passed to a shell script and allow\n the execution of arbitrary commands, e.g. when a malicious URL is\n automatically copied from another program into Mozilla as default\n browser.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.7.12-1.

\n

We recommend that you upgrade your mozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "867": "
\n

Debian Security Advisory

\n

DSA-867-1 module-assistant -- insecure temporary file

\n
\n
Date Reported:
\n
20 Oct 2005
\n
Affected Packages:
\n
\nmodule-assistant\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3121.
\n
More information:
\n
\n

Eduard Bloch discovered that a rule file in module-assistant, a tool\nto ease the creation of module packages, creates a temporary file in\nan insecure fashion. It is usually executed from other packages as\nwell.

\n

The old stable distribution (woody) does not contain a module-assistant\npackage.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.10.

\n

We recommend that you upgrade your module-assistant package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/module-assistant/module-assistant_0.9sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "868": "
\n

Debian Security Advisory

\n

DSA-868-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Oct 2005
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 327366, Bug 329778.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14784.
In Mitre's CVE dictionary: CVE-2005-2871, CVE-2005-2701, CVE-2005-2702, CVE-2005-2703, CVE-2005-2704, CVE-2005-2705, CVE-2005-2706, CVE-2005-2707, CVE-2005-2968.
CERT's vulnerabilities, advisories and incident notes: VU#573857.
\n
More information:
\n
\n

Several security-related problems have been discovered in Mozilla and\nderived programs. Some of the following problems don't exactly apply\nto Mozilla Thunderbird, even though the code is present. In order to\nkeep the codebase in sync with upstream it has been altered\nnevertheless. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CAN-2005-2871\n

    Tom Ferris discovered a bug in the IDN hostname handling of\n Mozilla that allows remote attackers to cause a denial of service\n and possibly execute arbitrary code via a hostname with dashes.

    • \n
  • CAN-2005-2701\n

    A buffer overflow allows remote attackers to execute arbitrary\n code via an XBM image file that ends in a large number of spaces\n instead of the expected end tag.

    • \n
  • CAN-2005-2702\n

    Mats Palmgren discovered a buffer overflow in the Unicode string\n parser that allows a specially crafted Unicode sequence to\n overflow a buffer and cause arbitrary code to be executed.

    • \n
  • CAN-2005-2703\n

    Remote attackers could spoof HTTP headers of XML HTTP requests\n via XMLHttpRequest and possibly use the client to exploit\n vulnerabilities in servers or proxies.

    • \n
  • CAN-2005-2704\n

    Remote attackers could spoof DOM objects via an XBL control that\n implements an internal XPCOM interface.

    • \n
  • CAN-2005-2705\n

    Georgi Guninski discovered an integer overflow in the JavaScript\n engine that might allow remote attackers to execute arbitrary\n code.

    • \n
  • CAN-2005-2706\n

    Remote attackers could execute Javascript code with chrome\n privileges via an about: page such as about:mozilla.

    • \n
  • CAN-2005-2707\n

    Remote attackers could spawn windows without user interface\n components such as the address and status bar that could be used\n to conduct spoofing or phishing attacks.

    • \n
  • CAN-2005-2968\n

    Peter Zelezny discovered that shell metacharacters are not\n properly escaped when they are passed to a shell script and allow\n the execution of arbitrary commands, e.g. when a malicious URL is\n automatically copied from another program into Mozilla as default\n browser.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.7-1.

\n

We recommend that you upgrade your mozilla-thunderbird package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "869": "
\n

Debian Security Advisory

\n

DSA-869-1 eric -- missing input sanitising

\n
\n
Date Reported:
\n
21 Oct 2005
\n
Affected Packages:
\n
\neric\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 330893.
In Mitre's CVE dictionary: CVE-2005-3068.
\n
More information:
\n
\n

The developers of eric, a full featured Python IDE, have fixed a bug\nin the processing of project files that could lead to the execution of\narbitrary code.

\n

The old stable distribution (woody) does not contain an eric package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.6.2-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.7.2-1.

\n

We recommend that you upgrade your eric package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2.dsc
\n
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eric/eric_3.6.2-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "870": "
\n

Debian Security Advisory

\n

DSA-870-1 sudo -- missing input sanitising

\n
\n
Date Reported:
\n
25 Oct 2005
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2959.
\n
More information:
\n
\n

Tavis Ormandy noticed that sudo, a program that provides limited super\nuser privileges to specific users, does not clean the environment\nsufficiently. The SHELLOPTS and PS4 variables are dangerous and are\nstill passed through to the program running as privileged user. This\ncan result in the execution of arbitrary commands as privileged user\nwhen a bash script is executed. These vulnerabilities can only be\nexploited by users who have been granted limited super user\nprivileges.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.6.6-1.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.8p7-1.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.8p9-3.

\n

We recommend that you upgrade your sudo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "871": "
\n

Debian Security Advisory

\n

DSA-871-2 libgda2 -- format string

\n
\n
Date Reported:
\n
25 Oct 2005
\n
Affected Packages:
\n
\nlibgda2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2958.
\n
More information:
\n
\n

Steve Kemp discovered two format string vulnerabilities in libgda2,\nthe GNOME Data Access library for GNOME2, which may lead to the\nexecution of arbitrary code in programs that use this library.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.2.1-2sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libgda2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2_1.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-doc_1.2.1-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-freetds_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-mysql_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-odbc_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-postgres_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/gda2-sqlite_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-3-dbg_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-common_1.2.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgda2/libgda2-dev_1.2.1-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "872": "
\n

Debian Security Advisory

\n

DSA-872-1 koffice -- buffer overflow

\n
\n
Date Reported:
\n
26 Oct 2005
\n
Affected Packages:
\n
\nkoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 333497.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15060.
In Mitre's CVE dictionary: CVE-2005-2971.
\n
More information:
\n
\n

Chris Evans discovered a buffer overflow in the RTF importer of kword,\na word processor for the KDE Office Suite that can lead to the\nexecution of arbitrary code.

\n

The old stable distribution (woody) does not contain a kword package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.3.5-4.sarge.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.5-5.

\n

We recommend that you upgrade your kword package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1.dsc
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "873": "
\n

Debian Security Advisory

\n

DSA-873-1 net-snmp -- programming error

\n
\n
Date Reported:
\n
26 Oct 2005
\n
Affected Packages:
\n
\nnet-snmp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14168.
In Mitre's CVE dictionary: CVE-2005-2177.
\n
More information:
\n
\n

A security vulnerability has been found in Net-SNMP releases that\ncould allow a denial of service attack against Net-SNMP agents that\nhave opened a stream based protocol (e.g. TCP but not UDP). By default,\nNet-SNMP does not open a TCP port.

\n

The old stable distribution (woody) does not contain a net-snmp package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 5.1.2-6.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.2.1.2-1.

\n

We recommend that you upgrade your net-snmp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.dsc
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2-6.2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.1.2-6.2_all.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.1.2-6.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.1.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5_5.1.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp5-dev_5.1.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.1.2-6.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.1.2-6.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "874": "
\n

Debian Security Advisory

\n

DSA-874-1 lynx -- buffer overflow

\n
\n
Date Reported:
\n
27 Oct 2005
\n
Affected Packages:
\n
\nlynx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3120.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your lynx package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "875": "
\n

Debian Security Advisory

\n

DSA-875-1 openssl094 -- cryptographic weakness

\n
\n
Date Reported:
\n
27 Oct 2005
\n
Affected Packages:
\n
\nopenssl094\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2969.
\n
More information:
\n
\n

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.

\n

The following matrix explains which version in which distribution has\nthis problem corrected.

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
\n
\n

We recommend that you upgrade your libssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "876": "
\n

Debian Security Advisory

\n

DSA-876-1 lynx-ssl -- buffer overflow

\n
\n
Date Reported:
\n
27 Oct 2005
\n
Affected Packages:
\n
\nlynx-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3120.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a buffer overflow in lynx, a text-mode\nbrowser for the WWW that can be remotely exploited. During the\nhandling of Asian characters when connecting to an NNTP server lynx\ncan be tricked to write past the boundary of a buffer which can lead\nto the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge1 of lynx.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your lynx-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "877": "
\n

Debian Security Advisory

\n

DSA-877-1 gnump3d -- cross-site scripting, directory traversal

\n
\n
Date Reported:
\n
28 Oct 2005
\n
Affected Packages:
\n
\ngnump3d\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3123, CVE-2005-3424, CVE-2005-3425.
\n
More information:
\n
\n

Steve Kemp discovered two vulnerabilities in gnump3d, a streaming\nserver for MP3 and OGG files. The Common Vulnerabilities and\nExposures Project identifies the following problems:

\n
    \n
  • CVE-2005-3122\n

    The 404 error page does not strip malicious javascript content\n from the resulting page, which would be executed in the victims\n browser.

    \n
    • \n
  • CVE-2005-3123\n

    By using specially crafting URLs it is possible to read arbitrary\n files to which the user of the streaming server has access to.

    \n
    • \n
\n

The old stable distribution (woody) does not contain a gnump3d package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.9.3-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.9.6-1.

\n

We recommend that you upgrade your gnump3d package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "878": "
\n

Debian Security Advisory

\n

DSA-878-1 netpbm-free -- buffer overflow

\n
\n
Date Reported:
\n
28 Oct 2005
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2978.
\n
More information:
\n
\n

A buffer overflow has been identified in the pnmtopng component of the\nnetpbm package, a set of graphics conversion tools. This\nvulnerability could allow an attacker to execute arbitrary code as a\nlocal user by providing a specially crafted PNM file.

\n

The old stable distribution (woody) it not vulnerable to this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 10.0-8sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 10.0-10.

\n

We recommend that you upgrade your netpbm-free packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "879": "
\n

Debian Security Advisory

\n

DSA-879-1 gallery -- programming error

\n
\n
Date Reported:
\n
02 Nov 2005
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2596.
\n
More information:
\n
\n

A bug in gallery has been discovered that grants all registrated\npostnuke users full access to the gallery.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.5-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5-2.

\n

We recommend that you upgrade your gallery package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "880": "
\n

Debian Security Advisory

\n

DSA-880-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Nov 2005
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 328501, Bug 335306, Bug 335513.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15169.
In Mitre's CVE dictionary: CVE-2005-2869, CVE-2005-3300, CVE-2005-3301.
\n
More information:
\n
\n

Several cross-site scripting vulnerabilities have been discovered in\nphpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CAN-2005-2869\n

    Andreas Kerber and Michal Cihar discovered several cross-site\n scripting vulnerabilities in the error page and in the cookie\n login.

    • \n
  • CVE-2005-3300\n

    Stefan Esser discovered missing safety checks in grab_globals.php\n that could allow an attacker to induce phpmyadmin to include an\n arbitrary local file.

    • \n
  • CVE-2005-3301\n

    Tobias Klein discovered several cross-site scripting\n vulnerabilities that could allow attackers to inject arbitrary\n HTML or client-side scripting.

    • \n
\n

The version in the old stable distribution (woody) has probably its\nown flaws and is not easily fixable without a full audit and patch\nsession. The easier way is to upgrade it from woody to sarge.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.6.2-3sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.4-pl3-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "881": "
\n

Debian Security Advisory

\n

DSA-881-1 openssl096 -- cryptographic weakness

\n
\n
Date Reported:
\n
04 Nov 2005
\n
Affected Packages:
\n
\nopenssl096\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2969.
\n
More information:
\n
\n

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.

\n

The following matrix explains which version in which distribution has\nthis problem corrected.

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
\n
\n

We recommend that you upgrade your libssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "882": "
\n

Debian Security Advisory

\n

DSA-882-1 openssl095 -- cryptographic weakness

\n
\n
Date Reported:
\n
04 Nov 2005
\n
Affected Packages:
\n
\nopenssl095\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2969.
\n
More information:
\n
\n

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.

\n

The following matrix explains which version in which distribution has\nthis problem corrected.

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
\n
\n

We recommend that you upgrade your libssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "883": "
\n

Debian Security Advisory

\n

DSA-883-1 thttpd -- insecure temporary file

\n
\n
Date Reported:
\n
04 Nov 2005
\n
Affected Packages:
\n
\nthttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3124.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit team\ndiscovered that the syslogtocern script from thttpd, a tiny webserver,\nuses a temporary file insecurely, allowing a local attacker to craft a\nsymlink attack to overwrite arbitrary files.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.21b-11.3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.23beta1-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.23beta1-4.

\n

We recommend that you upgrade your thttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3.dsc
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.21b-11.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.21b-11.3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "884": "
\n

Debian Security Advisory

\n

DSA-884-1 horde3 -- design error

\n
\n
Date Reported:
\n
07 Nov 2005
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332290, Bug 332289.
In Mitre's CVE dictionary: CVE-2005-3344.
\n
More information:
\n
\n

Mike O'Connor discovered that the default installation of Horde3 on\nDebian includes an administrator account without a password. Already\nconfigured installations will not be altered by this update.

\n

The old stable distribution (woody) does not contain horde3 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.4-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.0.5-2

\n

We recommend that you verify your horde3 admin account if you have\ninstalled Horde3.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "885": "
\n

Debian Security Advisory

\n

DSA-885-1 openvpn -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2005
\n
Affected Packages:
\n
\nopenvpn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 336751, Bug 337334.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15239.
In Mitre's CVE dictionary: CVE-2005-3393, CVE-2005-3409.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenVPN, a free\nvirtual private network daemon. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-3393\n

    A format string vulnerability has been discovered that could allow\n arbitrary code to be executed on the client.

    • \n
  • CVE-2005-3409\n

    A NULL pointer dereferencing has been discovered that could be\n exploited to crash the service.

    • \n
\n

The old stable distribution (woody) does not contain openvpn packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.5-1.

\n

We recommend that you upgrade your openvpn package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "886": "
\n

Debian Security Advisory

\n

DSA-886-1 chmlib -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2005
\n
Affected Packages:
\n
\nchmlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15211.
In Mitre's CVE dictionary: CVE-2005-2659, CVE-2005-2930, CVE-2005-3318.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in chmlib, a library for\ndealing with CHM format files. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-2659\n

    Palasik Sandor discovered a buffer overflow in the LZX\n decompression method.

    • \n
  • CVE-2005-2930\n

    A buffer overflow has been discovered that could lead to the\n execution of arbitrary code.

    • \n
  • CVE-2005-3318\n

    Sven Tantau discovered a buffer overflow that could lead to the\n execution of arbitrary code.

    • \n
\n

The old stable distribution (woody) does not contain chmlib packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.35-6sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.37-2.

\n

We recommend that you upgrade your chmlib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "887": "
\n

Debian Security Advisory

\n

DSA-887-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2005
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3239, CVE-2005-3303, CVE-2005-3500, CVE-2005-3501.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Clam AntiVirus, the\nantivirus scanner for Unix, designed for integration with mail servers\nto perform attachment scanning. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-3239\n

    The OLE2 unpacker allows remote attackers to cause a segmentation\n fault via a DOC file with an invalid property tree, which triggers\n an infinite recursion.

    • \n
  • CVE-2005-3303\n

    A specially crafted executable compressed with FSG 1.33 could\n cause the extractor to write beyond buffer boundaries, allowing an\n attacker to execute arbitrary code.

    • \n
  • CVE-2005-3500\n

    A specially crafted CAB file could cause ClamAV to be locked in an\n infinite loop and use all available processor resources, resulting\n in a denial of service.

    • \n
  • CVE-2005-3501\n

    A specially crafted CAB file could cause ClamAV to be locked in an\n infinite loop and use all available processor resources, resulting\n in a denial of service.

    • \n
\n

The old stable distribution (woody) does not contain clamav packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.87.1-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.6_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.6_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "888": "
\n

Debian Security Advisory

\n

DSA-888-1 openssl -- cryptographic weakness

\n
\n
Date Reported:
\n
07 Nov 2005
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2969.
\n
More information:
\n
\n

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer\n(OpenSSL) library that can allow an attacker to perform active\nprotocol-version rollback attacks that could lead to the use of the\nweaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS\n1.0.

\n

The following matrix explains which version in which distribution has\nthis problem corrected.

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0oldstable (woody)stable (sarge)unstable (sid)
openssl0.9.6c-2.woody.80.9.7e-3sarge10.9.8-3
openssl0940.9.4-6.woody.4n/an/a
openssl0950.9.5a-6.woody.6n/an/a
openssl096n/a0.9.6m-1sarge1n/a
openssl097n/an/a0.9.7g-5
\n
\n

We recommend that you upgrade your libssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssl/ssleay_0.9.6c-2.woody.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.6c-2.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.6_0.9.6c-2.woody.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.6c-2.woody.8_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "889": "
\n

Debian Security Advisory

\n

DSA-889-1 enigmail -- programming error

\n
\n
Date Reported:
\n
08 Nov 2005
\n
Affected Packages:
\n
\nenigmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 335731.
In Mitre's CVE dictionary: CVE-2005-3256.
CERT's vulnerabilities, advisories and incident notes: VU#805121.
\n
More information:
\n
\n

Hadmut Danish discovered a bug in enigmail, GPG support for Mozilla\nMailNews and Mozilla Thunderbird, that can lead to the encryption of\nmail with the wrong public key, hence, potential disclosure of\nconfidential data to others.

\n

The old stable distribution (woody) does not contain enigmail packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.91-4sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.93-1.

\n

We recommend that you upgrade your enigmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/enigmail/enigmail_0.91.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-enigmail_0.91-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/enigmail/mozilla-thunderbird-enigmail_0.91-4sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "890": "
\n

Debian Security Advisory

\n

DSA-890-1 libungif4 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2005
\n
Affected Packages:
\n
\nlibungif4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 337972.
In Mitre's CVE dictionary: CVE-2005-2974, CVE-2005-3350.
\n
More information:
\n
\n

Chris Evans discovered several security related problems in libungif4,\na shared library for GIF images. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2005-2974\n

    Null pointer dereference, that could cause a denial of service.

    • \n
  • CVE-2005-3350\n

    Out of bounds memory access that could cause a denial of service\n or the execution of arbitrary code.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 4.1.0b1-2woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.1.3-2sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libungif4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.0b1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.0b1-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.0b1-2woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.0b1-2woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4_4.1.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif-bin_4.1.3-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4-dev_4.1.3-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libu/libungif4/libungif4g_4.1.3-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "891": "
\n

Debian Security Advisory

\n

DSA-891-1 gpsdrive -- format string

\n
\n
Date Reported:
\n
09 Nov 2005
\n
Affected Packages:
\n
\ngpsdrive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3523.
\n
More information:
\n
\n

Kevin Finisterre discovered a format string vulnerability in gpsdrive,\na car navigation system, that can lead to the execution of arbitrary\ncode.

\n

The old stable distribution (woody) does not contain gpsdrive packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.09-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.09-2sarge1.

\n

We recommend that you upgrade your gpsdrive package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpsdrive/gpsdrive_2.09-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "892": "
\n

Debian Security Advisory

\n

DSA-892-1 awstats -- missing input sanitising

\n
\n
Date Reported:
\n
10 Nov 2005
\n
Affected Packages:
\n
\nawstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 322591, Bug 334833, Bug 336137.
In Mitre's CVE dictionary: CVE-2005-1527.
\n
More information:
\n
\n

Peter Vreugdenhil discovered that awstats, a featureful web server log\nanalyser, passes user-supplied data to an eval() function, allowing\nremote attackers to execute arbitrary Perl commands.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.4-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.4-1.1.

\n

We recommend that you upgrade your awstats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "893": "
\n

Debian Security Advisory

\n

DSA-893-1 acidlab -- missing input sanitising

\n
\n
Date Reported:
\n
14 Nov 2005
\n
Affected Packages:
\n
\nacidlab\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 335998, Bug 336788.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15199.
In Mitre's CVE dictionary: CVE-2005-3325.
\n
More information:
\n
\n

Remco Verhoef has discovered a vulnerability in acidlab, Analysis\nConsole for Intrusion Databases, and in acidbase, Basic Analysis and\nSecurity Engine, which can be exploited by malicious users to conduct\nSQL injection attacks.

\n

The maintainers of Analysis Console for Intrusion Databases (ACID) in Debian,\nof which BASE is a fork off, after a security audit of both BASE and ACID\nhave determined that the flaw found not only affected the base_qry_main.php (in\nBASE) or acid_qry_main.php (in ACID) component but was also found in other\nelements of the consoles due to improper parameter validation and filtering.

\n

All the SQL injection bugs and Cross Site Scripting bugs found have been\nfixed in the Debian package, closing all the different attack vectors detected.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.9.6b20-2.1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.6b20-10.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.6b20-13 and in version 1.2.1-1 of acidbase.

\n

We recommend that you upgrade your acidlab and acidbase package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1.dsc
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-2.1_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1.dsc
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab-doc_0.9.6b20-10.1_all.deb
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab-mysql_0.9.6b20-10.1_all.deb
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab-pgsql_0.9.6b20-10.1_all.deb
\n
http://security.debian.org/pool/updates/main/a/acidlab/acidlab_0.9.6b20-10.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "894": "
\n

Debian Security Advisory

\n

DSA-894-1 abiword -- buffer overflows

\n
\n
Date Reported:
\n
14 Nov 2005
\n
Affected Packages:
\n
\nabiword\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2964, CVE-2005-2972.
\n
More information:
\n
\n

Chris Evans discovered several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2.\nOpening a specially crafted RTF file could lead to the execution of\narbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.0.2+cvs.2002.06.05-1woody3.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.2.7-3sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.4.1-1.

\n

We recommend that you upgrade your abiword package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_2.2.7-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_2.2.7-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-help_2.2.7-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_2.2.7-3sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "895": "
\n

Debian Security Advisory

\n

DSA-895-1 uim -- programming error

\n
\n
Date Reported:
\n
14 Nov 2005
\n
Affected Packages:
\n
\nuim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 331620.
In Mitre's CVE dictionary: CVE-2005-3149.
\n
More information:
\n
\n

Masanari Yamamoto discovered incorrect use of environment variables in\nuim, a flexible input method collection and library, that could lead\nto escalated privileges in setuid/setgid applications linked to\nlibuim. Affected in Debian is at least mlterm.

\n

The old stable distribution (woody) does not contain uim packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.4.6final1-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.4.7-2.

\n

We recommend that you upgrade your libuim packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/uim/uim-common_0.4.6final1-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "896": "
\n

Debian Security Advisory

\n

DSA-896-1 linux-ftpd-ssl -- buffer overflow

\n
\n
Date Reported:
\n
15 Nov 2005
\n
Affected Packages:
\n
\nlinux-ftpd-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 339074.
In Mitre's CVE dictionary: CVE-2005-3524.
\n
More information:
\n
\n

A buffer overflow has been discovered in ftpd-ssl, a simple BSD FTP\nserver with SSL encryption support, that could lead to the execution\nof arbitrary code.

\n

The old stable distribution (woody) does not contain linux-ftpd-ssl\npackages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.17.18+0.3-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17.18+0.3-5.

\n

We recommend that you upgrade your ftpd-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/linux-ftpd-ssl_0.17.18+0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd-ssl/ftpd-ssl_0.17.18+0.3-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "897": "
\n

Debian Security Advisory

\n

DSA-897-1 phpsysinfo -- programming errors

\n
\n
Date Reported:
\n
15 Nov 2005
\n
Affected Packages:
\n
\nphpsysinfo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 301118.
In Mitre's CVE dictionary: CVE-2005-0870, CVE-2005-3347, CVE-2005-3348.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpsysinfo, a PHP\nbased host information application. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-0870\n

    Maksymilian Arciemowicz discovered several cross site scripting\n problems, of which not all were fixed in DSA 724.

    • \n
  • CVE-2005-3347\n

    Christopher Kunz discovered that local variables get overwritten\n unconditionally and are trusted later, which could lead to the\n inclusion of arbitrary files.

    • \n
  • CVE-2005-3348\n

    Christopher Kunz discovered that user-supplied input is used\n unsanitised, causing a HTTP Response splitting problem.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 2.0-3woody3.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.3-4sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your phpsysinfo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.0-3woody3_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpsysinfo/phpsysinfo_2.3-4sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "898": "
\n

Debian Security Advisory

\n

DSA-898-1 phpgroupware -- programming errors

\n
\n
Date Reported:
\n
17 Nov 2005
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 301118.
In Mitre's CVE dictionary: CVE-2005-0870, CVE-2005-3347, CVE-2005-3348.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpsysinfo, a PHP\nbased host information application that is included in phpgroupware.\nThe Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-0870\n

    Maksymilian Arciemowicz discovered several cross site scripting\n problems, of which not all were fixed in\n DSA 724.

    • \n
  • CVE-2005-3347\n

    Christopher Kunz discovered that local variables get overwritten\n unconditionally and are trusted later, which could lead to the\n inclusion of arbitrary files.

    • \n
  • CVE-2005-3348\n

    Christopher Kunz discovered that user-supplied input is used\n unsanitised, causing a HTTP Response splitting problem.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.9.14-0.RC3.2.woody5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.16.005-3.sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.16.008-2.

\n

We recommend that you upgrade your phpgroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody5_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "899": "
\n

Debian Security Advisory

\n

DSA-899-1 egroupware -- programming errors

\n
\n
Date Reported:
\n
17 Nov 2005
\n
Affected Packages:
\n
\negroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 301118.
In Mitre's CVE dictionary: CVE-2005-0870, CVE-2005-2600, CVE-2005-3347, CVE-2005-3348.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in egroupware, a\nweb-based groupware suite. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2005-0870\n

    Maksymilian Arciemowicz discovered several cross site scripting\n problems in phpsysinfo, which are also present in the imported\n version in egroupware and of which not all were fixed in\n DSA 724.

    • \n
  • CVE-2005-2600\n

    Alexander Heidenreich discovered a cross-site scripting problem in\n the tree view of FUD Forum Bulletin Board Software, which is also\n present in egroupware and allows remote attackers to read private\n posts via a modified mid parameter.

    • \n
  • CVE-2005-3347\n

    Christopher Kunz discovered that local variables get overwritten\n unconditionally in phpsysinfo, which are also present in\n egroupware, and are trusted later, which could lead to the\n inclusion of arbitrary files.

    • \n
  • CVE-2005-3348\n

    Christopher Kunz discovered that user-supplied input is used\n unsanitised in phpsysinfo and imported in egroupware, causing a\n HTTP Response splitting problem.

    • \n
\n

The old stable distribution (woody) does not contain egroupware packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.0.007-2.dfsg-2sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.0.009.dfsg-3-3.

\n

We recommend that you upgrade your egroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-comic_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-email_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-forum_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ftp_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-fudforum_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-headlines_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-jinn_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-ldap_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-messenger_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpldapadmin_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projects_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-stocks_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tts_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.0.0.007-2.dfsg-2sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "900": "
\n

Debian Security Advisory

\n

DSA-900-3 fetchmail -- programming error

\n
\n
Date Reported:
\n
18 Nov 2005
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 336096.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15179.
In Mitre's CVE dictionary: CVE-2005-3088.
\n
More information:
\n
\n

Due to restrictive dependency definition for fetchmail-ssl the updated fetchmailconf\npackage couldn't be installed on the old stable distribution (woody)\ntogether with fetchmail-ssl. \u00a0Hence, this update loosens it, so that\nthe update can be pulled in. \u00a0For completeness we're including the\noriginal advisory text:

\n
\n

Thomas Wolff discovered that the fetchmailconf program which is\nprovided as part of fetchmail, an SSL enabled POP3, APOP, IMAP mail\ngatherer/forwarder, creates the new configuration in an insecure\nfashion that can lead to leaking passwords for mail accounts to local\nusers.

\n
\n

This update also fixes a regression in the package for stable caused\nby the last security update.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 5.9.11-6.4 of fetchmail and in version 5.9.11-6.3 of\nfetchmail-ssl.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.2.5-12sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.2.5.4-1.

\n

We recommend that you upgrade your fetchmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-common_5.9.11-6.4_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_5.9.11-6.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_5.9.11-6.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail-ssl/fetchmail-ssl_5.9.11-6.3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "901": "
\n

Debian Security Advisory

\n

DSA-901-1 gnump3d -- programming error

\n
\n
Date Reported:
\n
19 Nov 2005
\n
Affected Packages:
\n
\ngnump3d\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3349, CVE-2005-3355.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in gnump3d, a streaming\nserver for MP3 and OGG files. The Common Vulnerabilities and\nExposures Project identifies the following problems:

\n
    \n
  • CVE-2005-3349\n

    Ludwig Nussel discovered several temporary files that are created\n with predictable filenames in an insecure fashion and allows local\n attackers to craft symlink attacks.

    • \n
  • CVE-2005-3355\n

    Ludwig Nussel discovered that the theme parameter to HTTP\n requests may be used for path traversal.

    • \n
\n

The old stable distribution (woody) does not contain a gnump3d package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.9.3-1sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.9.8-1.

\n

We recommend that you upgrade your gnump3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnump3d/gnump3d_2.9.3-1sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "902": "
\n

Debian Security Advisory

\n

DSA-902-1 xmail -- buffer overflow

\n
\n
Date Reported:
\n
21 Nov 2005
\n
Affected Packages:
\n
\nxmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2943.
\n
More information:
\n
\n

A buffer overflow has been discovered in the sendmail program of\nxmail, an advanced, fast and reliable ESMTP/POP3 mail server that\ncould lead to the execution of arbitrary code with group mail\nprivileges.

\n

The old stable distribution (woody) does not contain xmail packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.21-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.22-1.

\n

We recommend that you upgrade your xmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail-doc_1.21-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xmail/xmail_1.21-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "903": "
\n

Debian Security Advisory

\n

DSA-903-2 unzip -- race condition

\n
\n
Date Reported:
\n
21 Nov 2005
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 321927, Bug 343680.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14450.
In Mitre's CVE dictionary: CVE-2005-2475.
\n
More information:
\n
\n

The unzip update in DSA 903 contained a regression so that symbolic\nlinks that are resolved later in a zip archive aren't supported\nanymore. \u00a0This update corrects this behaviour. \u00a0For completeness,\nbelow please find the original advisory text:

\n
\n

Imran Ghory discovered a race condition in the permissions setting\ncode in unzip. When decompressing a file in a directory an attacker\nhas access to, unzip could be tricked to set the file permissions to a\ndifferent file the user has permissions to.

\n
\n

For the old stable distribution (woody) this problem has been fixed in\nversion 5.50-1woody5.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 5.52-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.52-6.

\n

We recommend that you upgrade your unzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5.dsc
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "904": "
\n

Debian Security Advisory

\n

DSA-904-1 netpbm-free -- buffer overflows

\n
\n
Date Reported:
\n
21 Nov 2005
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3632, CVE-2005-3662.
\n
More information:
\n
\n

Greg Roelofs discovered and fixed several buffer overflows in pnmtopng\nwhich is also included in netpbm, a collection of graphic conversion\nutilities, that can lead to the execution of arbitrary code via a\nspecially crafted PNM file.

\n

For the oldstable distribution (woody) these problems have been fixed in\nversion 9.20-8.5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 10.0-8sarge2.

\n

For the unstable distribution (sid) these problems will be fixed in\nversion 10.0-11.

\n

We recommend that you upgrade your netpbm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.5.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "905": "
\n

Debian Security Advisory

\n

DSA-905-1 mantis -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Nov 2005
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 330682, Bug 335938.
In Mitre's CVE dictionary: CVE-2005-3091, CVE-2005-3335, CVE-2005-3336, CVE-2005-3338, CVE-2005-3339.
\n
More information:
\n
\n

Several security related problems have been discovered in Mantis, a\nweb-based bug tracking system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-3091\n

    A cross-site scripting vulnerability allows attackers to inject\n arbitrary web script or HTML.

    • \n
  • CVE-2005-3335\n

    A file inclusion vulnerability allows remote attackers to execute\n arbitrary PHP code and include arbitrary local files.

    • \n
  • CVE-2005-3336\n

    An SQL injection vulnerability allows remote attackers to execute\n arbitrary SQL commands.

    • \n
  • CVE-2005-3338\n

    Mantis can be tricked into displaying the otherwise hidden real\n mail address of its users.

    • \n
\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-4.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.19.3-0.1.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-4.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "906": "
\n

Debian Security Advisory

\n

DSA-906-1 sylpheed -- buffer overflows

\n
\n
Date Reported:
\n
22 Nov 2005
\n
Affected Packages:
\n
\nsylpheed\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338436.
In Mitre's CVE dictionary: CVE-2005-3354.
\n
More information:
\n
\n

Colin Leroy discovered several buffer overflows in a number of\nimporter routines in sylpheed, a light-weight e-mail client with GTK+,\nthat could lead to the execution of arbitrary code.

\n

The following matrix explains which versions fix this vulnerability

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
sylpheed0.7.4-4woody11.0.4-1sarge12.0.4-1
sylpheed-gtk1n/an/a1.0.6-1
sylpheed-claws0.7.4claws-3woody11.0.4-1sarge11.0.5-2
sylpheed-claws-gtk2n/an/a1.9.100-1
\n
\n

We recommend that you upgrade your sylpheed package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed-doc_0.7.4-4woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_0.7.4-4woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed-i18n_1.0.4-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sylpheed/sylpheed_1.0.4-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "907": "
\n

Debian Security Advisory

\n

DSA-907-1 ipmenu -- insecure temporary file

\n
\n
Date Reported:
\n
23 Nov 2005
\n
Affected Packages:
\n
\nipmenu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 244709.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10269.
In Mitre's CVE dictionary: CVE-2004-2569.
\n
More information:
\n
\n

Akira Yoshiyama noticed that ipmenu, an cursel iptables/iproute2 GUI,\ncreates a temporary file in an insecure fashion allowing a local\nattacker to overwrite arbitrary files utilising a symlink attack.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.0.3-4woody1

\n

The stable distribution (sarge) does not contain the ipmenu package.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.0.3-5.

\n

We recommend that you upgrade your ipmenu package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ipmenu/ipmenu_0.0.3-4woody1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "908": "
\n

Debian Security Advisory

\n

DSA-908-1 sylpheed-claws -- buffer overflows

\n
\n
Date Reported:
\n
23 Nov 2005
\n
Affected Packages:
\n
\nsylpheed-claws\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338436.
In Mitre's CVE dictionary: CVE-2005-3354.
\n
More information:
\n
\n

Colin Leroy discovered several buffer overflows in a number of\nimporter routines in sylpheed-claws, an extended version of the\nSylpheed mail client, that could lead to the execution of arbitrary\ncode.

\n

The following matrix explains which versions fix this vulnerability

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
sylpheed0.7.4-4woody11.0.4-1sarge12.0.4-1
sylpheed-gtk1n/an/a1.0.6-1
sylpheed-claws0.7.4claws-3woody11.0.4-1sarge11.0.5-2
sylpheed-claws-gtk2n/an/a1.9.100-1
\n
\n

We recommend that you upgrade your sylpheed-claws package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_0.7.4claws-3woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-i18n_1.0.4-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-plugins_1.0.4-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-scripts_1.0.4-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/libsylpheed-claws-dev_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-clamav_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-dillo-viewer_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-image-viewer_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-pgpmime_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-spamassassin_1.0.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sylpheed-claws/sylpheed-claws-trayicon_1.0.4-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "909": "
\n

Debian Security Advisory

\n

DSA-909-1 horde3 -- missing input sanitising

\n
\n
Date Reported:
\n
23 Nov 2005
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340323.
In Mitre's CVE dictionary: CVE-2005-3759.
\n
More information:
\n
\n

Daniel Schreckling discovered that the MIME viewer in horde3, a web\napplication suite, does not always sanitise its input leaving a\npossibility to force the return of malicious code that could be\nexecuted on the victims machine.

\n

The old stable distribution (woody) does not contain horde3 packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.0.4-4sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.0.7-1.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "910": "
\n

Debian Security Advisory

\n

DSA-910-1 zope.2.7 -- design error

\n
\n
Date Reported:
\n
24 Nov 2005
\n
Affected Packages:
\n
\nzope2.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 334055.
In Mitre's CVE dictionary: CVE-2005-3323.
\n
More information:
\n
\n

A vulnerability has been discovered in zope 2.7, an Open Source web\napplication server, that allows remote attackers to insert arbitrary\nfiles via include directives in reStructuredText functionality.

\n

The old stable distribution (woody) does not contain zope2.7 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7.5-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.7.8-1.

\n

We recommend that you upgrade your zope2.7 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "911": "
\n

Debian Security Advisory

\n

DSA-911-1 gtk+2.0 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Nov 2005
\n
Affected Packages:
\n
\ngtk+2.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 339431.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15428.
In Mitre's CVE dictionary: CVE-2005-2975, CVE-2005-2976, CVE-2005-3186.
\n
More information:
\n
\n

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf\nXPM image rendering library. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2005-2975\n

    Ludwig Nussel discovered an infinite loop when processing XPM\n images that allows an attacker to cause a denial of service via a\n specially crafted XPM file.

    • \n
  • CVE-2005-2976\n

    Ludwig Nussel discovered an integer overflow in the way XPM images\n are processed that could lead to the execution of arbitrary code\n or crash the application via a specially crafted XPM file.

    • \n
  • CVE-2005-3186\n

    \"infamous41md\" discovered an integer overflow in the XPM processing\n routine that can be used to execute arbitrary code via a traditional heap\n overflow.

    • \n
\n

The following matrix explains which versions fix these problems:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
gdk-pixbuf0.17.0-2woody30.22.0-8.10.22.0-11
gtk+2.02.0.2-5woody32.6.4-3.12.6.10-2
\n
\n

We recommend that you upgrade your gtk+2.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2-5woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.0.2-5woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.0.2-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk-common_2.0.2-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.0.2-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.0.2-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dbg_2.0.2-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.0.2-5woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "912": "
\n

Debian Security Advisory

\n

DSA-912-1 centericq -- denial of service

\n
\n
Date Reported:
\n
30 Nov 2005
\n
Affected Packages:
\n
\ncentericq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 334089.
In Mitre's CVE dictionary: CVE-2005-3694.
\n
More information:
\n
\n

Wernfried Haas discovered that centericq, a text-mode multi-protocol\ninstant messenger client, can crash when it receives certain zero\nlength packets and is directly connected to the Internet.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-4.

\n

We recommend that you upgrade your centericq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "913": "
\n

Debian Security Advisory

\n

DSA-913-1 gdk-pixbuf -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Dec 2005
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 339431.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15428.
In Mitre's CVE dictionary: CVE-2005-2975, CVE-2005-2976, CVE-2005-3186.
\n
More information:
\n
\n

Several vulnerabilities have been found in gdk-pixbuf, the Gtk+\nGdkPixBuf XPM image rendering library. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-2975\n

    Ludwig Nussel discovered an infinite loop when processing XPM\n images that allows an attacker to cause a denial of service via a\n specially crafted XPM file.

    • \n
  • CVE-2005-2976\n

    Ludwig Nussel discovered an integer overflow in the way XPM images\n are processed that could lead to the execution of arbitrary code\n or crash the application via a specially crafted XPM file.

    • \n
  • CVE-2005-3186\n

    \"infamous41md\" discovered an integer in the XPM processing routine\n that can be used to execute arbitrary code via a traditional heap\n overflow.

    • \n
\n

The following matrix explains which versions fix these problems:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0old stable (woody)stable (sarge)unstable (sid)
gdk-pixbuf0.17.0-2woody30.22.0-8.10.22.0-11
gtk+2.02.0.2-5woody32.6.4-3.12.6.10-2
\n
\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0-2woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.17.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.17.0-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.17.0-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.17.0-2woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.17.0-2woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/gdk-pixbuf_0.22.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-dev_0.22.0-8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome-dev_0.22.0-8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf-gnome2_0.22.0-8.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gdk-pixbuf/libgdk-pixbuf2_0.22.0-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "914": "
\n

Debian Security Advisory

\n

DSA-914-1 horde2 -- missing input sanitising

\n
\n
Date Reported:
\n
01 Dec 2005
\n
Affected Packages:
\n
\nhorde2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338983.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15409.
In Mitre's CVE dictionary: CVE-2005-3570.
\n
More information:
\n
\n

A vulnerability has been discovered in horde2, a web application\nsuite, that allows attackers to insert arbitrary script code into the\nerror web page.

\n

The old stable distribution (woody) does not contain horde2 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.9-1.

\n

We recommend that you upgrade your horde2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "915": "
\n

Debian Security Advisory

\n

DSA-915-1 helix-player -- buffer overflow

\n
\n
Date Reported:
\n
02 Dec 2005
\n
Affected Packages:
\n
\nhelix-player\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15381.
In Mitre's CVE dictionary: CVE-2005-2629.
\n
More information:
\n
\n

An integer overflow has been discovered in helix-player, the helix\naudio and video player. This flaw could allow a remote attacker to\nrun arbitrary code on a victims computer by supplying a specially\ncrafted network resource.

\n

The old stable distribution (woody) does not contain a helix-player\npackage.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.6-1.

\n

We recommend that you upgrade your helix-player package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/helix-player/helix-player_1.0.4-1sarge2_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "916": "
\n

Debian Security Advisory

\n

DSA-916-1 inkscape -- buffer overflow

\n
\n
Date Reported:
\n
07 Dec 2005
\n
Affected Packages:
\n
\ninkscape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 321501, Bug 330894.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14522.
In Mitre's CVE dictionary: CVE-2005-3737, CVE-2005-3885.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Inkscape, a\nvector-based drawing program. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-3737\n

    Joxean Koret discovered a buffer overflow in the SVG parsing\n routines that can lead to the execution of arbitrary code.

    • \n
  • CVE-2005-3885\n

    Javier Fern\u00e1ndez-Sanguino Pe\u00f1a noticed that the ps2epsi extension\n shell script uses a hardcoded temporary file making it vulnerable\n to symlink attacks.

    • \n
\n

The old stable distribution (woody) does not contain inkscape packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.41-4.99.sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.42.2+0.43pre1-1.

\n

We recommend that you upgrade your inkscape package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2.dsc
\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/inkscape/inkscape_0.41-4.99.sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "917": "
\n

Debian Security Advisory

\n

DSA-917-1 courier -- programming error

\n
\n
Date Reported:
\n
08 Dec 2005
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 211920.
In Mitre's CVE dictionary: CVE-2005-3532.
\n
More information:
\n
\n

Patrick Cheong Shu Yang discovered that courier-authdaemon, the\nauthentication daemon of the Courier Mail Server, grants access to\naccounts that are already deactivated.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.37.3-2.8.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.47-4sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.47-12.

\n

We recommend that you upgrade your courier packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.8.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.8.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.8_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge4.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "918": "
\n

Debian Security Advisory

\n

DSA-918-1 osh -- programming error

\n
\n
Date Reported:
\n
09 Dec 2005
\n
Affected Packages:
\n
\nosh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338312.
In Mitre's CVE dictionary: CVE-2005-3346, CVE-2005-3533.
\n
More information:
\n
\n

Several security related problems have been discovered in osh, the\noperator's shell for executing defined programs in a privileged\nenvironment. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2005-3346\n

    Charles Stevenson discovered a bug in the substitution of\n variables that allows a local attacker to open a root shell.

    • \n
  • CVE-2005-3533\n

    Solar Eclipse discovered a buffer overflow caused by the current\n working directory plus a filename that could be used to execute\n arbitrary code and e.g. open a root shell.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.7-11woody2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7-13sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.7-15, however, the package has been removed entirely.

\n

We recommend that you upgrade your osh package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2.dsc
\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-11woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/osh/osh_1.7-13sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "919": "
\n

Debian Security Advisory

\n

DSA-919-2 curl -- buffer overflow

\n
\n
Date Reported:
\n
12 Dec 2005
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342339, Bug 342696.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15756, BugTraq ID 15102, BugTraq ID 15647.
In Mitre's CVE dictionary: CVE-2005-4077, CVE-2005-3185.
\n
More information:
\n
\n

The upstream developer of curl, a multi-protocol file transfer\nlibrary, informed us that the former correction to several off-by-one\nerrors are not sufficient. For completeness please find the original\nbug description below:

\n
\n

Several problems were discovered in libcurl, a multi-protocol file\ntransfer library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-3185\n

    A buffer overflow has been discovered in libcurl\n that could allow the execution of arbitrary code.

    • \n
  • CVE-2005-4077\n

    Stefan Esser discovered several off-by-one errors that allows\n local users to trigger a buffer overflow and cause a denial of\n service or bypass PHP security restrictions via certain URLs.

    • \n
\n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 7.9.5-1woody2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 7.13.2-2sarge5. This update also includes a bugfix against\ndata corruption.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 7.15.1-1.

\n

We recommend that you upgrade your libcurl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.9.5-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl-dev_7.9.5-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl2_7.9.5-1woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.13.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.13.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.13.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.13.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gssapi_7.13.2-2sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "920": "
\n

Debian Security Advisory

\n

DSA-920-1 ethereal -- buffer overflow

\n
\n
Date Reported:
\n
13 Dec 2005
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342911.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15794.
In Mitre's CVE dictionary: CVE-2005-3651.
\n
More information:
\n
\n

A buffer overflow has been discovered in ethereal, a commonly used\nnetwork traffic analyser that causes a denial of service and may\npotentially allow the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.9.4-1woody14.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.10.10-2sarge3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody14_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "921": "
\n

Debian Security Advisory

\n

DSA-921-1 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Dec 2005
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 311164, Bug 319629, Bug 321401, Bug 322237.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14477.
In Mitre's CVE dictionary: CVE-2005-0756, CVE-2005-0757, CVE-2005-1762, CVE-2005-1767, CVE-2005-1768, CVE-2005-2456, CVE-2005-2458, CVE-2005-2459, CVE-2005-2553, CVE-2005-2801, CVE-2005-2872, CVE-2005-3275.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the\nLinux kernel that may lead to a denial of service or the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-0756\n

    Alexander Nyberg discovered that the ptrace() system call does not\n properly verify addresses on the amd64 architecture which can be\n exploited by a local attacker to crash the kernel.

    • \n
  • CVE-2005-0757\n

    A problem in the offset handling in the xattr file system code for\n ext3 has been discovered that may allow users on 64-bit systems\n that have access to an ext3 filesystem with extended attributes to\n cause the kernel to crash.

    • \n
  • CVE-2005-1762\n

    A vulnerability has been discovered in the ptrace() system call on\n the amd64 architecture that allows a local attacker to cause the\n kernel to crash.

    • \n
  • CVE-2005-1767\n

    A vulnerability has been discovered in the stack segment fault\n handler that could allow a local attacker to cause a stack exception\n that will lead the kernel to crash under certain circumstances.

    • \n
  • CVE-2005-1768\n

    Ilja van Sprundel discovered a race condition in the IA32 (x86)\n compatibility execve() systemcall for amd64 and IA64 that allows\n local attackers to cause the kernel to panic and possibly execute\n arbitrary code.

    • \n
  • CVE-2005-2456\n

    Balazs Scheidler discovered that a local attacker could call\n setsockopt() with an invalid xfrm_user policy message which would\n cause the kernel to write beyond the boundaries of an array and\n crash.

    • \n
  • CVE-2005-2458\n

    Vladimir Volovich discovered a bug in the zlib routines which are\n also present in the Linux kernel and allows remote attackers to\n crash the kernel.

    • \n
  • CVE-2005-2459\n

    Another vulnerability has been discovered in the zlib routines\n which are also present in the Linux kernel and allows remote\n attackers to crash the kernel.

    • \n
  • CVE-2005-2553\n

    A null pointer dereference in ptrace when tracing a 64-bit\n executable can cause the kernel to crash.

    • \n
  • CVE-2005-2801\n

    Andreas Gruenbacher discovered a bug in the ext2 and ext3 file\n systems. When data areas are to be shared among two inodes not\n all information were compared for equality, which could expose\n wrong ACLs for files.

    • \n
  • CVE-2005-2872\n

    Chad Walstrom discovered that the ipt_recent kernel module to stop\n SSH bruteforce attacks could cause the kernel to crash on 64-bit\n architectures.

    • \n
  • CVE-2005-3275\n

    An error in the NAT code allows remote attackers to cause a denial\n of service (memory corruption) by causing two packets for the same\n protocol to be NATed at the same time, which leads to memory\n corruption.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 3.1 (sarge)
Source2.4.27-10sarge1
Alpha architecture2.4.27-10sarge1
ARM architecture2.4.27-2sarge1
Intel IA-32 architecture2.4.27-10sarge1
Intel IA-64 architecture2.4.27-10sarge1
Motorola 680x0 architecture2.4.27-3sarge1
Big endian MIPS architecture2.4.27-10.sarge1.040815-1
Little endian MIPS architecture2.4.27-10.sarge1.040815-1
PowerPC architecture2.4.27-10sarge1
IBM S/390 architecture2.4.27-2sarge1
Sun Sparc architecture2.4.27-9sarge1
\n
\n

We recommend that you upgrade your kernel package immediately and\nreboot the machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-arm/kernel-patch-2.4.27-arm_2.4.27-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-arm/kernel-patch-2.4.27-arm_2.4.27-1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge1.040815-1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge1.040815-1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-arm/kernel-patch-2.4.27-arm_2.4.27-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge1.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge1.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge1.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge1.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-2_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390-tape_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390x_2.4.27-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge1.040815-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "922": "
\n

Debian Security Advisory

\n

DSA-922-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Dec 2005
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 309308, Bug 311164, Bug 321401, Bug 322237, Bug 322339.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14477, BugTraq ID 15527, BugTraq ID 15528, BugTraq ID 15533.
In Mitre's CVE dictionary: CVE-2004-2302, CVE-2005-0756, CVE-2005-0757, CVE-2005-1265, CVE-2005-1761, CVE-2005-1762, CVE-2005-1763, CVE-2005-1765, CVE-2005-1767, CVE-2005-2456, CVE-2005-2458, CVE-2005-2459, CVE-2005-2548, CVE-2005-2801, CVE-2005-2872, CVE-2005-3105, CVE-2005-3106, CVE-2005-3107, CVE-2005-3108, CVE-2005-3109, CVE-2005-3110, CVE-2005-3271, CVE-2005-3272, CVE-2005-3273, CVE-2005-3274, CVE-2005-3275, CVE-2005-3276.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the\nLinux kernel that may lead to a denial of service or the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2004-2302\n

    A race condition in the sysfs filesystem allows local users to\n read kernel memory and cause a denial of service (crash).

    \n
  • CVE-2005-0756\n

    Alexander Nyberg discovered that the ptrace() system call does not\n properly verify addresses on the amd64 architecture which can be\n exploited by a local attacker to crash the kernel.

    • \n
  • CVE-2005-0757\n

    A problem in the offset handling in the xattr file system code for\n ext3 has been discovered that may allow users on 64-bit systems\n that have access to an ext3 filesystem with extended attributes to\n cause the kernel to crash.

    • \n
  • CVE-2005-1265\n

    Chris Wright discovered that the mmap() function could create\n illegal memory maps that could be exploited by a local user to\n crash the kernel or potentially execute arbitrary code.

    • \n
  • CVE-2005-1761\n

    A vulnerability on the IA-64 architecture can lead local attackers\n to overwrite kernel memory and crash the kernel.

    • \n
  • CVE-2005-1762\n

    A vulnerability has been discovered in the ptrace() system call on\n the amd64 architecture that allows a local attacker to cause the\n kernel to crash.

    • \n
  • CVE-2005-1763\n

    A buffer overflow in the ptrace system call for 64-bit\n architectures allows local users to write bytes into arbitrary\n kernel memory.

    • \n
  • CVE-2005-1765\n

    Zou Nan Hai has discovered that a local user could cause the\n kernel to hang on the amd64 architecture after invoking syscall()\n with specially crafted arguments.

    • \n
  • CVE-2005-1767\n

    A vulnerability has been discovered in the stack segment fault\n handler that could allow a local attacker to cause a stack exception\n that will lead the kernel to crash under certain circumstances.

    • \n
  • CVE-2005-2456\n

    Balazs Scheidler discovered that a local attacker could call\n setsockopt() with an invalid xfrm_user policy message which would\n cause the kernel to write beyond the boundaries of an array and\n crash.

    • \n
  • CVE-2005-2458\n

    Vladimir Volovich discovered a bug in the zlib routines which are\n also present in the Linux kernel and allows remote attackers to\n crash the kernel.

    • \n
  • CVE-2005-2459\n

    Another vulnerability has been discovered in the zlib routines\n which are also present in the Linux kernel and allows remote\n attackers to crash the kernel.

    • \n
  • CVE-2005-2548\n

    Peter Sandstrom noticed that snmpwalk from a remote host could\n cause a denial of service (kernel oops from null dereference) via\n certain UDP packets that lead to a function call with the wrong\n argument.

    • \n
  • CVE-2005-2801\n

    Andreas Gruenbacher discovered a bug in the ext2 and ext3 file\n systems. When data areas are to be shared among two inodes not\n all information were compared for equality, which could expose\n wrong ACLs for files.

    • \n
  • CVE-2005-2872\n

    Chad Walstrom discovered that the ipt_recent kernel module on\n 64-bit processors such as AMD64 allows remote attackers to cause a\n denial of service (kernel panic) via certain attacks such as SSH\n brute force.

    • \n
  • CVE-2005-3105\n

    The mprotect code on Itanium IA-64 Montecito processors does not\n properly maintain cache coherency as required by the architecture,\n which allows local users to cause a denial of service and possibly\n corrupt data by modifying PTE protections.

    • \n
  • CVE-2005-3106\n

    A race condition in the thread management may allow local users to\n cause a denial of service (deadlock) when threads are sharing\n memory and waiting for a thread that has just performed an exec.

    • \n
  • CVE-2005-3107\n

    When one thread is tracing another thread that shares the same\n memory map a local user could cause a denial of service (deadlock)\n by forcing a core dump when the traced thread is in the\n TASK_TRACED state.

    • \n
  • CVE-2005-3108\n

    A bug in the ioremap() system call has been discovered on the\n amd64 architecture that could allow local users to cause a\n denial of service or an information leak when performing a lookup\n of a non-existent memory page.

    • \n
  • CVE-2005-3109\n

    The HFS and HFS+ (hfsplus) modules allow local attackers to cause\n a denial of service (oops) by using hfsplus to mount a filesystem\n that is not hfsplus.

    • \n
  • CVE-2005-3110\n

    A race condition in the ebtables netfilter module on an SMP system\n running under high load may allow remote attackers to cause a\n denial of service (crash).

    • \n
  • CVE-2005-3271\n

    Roland McGrath discovered that exec() does not properly clear\n posix-timers in multi-threaded environments, which results in a\n resource leak and could allow a large number of multiple local\n users to cause a denial of service by using more posix-timers than\n specified by the quota for a single user.

    • \n
  • CVE-2005-3272\n

    The kernel allows remote attackers to poison the bridge forwarding\n table using frames that have already been dropped by filtering,\n which can cause the bridge to forward spoofed packets.

    • \n
  • CVE-2005-3273\n

    The ioctl for the packet radio ROSE protocol does not properly\n verify the arguments when setting a new router, which allows\n attackers to trigger out-of-bounds errors.

    • \n
  • CVE-2005-3274\n

    A race condition on SMP systems allows local users to cause a\n denial of service (null dereference) by causing a connection timer\n to expire while the connection table is being flushed before the\n appropriate lock is acquired.

    • \n
  • CVE-2005-3275\n

    An error in the NAT code allows remote attackers to cause a denial\n of service (memory corruption) by causing two packets for the same\n protocol to be NATed at the same time, which leads to memory\n corruption.

    • \n
  • CVE-2005-3276\n

    A missing memory cleanup in the thread handling routines before\n copying data into userspace allows a user process to obtain\n sensitive information.

    • \n
\n

This update also contains a number of corrections for issues that\nturned out to have no security implication afterwards.

\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 3.1 (sarge)
Source2.6.8-16sarge1
Alpha architecture2.6.8-16sarge1
AMD64 architecture2.6.8-16sarge1
HP Precision architecture2.6.8-6sarge1
Intel IA-32 architecture2.6.8-16sarge1
Intel IA-64 architecture2.6.8-14sarge1
Motorola 680x0 architecture2.6.8-4sarge1
PowerPC architecture2.6.8-12sarge1
IBM S/390 architecture2.6.8-5sarge1
Sun Sparc architecture2.6.8-15sarge1
\n
\n

We recommend that you upgrade your kernel package immediately and\nreboot the machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-2_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390-tape_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390x_2.6.8-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "923": "
\n

Debian Security Advisory

\n

DSA-923-1 dropbear -- buffer overflow

\n
\n
Date Reported:
\n
19 Dec 2005
\n
Affected Packages:
\n
\ndropbear\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-4178.
\n
More information:
\n
\n

A buffer overflow has been discovered in dropbear, a lightweight SSH2\nserver and client, that may allow authenticated users to execute\narbitrary code as the server user (usually root).

\n

The old stable distribution (woody) does not contain dropbear packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.45-2sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.47-1.

\n

We recommend that you upgrade your dropbear package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0.dsc
\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dropbear/dropbear_0.45-2sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "924": "
\n

Debian Security Advisory

\n

DSA-924-1 nbd -- buffer overflow

\n
\n
Date Reported:
\n
21 Dec 2005
\n
Affected Packages:
\n
\nnbd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3534.
\n
More information:
\n
\n

Kurt Fitzner discovered a buffer overflow in nbd, the network block\ndevice client and server that could potentially allow arbitrary code on\nthe NBD server.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.2cvs20020320-3.woody.3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7.3-3sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your nbd-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.dsc
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320-3.woody.3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_1.2cvs20020320.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_1.2cvs20020320-3.woody.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_1.2cvs20020320-3.woody.3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd_2.7.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-client_2.7.3-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nbd/nbd-server_2.7.3-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "925": "
\n

Debian Security Advisory

\n

DSA-925-1 phpbb2 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Dec 2005
\n
Affected Packages:
\n
\nphpbb2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 35662, Bug 336582, Bug 336587.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15170, BugTraq ID 15243.
In Mitre's CVE dictionary: CVE-2005-3310, CVE-2005-3415, CVE-2005-3416, CVE-2005-3417, CVE-2005-3418, CVE-2005-3419, CVE-2005-3420, CVE-2005-3536, CVE-2005-3537.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpBB, a fully\nfeatured and skinnable flat webforum. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2005-3310\n

    Multiple interpretation errors allow remote authenticated users to\n inject arbitrary web script when remote avatars and avatar\n uploading are enabled.

    • \n
  • CVE-2005-3415\n

    phpBB allows remote attackers to bypass protection mechanisms that\n deregister global variables that allows attackers to manipulate\n the behaviour of phpBB.

    • \n
  • CVE-2005-3416\n

    phpBB allows remote attackers to bypass security checks when\n register_globals is enabled and the session_start function has not\n been called to handle a session.

    • \n
  • CVE-2005-3417\n

    phpBB allows remote attackers to modify global variables and\n bypass security mechanisms.

    • \n
  • CVE-2005-3418\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web scripts.

    • \n
  • CVE-2005-3419\n

    An SQL injection vulnerability allows remote attackers to execute\n arbitrary SQL commands.

    • \n
  • CVE-2005-3420\n

    phpBB allows remote attackers to modify regular expressions and\n execute PHP code via the signature_bbcode_uid parameter.

    • \n
  • CVE-2005-3536\n

    Missing input sanitising of the topic type allows remote attackers\n to inject arbitrary SQL commands.

    • \n
  • CVE-2005-3537\n

    Missing request validation permitted remote attackers to edit\n private messages of other users.

    • \n
\n

The old stable distribution (woody) does not contain phpbb2 packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.13+1-6sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.18-1.

\n

We recommend that you upgrade your phpbb2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "926": "
\n

Debian Security Advisory

\n

DSA-926-2 ketm -- buffer overflow

\n
\n
Date Reported:
\n
23 Dec 2005
\n
Affected Packages:
\n
\nketm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3535.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit Project discovered a buffer\noverflow in ketm, an old school 2D-scrolling shooter game, that can be\nexploited to execute arbitrary code with group games privileges.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.0.6-7woody0.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.0.6-17sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.0.6-17sarge1.

\n

We recommend that you upgrade your ketm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0.dsc
\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0.diff.gz
\n
http://ftp.debian.org/debian/pool/main/k/ketm/ketm_0.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-7woody0_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1.diff.gz
\n
http://ftp.debian.org/debian/pool/main/k/ketm/ketm_0.0.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm-data_0.0.6-17sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/ketm/ketm_0.0.6-17sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "927": "
\n

Debian Security Advisory

\n

DSA-927-2 tkdiff -- insecure temporary file

\n
\n
Date Reported:
\n
27 Dec 2005
\n
Affected Packages:
\n
\ntkdiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3343.
\n
More information:
\n
\n

The last update of tkdiff contained a programming error which is\nfixed by this version. \u00a0For completeness we're adding the original\nadvisory text:

\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that tkdiff, a graphical side by side \"diff\" utility,\ncreates temporary files in an insecure fashion.

\n
\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.08-3woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.0.2-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.2-4.

\n

We recommend that you upgrade your tkdiff package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_3.08-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_3.08-3woody0.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_3.08.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_3.08-3woody1_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tkdiff/tkdiff_4.0.2-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "928": "
\n

Debian Security Advisory

\n

DSA-928-1 dhis-tools-dns -- insecure temporary file

\n
\n
Date Reported:
\n
27 Dec 2005
\n
Affected Packages:
\n
\ndhis-tools-dns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3341.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that two scripts in the dhis-tools-dns package, DNS\nconfiguration utilities for a dynamic host information System, which\nare usually executed by root, create temporary files in an insecure\nfashion.

\n

The old stable distribution (woody) does not contain a dhis-tools-dns\npackage.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 5.0-3sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.0-5.

\n

We recommend that you upgrade your dhis-tools-dns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-dns_5.0-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhis-tools-dns/dhis-tools-genkeys_5.0-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "929": "
\n

Debian Security Advisory

\n

DSA-929-1 petris -- buffer overflow

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\npetris\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3540.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered a buffer\noverflow in petris, a clone of the Tetris game, which may be exploited\nto execute arbitrary code with group games privileges.

\n

The old stable distribution (woody) does not contain the petris package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-4sarge0.

\n

For the unstable distribution the package will be updated shortly.

\n

We recommend that you upgrade your petris package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0.dsc
\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/petris/petris_1.0.1-4sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "930": "
\n

Debian Security Advisory

\n

DSA-930-2 smstools -- format string attack

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\nsmstools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0083.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit project discovered a\nformat string attack in the logging code of smstools, which may be\nexploited to execute arbitrary code with root privileges.

\n

The original advisory for this issue said that the old stable\ndistribution (woody) was not affected because it did not contain\nsmstools. This was incorrect, and the only change in this updated\nadvisory is the inclusion of corrected packages for woody.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.5.0-2woody0.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.14.8-1sarge0.

\n

For the unstable distribution the package will be updated shortly.

\n

We recommend that you upgrade your smstools package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0.dsc
\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.5.0-2woody0_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0.dsc
\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/smstools/smstools_1.14.8-1sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "931": "
\n

Debian Security Advisory

\n

DSA-931-1 xpdf -- buffer overflows

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342281.
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.00-3.8.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.01-4.

\n

We recommend that you upgrade your xpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "932": "
\n

Debian Security Advisory

\n

DSA-932-1 kdegraphics -- buffer overflows

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342281.
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, that can\nlead to a denial of service by crashing the application or possibly to\nthe execution of arbitrary code. The same code is present in kpdf\nwhich is part of the kdegraphics package.

\n

The old stable distribution (woody) does not contain kpdf packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.3.2-2sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.5.0-3.

\n

We recommend that you upgrade your kpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "933": "
\n

Debian Security Advisory

\n

DSA-933-1 hylafax -- arbitrary command execution

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\nhylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3539.
\n
More information:
\n
\n

Patrice Fournier found that hylafax passes unsanitized user data in the\nnotify script, allowing users with the ability to submit jobs to run\narbitrary commands with the privileges of the hylafax server.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.1.1-4woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.2.1-5sarge3.

\n

For the unstable distribution the problem has been fixed in version\n4.2.4-2.

\n

We recommend that you upgrade your hylafax package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1-4woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.1.1-4woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.1.1-4woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.1.1-4woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.dsc
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1-5sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax_4.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-doc_4.2.1-5sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-client_4.2.1-5sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hylafax/hylafax-server_4.2.1-5sarge3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "934": "
\n

Debian Security Advisory

\n

DSA-934-1 pound -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Jan 2006
\n
Affected Packages:
\n
\npound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 307852.
In Mitre's CVE dictionary: CVE-2005-1391, CVE-2005-3751.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Pound, a reverse proxy and\nload balancer for HTTP. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-1391:\n

    Overly long HTTP Host: headers may trigger a buffer overflow in the\n add_port() function, which may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2005-3751:\n

    HTTP requests with conflicting Content-Length and Transfer-Encoding\n headers could lead to HTTP Request Smuggling Attack, which can be\n exploited to bypass packet filters or poison web caches.

    • \n
\n

The old stable distribution (woody) does not contain pound packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.8.2-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.9.4-1.

\n

We recommend that you upgrade your pound package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pound/pound_1.8.2-1sarge1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "935": "
\n

Debian Security Advisory

\n

DSA-935-1 libapache2-mod-auth-pgsql -- format string vulnerability

\n
\n
Date Reported:
\n
10 Jan 2006
\n
Affected Packages:
\n
\nlibapache2-mod-auth-pgsql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16153.
In Mitre's CVE dictionary: CVE-2005-3656.
\n
More information:
\n
\n

iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a\nlibrary used to authenticate web users against a PostgreSQL database,\ncould be used to execute arbitrary code with the privileges of the httpd\nuser.

\n

The old stable distribution (woody) does not contain\nlibapache2-mod-auth-pgsql.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.2b1-5sarge0.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your libapache2-mod-auth-pgsql package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache2-mod-auth-pgsql/libapache2-mod-auth-pgsql_2.0.2b1-5sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "936": "
\n

Debian Security Advisory

\n

DSA-936-1 libextractor -- buffer overflows

\n
\n
Date Reported:
\n
11 Jan 2006
\n
Affected Packages:
\n
\nlibextractor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in libextractor, a library to extract arbitrary meta-data\nfrom files, and which can lead to a denial of service by crashing the\napplication or possibly to the execution of arbitrary code.

\n

The old stable distribution (woody) does not contain libextractor\npackages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libextractor packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "937": "
\n

Debian Security Advisory

\n

DSA-937-1 tetex-bin -- buffer overflows

\n
\n
Date Reported:
\n
12 Jan 2006
\n
Affected Packages:
\n
\ntetex-bin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342292.
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer overflows in xpdf,\nthe Portable Document Format (PDF) suite, which is also present in\ntetex-bin, the binary files of teTeX, and which can lead to a denial of\nservice by crashing the application or possibly to the execution of\narbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.0.7+20011202-7.7.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.2-30sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.4.3-2 of poppler against which tetex-bin links.

\n

We recommend that you upgrade your tetex-bin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.7_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "938": "
\n

Debian Security Advisory

\n

DSA-938-1 koffice -- buffer overflows

\n
\n
Date Reported:
\n
12 Jan 2006
\n
Affected Packages:
\n
\nkoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in koffice, the KDE Office Suite, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.

\n

The old stable distribution (woody) does not contain koffice packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-4.sarge.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.2-6.

\n

We recommend that you upgrade your koffice package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.dsc
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "939": "
\n

Debian Security Advisory

\n

DSA-939-1 fetchmail -- programming error

\n
\n
Date Reported:
\n
13 Jan 2006
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-4348.
\n
More information:
\n
\n

Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3,\nAPOP, IMAP mail gatherer/forwarder, that can cause a crash when the\nprogram is running in multidrop mode and receives messages without\nheaders.

\n

The old stable distribution (woody) does not seem to be affected by\nthis problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.2.5-12sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.3.1-1.

\n

We recommend that you upgrade your fetchmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "940": "
\n

Debian Security Advisory

\n

DSA-940-1 gpdf -- buffer overflows

\n
\n
Date Reported:
\n
13 Jan 2006
\n
Affected Packages:
\n
\ngpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which is\nalso present in gpdf, the GNOME version of the Portable Document\nFormat viewer, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.

\n

The old stable distribution (woody) does not contain gpdf packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.2-1.2sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.10.0-2.

\n

We recommend that you upgrade your gpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "941": "
\n

Debian Security Advisory

\n

DSA-941-1 tuxpaint -- insecure temporary file

\n
\n
Date Reported:
\n
16 Jan 2006
\n
Affected Packages:
\n
\ntuxpaint\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3340.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that a script in tuxpaint, a paint program for young\nchildren, creates a temporary file in an insecure fashion.

\n

The old stable distribution (woody) does not contain tuxpaint packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.14-2sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.15b-1.

\n

We recommend that you upgrade your tuxpaint package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0.dsc
\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint-data_0.9.14-2sarge0_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tuxpaint/tuxpaint_0.9.14-2sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "942": "
\n

Debian Security Advisory

\n

DSA-942-1 albatross -- design error

\n
\n
Date Reported:
\n
16 Jan 2006
\n
Affected Packages:
\n
\nalbatross\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16252.
In Mitre's CVE dictionary: CVE-2006-0044.
\n
More information:
\n
\n

A design error has been discovered in the Albatross web application\ntoolkit that causes user supplied data to be used as part of template\nexecution and hence arbitrary code execution.

\n

The old stable distribution (woody) does not contain albatross packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.20-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.33-1.

\n

We recommend that you upgrade your albatross package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.dsc
\n
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/albatross/python-albatross-common_1.20-2_all.deb
\n
http://security.debian.org/pool/updates/main/a/albatross/python-albatross-doc_1.20-2_all.deb
\n
http://security.debian.org/pool/updates/main/a/albatross/python-albatross_1.20-2_all.deb
\n
http://security.debian.org/pool/updates/main/a/albatross/python2.2-albatross_1.20-2_all.deb
\n
http://security.debian.org/pool/updates/main/a/albatross/python2.3-albatross_1.20-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "943": "
\n

Debian Security Advisory

\n

DSA-943-1 perl -- integer overflow

\n
\n
Date Reported:
\n
16 Jan 2006
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 341542.
In Mitre's CVE dictionary: CVE-2005-3962.
\n
More information:
\n
\n

Jack Louis discovered an integer overflow in Perl, Larry Wall's\nPractical Extraction and Report Language, that allows attackers to\noverwrite arbitrary memory and possibly execute arbitrary code via\nspecially crafted content that is passed to vulnerable format strings\nof third party software.

\n

The old stable distribution (woody) does not seem to be affected by\nthis problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 5.8.4-8sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.8.7-9.

\n

We recommend that you upgrade your perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "944": "
\n

Debian Security Advisory

\n

DSA-944-1 mantis -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jan 2006
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 345288.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15842, BugTraq ID 16046.
In Mitre's CVE dictionary: CVE-2005-4238, CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, CVE-2005-4524.
\n
More information:
\n
\n

Several security related problems have been discovered in Mantis, a\nweb-based bug tracking system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2005-4238\n

    Missing input sanitising allows remote attackers to inject\n arbitrary web script or HTML.

    • \n
  • CVE-2005-4518\n

    Tobias Klein discovered that Mantis allows remote attackers to\n bypass the file upload size restriction.

    • \n
  • CVE-2005-4519\n

    Tobias Klein discovered several SQL injection vulnerabilities that\n allow remote attackers to execute arbitrary SQL commands.

    • \n
  • CVE-2005-4520\n

    Tobias Klein discovered unspecified \"port injection\"\n vulnerabilities in filters.

    • \n
  • CVE-2005-4521\n

    Tobias Klein discovered a CRLF injection vulnerability that allows\n remote attackers to modify HTTP headers and conduct HTTP response\n splitting attacks.

    • \n
  • CVE-2005-4522\n

    Tobias Klein discovered several cross-site scripting (XSS)\n vulnerabilities that allow remote attackers to inject arbitrary\n web script or HTML.

    • \n
  • CVE-2005-4523\n

    Tobias Klein discovered that Mantis discloses private bugs via\n public RSS feeds, which allows remote attackers to obtain\n sensitive information.

    • \n
  • CVE-2005-4524\n

    Tobias Klein discovered that Mantis does not properly handle \"Make\n note private\" when a bug is being resolved, which has unknown\n impact and attack vectors, probably related to an information\n leak.

    • \n
\n

The old stable distribution (woody) does not seem to be affected by\nthese problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.19.4-1.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "945": "
\n

Debian Security Advisory

\n

DSA-945-1 antiword -- insecure temporary file

\n
\n
Date Reported:
\n
17 Jan 2006
\n
Affected Packages:
\n
\nantiword\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3126.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that two scripts in antiword, utilities to convert Word\nfiles to text and Postscript, create a temporary file in an insecure\nfashion.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.32-2woody0.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.35-2sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.35-2.

\n

We recommend that you upgrade your antiword package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0.dsc
\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0.diff.gz
\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.32-2woody0_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/antiword/antiword_0.35-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "946": "
\n

Debian Security Advisory

\n

DSA-946-2 sudo -- missing input sanitising

\n
\n
Date Reported:
\n
20 Jan 2006
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342948.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16184.
In Mitre's CVE dictionary: CVE-2005-4158, CVE-2006-0151.
\n
More information:
\n
\n

The former correction to vulnerabilities in the sudo package worked\nfine but were too strict for some environments. Therefore we have\nreviewed the changes again and allowed some environment variables to\ngo back into the privileged execution environment. Hence, this\nupdate.

\n

The configuration option \"env_reset\" is now activated by default.\nIt will preserve only the environment variables HOME, LOGNAME, PATH,\nSHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE,\nLC_*, and USER in addition to the separate SUDO_* variables.

\n

For completeness please find below the original advisory text:

\n
\n

It has been discovered that sudo, a privileged program, that provides\nlimited super user privileges to specific users, passes several\nenvironment variables to the program that runs with elevated\nprivileges. In the case of include paths (e.g. for Perl, Python, Ruby\nor other scripting languages) this can cause arbitrary code to be\nexecuted as privileged user if the attacker points to a manipulated\nversion of a system library.

\n

This update alters the former behaviour of sudo and limits the number\nof supported environment variables to LC_*, LANG, LANGUAGE and TERM.\nAdditional variables are only passed through when set as env_check in\n/etc/sudoers, which might be required for some scripts to continue to\nwork.

\n
\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.6.6-1.6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.8p7-1.4.

\n

For the unstable distribution (sid) the same behaviour will be\nimplemented soon.

\n

We recommend that you upgrade your sudo package. For unstable\n\"Defaults = env_reset\" need to be added to /etc/sudoers manually.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "947": "
\n

Debian Security Advisory

\n

DSA-947-2 clamav -- heap overflow

\n
\n
Date Reported:
\n
21 Jan 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 320014.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16191.
In Mitre's CVE dictionary: CVE-2006-0162.
\n
More information:
\n
\n

A heap overflow has been discovered in ClamAV, a virus scanner, which\ncould allow an attacker to execute arbitrary code by sending a carefully\ncrafted UPX-encoded executable to a system running ClamAV. In addition,\nother potential overflows have been corrected.

\n

Packages for the ARM architecture were not available when DSA 947-1 was\nreleased; these packages are now available. Also, DSA 947-1 incorrectly\nidentified the package version which corrected these issues in the\nunstable distribution (sid).

\n

The old stable distribution (woody) does not include ClamAV.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.84-2.sarge.7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.88-1.

\n

We recommend that you upgrade your clamav package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.7_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.7_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.7_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "948": "
\n

Debian Security Advisory

\n

DSA-948-1 kdelibs -- buffer overflow

\n
\n
Date Reported:
\n
20 Jan 2006
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0019.
\n
More information:
\n
\n

Maksim Orlovich discovered that the kjs Javascript interpreter, used\nin the Konqueror web browser and in other parts of KDE, performs\ninsufficient bounds checking when parsing UTF-8 encoded Uniform Resource\nIdentifiers, which may lead to a heap based buffer overflow and the\nexecution of arbitrary code.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-6.4

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your kdelibs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "949": "
\n

Debian Security Advisory

\n

DSA-949-1 crawl -- insecure program execution

\n
\n
Date Reported:
\n
20 Jan 2006
\n
Affected Packages:
\n
\ncrawl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0045.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered a\nsecurity related problem in crawl, another console based dungeon\nexploration game in the vein of nethack and rogue. The program\nexecutes commands insecurely when saving or loading games which can\nallow local attackers to gain group games privileges.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.0.0beta23-2woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.0.0beta26-4sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.0beta26-7.

\n

We recommend that you upgrade your crawl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.dsc
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta26-4sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "950": "
\n

Debian Security Advisory

\n

DSA-950-1 cupsys -- buffer overflows

\n
\n
Date Reported:
\n
23 Jan 2006
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in CUPS, the Common UNIX\nPrinting System, and which can lead to a denial of service by crashing\nthe application or possibly to the execution of arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.1.14-5woody14.

\n

CUPS doesn't use the xpdf source anymore since 1.1.22-7, when it switched\nto using xpdf-utils for PDF processing.

\n

We recommend that you upgrade your CUPS packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.14-5woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.14-5woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.14-5woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-pstoraster_1.1.14-5woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.14-5woody14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.14-5woody14_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.1.23-10sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.1.23-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.1.23-10sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "951": "
\n

Debian Security Advisory

\n

DSA-951-2 trac -- missing input sanitising

\n
\n
Date Reported:
\n
23 Jan 2006
\n
Affected Packages:
\n
\ntrac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 348791.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15720, BugTraq ID 16198.
In Mitre's CVE dictionary: CVE-2005-4065, CVE-2005-4644.
\n
More information:
\n
\n

This update corrects the search feature in trac, an enhanced wiki\nand issue tracking system for software development projects, which\nbroke with the last security update. For completeness please find\nbelow the original advisory text:

\n
\n

Several vulnerabilities have been discovered in trac, an enhanced wiki\nand issue tracking system for software development projects. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2005-4065\n

    Due to missing input sanitising it is possible to inject arbitrary\n SQL code into the SQL statements.

    • \n
  • CVE-2005-4644\n

    A cross-site scripting vulnerability has been discovered that\n allows remote attackers to inject arbitrary web script or HTML.

    • \n
\n
\n

The old stable distribution (woody) does not contain trac packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.1-3sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.3-1.

\n

We recommend that you upgrade your trac package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.dsc
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "952": "
\n

Debian Security Advisory

\n

DSA-952-1 libapache-auth-ldap -- format string

\n
\n
Date Reported:
\n
23 Jan 2006
\n
Affected Packages:
\n
\nlibapache-auth-ldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0150.
\n
More information:
\n
\n

\"Seregorn\" discovered a format string vulnerability in the logging\nfunction of libapache-auth-ldap, an LDAP authentication module for the\nApache webserver, that can lead to the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.6.0-3.1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.0-8.1

\n

The unstable distribution (sid) does no longer contain libapache-auth-ldap.

\n

We recommend that you upgrade your libapache-auth-ldap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-3.1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-auth-ldap/libapache-auth-ldap_1.6.0-8.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "953": "
\n

Debian Security Advisory

\n

DSA-953-1 flyspray -- missing input sanitising

\n
\n
Date Reported:
\n
24 Jan 2006
\n
Affected Packages:
\n
\nflyspray\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 335997.
In Mitre's CVE dictionary: CVE-2005-3334.
\n
More information:
\n
\n

Several cross-site scripting vulnerabilities have been discovered in\nflyspray, a lightweight bug tracking system, which allows attackers to\ninsert arbitrary script code into the index page.

\n

The old stable distribution (woody) does not contain flyspray.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.7-2.1.

\n

For the testing (etch) and unstable distribution (sid) this problem has\nbeen fixed in version 0.9.8-5.

\n

We recommend that you upgrade your flyspray package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flyspray/flyspray_0.9.7-2.1.dsc
\n
http://security.debian.org/pool/updates/main/f/flyspray/flyspray_0.9.7-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flyspray/flyspray_0.9.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flyspray/flyspray_0.9.7-2.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "954": "
\n

Debian Security Advisory

\n

DSA-954-1 wine -- design flaw

\n
\n
Date Reported:
\n
25 Jan 2006
\n
Affected Packages:
\n
\nwine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 346197.
In Mitre's CVE dictionary: CVE-2006-0106.
\n
More information:
\n
\n

H D Moore has discovered that Wine, a free implementation of the Microsoft\nWindows APIs, inherits a design flaw from the Windows GDI API, which may\nlead to the execution of code through GDI escape functions in WMF files.

\n

The old stable distribution (woody) does not seem to be affected by this\nproblem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.0.20050310-1.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.2-1.

\n

We recommend that you upgrade your wine packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.dsc
\n
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wine/wine-doc_0.0.20050310-1.2_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wine/libwine_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-alsa_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-arts_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-capi_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-dev_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-jack_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-nas_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-print_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/libwine-twain_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wine/wine-utils_0.0.20050310-1.2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "955": "
\n

Debian Security Advisory

\n

DSA-955-1 mailman -- DoS

\n
\n
Date Reported:
\n
25 Jan 2006
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 339095, Bug 326024, Bug 327732.
In Mitre's CVE dictionary: CVE-2005-3573, CVE-2005-4153.
\n
More information:
\n
\n

Two denial of service bugs were found in the mailman list server. In\none, attachment filenames containing UTF8 strings were not properly\nparsed, which could cause the server to crash. In another, a message\ncontaining a bad date string could cause a server crash.

\n

The old stable distribution (woody) is not vulnerable to this issue.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.5-8sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.5-10.

\n

We recommend that you upgrade your mailman package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "956": "
\n

Debian Security Advisory

\n

DSA-956-1 lsh-server -- filedescriptor leak

\n
\n
Date Reported:
\n
26 Jan 2006
\n
Affected Packages:
\n
\nlsh-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349303.
In Mitre's CVE dictionary: CVE-2006-0353.
\n
More information:
\n
\n

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2)\nprotocol server, leaks a couple of file descriptors, related to the\nrandomness generator, to user shells which are started by lshd. A\nlocal attacker can truncate the server's seed file, which may prevent\nthe server from starting, and with some more effort, maybe also crack\nsession keys.

\n

After applying this update, you should remove the server's seed file\n(/var/spool/lsh/yarrow-seed-file) and then regenerate it with\n\"lsh-make-seed --server\" as root.

\n

For security reasons, lsh-make-seed really needs to be run from the\nconsole of the system you are running it on. If you run lsh-make-seed\nusing a remote shell, the timing information lsh-make-seed uses for\nits random seed creation is likely to be screwed. If need be, you can\ngenerate the random seed on a different system than that which it will\neventually be on, by installing the lsh-utils package and running\n\"lsh-make-seed -o my-other-server-seed-file\". You may then transfer\nthe seed to the destination system as using a secure connection.

\n

The old stable distribution (woody) may not be affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.1-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.1cdbs-4.

\n

We recommend that you upgrade your lsh-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils-doc_2.0.1-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-client_2.0.1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-server_2.0.1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lsh-utils/lsh-utils_2.0.1-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "957": "
\n

Debian Security Advisory

\n

DSA-957-2 imagemagick -- missing shell meta sanitising

\n
\n
Date Reported:
\n
26 Jan 2006
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 345238.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16093.
In Mitre's CVE dictionary: CVE-2005-4601.
\n
More information:
\n
\n

Florian Weimer discovered that delegate code in ImageMagick is\nvulnerable to shell command injection using specially crafted file\nnames. This allows attackers to encode commands inside of graphic\ncommands. With some user interaction, this is exploitable through\nGnus and Thunderbird. This update filters out the '$' character as\nwell, which was forgotten in the former update.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 5.4.4.5-1woody8.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.0.6.2-2.6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.2.4.5-0.6.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_5.4.4.5-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5_5.4.4.5-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++5-dev_5.4.4.5-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5_5.4.4.5-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick5-dev_5.4.4.5-1woody8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_5.4.4.5-1woody8_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "958": "
\n

Debian Security Advisory

\n

DSA-958-1 drupal -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jan 2006
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15674, BugTraq ID 15677, BugTraq ID 15663.
In Mitre's CVE dictionary: CVE-2005-3973, CVE-2005-3974, CVE-2005-3975.
\n
More information:
\n
\n

Several security related problems have been discovered in drupal, a\nfully-featured content management/discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2005-3973\n

    Several cross-site scripting vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2005-3974\n

    When running on PHP5, Drupal does not correctly enforce user\n privileges, which allows remote attackers to bypass the \"access\n user profiles\" permission.

    • \n
  • CVE-2005-3975\n

    An interpretation conflict allows remote authenticated users to\n inject arbitrary web script or HTML via HTML in a file with a GIF\n or JPEG file extension.

    • \n
\n

The old stable distribution (woody) does not contain drupal packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.5.6-1.

\n

We recommend that you upgrade your drupal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "959": "
\n

Debian Security Advisory

\n

DSA-959-1 unalz -- buffer overflow

\n
\n
Date Reported:
\n
30 Jan 2006
\n
Affected Packages:
\n
\nunalz\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340842.
In Mitre's CVE dictionary: CVE-2005-3862.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered that unalz, a\ndecompressor for ALZ archives, performs insufficient bounds checking\nwhen parsing file names. This can lead to arbitrary code execution if\nan attacker provides a crafted ALZ archive.

\n

The old stable distribution (woody) does not contain unalz.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.30.1

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your unalz package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.dsc
\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "960": "
\n

Debian Security Advisory

\n

DSA-960-3 libmail-audit-perl -- insecure temporary file creation

\n
\n
Date Reported:
\n
31 Jan 2006
\n
Affected Packages:
\n
\nlibmail-audit-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 344029.
In Mitre's CVE dictionary: CVE-2005-4536.
\n
More information:
\n
\n

The former update caused temporary files to be created in the current\nworking directory due to a wrong function argument. This update will\ncreate temporary files in the users home directory if HOME is set or\nin the common temporary directory otherwise, usually /tmp. For\ncompleteness below is a copy of the original advisory text:

\n
\n

Niko Tyni discovered that the Mail::Audit module, a Perl library for\ncreating simple mail filters, logs to a temporary file with a\npredictable filename in an insecure fashion when logging is turned on,\nwhich is not the case by default.

\n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 2.0-4woody3.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.1-5sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1-5.1.

\n

We recommend that you upgrade your libmail-audit-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody3.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.0-4woody3_all.deb
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-audit-tools_2.0-4woody3_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge4.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/libmail-audit-perl_2.1-5sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/libm/libmail-audit-perl/mail-audit-tools_2.1-5sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "961": "
\n

Debian Security Advisory

\n

DSA-961-1 pdfkit.framework -- buffer overflows

\n
\n
Date Reported:
\n
01 Feb 2006
\n
Affected Packages:
\n
\npdfkit.framework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdfkit.framework, the\nGNUstep framework for rendering PDF content, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.

\n

The old stable distribution (woody) does not contain pdfkit.framework\npackages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your pdfkit.framework package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "962": "
\n

Debian Security Advisory

\n

DSA-962-1 pdftohtml -- buffer overflows

\n
\n
Date Reported:
\n
01 Feb 2006
\n
Affected Packages:
\n
\npdftohtml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
\n
More information:
\n
\n

\"infamous41md\" and Chris Evans discovered several heap based buffer\noverflows in xpdf which are also present in pdftohtml, a utility that\ntranslates PDF documents into HTML format, and which can lead to a\ndenial of service by crashing the application or possibly to the\nexecution of arbitrary code.

\n

The old stable distribution (woody) does not contain pdftohtml packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your pdftohtml package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "963": "
\n

Debian Security Advisory

\n

DSA-963-1 mydns -- missing input sanitising

\n
\n
Date Reported:
\n
02 Feb 2006
\n
Affected Packages:
\n
\nmydns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 348826.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16431.
In Mitre's CVE dictionary: CVE-2006-0351.
\n
More information:
\n
\n

NISCC reported that MyDNS, a DNS server using an SQL database for data\nstorage, can be tricked into an infinite loop by a remote attacker and\nhence cause a denial of service condition.

\n

The old stable distribution (woody) does not contain mydns packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.0-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.0+pre-3.

\n

We recommend that you upgrade your mydns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-common_1.0.0-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "964": "
\n

Debian Security Advisory

\n

DSA-964-1 gnocatan -- buffer overflow

\n
\n
Date Reported:
\n
03 Feb 2006
\n
Affected Packages:
\n
\ngnocatan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 350237.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16429.
In Mitre's CVE dictionary: CVE-2006-0467.
\n
More information:
\n
\n

A problem has been discovered in gnocatan, the computer version of the\nsettlers of Catan boardgame, that can lead the server and other clients\nto exit via an assert, and hence does not permit the execution of\narbitrary code. The game has been renamed into Pioneers after the\nrelease of Debian sarge.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.6.1-5woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.59-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.49-1 of pioneers.

\n

We recommend that you upgrade your gnocatan and pioneers packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1-5woody3.dsc
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1-5woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-data_0.6.1-5woody3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-help_0.6.1-5woody3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.6.1-5woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server_0.6.1-5woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.8.1.59-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.8.1.59-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan_0.8.1.59.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-help_0.8.1.59-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-data_0.8.1.59-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-ai_0.8.1.59-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-client_0.8.1.59-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-meta-server_0.8.1.59-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-console_0.8.1.59-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnocatan/gnocatan-server-gtk_0.8.1.59-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "965": "
\n

Debian Security Advisory

\n

DSA-965-1 ipsec-tools -- null dereference

\n
\n
Date Reported:
\n
06 Feb 2006
\n
Affected Packages:
\n
\nipsec-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340584.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15523.
In Mitre's CVE dictionary: CVE-2005-3732.
\n
More information:
\n
\n

The Internet Key Exchange version 1 (IKEv1) implementation in racoon\nfrom ipsec-tools, IPsec tools for Linux, try to dereference a NULL\npointer under certain conditions which allows a remote attacker to\ncause a denial of service.

\n

The old stable distribution (woody) does not contain ipsec-tools.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.5.2-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.3-1.

\n

We recommend that you upgrade your racoon package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.5.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.5.2-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "966": "
\n

Debian Security Advisory

\n

DSA-966-1 adzapper -- denial of service

\n
\n
Date Reported:
\n
09 Feb 2006
\n
Affected Packages:
\n
\nadzapper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 350308.
In Mitre's CVE dictionary: CVE-2006-0046.
\n
More information:
\n
\n

Thomas Reifferscheid discovered that adzapper, a proxy advertisement\nzapper add-on, when installed as plugin in squid, the Internet object\ncache, can consume a lot of CPU resources and hence cause a denial of\nservice on the proxy host.

\n

The old stable distribution (woody) does not contain an adzapper package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 20050316-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 20060115-1.

\n

We recommend that you upgrade your adzapper package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/adzapper/adzapper_20050316-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "967": "
\n

Debian Security Advisory

\n

DSA-967-1 elog -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2006
\n
Affected Packages:
\n
\nelog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349528.
In Mitre's CVE dictionary: CVE-2005-4439, CVE-2006-0347, CVE-2006-0348, CVE-2006-0597, CVE-2006-0598, CVE-2006-0599, CVE-2006-0600.
\n
More information:
\n
\n

Several security problems have been found in elog, an electronic logbook\nto manage notes. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:

\n
    \n
  • CVE-2005-4439\n

    \"GroundZero Security\" discovered that elog insufficiently checks the\n size of a buffer used for processing URL parameters, which might lead\n to the execution of arbitrary code.

    • \n
  • CVE-2006-0347\n

    It was discovered that elog contains a directory traversal vulnerability\n in the processing of \"../\" sequences in URLs, which might lead to\n information disclosure.

    • \n
  • CVE-2006-0348\n

    The code to write the log file contained a format string vulnerability,\n which might lead to the execution of arbitrary code.

    • \n
  • CVE-2006-0597\n

    Overly long revision attributes might trigger a crash due to a buffer\n overflow.

    • \n
  • CVE-2006-0598\n

    The code to write the log file does not enforce bounds checks properly,\n which might lead to the execution of arbitrary code.

    • \n
  • CVE-2006-0599\n

    elog emitted different errors messages for invalid passwords and invalid\n users, which allows an attacker to probe for valid user names.

    • \n
  • CVE-2006-0600\n

    An attacker could be driven into infinite redirection with a crafted\n \"fail\" request, which has denial of service potential.

    • \n
\n

The old stable distribution (woody) does not contain elog packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.5.7+r1558-4+sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.1+r1642-1.

\n

We recommend that you upgrade your elog package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2.dsc
\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "968": "
\n

Debian Security Advisory

\n

DSA-968-1 noweb -- insecure temporary file

\n
\n
Date Reported:
\n
13 Feb 2006
\n
Affected Packages:
\n
\nnoweb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3342.
\n
More information:
\n
\n

Javier Fern\u00e1ndez-Sanguino Pe\u00f1a from the Debian Security Audit project\ndiscovered that a script in noweb, a web like literate-programming\ntool, creates a temporary file in an insecure fashion.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.9a-7.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.10c-3.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.10c-3.2.

\n

We recommend that you upgrade your nowebm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.4.dsc
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a-7.4.diff.gz
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.9a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.9a-7.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.10c-3.2.dsc
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.10c-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/noweb/noweb_2.10c.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/noweb/nowebm_2.10c-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "969": "
\n

Debian Security Advisory

\n

DSA-969-1 scponly -- design error

\n
\n
Date Reported:
\n
13 Feb 2006
\n
Affected Packages:
\n
\nscponly\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 344418.
In Mitre's CVE dictionary: CVE-2005-4532, CVE-2005-4533.
\n
More information:
\n
\n

Max Vozeler discovered a vulnerability in scponly, a utility to\nrestrict user commands to scp and sftp, that could lead to the\nexecution of arbitrary commands as root. The system is only vulnerable\nif the program scponlyc is installed setuid root and if regular users\nhave shell access to the machine.

\n

The old stable distribution (woody) does not contain an scponly package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.0-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.6-1.

\n

We recommend that you upgrade your scponly package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "970": "
\n

Debian Security Advisory

\n

DSA-970-1 kronolith -- missing input sanitising

\n
\n
Date Reported:
\n
14 Feb 2006
\n
Affected Packages:
\n
\nkronolith\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342943, Bug 349261.
In Mitre's CVE dictionary: CVE-2005-4189.
\n
More information:
\n
\n

Johannes Greil of SEC Consult discovered several cross-site scripting\nvulnerabilities in kronolith, the Horde calendar application.

\n

The old stable distribution (woody) does not contain kronolith packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.1.4-2sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.6-1 of kronolith2.

\n

We recommend that you upgrade your kronolith and kronolith2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kronolith/kronolith_1.1.4-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kronolith/kronolith_1.1.4-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kronolith/kronolith_1.1.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kronolith/kronolith_1.1.4-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "971": "
\n

Debian Security Advisory

\n

DSA-971-1 xpdf -- buffer overflow

\n
\n
Date Reported:
\n
14 Feb 2006
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 350783, Bug 350785.
In Mitre's CVE dictionary: CVE-2006-0301.
\n
More information:
\n
\n

SuSE researchers discovered heap overflow errors in xpdf, the Portable\nDocument Format (PDF) suite, that can allow attackers to cause a\ndenial of service by crashing the application or possibly execute\narbitrary code.

\n

The old stable distribution (woody) is not affected.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.01-6.

\n

We recommend that you upgrade your xpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.5.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "972": "
\n

Debian Security Advisory

\n

DSA-972-1 pdfkit.framework -- buffer overflows

\n
\n
Date Reported:
\n
15 Feb 2006
\n
Affected Packages:
\n
\npdfkit.framework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0301.
\n
More information:
\n
\n

SuSE researchers discovered heap overflow errors in xpdf, the Portable\nDocument Format (PDF) suite, which is also present in\npdfkit.framework, the GNUstep framework for rendering PDF content, and\nwhich can allow attackers to cause a denial of service by crashing the\napplication or possibly execute arbitrary code.

\n

The old stable distribution (woody) does not contain pdfkit.framework\npackages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8-4 by switching to poppler.

\n

We recommend that you upgrade your pdfkit.framework package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "973": "
\n

Debian Security Advisory

\n

DSA-973-1 otrs -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Feb 2006
\n
Affected Packages:
\n
\notrs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340352.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15537.
In Mitre's CVE dictionary: CVE-2005-3893, CVE-2005-3894, CVE-2005-3895.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in otrs, the Open Ticket\nRequest System, that can be exploited remotely. The Common\nVulnerabilities and Exposures Project identifies the following\nproblems:

\n
    \n
  • CVE-2005-3893\n

    Multiple SQL injection vulnerabilities allow remote attackers to\n execute arbitrary SQL commands and bypass authentication.

    • \n
  • CVE-2005-3894\n

    Multiple cross-site scripting vulnerabilities allow remote\n authenticated users to inject arbitrary web script or HTML.

    • \n
  • CVE-2005-3895\n

    Internally attached text/html mails are rendered as HTML when the\n queue moderator attempts to download the attachment, which allows\n remote attackers to execute arbitrary web script or HTML.

    • \n
\n

The old stable distribution (woody) does not contain OTRS packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.2p01-6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.4p01-1.

\n

We recommend that you upgrade your otrs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6.dsc
\n
http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/otrs/otrs-doc-de_1.3.2p01-6_all.deb
\n
http://security.debian.org/pool/updates/main/o/otrs/otrs-doc-en_1.3.2p01-6_all.deb
\n
http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "974": "
\n

Debian Security Advisory

\n

DSA-974-1 gpdf -- buffer overflows

\n
\n
Date Reported:
\n
15 Feb 2006
\n
Affected Packages:
\n
\ngpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0301.
\n
More information:
\n
\n

SuSE researchers discovered heap overflow errors in xpdf, the Portable\nDocument Format (PDF) suite, which is also present in gpdf, the GNOME\nversion of the Portable Document Format viewer, and which can allow\nattackers to cause a denial of service by crashing the application or\npossibly execute arbitrary code.

\n

The old stable distribution (woody) does not contain gpdf packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.2-1.2sarge3.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your gpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "975": "
\n

Debian Security Advisory

\n

DSA-975-1 nfs-user-server -- buffer overflow

\n
\n
Date Reported:
\n
15 Feb 2006
\n
Affected Packages:
\n
\nnfs-user-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 350020.
In Mitre's CVE dictionary: CVE-2006-0043.
\n
More information:
\n
\n

Marcus Meissner discovered that attackers can trigger a buffer overflow\nin the path handling code by creating or abusing existing symlinks, which\nmay lead to the execution of arbitrary code.

\n

This vulnerability isn't present in the kernel NFS server.

\n

This update includes a bugfix for attribute handling of symlinks. This\nfix does not have security implications, but at the time when this DSA\nwas prepared it was already queued for the next stable point release, so\nwe decided to include it beforehand.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.2beta47-12woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2beta47-20sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2beta47-22.

\n

We recommend that you upgrade your nfs-user-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.dsc
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.dsc
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "976": "
\n

Debian Security Advisory

\n

DSA-976-1 libast -- buffer overflow

\n
\n
Date Reported:
\n
15 Feb 2006
\n
Affected Packages:
\n
\nlibast, libast1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0224.
\n
More information:
\n
\n

Johnny Mast discovered a buffer overflow in libast, the library of\nassorted spiffy things, that can lead to the execution of arbitrary\ncode. This library is used by eterm which is installed setgid uid\nwhich leads to a vulnerability to alter the utmp file.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.4-3woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6-0pre2003010606sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your libast packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.dsc
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1_0.4-3woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libast1/libast1-dev_0.4-3woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libast/libast_0.6-0pre2003010606sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0pre2003010606sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "977": "
\n

Debian Security Advisory

\n

DSA-977-1 heimdal -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2006
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0582, CVE-2006-0677.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in heimdal, a free\nimplementation of Kerberos 5. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-0582\n

    Privilege escalation in the rsh server allows an authenticated\n attacker to overwrite arbitrary files and gain ownership of them.

    • \n
  • CVE-2006-0677\n

    A remote attacker could force the telnet server to crash before\n the user logged in, resulting in inetd turning telnetd off because\n it forked too fast.

    • \n
\n

The old stable distribution (woody) does not expose rsh and telnet servers.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.6.3-10sarge2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your heimdal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal_0.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-docs_0.6.3-10sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-clients-x_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-dev_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-kdc_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/heimdal-servers-x_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libasn1-6-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libgssapi1-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libhdb7-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkafs0-heimdal_0.6.3-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heimdal/libkrb5-17-heimdal_0.6.3-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "978": "
\n

Debian Security Advisory

\n

DSA-978-1 gnupg -- programming error

\n
\n
Date Reported:
\n
17 Feb 2006
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0455.
\n
More information:
\n
\n

Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP\nreplacement, verifies external signatures of files successfully even\nthough they don't contain a signature at all.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.0.6-4woody4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your gnupg package.

\n

Please note that this security advisory has been superseded by\nDSA 993. Therefore, the\nupdated packages are no longer available from this page.

\n
\n
\n
\n
", "979": "
\n

Debian Security Advisory

\n

DSA-979-1 pdfkit.framework -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Feb 2006
\n
Affected Packages:
\n
\npdfkit.framework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16748.
In Mitre's CVE dictionary: CVE-2006-1244.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nthe Portable Document Format (PDF) suite, which are also present in\npdfkit.framework, the GNUstep framework for rendering PDF content.

\n

The old stable distribution (woody) does not contain pdfkit.framework\npackages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8-2sarge3.

\n

The unstable distribution (sid) is not affected by these problems.

\n

We recommend that you upgrade your pdfkit.framework package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "980": "
\n

Debian Security Advisory

\n

DSA-980-1 tutos -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2006
\n
Affected Packages:
\n
\ntutos\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318633.
In Mitre's CVE dictionary: CVE-2004-2161, CVE-2004-2162.
\n
More information:
\n
\n

Joxean Koret discovered several security problems in tutos, a web-based\nteam organization software. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:

\n
    \n
  • CVE-2004-2161\n

    An SQL injection vulnerability allows the execution of SQL commands\n through the link_id parameter in file_overview.php.

    • \n
  • CVE-2004-2162\n

    Cross-Site-Scripting vulnerabilities in the search function of the\n address book and in app_new.php allow the execution of web script\n code.

    • \n
\n

The old stable distribution (woody) does not contain tutos packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.1.20031017-2+1sarge1.

\n

The unstable distribution (sid) does no longer contain tutos packages.

\n

We recommend that you upgrade your tutos package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "981": "
\n

Debian Security Advisory

\n

DSA-981-1 bmv -- integer overflow

\n
\n
Date Reported:
\n
26 Feb 2006
\n
Affected Packages:
\n
\nbmv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 335497.
In Mitre's CVE dictionary: CVE-2005-3278.
\n
More information:
\n
\n

\"felinemalice\" discovered an integer overflow in BMV, a post script viewer\nfor SVGAlib, that may lead to the execution of arbitrary code through\nspecially crafted Postscript files.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.2-14.3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2-17sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2-18.

\n

We recommend that you upgrade your bmv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3.dsc
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-14.3_i386.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bmv/bmv_1.2-17sarge1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "982": "
\n

Debian Security Advisory

\n

DSA-982-1 gpdf -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Feb 2006
\n
Affected Packages:
\n
\ngpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16748.
In Mitre's CVE dictionary: CVE-2006-1244.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nwhich are also present in gpdf, the Portable Document Format (PDF)\nviewer with Gtk bindings.

\n

The old stable distribution (woody) does not contain gpdf packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.2-1.2sarge4.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your gpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "983": "
\n

Debian Security Advisory

\n

DSA-983-1 pdftohtml -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Feb 2006
\n
Affected Packages:
\n
\npdftohtml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16748.
In Mitre's CVE dictionary: CVE-2006-1244.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nwhich are also present in pdftohtml, a utility that translates PDF\ndocuments into HTML format.

\n

The old stable distribution (woody) does not contain pdftohtml packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.36-11sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.36-12.

\n

We recommend that you upgrade your pdftohtml package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "984": "
\n

Debian Security Advisory

\n

DSA-984-1 xpdf -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Mar 2006
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16748.
In Mitre's CVE dictionary: CVE-2006-1244.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nthe Portable Document Format (PDF) suite.

\n

The old stable distribution (woody) does not seem to be affected.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.00-13.6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.01-7.

\n

We recommend that you upgrade your xpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "985": "
\n

Debian Security Advisory

\n

DSA-985-1 libtasn1-2 -- buffer overflows

\n
\n
Date Reported:
\n
06 Mar 2006
\n
Affected Packages:
\n
\nlibtasn1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16568.
In Mitre's CVE dictionary: CVE-2006-0645.
\n
More information:
\n
\n

Evgeny Legerov discovered several out-of-bounds memory accesses in the\nDER decoding component of the Tiny ASN.1 Library that allows\nattackers to crash the DER decoder and possibly execute arbitrary code.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2_0.2.10-3sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your libtasn1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2_0.2.10-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "986": "
\n

Debian Security Advisory

\n

DSA-986-1 gnutls11 -- buffer overflows

\n
\n
Date Reported:
\n
06 Mar 2006
\n
Affected Packages:
\n
\ngnutls11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16568.
In Mitre's CVE dictionary: CVE-2006-0645.
\n
More information:
\n
\n

Evgeny Legerov discovered several out-of-bounds memory accesses in the\nDER decoding component of the Tiny ASN.1 Library, which is\nalso present and used in GnuTLS, the GNU implementation for Transport\nLayer Security (TLS) 1.0 and Secure Sockets Layer (SSL) 3.0 protocols\nand which allows attackers to crash the DER decoder and possibly\nexecute arbitrary code.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.16-13.2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your gnutls packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "987": "
\n

Debian Security Advisory

\n

DSA-987-1 tar -- buffer overflow

\n
\n
Date Reported:
\n
07 Mar 2006
\n
Affected Packages:
\n
\ntar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 314805.
In Mitre's CVE dictionary: CVE-2006-0300.
\n
More information:
\n
\n

Jim Meyering discovered several buffer overflows in GNU tar, which may\nlead to the execution of arbitrary code through specially crafted tar\narchives.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.14-2.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.15.1-3.

\n

We recommend that you upgrade your tar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1.dsc
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "988": "
\n

Debian Security Advisory

\n

DSA-988-1 squirrelmail -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Mar 2006
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 354062, Bug 354063, Bug 354064, Bug 355424.
In Mitre's CVE dictionary: CVE-2006-0377, CVE-2006-0195, CVE-2006-0188.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Squirrelmail, a\ncommonly used webmail system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2006-0188\n

    Martijn Brinkers and Ben Maurer found a flaw in webmail.php that\n allows remote attackers to inject arbitrary web pages into the right\n frame via a URL in the right_frame parameter.

    • \n
  • CVE-2006-0195\n

    Martijn Brinkers and Scott Hughes discovered an interpretation\n conflict in the MagicHTML filter that allows remote attackers to\n conduct cross-site scripting (XSS) attacks via style sheet\n specifiers with invalid (1) \"/*\" and \"*/\" comments, or (2) slashes\n inside the \"url\" keyword, which is processed by some web browsers\n including Internet Explorer.

    • \n
  • CVE-2006-0377\n

    Vicente Aguilera of Internet Security Auditors, S.L. discovered a\n CRLF injection vulnerability, which allows remote attackers to\n inject arbitrary IMAP commands via newline characters in the mailbox\n parameter of the sqimap_mailbox_select command, aka \"IMAP\n injection.\" There's no known way to exploit this yet.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.2.6-5.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2:1.4.4-8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2:1.4.6-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-5_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-8_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "989": "
\n

Debian Security Advisory

\n

DSA-989-1 zoph -- SQL injection

\n
\n
Date Reported:
\n
09 Mar 2006
\n
Affected Packages:
\n
\nzoph\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 350717.
In Mitre's CVE dictionary: CVE-2006-0402.
\n
More information:
\n
\n

Neil McBride discovered that Zoph, a web based photo management system\nperforms insufficient sanitising for input passed to photo searches, which\nmay lead to the execution of SQL commands through a SQL injection attack.

\n

The old stable distribution (woody) does not contain zoph packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.3.3-12sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5-1.

\n

We recommend that you upgrade your zoph package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.dsc
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "990": "
\n

Debian Security Advisory

\n

DSA-990-1 bluez-hcidump -- programming error

\n
\n
Date Reported:
\n
10 Mar 2006
\n
Affected Packages:
\n
\nbluez-hcidump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 351881.
In Mitre's CVE dictionary: CVE-2006-0670.
\n
More information:
\n
\n

A denial of service condition has been discovered in bluez-hcidump, a\nutility that analyses Bluetooth HCI packets, which can be triggered\nremotely.

\n

The old stable distribution (woody) does not contain bluez-hcidump packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.17-1sarge1

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.30-1.

\n

We recommend that you upgrade your bluez-hcidump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bluez-hcidump/bluez-hcidump_1.17-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "991": "
\n

Debian Security Advisory

\n

DSA-991-1 zoo -- buffer overflow

\n
\n
Date Reported:
\n
10 Mar 2006
\n
Affected Packages:
\n
\nzoo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16790.
In Mitre's CVE dictionary: CVE-2006-0855.
\n
More information:
\n
\n

Jean-S\u00e9bastien Guay-Leroux discovered a buffer overflow in zoo, a\nutility to manipulate zoo archives, that could lead to the execution\nof arbitrary code when unpacking a specially crafted zoo archive.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.10-9woody0.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.10-11sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.10-17.

\n

We recommend that you upgrade your zoo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.dsc
\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0.diff.gz
\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/z/zoo/zoo_2.10-9woody0_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.dsc
\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zoo/zoo_2.10-11sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "992": "
\n

Debian Security Advisory

\n

DSA-992-1 ffmpeg -- buffer overflow

\n
\n
Date Reported:
\n
10 Mar 2006
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342207.
In Mitre's CVE dictionary: CVE-2005-4048.
\n
More information:
\n
\n

Simon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.

\n

The old stable distribution (woody) doesn't contain ffmpeg packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.cvs20050313-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.cvs20050918-5.1.

\n

We recommend that you upgrade your ffmpeg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "993": "
\n

Debian Security Advisory

\n

DSA-993-2 gnupg -- programming error

\n
\n
Date Reported:
\n
10 Mar 2006
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0049.
\n
More information:
\n
\n

Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP\nreplacement, can be tricked to emit a \"good signature\" status message\nwhen a valid signature is included which does not belong to the data\npacket. This update basically adds fixed packages for woody whose\nversion turned out to be vulnerable as well.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.0.6-4woody5.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.2.2-1.

\n

We recommend that you upgrade your gnupg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "994": "
\n

Debian Security Advisory

\n

DSA-994-1 freeciv -- denial of service

\n
\n
Date Reported:
\n
13 Mar 2006
\n
Affected Packages:
\n
\nfreeciv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 355211.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16975.
In Mitre's CVE dictionary: CVE-2006-0047.
\n
More information:
\n
\n

Luigi Auriemma discovered a denial of service condition in the free\nCivilization server that allows a remote user to trigger a server\ncrash.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.1-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.8-1.

\n

We recommend that you upgrade your freeciv-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-data_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-gtk_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-xaw3d_2.0.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "995": "
\n

Debian Security Advisory

\n

DSA-995-1 metamail -- buffer overflow

\n
\n
Date Reported:
\n
13 Mar 2006
\n
Affected Packages:
\n
\nmetamail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 352482.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16611.
In Mitre's CVE dictionary: CVE-2006-0709.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered a buffer overflow in metamail, an\nimplementation of MIME (Multi-purpose Internet Mail Extensions), that\ncould lead to a denial of service or potentially execute arbitrary\ncode when processing messages.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.7-45woody.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7-47sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.7-51.

\n

We recommend that you upgrade your metamail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4.dsc
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-45woody.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/metamail/metamail_2.7-47sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "996": "
\n

Debian Security Advisory

\n

DSA-996-1 libcrypt-cbc-perl -- programming error

\n
\n
Date Reported:
\n
13 Mar 2006
\n
Affected Packages:
\n
\nlibcrypt-cbc-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0898.
\n
More information:
\n
\n

Lincoln Stein discovered that the Perl Crypt::CBC module produces weak\nciphertext when used with block encryption algorithms with blocksize >\n8 bytes.

\n

The old stable distribution (woody) does not contain a Crypt::CBC module.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.12-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.17-1.

\n

We recommend that you upgrade your libcrypt-cbc-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/libcrypt-cbc-perl_2.12-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/libcrypt-cbc-perl_2.12-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/libcrypt-cbc-perl_2.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/libcrypt-cbc-perl_2.12-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "997": "
\n

Debian Security Advisory

\n

DSA-997-1 bomberclone -- buffer overflows

\n
\n
Date Reported:
\n
13 Mar 2006
\n
Affected Packages:
\n
\nbomberclone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16697.
In Mitre's CVE dictionary: CVE-2006-0460.
\n
More information:
\n
\n

Stefan Cornelius of Gentoo Security discovered that bomberclone, a\nfree Bomberman-like game, crashes when receiving overly long error\npackets, which may also allow remote attackers to execute arbitrary\ncode.

\n

The old stable distribution (woody) does not contain bomberclone packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.11.5-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.11.6.2-1.

\n

We recommend that you upgrade your bomberclone package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone-data_0.11.5-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "998": "
\n

Debian Security Advisory

\n

DSA-998-1 libextractor -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Mar 2006
\n
Affected Packages:
\n
\nlibextractor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nwhich are also present in libextractor, a library to extract arbitrary\nmeta-data from files.

\n

The old stable distribution (woody) does not contain libextractor packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.4.2-2sarge3.

\n

For the unstable distribution (sarge) these problems have been fixed in\nversion 0.5.10-1.

\n

We recommend that you upgrade your libextractor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "999": "
\n

Debian Security Advisory

\n

DSA-999-1 lurker -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Mar 2006
\n
Affected Packages:
\n
\nlurker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1062, CVE-2006-1063, CVE-2006-1064.
\n
More information:
\n
\n

Several security related problems have been discovered in lurker, an\narchive tool for mailing lists with integrated search engine. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-1062\n

    Lurker's mechanism for specifying configuration files was\n vulnerable to being overridden. As lurker includes sections of\n unparsed config files in its output, an attacker could manipulate\n lurker into reading any file readable by the www-data user.

    • \n
  • CVE-2006-1063\n

    It is possible for a remote attacker to create or overwrite files\n in any writable directory that is named \"mbox\".

    • \n
  • CVE-2006-1064\n

    Missing input sanitising allows an attacker to inject arbitrary\n web script or HTML.

    • \n
\n

The old stable distribution (woody) does not contain lurker packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.2-5sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1-1.

\n

We recommend that you upgrade your lurker package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lurker/lurker_1.2-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1000": "
\n

Debian Security Advisory

\n

DSA-1000-2 libapreq2-perl -- design error

\n
\n
Date Reported:
\n
14 Mar 2006
\n
Affected Packages:
\n
\nlibapreq2-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 354060, Bug 358689.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16710.
In Mitre's CVE dictionary: CVE-2006-0042.
\n
More information:
\n
\n

Gunnar Wolf noticed that the correction for the following problem was\nnot complete and requires an update. For completeness we're\nproviding the original problem description:

\n
\n

An algorithm weakness has been discovered in Apache2::Request, the\ngeneric request library for Apache2 which can be exploited remotely\nand cause a denial of service via CPU consumption.

\n
\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.04-dev-1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.07-1.

\n

We recommend that you upgrade your libapreq2, libapache2-mod-apreq2\nand libapache2-request-perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapreq2-perl_2.04-dev.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapreq2-perl/libapache2-request-perl_2.04-dev-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1001": "
\n

Debian Security Advisory

\n

DSA-1001-1 crossfire -- buffer overflow

\n
\n
Date Reported:
\n
14 Mar 2006
\n
Affected Packages:
\n
\ncrossfire\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1010.
\n
More information:
\n
\n

It was discovered that Crossfire, a multiplayer adventure game, performs\ninsufficient bounds checking on network packets when run in \"oldsocketmode\",\nwhich may possibly lead to the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.1.0-1woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.0.dfsg.1-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9.0-1.

\n

We recommend that you upgrade your crossfire packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1002": "
\n

Debian Security Advisory

\n

DSA-1002-1 webcalendar -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Mar 2006
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 341208, Bug 342090.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15606, BugTraq ID 15608, BugTraq ID 15662, BugTraq ID 15673.
In Mitre's CVE dictionary: CVE-2005-3949, CVE-2005-3961, CVE-2005-3982.
\n
More information:
\n
\n

Several security related problems have been discovered in webcalendar,\na PHP based multi-user calendar. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2005-3949\n

    Multiple SQL injection vulnerabilities allow remote attackers to\n execute arbitrary SQL commands.

    • \n
  • CVE-2005-3961\n

    Missing input sanitising allows an attacker to overwrite local\n files.

    • \n
  • CVE-2005-3982\n

    A CRLF injection vulnerability allows remote attackers to modify\n HTTP headers and conduct HTTP response splitting attacks.

    • \n
\n

The old stable distribution (woody) does not contain webcalendar packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.45-4sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.2-1.

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1003": "
\n

Debian Security Advisory

\n

DSA-1003-1 xpvm -- insecure temporary file

\n
\n
Date Reported:
\n
16 Mar 2006
\n
Affected Packages:
\n
\nxpvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318285.
In Mitre's CVE dictionary: CVE-2005-2240.
\n
More information:
\n
\n

Eric Romang discovered that xpvm, a graphical console and monitor for\nPVM, creates a temporary file that allows local attackers to create or\noverwrite arbitrary files with the privileges of the user running\nxpvm.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.2.5-7.2woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.5-7.3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.5-8.

\n

We recommend that you upgrade your xpvm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.2woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpvm/xpvm_1.2.5-7.3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1004": "
\n

Debian Security Advisory

\n

DSA-1004-1 vlc -- buffer overflow

\n
\n
Date Reported:
\n
16 Mar 2006
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342208.
In Mitre's CVE dictionary: CVE-2005-4048.
\n
More information:
\n
\n

Simon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nThe vlc media player links statically against libavcodec.

\n

The old stable distribution (woody) isn't affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.svn20050314-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.4.debian-2.

\n

We recommend that you upgrade your vlc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1005": "
\n

Debian Security Advisory

\n

DSA-1005-1 xine-lib -- buffer overflow

\n
\n
Date Reported:
\n
16 Mar 2006
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 342208.
In Mitre's CVE dictionary: CVE-2005-4048.
\n
More information:
\n
\n

Simon Kilvington discovered that specially crafted PNG images can trigger\na heap overflow in libavcodec, the multimedia library of ffmpeg, which may\nlead to the execution of arbitrary code.\nxine-lib includes a local copy of libavcodec.

\n

The old stable distribution (woody) isn't affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.1-1.5.

\n

We recommend that you upgrade your xine-lib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1006": "
\n

Debian Security Advisory

\n

DSA-1006-1 wzdftpd -- missing input sanitising

\n
\n
Date Reported:
\n
16 Mar 2006
\n
Affected Packages:
\n
\nwzdftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3081.
\n
More information:
\n
\n

\"kcope\" discovered that the wzdftpd FTP server lacks input sanitising\nfor the SITE command, which may lead to the execution of arbitrary\nshell commands.

\n

The old stable distribution (woody) does not contain wzdftpd packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.5.2-1.1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5.5-1.

\n

We recommend that you upgrade your wzdftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1007": "
\n

Debian Security Advisory

\n

DSA-1007-1 drupal -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Mar 2006
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1225, CVE-2006-1226, CVE-2006-1227, CVE-2006-1228.
\n
More information:
\n
\n

The Drupal Security Team discovered several vulnerabilities in Drupal,\na fully-featured content management and discussion engine. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-1225\n

    Due to missing input sanitising a remote attacker could inject\n headers of outgoing e-mail messages and use Drupal as a spam\n proxy.

    • \n
  • CVE-2006-1226\n

    Missing input sanity checks allows attackers to inject arbitrary\n web script or HTML.

    • \n
  • CVE-2006-1227\n

    Menu items created with the menu.module lacked access control,\n which might allow remote attackers to access administrator pages.

    • \n
  • CVE-2006-1228\n

    Markus Petrux discovered a bug in the session fixation which may\n allow remote attackers to gain Drupal user privileges.

    • \n
\n

The old stable distribution (woody) does not contain Drupal packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.5.8-1.

\n

We recommend that you upgrade your drupal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1008": "
\n

Debian Security Advisory

\n

DSA-1008-1 kdegraphics -- buffer overflow

\n
\n
Date Reported:
\n
17 Mar 2006
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0746.
\n
More information:
\n
\n

Marcelo Ricardo Leitner noticed that the current patch in DSA 932\n(CVE-2005-3627) for kpdf, the PDF viewer for KDE, does not fix all\nbuffer overflows, still allowing an attacker to execute arbitrary\ncode.

\n

The old stable distribution (woody) does not contain kpdf packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-2sarge4.

\n

The unstable distribution (sid) is not affected by this problem.

\n

We recommend that you upgrade your kpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1009": "
\n

Debian Security Advisory

\n

DSA-1009-1 crossfire -- buffer overflow

\n
\n
Date Reported:
\n
21 Mar 2006
\n
Affected Packages:
\n
\ncrossfire\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1236.
\n
More information:
\n
\n

A buffer overflow has been discovered in the crossfire game which\nallows remote attackers to execute arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.1.0-1woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.0.dfsg.1-4sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9.0-2.

\n

We recommend that you upgrade your crossfire package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0-1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.1.0-1woody2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.1.0-1woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.1.0-1woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire_1.6.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-doc_1.6.0.dfsg.1-4sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-edit_1.6.0.dfsg.1-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/crossfire/crossfire-server_1.6.0.dfsg.1-4sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1010": "
\n

Debian Security Advisory

\n

DSA-1010-1 ilohamail -- missing input sanitising

\n
\n
Date Reported:
\n
20 Mar 2006
\n
Affected Packages:
\n
\nilohamail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 304525.
In the Bugtraq database (at SecurityFocus): BugTraq ID 13175.
In Mitre's CVE dictionary: CVE-2005-1120.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered that\nilohamail, a lightweight multilingual web-based IMAP/POP3 client, does\nnot always sanitise input provided by users which allows remote\nattackers to inject arbitrary web script or HTML.

\n

The old stable distribution (woody) does not contain an ilohamail\npackage.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.14-0rc3sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8.14-0rc3sarge1.

\n

We recommend that you upgrade your ilohamail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ilohamail/ilohamail_0.8.14-0rc3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/ilohamail/ilohamail_0.8.14-0rc3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ilohamail/ilohamail_0.8.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ilohamail/ilohamail_0.8.14-0rc3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1011": "
\n

Debian Security Advisory

\n

DSA-1011-1 kernel-patch-vserver -- missing attribute support

\n
\n
Date Reported:
\n
21 Mar 2005
\n
Affected Packages:
\n
\nkernel-patch-vserver, util-vserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 329087, Bug 329090.
In Mitre's CVE dictionary: CVE-2005-4347, CVE-2005-4418.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Debian vserver\nsupport for Linux. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-4347\n

    Bj\u00f8rn Steinbrink discovered that the chroot barrier is not set\n correctly with util-vserver which may result in unauthorised\n escapes from a vserver to the host system.

    \n

    This vulnerability is limited to the 2.4 kernel patch included in\n kernel-patch-vserver. The correction to this problem requires\n updating the util-vserver package as well and installing a new\n kernel built from the updated kernel-patch-vserver package.

    • \n
  • CVE-2005-4418\n

    The default policy of util-vserver is set to trust all unknown\n capabilities instead of considering them as insecure.

    • \n
\n

The old stable distribution (woody) does not contain a\nkernel-patch-vserver package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.5.5 of kernel-patch-vserver and in version\n0.30.204-5sarge3 of util-vserver.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3 of kernel-patch-vserver and in version 0.30.208-1 of\nutil-vserver.

\n

We recommend that you upgrade your util-vserver and\nkernel-patch-vserver packages and build a new kernel immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.5.tar.gz
\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3.dsc
\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/util-vserver/util-vserver_0.30.204-5sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1012": "
\n

Debian Security Advisory

\n

DSA-1012-1 unzip -- buffer overflow

\n
\n
Date Reported:
\n
21 Mar 2006
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349794.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15968.
In Mitre's CVE dictionary: CVE-2005-4667.
\n
More information:
\n
\n

A buffer overflow in the command line argument parsing has been\ndiscovered in unzip, the de-archiver for ZIP files, that could lead to\nthe execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 5.50-1woody6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 5.52-1sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.52-7.

\n

We recommend that you upgrade your unzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.dsc
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.50-1woody6_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1013": "
\n

Debian Security Advisory

\n

DSA-1013-1 snmptrapfmt -- insecure temporary file

\n
\n
Date Reported:
\n
22 Mar 2006
\n
Affected Packages:
\n
\nsnmptrapfmt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0050.
\n
More information:
\n
\n

Will Aoki discovered that snmptrapfmt, a configurable snmp trap\nhandler daemon for snmpd, does not prevent overwriting existing files\nwhen writing to a temporary log file.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.03woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.08sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.10-1.

\n

We recommend that you upgrade your snmptrapfmt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.dsc
\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.03woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/snmptrapfmt/snmptrapfmt_1.08sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1014": "
\n

Debian Security Advisory

\n

DSA-1014-1 firebird2 -- buffer overflow

\n
\n
Date Reported:
\n
23 Mar 2006
\n
Affected Packages:
\n
\nfirebird2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 357580.
In the Bugtraq database (at SecurityFocus): BugTraq ID 10446.
In Mitre's CVE dictionary: CVE-2004-2043.
\n
More information:
\n
\n

Aviram Jenik and Damyan Ivanov discovered a buffer overflow in\nfirebird2, an RDBMS based on InterBase 6.0 code, that allows remote\nattackers to crash.

\n

The old stable distribution (woody) does not contain firebird2 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.5.1-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.3.4870-3

\n

We recommend that you upgrade your firebird2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2_1.5.1.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-classic-server_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-dev_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-examples_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-server-common_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-super-server_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-utils-classic_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/firebird2-utils-super_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/libfirebird2-classic_1.5.1-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/firebird2/libfirebird2-super_1.5.1-4sarge1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1015": "
\n

Debian Security Advisory

\n

DSA-1015-1 sendmail -- programming error

\n
\n
Date Reported:
\n
23 Mar 2006
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0058.
CERT's vulnerabilities, advisories and incident notes: VU#834865.
\n
More information:
\n
\n

Mark Dowd discovered a flaw in the handling of asynchronous signals in\nsendmail, a powerful, efficient, and scalable mail transport agent.\nThis allows a remote attacker to exploit a race condition to\nexecute arbitrary code as root.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 8.12.3-7.2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 8.13.4-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.13.6-1.

\n

We recommend that you upgrade your sendmail package immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.12.3-7.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.12.3-7.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.12.3-7.2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1016": "
\n

Debian Security Advisory

\n

DSA-1016-1 evolution -- format string vulnerabilities

\n
\n
Date Reported:
\n
23 Mar 2006
\n
Affected Packages:
\n
\nevolution\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 322535.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14532.
In Mitre's CVE dictionary: CVE-2005-2549, CVE-2005-2550.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered several format string vulnerabilities in\nEvolution, a free groupware suite, that could lead to crashes of the\napplication or the execution of arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed\nin version 1.0.5-1woody3.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.4-2sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.2.3-3.

\n

We recommend that you upgrade your evolution package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody3_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1017": "
\n

Debian Security Advisory

\n

DSA-1017-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Mar 2006
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 295949, Bug 334113, Bug 330287, Bug 332587, Bug 332596, Bug 330343, Bug 330353, Bug 327416.
In Mitre's CVE dictionary: CVE-2004-1017, CVE-2005-0124, CVE-2005-0449, CVE-2005-2457, CVE-2005-2490, CVE-2005-2555, CVE-2005-2709, CVE-2005-2800, CVE-2005-2973, CVE-2005-3044, CVE-2005-3053, CVE-2005-3055, CVE-2005-3180, CVE-2005-3181, CVE-2005-3257, CVE-2005-3356, CVE-2005-3358, CVE-2005-3783, CVE-2005-3784, CVE-2005-3806, CVE-2005-3847, CVE-2005-3848, CVE-2005-3857, CVE-2005-3858, CVE-2005-4605, CVE-2005-4618, CVE-2006-0095, CVE-2006-0096, CVE-2006-0482, CVE-2006-1066.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-1017\n

    Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.

    • \n
  • CVE-2005-0124\n

    Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.

    • \n
  • CVE-2005-0449\n

    An error in the skb_checksum_help() function from the netfilter framework\n has been discovered that allows the bypass of packet filter rules or\n a denial of service attack.

    • \n
  • CVE-2005-2457\n

    Tim Yamin discovered that insufficient input validation in the zisofs driver\n for compressed ISO file systems allows a denial of service attack through\n maliciously crafted ISO images.

    • \n
  • CVE-2005-2490\n

    A buffer overflow in the sendmsg() function allows local users to execute\n arbitrary code.

    • \n
  • CVE-2005-2555\n

    Herbert Xu discovered that the setsockopt() function was not restricted to\n users/processes with the CAP_NET_ADMIN capability. This allows attackers to\n manipulate IPSEC policies or initiate a denial of service attack.

    • \n
  • CVE-2005-2709\n

    Al Viro discovered a race condition in the /proc handling of network devices.\n A (local) attacker could exploit the stale reference after interface shutdown\n to cause a denial of service or possibly execute code in kernel mode.

    • \n
  • CVE-2005-2800\n

    Jan Blunck discovered that repeated failed reads of /proc/scsi/sg/devices\n leak memory, which allows a denial of service attack.

    • \n
  • CVE-2005-2973\n

    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code\n can be forced into an endless loop, which allows a denial of service attack.

    • \n
  • CVE-2005-3044\n

    Vasiliy Averin discovered that the reference counters from sockfd_put() and\n fput() can be forced into overlapping, which allows a denial of service attack\n through a null pointer dereference.

    • \n
  • CVE-2005-3053\n

    Eric Dumazet discovered that the set_mempolicy() system call accepts a negative\n value for its first argument, which triggers a BUG() assert. This allows a\n denial of service attack.

    • \n
  • CVE-2005-3055\n

    Harald Welte discovered that if a process issues a USB Request Block (URB)\n to a device and terminates before the URB completes, a stale pointer\n would be dereferenced. This could be used to trigger a denial of service\n attack.

    • \n
  • CVE-2005-3180\n

    Pavel Roskin discovered that the driver for Orinoco wireless cards clears\n its buffers insufficiently. This could leak sensitive information into\n user space.

    • \n
  • CVE-2005-3181\n

    Robert Derr discovered that the audit subsystem uses an incorrect function to\n free memory, which allows a denial of service attack.

    • \n
  • CVE-2005-3257\n

    Rudolf Polzer discovered that the kernel improperly restricts access to the\n KDSKBSENT ioctl, which can possibly lead to privilege escalation.

    • \n
  • CVE-2005-3356\n

    Doug Chapman discovered that the mq_open syscall can be tricked into\n decrementing an internal counter twice, which allows a denial of service attack\n through a kernel panic.

    • \n
  • CVE-2005-3358\n

    Doug Chapman discovered that passing a zero bitmask to the set_mempolicy()\n system call leads to a kernel panic, which allows a denial of service attack.

    • \n
  • CVE-2005-3783\n

    The ptrace code using CLONE_THREAD didn't use the thread group ID to\n determine whether the caller is attaching to itself, which allows a denial\n of service attack.

    • \n
  • CVE-2005-3784\n

    The auto-reaping of child processes functionality included ptraced-attached\n processes, which allows denial of service through dangling references.

    • \n
  • CVE-2005-3806\n

    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,\n which could lead to memory corruption and denial of service.

    • \n
  • CVE-2005-3847\n

    It was discovered that a threaded real-time process, which is currently dumping\n core can be forced into a dead-lock situation by sending it a SIGKILL signal,\n which allows a denial of service attack.

    • \n
  • CVE-2005-3848\n

    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which\n allows denial of service through memory consumption.

    • \n
  • CVE-2005-3857\n

    Chris Wright discovered that excessive allocation of broken file lock leases\n in the VFS layer can exhaust memory and fill up the system logging, which allows\n denial of service.

    • \n
  • CVE-2005-3858\n

    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from\n the IPv6 code, which allows denial of service.

    • \n
  • CVE-2005-4605\n

    Karl Janmar discovered that a signedness error in the procfs code can be exploited\n to read kernel memory, which may disclose sensitive information.

    • \n
  • CVE-2005-4618\n

    Yi Ying discovered that sysctl does not properly enforce the size of a buffer, which\n allows a denial of service attack.

    • \n
  • CVE-2006-0095\n

    Stefan Rompf discovered that dm_crypt does not clear an internal struct before freeing\n it, which might disclose sensitive information.

    • \n
  • CVE-2006-0096\n

    It was discovered that the SDLA driver's capability checks were too lax\n for firmware upgrades.

    • \n
  • CVE-2006-0482\n

    Ludovic Courtes discovered that get_compat_timespec() performs insufficient input\n sanitizing, which allows a local denial of service attack.

    • \n
  • CVE-2006-1066\n

    It was discovered that ptrace() on the ia64 architecture allows a local denial of\n service attack, when preemption is enabled.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.6.8-16sarge2
Alpha architecture 2.6.8-16sarge2
AMD64 architecture 2.6.8-16sarge2
HP Precision architecture 2.6.8-6sarge2
Intel IA-32 architecture 2.6.8-16sarge2
Intel IA-64 architecture 2.6.8-14sarge2
Motorola 680x0 architecture2.6.8-4sarge2
PowerPC architecture 2.6.8-12sarge2
IBM S/390 architecture 2.6.8-5sarge2
Sun Sparc architecture 2.6.8-15sarge2
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
kernel-latest-2.6-alpha 101sarge1
kernel-latest-2.6-amd64 103sarge1
kernel-latest-2.6-hppa 2.6.8-1sarge1
kernel-latest-2.6-sparc 101sarge1
kernel-latest-2.6-i386 101sarge1
kernel-latest-powerpc 102sarge1
fai-kernels 1.9.1sarge1
hostap-modules-i386 0.3.7-1sarge1
mol-modules-2.6.8 0.9.70+2.6.8+12sarge1
ndiswrapper-modules-i3861.1-2sarge1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n

This update introduces a change in the kernel's binary interface, the affected\nkernel packages inside Debian have been rebuilt, if you're running local addons\nyou'll need to rebuild these as well. Due to the change in the package\nname you need to use apt-get dist-upgrade to update your system.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-latest-2.6-amd64_103sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-latest-2.6-amd64_103sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-latest-2.6-alpha_101sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-latest-2.6-alpha_101sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-latest-2.6-sparc_101sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-latest-2.6-sparc_101sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-latest-2.6-hppa_2.6.8-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-latest-2.6-hppa_2.6.8-1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-latest-powerpc_102sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-latest-powerpc_102sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-latest-2.6-i386_101sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-latest-2.6-i386_101sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8_0.9.70+2.6.8+12sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8_0.9.70+2.6.8+12sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-i386_1.1-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-i386_1.1-2sarge1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-headers-2.6-generic_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-headers-2.6-smp_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-image-2.6-generic_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-alpha/kernel-image-2.6-smp_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-generic_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-k8_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-k8-smp_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-em64t-p4_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-em64t-p4-smp_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-generic_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-k8_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-k8-smp_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-em64t-p4_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-em64t-p4-smp_103sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-generic_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-k8_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-amd64-k8-smp_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-em64t-p4_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-headers-2.6-em64t-p4-smp_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-generic_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-k8_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-amd64-k8-smp_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-em64t-p4_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-amd64/kernel-image-2.6-em64t-p4-smp_103sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-headers-2.6-386_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-headers-2.6-686_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-headers-2.6-686-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-headers-2.6-k7_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-headers-2.6-k7-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-386_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-686_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-686-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-k7_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-i386/kernel-image-2.6-k7-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-386_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-586tsc_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686-smp_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k6_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7-smp_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-386_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-686_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-686-smp_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-k7_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-3-k7-smp_0.3.7-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-2.6.8-3-386_1.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-2.6.8-3-686_1.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-2.6.8-3-686-smp_1.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-2.6.8-3-k7_1.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper-modules-i386/ndiswrapper-modules-2.6.8-3-k7-smp_1.1-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-headers-2.6_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-headers-2.6-32_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-headers-2.6-32-smp_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-headers-2.6-64_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-headers-2.6-64-smp_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-image-2.6-32_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-image-2.6-32-smp_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-image-2.6-64_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-hppa/kernel-image-2.6-64-smp_2.6.8-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-headers_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-headers-2.4_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-headers-2.6_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.4-powerpc_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.4-powerpc-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-power3_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-power3-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-power4_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-power4-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-powerpc_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-2.6-powerpc-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-power3_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-power3-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-power4_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-power4-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-powerpc_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-powerpc/kernel-image-powerpc-smp_102sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8-3-powerpc_0.9.70+2.6.8+12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8-3-powerpc-smp_0.9.70+2.6.8+12sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-2_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390-tape_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-2-s390x_2.6.8-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-headers-2.6-sparc32_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-headers-2.6-sparc64_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-headers-2.6-sparc64-smp_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-image-2.6-sparc32_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-image-2.6-sparc64_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.6-sparc/kernel-image-2.6-sparc64-smp_101sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge2_sparc.deb
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1018": "
\n

Debian Security Advisory

\n

DSA-1018-2 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Mar 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0887, CVE-2004-1058, CVE-2004-2607, CVE-2005-0449, CVE-2005-1761, CVE-2005-2457, CVE-2005-2555, CVE-2005-2709, CVE-2005-2973, CVE-2005-3257, CVE-2005-3783, CVE-2005-3806, CVE-2005-3848, CVE-2005-3857, CVE-2005-3858, CVE-2005-4618.
\n
More information:
\n
\n

The original update lacked recompiled ALSA modules against the new kernel\nABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the\nupdated packages. For completeness we're providing the original problem description:\n

\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-0887\n

    Martin Schwidefsky discovered that the privileged instruction SACF (Set\n Address Space Control Fast) on the S/390 platform is not handled properly,\n allowing for a local user to gain root privileges.

    • \n
  • CVE-2004-1058\n

    A race condition allows for a local user to read the environment variables\n of another process that is still spawning through /proc/.../cmdline.

    • \n
  • CVE-2004-2607\n

    A numeric casting discrepancy in sdla_xfer allows local users to read\n portions of kernel memory via a large len argument which is received as an\n int but cast to a short, preventing read loop from filling a buffer.

    • \n
  • CVE-2005-0449\n

    An error in the skb_checksum_help() function from the netfilter framework\n has been discovered that allows the bypass of packet filter rules or\n a denial of service attack.

    • \n
  • CVE-2005-1761\n

    A vulnerability in the ptrace subsystem of the IA-64 architecture can\n allow local attackers to overwrite kernel memory and crash the kernel.

    • \n
  • CVE-2005-2457\n

    Tim Yamin discovered that insufficient input validation in the compressed\n ISO file system (zisofs) allows a denial of service attack through\n maliciously crafted ISO images.

    • \n
  • CVE-2005-2555\n

    Herbert Xu discovered that the setsockopt() function was not restricted to\n users/processes with the CAP_NET_ADMIN capability. This allows attackers to\n manipulate IPSEC policies or initiate a denial of service attack.

    • \n
  • CVE-2005-2709\n

    Al Viro discovered a race condition in the /proc handling of network devices.\n A (local) attacker could exploit the stale reference after interface shutdown\n to cause a denial of service or possibly execute code in kernel mode.

    • \n
  • CVE-2005-2973\n

    Tetsuo Handa discovered that the udp_v6_get_port() function from the IPv6 code\n can be forced into an endless loop, which allows a denial of service attack.

    • \n
  • CVE-2005-3257\n

    Rudolf Polzer discovered that the kernel improperly restricts access to the\n KDSKBSENT ioctl, which can possibly lead to privilege escalation.

    • \n
  • CVE-2005-3783\n

    The ptrace code using CLONE_THREAD didn't use the thread group ID to\n determine whether the caller is attaching to itself, which allows a denial\n of service attack.

    • \n
  • CVE-2005-3806\n

    Yen Zheng discovered that the IPv6 flow label code modified an incorrect variable,\n which could lead to memory corruption and denial of service.

    • \n
  • CVE-2005-3848\n

    Ollie Wild discovered a memory leak in the icmp_push_reply() function, which\n allows denial of service through memory consumption.

    • \n
  • CVE-2005-3857\n

    Chris Wright discovered that excessive allocation of broken file lock leases\n in the VFS layer can exhaust memory and fill up the system logging, which allows\n denial of service.

    • \n
  • CVE-2005-3858\n

    Patrick McHardy discovered a memory leak in the ip6_input_finish() function from\n the IPv6 code, which allows denial of service.

    • \n
  • CVE-2005-4618\n

    Yi Ying discovered that sysctl does not properly enforce the size of a\n buffer, which allows a denial of service attack.

    • \n
\n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.4.27-10sarge2
Alpha architecture 2.4.27-10sarge2
ARM architecture 2.4.27-2sarge2
Intel IA-32 architecture 2.4.27-10sarge2
Intel IA-64 architecture 2.4.27-10sarge2
Motorola 680x0 architecture 2.4.27-3sarge2
Big endian MIPS architecture 2.4.27-10.sarge1.040815-2
Little endian MIPS architecture2.4.27-10.sarge1.040815-2
PowerPC architecture 2.4.27-10sarge2
IBM S/390 architecture 2.4.27-2sarge2
Sun Sparc architecture 2.4.27-9sarge2
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
kernel-latest-2.4-alpha 101sarge1
kernel-latest-2.4-i386 101sarge1
kernel-latest-2.4-s390 2.4.27-1sarge1
kernel-latest-2.4-sparc 42sarge1
kernel-latest-powerpc 102sarge1
fai-kernels 1.9.1sarge1
i2c 1:2.9.1-1sarge1
kernel-image-speakup-i386 2.4.27-1.1sasrge1
lm-sensors 1:2.9.1-1sarge3
mindi-kernel 2.4.27-2sarge1
pcmcia-modules-2.4.27-i3863.2.5+2sarge1
systemimager 3.2.3-6sarge1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n

This update introduces a change in the kernel's binary interface, the affected\nkernel packages inside Debian have been rebuilt, if you're running local addons\nyou'll need to rebuild these as well.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge2.040815-1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge2.040815-1.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-source_2.9.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-common_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-doc_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/kernel-patch-2.4-i2c_2.9.1-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-client_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-smp_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-generic_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-generic_101sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-smp_101sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k6_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k6_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k7_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-386_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-586tsc_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-686-smp_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-586tsc_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-686-smp_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-386_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-586tsc_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-386_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-386_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-386_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-686_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k6_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-586tsc_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-586tsc_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-386_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686-smp_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k7-smp_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k6_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-586tsc_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-686_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k6_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k7_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k6_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-686_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-686-smp_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-3-k7-smp_2.9.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-3-k7_2.9.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7_101sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-3-k7-smp_3.2.5+2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge2.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge2.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge2.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge2.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge2.040815-1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge2.040815-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390x_2.4.27-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390_2.4.27-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-headers-2.4-s390_2.4.27-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64-smp_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32-smp_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32-smp_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64-smp_42sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1019": "
\n

Debian Security Advisory

\n

DSA-1019-1 koffice -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Mar 2006
\n
Affected Packages:
\n
\nkoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 16748.
In Mitre's CVE dictionary: CVE-2006-1244.
\n
More information:
\n
\n

Derek Noonburg has fixed several potential vulnerabilities in xpdf,\nthe Portable Document Format (PDF) suite, which is also present in\nkoffice, the KDE Office Suite.

\n

The old stable distribution (woody) does not contain koffice packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-4.sarge.3.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your koffice packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.3.dsc
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.3_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1020": "
\n

Debian Security Advisory

\n

DSA-1020-1 flex -- buffer overflow

\n
\n
Date Reported:
\n
28 Mar 2006
\n
Affected Packages:
\n
\nflex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0459.
\n
More information:
\n
\n

Chris Moore discovered that flex, a scanner generator, generates code,\nwhich allocates insufficient memory, if the grammar contains REJECT\nstatements or trailing context rules. This may lead to a buffer overflow\nand the execution of arbitrary code.

\n

If you use code, which is derived from a vulnerable lex grammar in\nan untrusted environment you need to regenerate your scanner with the\nfixed version of flex.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.5.31-31sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.33-1.

\n

We recommend that you upgrade your flex package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flex/flex-doc_2.5.31-31sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/flex/flex_2.5.31-31sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1021": "
\n

Debian Security Advisory

\n

DSA-1021-1 netpbm-free -- insecure program execution

\n
\n
Date Reported:
\n
28 Mar 2006
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 319757.
In Mitre's CVE dictionary: CVE-2005-2471.
\n
More information:
\n
\n

Max Vozeler from the Debian Audit Project discovered that pstopnm, a\nconverter from Postscript to the PBM, PGM and PNM formats, launches\nGhostscript in an insecure manner, which might lead to the execution\nof arbitrary shell commands, when converting specially crafted Postscript\nfiles.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 9.20-8.6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 10.0-8sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 10.0-9.

\n

We recommend that you upgrade your netpbm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20-8.6.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_9.20.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_9.20-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_9.20-8.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_9.20-8.6_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-8sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-8sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-8sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1022": "
\n

Debian Security Advisory

\n

DSA-1022-1 storebackup -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Apr 2006
\n
Affected Packages:
\n
\nstorebackup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 332434.
In Mitre's CVE dictionary: CVE-2005-3146, CVE-2005-3147, CVE-2005-3148.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the backup utility\nstorebackup. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2005-3146\n

    Storebackup creates a temporary file predictably, which can be\n exploited to overwrite arbitrary files on the system with a symlink\n attack.

    • \n
  • CVE-2005-3147\n

    The backup root directory wasn't created with fixed permissions, which may lead to\n inproper permissions if the umask is too lax.

    • \n
  • CVE-2005-3148\n

    The user and group rights of symlinks are set incorrectly when making\n or restoring a backup, which may leak sensitive data.

    • \n
\n

The old stable distribution (woody) doesn't contain storebackup packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.18.4-2sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.19-2.

\n

We recommend that you upgrade your storebackup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/storebackup/storebackup_1.18.4-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/storebackup/storebackup_1.18.4-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/storebackup/storebackup_1.18.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/storebackup/storebackup_1.18.4-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1023": "
\n

Debian Security Advisory

\n

DSA-1023-1 kaffeine -- buffer overflow

\n
\n
Date Reported:
\n
05 Apr 2006
\n
Affected Packages:
\n
\nkaffeine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17372.
In Mitre's CVE dictionary: CVE-2006-0051.
\n
More information:
\n
\n

Marcus Meissner discovered that kaffeine, a versatile media player for\nKDE 3, contains an unchecked buffer that can be overwritten remotely\nwhen fetching remote RAM playlists which can cause the execution of\narbitrary code.

\n

The old stable distribution (woody) does not contain kaffeine packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6-1sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your kaffeine package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kaffeine/kaffeine_0.6-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1024": "
\n

Debian Security Advisory

\n

DSA-1024-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Apr 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1614, CVE-2006-1615, CVE-2006-1630.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the ClamAV\nanti-virus toolkit, which may lead to denial of service and potentially\nto the execution of arbitrary code. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2006-1614\n

    Damian Put discovered an integer overflow in the PE header parser.\n This is only exploitable if the ArchiveMaxFileSize option is disabled.

    • \n
  • CVE-2006-1615\n

    Format string vulnerabilities in the logging code have been discovered,\n which might lead to the execution of arbitrary code.

    • \n
  • CVE-2006-1630\n

    David Luyer discovered, that ClamAV can be tricked into an invalid\n memory access in the cli_bitset_set() function, which may lead to\n a denial of service.

    • \n
\n

The old stable distribution (woody) doesn't contain clamav packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.88.1-1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.8_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.8_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1025": "
\n

Debian Security Advisory

\n

DSA-1025-1 dia -- programming error

\n
\n
Date Reported:
\n
06 Apr 2006
\n
Affected Packages:
\n
\ndia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15000.
In Mitre's CVE dictionary: CVE-2006-1550.
\n
More information:
\n
\n

\"infamous41md\" discovered three buffer overflow errors in the xfig\nimport code of dia, a diagram editor, that can lead to the execution\nof arbitrary code.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.88.1-3woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.94.0-7sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.94.0-18.

\n

We recommend that you upgrade your dia package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.88.1-3woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.88.1-3woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.88.1-3woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3.dsc
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dia/dia-common_0.94.0-7sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1026": "
\n

Debian Security Advisory

\n

DSA-1026-1 sash -- buffer overflows

\n
\n
Date Reported:
\n
06 Apr 2006
\n
Affected Packages:
\n
\nsash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 318069.
In Mitre's CVE dictionary: CVE-2005-1849, CVE-2005-2096.
\n
More information:
\n
\n

Markus Oberhumer discovered a flaw in the way zlib, a library used for\nfile compression and decompression, handles invalid input. This flaw can\ncause programs which use zlib to crash when opening an invalid file.\nA further error in the way zlib handles the inflation of certain\ncompressed files can cause a program which uses zlib to crash when opening\nan invalid file.

\n

sash, the stand-alone shell, links statically against zlib, and was\nthus affected by these problems.

\n

The old stable distribution (woody) isn't affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.7-5sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.7-6.

\n

We recommend that you upgrade your sash package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sash/sash_3.7-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1027": "
\n

Debian Security Advisory

\n

DSA-1027-1 mailman -- programming error

\n
\n
Date Reported:
\n
06 Apr 2006
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 358892.
In Mitre's CVE dictionary: CVE-2006-0052.
\n
More information:
\n
\n

A potential denial of service problem has been discovered in mailman,\nthe web-based GNU mailing list manager. The (failing) parsing of\nmessages with malformed mime multiparts sometimes caused the whole\nmailing list to become inoperative.

\n

The old stable distribution (woody) is not vulnerable to this issue.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.5-8sarge2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your mailman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1028": "
\n

Debian Security Advisory

\n

DSA-1028-1 libimager-perl -- programming error

\n
\n
Date Reported:
\n
07 Mar 2006
\n
Affected Packages:
\n
\nlibimager-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 359661.
In Mitre's CVE dictionary: CVE-2006-0053.
\n
More information:
\n
\n

Kjetil Kjernsmo discovered a bug in libimager-perl, a Perl extension\nfor generating 24 bit images, which can lead to a segmentation fault\nif it operates on 4-channel JPEG images.

\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.44-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.50-1.

\n

We recommend that you upgrade your libimager-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.44-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1029": "
\n

Debian Security Advisory

\n

DSA-1029-1 libphp-adodb -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Apr 2006
\n
Affected Packages:
\n
\nlibphp-adodb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349985, Bug 358872.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16187, BugTraq ID 16364, BugTraq ID 16720.
In Mitre's CVE dictionary: CVE-2006-0146, CVE-2006-0147, CVE-2006-0410, CVE-2006-0806.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libphp-adodb, the 'adodb'\ndatabase abstraction layer for PHP. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2006-0146\n

    Andreas Sandblad discovered that improper user input sanitisation\n results in a potential remote SQL injection vulnerability enabling\n an attacker to compromise applications, access or modify data, or\n exploit vulnerabilities in the underlying database implementation.\n This requires the MySQL root password to be empty. It is fixed by\n limiting access to the script in question.

    • \n
  • CVE-2006-0147\n

    A dynamic code evaluation vulnerability allows remote attackers to\n execute arbitrary PHP functions via the 'do' parameter.

    • \n
  • CVE-2006-0410\n

    Andy Staudacher discovered an SQL injection vulnerability due to\n insufficient input sanitising that allows remote attackers to\n execute arbitrary SQL commands.

    • \n
  • CVE-2006-0806\n

    GulfTech Security Research discovered multiple cross-site\n scripting vulnerabilities due to improper user-supplied input\n sanitisation. Attackers can exploit these vulnerabilities to\n cause arbitrary scripts to be executed in the browser of an\n unsuspecting user's machine, or result in the theft of\n cookie-based authentication credentials.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.51-1.2.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.52-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.72-0.1.

\n

We recommend that you upgrade your libphp-adodb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.dsc
\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_1.51-1.2_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_4.52-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1030": "
\n

Debian Security Advisory

\n

DSA-1030-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Apr 2006
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349985, Bug 358872.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16187, BugTraq ID 16364, BugTraq ID 16720.
In Mitre's CVE dictionary: CVE-2006-0146, CVE-2006-0147, CVE-2006-0410, CVE-2006-0806.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libphp-adodb, the\n'adodb' database abstraction layer for PHP, which is embedded in\nmoodle, a course management system for online learning. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-0146\n

    Andreas Sandblad discovered that improper user input sanitisation\n results in a potential remote SQL injection vulnerability enabling\n an attacker to compromise applications, access or modify data, or\n exploit vulnerabilities in the underlying database implementation.\n This requires the MySQL root password to be empty. It is fixed by\n limiting access to the script in question.

    • \n
  • CVE-2006-0147\n

    A dynamic code evaluation vulnerability allows remote attackers to\n execute arbitrary PHP functions via the 'do' parameter.

    • \n
  • CVE-2006-0410\n

    Andy Staudacher discovered an SQL injection vulnerability due to\n insufficient input sanitising that allows remote attackers to\n execute arbitrary SQL commands.

    • \n
  • CVE-2006-0806\n

    GulfTech Security Research discovered multiple cross-site\n scripting vulnerabilities due to improper user-supplied input\n sanitisation. Attackers can exploit these vulnerabilities to\n cause arbitrary scripts to be executed in the browser of an\n unsuspecting user's machine, or result in the theft of\n cookie-based authentication credentials.

    • \n
\n

The old stable distribution (woody) does not contain moodle packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.4.dfsg.1-3sarge1.

\n

For the unstable distribution these problems will be fixed soon.

\n

We recommend that you upgrade your moodle package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.4.4.dfsg.1-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1031": "
\n

Debian Security Advisory

\n

DSA-1031-1 cacti -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Apr 2006
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 349985, Bug 358872.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16187, BugTraq ID 16364, BugTraq ID 16720.
In Mitre's CVE dictionary: CVE-2006-0146, CVE-2006-0147, CVE-2006-0410, CVE-2006-0806.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libphp-adodb, the\n'adodb' database abstraction layer for PHP, which is embedded in\ncacti, a frontend to rrdtool for monitoring systems and services. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-0146\n

    Andreas Sandblad discovered that improper user input sanitisation\n results in a potential remote SQL injection vulnerability enabling\n an attacker to compromise applications, access or modify data, or\n exploit vulnerabilities in the underlying database implementation.\n This requires the MySQL root password to be empty. It is fixed by\n limiting access to the script in question.

    • \n
  • CVE-2006-0147\n

    A dynamic code evaluation vulnerability allows remote attackers to\n execute arbitrary PHP functions via the 'do' parameter.

    • \n
  • CVE-2006-0410\n

    Andy Staudacher discovered an SQL injection vulnerability due to\n insufficient input sanitising that allows remote attackers to\n execute arbitrary SQL commands.

    • \n
  • CVE-2006-0806\n

    GulfTech Security Research discovered multiple cross-site\n scripting vulnerabilities due to improper user-supplied input\n sanitisation. Attackers can exploit these vulnerabilities to\n cause arbitrary scripts to be executed in the browser of an\n unsuspecting user's machine, or result in the theft of\n cookie-based authentication credentials.

    • \n
\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.6c-7sarge3.

\n

For the unstable distribution these problems will be fixed soon.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1032": "
\n

Debian Security Advisory

\n

DSA-1032-1 zope-cmfplone -- programming error

\n
\n
Date Reported:
\n
12 Apr 2006
\n
Affected Packages:
\n
\nzope-cmfplone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1711.
\n
More information:
\n
\n

It was discovered that the Plone content management system lacks security\ndeclarations for three internal classes. This allows manipulation of user\nportraits by unprivileged users.

\n

The old stable distribution (woody) doesn't contain Plone.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.4-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.2-2.

\n

We recommend that you upgrade your zope-cmfplone package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.0.4-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.0.4-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/plone_2.0.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.0.4-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1033": "
\n

Debian Security Advisory

\n

DSA-1033-1 horde3 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Apr 2006
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 361967.
In Mitre's CVE dictionary: CVE-2005-4190, CVE-2006-1260, CVE-2006-1491.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Horde web\napplication framework, which may lead to the execution of arbitrary\nweb script code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-4190\n

    Several Cross-Site-Scripting vulnerabilities have been discovered in\n the \"share edit window\".

    • \n
  • CVE-2006-1260\n

    Null characters in the URL parameter bypass a sanity check, which\n allowed remote attackers to read arbitrary files, which allowed\n information disclosure.

    • \n
  • CVE-2006-1491\n

    User input in the help viewer was passed unsanitised to the eval()\n function, which allowed injection of arbitrary web code.

    • \n
\n

The old stable distribution (woody) doesn't contain horde3 packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.0.4-4sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.1.1-1.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1034": "
\n

Debian Security Advisory

\n

DSA-1034-1 horde2 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Apr 2006
\n
Affected Packages:
\n
\nhorde2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1260, CVE-2006-1491.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Horde web\napplication framework, which may lead to the execution of arbitrary\nweb script code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-1260\n

    Null characters in the URL parameter bypass a sanity check, which\n allowed remote attackers to read arbitrary files, which allowed\n information disclosure.

    • \n
  • CVE-2006-1491\n

    User input in the help viewer was passed unsanitised to the eval()\n function, which allowed injection of arbitrary web code.

    • \n
\n

The old stable distribution (woody) doesn't contain horde2 packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.2.8-1sarge2.

\n

The unstable distribution (sid) does no longer contain horde2 packages.

\n

We recommend that you upgrade your horde2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1035": "
\n

Debian Security Advisory

\n

DSA-1035-1 fcheck -- insecure temporary file

\n
\n
Date Reported:
\n
15 Apr 2006
\n
Affected Packages:
\n
\nfcheck\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1753.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that\na cronjob contained in fcheck, a file integrity checker, creates\na temporary file in an insecure fashion.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7.59-7sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.7.59-8.

\n

We recommend that you upgrade your fcheck package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fcheck/fcheck_2.7.59-7sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1036": "
\n

Debian Security Advisory

\n

DSA-1036-1 bsdgames -- buffer overflow

\n
\n
Date Reported:
\n
17 Apr 2006
\n
Affected Packages:
\n
\nbsdgames\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 360989.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17401.
In Mitre's CVE dictionary: CVE-2006-1744.
\n
More information:
\n
\n

A buffer overflow problem has been discovered in sail, a game contained\nin the bsdgames package, a collection of classic textual Unix games, which\ncould lead to games group privilege escalation.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.13-7woody0.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.17-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.17-7.

\n

We recommend that you upgrade your bsdgames package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.dsc
\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.13-7woody0_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bsdgames/bsdgames_2.17-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1037": "
\n

Debian Security Advisory

\n

DSA-1037-1 zgv -- programming error

\n
\n
Date Reported:
\n
21 Apr 2006
\n
Affected Packages:
\n
\nzgv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1060.
\n
More information:
\n
\n

Andrea Barisani discovered that zgv, an svgalib graphics viewer,\nattempts to decode JPEG images within the CMYK/YCCK colour space\nincorrectly, which could lead to the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 5.5-3woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 5.7-1.4.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your zgv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.dsc
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3_i386.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.dsc
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1038": "
\n

Debian Security Advisory

\n

DSA-1038-1 xzgv -- programming error

\n
\n
Date Reported:
\n
22 Apr 2006
\n
Affected Packages:
\n
\nxzgv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1060.
\n
More information:
\n
\n

Andrea Barisani discovered that xzgv, a picture viewer for X with a\nthumbnail-based selector, attempts to decode JPEG images within the\nCMYK/YCCK colour space incorrectly, which could lead to the execution\nof arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.7-6woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8-3sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xzgv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.dsc
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.7-6woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xzgv/xzgv_0.8-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1039": "
\n

Debian Security Advisory

\n

DSA-1039-1 blender -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Apr 2006
\n
Affected Packages:
\n
\nblender\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 330895, Bug 344398.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15981.
In Mitre's CVE dictionary: CVE-2005-3302, CVE-2005-4470.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in blender, a very fast\nand versatile 3D modeller/renderer. The Common Vulnerabilities and\nExposures Project identifies the following problems:

\n
    \n
  • CVE-2005-3302\n

    Joxean Koret discovered that due to missing input validation a\n provided script is vulnerable to arbitrary command execution.

    • \n
  • CVE-2005-4470\n

    Damian Put discovered a buffer overflow that allows remote\n attackers to cause a denial of service and possibly execute\n arbitrary code.

    • \n
\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.36-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.40-1.

\n

We recommend that you upgrade your blender package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.36-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1040": "
\n

Debian Security Advisory

\n

DSA-1040-1 gdm -- programming error

\n
\n
Date Reported:
\n
24 Apr 2006
\n
Affected Packages:
\n
\ngdm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17635.
In Mitre's CVE dictionary: CVE-2006-1057.
\n
More information:
\n
\n

A vulnerability has been identified in gdm, a display manager for X,\nthat could allow a local attacker to gain elevated privileges by\nexploiting a race condition in the handling of the .ICEauthority file.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.6.0.8-1sarge2.

\n

For the unstable distribution (sid) this problem will be fixed in\nversion 2.14.1-1.

\n

We recommend that you upgrade your gdm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1041": "
\n

Debian Security Advisory

\n

DSA-1041-1 abc2ps -- buffer overflows

\n
\n
Date Reported:
\n
25 Apr 2006
\n
Affected Packages:
\n
\nabc2ps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1513.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that abc2ps, a translator for ABC music\ndescription files into PostScript, does not check the boundaries when\nreading in ABC music files resulting in buffer overflows.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 1.3.3-2woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.3-3sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.3-3sarge1.

\n

We recommend that you upgrade your abc2ps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-2woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abc2ps/abc2ps_1.3.3-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1042": "
\n

Debian Security Advisory

\n

DSA-1042-1 cyrus-sasl2 -- programming error

\n
\n
Date Reported:
\n
25 Apr 2006
\n
Affected Packages:
\n
\ncyrus-sasl2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 361937.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17446.
In Mitre's CVE dictionary: CVE-2006-1721.
\n
More information:
\n
\n

The Mu Security research team discovered a denial of service condition\nin the Simple Authentication and Security Layer authentication library\n(SASL) during DIGEST-MD5 negotiation. This potentially affects\nmultiple products that use SASL DIGEST-MD5 authentication including\nOpenLDAP, Sendmail, Postfix, etc.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.19-1.5sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.19.dfsg1-0.2.

\n

We recommend that you upgrade your cyrus-sasl2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19-1.5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-heimdal_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-kerberos-heimdal_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.19-1.5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.19-1.5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1043": "
\n

Debian Security Advisory

\n

DSA-1043-1 abcmidi -- buffer overflows

\n
\n
Date Reported:
\n
26 Apr 2006
\n
Affected Packages:
\n
\nabcmidi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1514.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered that abcmidi-yaps, a translator for ABC music\ndescription files into PostScript, does not check the boundaries when\nreading in ABC music files resulting in buffer overflows.

\n

For the old stable distribution (woody) these problems have been fixed in\nversion 17-1woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 20050101-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 20060422-1.

\n

We recommend that you upgrade your abcmidi-yaps package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_17-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_17-1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi_20050101-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/abcmidi/abcmidi-yaps_20050101-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1044": "
\n

Debian Security Advisory

\n

DSA-1044-1 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 363935, Bug 362656.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15773, BugTraq ID 16476, BugTraq ID 17516.
In Mitre's CVE dictionary: CVE-2006-0293, CVE-2006-0292, CVE-2005-4134, CVE-2006-0296, CVE-2006-1741, CVE-2006-1742, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790, CVE-2006-1740, CVE-2006-1736, CVE-2006-1735, CVE-2006-1734, CVE-2006-1733, CVE-2006-1732, CVE-2006-0749, CVE-2006-1731, CVE-2006-1730, CVE-2006-1729, CVE-2006-1728, CVE-2006-1727, CVE-2006-0748.
CERT's vulnerabilities, advisories and incident notes: VU#179014, VU#252324, VU#329500, VU#488774, VU#492382, VU#592425, VU#736934, VU#813230, VU#842094, VU#932734, VU#935556.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla\nFirefox. The Common Vulnerabilities and Exposures project identifies\nthe following vulnerabilities:

\n
    \n
  • CVE-2005-4134\n

    Web pages with extremely long titles cause subsequent launches of\n the browser to appear to \"hang\" for up to a few minutes, or even\n crash if the computer has insufficient memory. [MFSA-2006-03]

    • \n
  • CVE-2006-0292\n

    The JavaScript interpreter does not properly dereference objects,\n which allows remote attackers to cause a denial of service or\n execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0293\n

    The function allocation code allows attackers to cause a denial of\n service and possibly execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0296\n

    XULDocument.persist() did not validate the attribute name,\n allowing an attacker to inject arbitrary XML and JavaScript code\n into localstore.rdf that would be read and acted upon during\n startup. [MFSA-2006-05]

    • \n
  • CVE-2006-0748\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative reported that an invalid and nonsensical ordering of\n table-related tags can be exploited to execute arbitrary code.\n [MFSA-2006-27]

    • \n
  • CVE-2006-0749\n

    A particular sequence of HTML tags can cause memory corruption\n that can be exploited to execute arbitrary code. [MFSA-2006-18]

    • \n
  • CVE-2006-1727\n

    Georgi Guninski reported two variants of using scripts in an XBL\n control to gain chrome privileges when the page is viewed under\n \"Print Preview\". [MFSA-2006-25]

    • \n
  • CVE-2006-1728\n

    \"shutdown\" discovered that the crypto.generateCRMFRequest method\n can be used to run arbitrary code with the privilege of the user\n running the browser, which could enable an attacker to install\n malware. [MFSA-2006-24]

    • \n
  • CVE-2006-1729\n

    Claus J\u00f8rgensen reported that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-23]

    • \n
  • CVE-2006-1730\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative discovered an integer overflow triggered by the CSS\n letter-spacing property, which could be exploited to execute\n arbitrary code. [MFSA-2006-22]

    • \n
  • CVE-2006-1731\n

    \"moz_bug_r_a4\" discovered that some internal functions return\n prototypes instead of objects, which allows remote attackers to\n conduct cross-site scripting attacks. [MFSA-2006-19]

    • \n
  • CVE-2006-1732\n

    \"shutdown\" discovered that it is possible to bypass same-origin\n protections, allowing a malicious site to inject script into\n content from another site, which could allow the malicious page to\n steal information such as cookies or passwords from the other\n site, or perform transactions on the user's behalf if the user\n were already logged in. [MFSA-2006-17]

    • \n
  • CVE-2006-1733\n

    \"moz_bug_r_a4\" discovered that the compilation scope of privileged\n built-in XBL bindings is not fully protected from web content and\n can still be executed which could be used to execute arbitrary\n JavaScript, which could allow an attacker to install malware such\n as viruses and password sniffers. [MFSA-2006-16]

    • \n
  • CVE-2006-1734\n

    \"shutdown\" discovered that it is possible to access an internal\n function object which could then be used to run arbitrary\n JavaScript code with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-15]

    • \n
  • CVE-2006-1735\n

    It is possible to create JavaScript functions that would get\n compiled with the wrong privileges, allowing an attacker to run\n code of their choice with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-14]

    • \n
  • CVE-2006-1736\n

    It is possible to trick users into downloading and saving an\n executable file via an image that is overlaid by a transparent\n image link that points to the executable. [MFSA-2006-13]

    • \n
  • CVE-2006-1737\n

    An integer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary bytecode via JavaScript\n with a large regular expression. [MFSA-2006-11]

    • \n
  • CVE-2006-1738\n

    An unspecified vulnerability allows remote attackers to cause a\n denial of service. [MFSA-2006-11]

    • \n
  • CVE-2006-1739\n

    Certain Cascading Style Sheets (CSS) can cause an out-of-bounds\n array write and buffer overflow that could lead to a denial of\n service and the possible execution of arbitrary code. [MFSA-2006-11]

    • \n
  • CVE-2006-1740\n

    It is possible for remote attackers to spoof secure site\n indicators such as the locked icon by opening the trusted site in\n a popup window, then changing the location to a malicious site.\n [MFSA-2006-12]

    • \n
  • CVE-2006-1741\n

    \"shutdown\" discovered that it is possible to inject arbitrary\n JavaScript code into a page on another site using a modal alert to\n suspend an event handler while a new page is being loaded. This\n could be used to steal confidential information. [MFSA-2006-09]

    • \n
  • CVE-2006-1742\n

    Igor Bukanov discovered that the JavaScript engine does not\n properly handle temporary variables, which might allow remote\n attackers to trigger operations on freed memory and cause memory\n corruption. [MFSA-2006-10]

    • \n
  • CVE-2006-1790\n

    A regression fix that could lead to memory corruption allows\n remote attackers to cause a denial of service and possibly execute\n arbitrary code. [MFSA-2006-11]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.2-2.

\n

We recommend that you upgrade your Mozilla Firefox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1045": "
\n

Debian Security Advisory

\n

DSA-1045-1 openvpn -- design error

\n
\n
Date Reported:
\n
27 Apr 2006
\n
Affected Packages:
\n
\nopenvpn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 360559.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17392.
In Mitre's CVE dictionary: CVE-2006-1629.
\n
More information:
\n
\n

Hendrik Weimer discovered that OpenVPN, the Virtual Private Network\ndaemon, allows to push environment variables to a client allowing a\nmalicious VPN server to take over connected clients.

\n

The old stable distribution (woody) does not contain openvpn packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.6-1.

\n

We recommend that you upgrade your openvpn package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openvpn/openvpn_2.0-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1046": "
\n

Debian Security Advisory

\n

DSA-1046-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Apr 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15773, BugTraq ID 16476, BugTraq ID 16476, BugTraq ID 16770, BugTraq ID 16881, BugTraq ID 17516.
In Mitre's CVE dictionary: CVE-2005-2353, CVE-2005-4134, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790.
CERT's vulnerabilities, advisories and incident notes: VU#179014, VU#252324, VU#329500, VU#350262, VU#488774, VU#492382, VU#592425, VU#736934, VU#813230, VU#842094, VU#932734, VU#935556.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CVE-2005-2353\n

    The \"run-mozilla.sh\" script allows local users to create or\n overwrite arbitrary files when debugging is enabled via a symlink\n attack on temporary files.

    • \n
  • CVE-2005-4134\n

    Web pages with extremely long titles cause subsequent launches of\n the browser to appear to \"hang\" for up to a few minutes, or even\n crash if the computer has insufficient memory. [MFSA-2006-03]

    • \n
  • CVE-2006-0292\n

    The JavaScript interpreter does not properly dereference objects,\n which allows remote attackers to cause a denial of service or\n execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0293\n

    The function allocation code allows attackers to cause a denial of\n service and possibly execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0296\n

    XULDocument.persist() did not validate the attribute name,\n allowing an attacker to inject arbitrary XML and JavaScript code\n into localstore.rdf that would be read and acted upon during\n startup. [MFSA-2006-05]

    • \n
  • CVE-2006-0748\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative reported that an invalid and nonsensical ordering of\n table-related tags can be exploited to execute arbitrary code.\n [MFSA-2006-27]

    • \n
  • CVE-2006-0749\n

    A particular sequence of HTML tags can cause memory corruption\n that can be exploited to execute arbitrary code. [MFSA-2006-18]

    • \n
  • CVE-2006-0884\n

    Georgi Guninski reports that forwarding mail in-line while using\n the default HTML \"rich mail\" editor will execute JavaScript\n embedded in the e-mail message with full privileges of the client.\n [MFSA-2006-21]

    • \n
  • CVE-2006-1045\n

    The HTML rendering engine does not properly block external images\n from inline HTML attachments when \"Block loading of remote images\n in mail messages\" is enabled, which could allow remote attackers\n to obtain sensitive information. [MFSA-2006-26]

    • \n
  • CVE-2006-1529\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1530\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1531\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1723\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1724\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1725\n

    Due to an interaction between XUL content windows and the history\n mechanism, some windows may to become translucent, which might\n allow remote attackers to execute arbitrary code. [MFSA-2006-29]

    • \n
  • CVE-2006-1726\n

    \"shutdown\" discovered that the security check of the function\n js_ValueToFunctionObject() can be circumvented and exploited to\n allow the installation of malware. [MFSA-2006-28]

    • \n
  • CVE-2006-1727\n

    Georgi Guninski reported two variants of using scripts in an XBL\n control to gain chrome privileges when the page is viewed under\n \"Print Preview\". [MFSA-2006-25]

    • \n
  • CVE-2006-1728\n

    \"shutdown\" discovered that the crypto.generateCRMFRequest method\n can be used to run arbitrary code with the privilege of the user\n running the browser, which could enable an attacker to install\n malware. [MFSA-2006-24]

    • \n
  • CVE-2006-1729\n

    Claus J\u00f8rgensen reported that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-23]

    • \n
  • CVE-2006-1730\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative discovered an integer overflow triggered by the CSS\n letter-spacing property, which could be exploited to execute\n arbitrary code. [MFSA-2006-22]

    • \n
  • CVE-2006-1731\n

    \"moz_bug_r_a4\" discovered that some internal functions return\n prototypes instead of objects, which allows remote attackers to\n conduct cross-site scripting attacks. [MFSA-2006-19]

    • \n
  • CVE-2006-1732\n

    \"shutdown\" discovered that it is possible to bypass same-origin\n protections, allowing a malicious site to inject script into\n content from another site, which could allow the malicious page to\n steal information such as cookies or passwords from the other\n site, or perform transactions on the user's behalf if the user\n were already logged in. [MFSA-2006-17]

    • \n
  • CVE-2006-1733\n

    \"moz_bug_r_a4\" discovered that the compilation scope of privileged\n built-in XBL bindings is not fully protected from web content and\n can still be executed which could be used to execute arbitrary\n JavaScript, which could allow an attacker to install malware such\n as viruses and password sniffers. [MFSA-2006-16]

    • \n
  • CVE-2006-1734\n

    \"shutdown\" discovered that it is possible to access an internal\n function object which could then be used to run arbitrary\n JavaScript code with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-15]

    • \n
  • CVE-2006-1735\n

    It is possible to create JavaScript functions that would get\n compiled with the wrong privileges, allowing an attacker to run\n code of their choice with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-14]

    • \n
  • CVE-2006-1736\n

    It is possible to trick users into downloading and saving an\n executable file via an image that is overlaid by a transparent\n image link that points to the executable. [MFSA-2006-13]

    • \n
  • CVE-2006-1737\n

    An integer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary bytecode via JavaScript\n with a large regular expression. [MFSA-2006-11]

    • \n
  • CVE-2006-1738\n

    An unspecified vulnerability allows remote attackers to cause a\n denial of service. [MFSA-2006-11]

    • \n
  • CVE-2006-1739\n

    Certain Cascading Style Sheets (CSS) can cause an out-of-bounds\n array write and buffer overflow that could lead to a denial of\n service and the possible execution of arbitrary code. [MFSA-2006-11]

    • \n
  • CVE-2006-1740\n

    It is possible for remote attackers to spoof secure site\n indicators such as the locked icon by opening the trusted site in\n a popup window, then changing the location to a malicious site.\n [MFSA-2006-12]

    • \n
  • CVE-2006-1741\n

    \"shutdown\" discovered that it is possible to inject arbitrary\n JavaScript code into a page on another site using a modal alert to\n suspend an event handler while a new page is being loaded. This\n could be used to steal confidential information. [MFSA-2006-09]

    • \n
  • CVE-2006-1742\n

    Igor Bukanov discovered that the JavaScript engine does not\n properly handle temporary variables, which might allow remote\n attackers to trigger operations on freed memory and cause memory\n corruption. [MFSA-2006-10]

    • \n
  • CVE-2006-1790\n

    A regression fix that could lead to memory corruption allows\n remote attackers to cause a denial of service and possibly execute\n arbitrary code. [MFSA-2006-11]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge5.

\n

For the unstable distribution (sid) these problems will be fixed in\nversion 1.7.13-1.

\n

We recommend that you upgrade your Mozilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1047": "
\n

Debian Security Advisory

\n

DSA-1047-1 resmgr -- programming error

\n
\n
Date Reported:
\n
30 Apr 2006
\n
Affected Packages:
\n
\nresmgr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2147.
\n
More information:
\n
\n

A problem has been discovered in resmgr, a resource manager library\ndaemon and PAM module, that allows local users to bypass access\ncontrol rules and open any USB device when access to one device was\ngranted.

\n

The old stable distribution (woody) does not contain resmgr packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0-2sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0-4.

\n

We recommend that you upgrade your resmgr package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.0-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/resmgr/resmgr_1.0-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1048": "
\n

Debian Security Advisory

\n

DSA-1048-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2006
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338116.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15336.
In Mitre's CVE dictionary: CVE-2005-3559, CVE-2006-1827.
\n
More information:
\n
\n

Several problems have been discovered in Asterisk, an Open Source\nPrivate Branch Exchange (telephone control center). The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2005-3559\n

    Adam Pointon discovered that due to missing input sanitising it is\n possible to retrieve recorded phone messages for a different\n extension.

    • \n
  • CVE-2006-1827\n

    Emmanouel Kellinis discovered an integer signedness error that\n could trigger a buffer overflow and hence allow the execution of\n arbitrary code.

    • \n
\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.1.11-3woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.7.dfsg.1-2sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.7.1.dfsg-1.

\n

We recommend that you upgrade your asterisk package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_0.1.11-3woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1049": "
\n

Debian Security Advisory

\n

DSA-1049-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
02 May 2006
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17682.
In Mitre's CVE dictionary: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940.
\n
More information:
\n
\n

Gerald Combs reported several vulnerabilities in ethereal, a popular\nnetwork traffic analyser. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2006-1932\n

    The OID printing routine is susceptible to an off-by-one error.

    • \n
  • CVE-2006-1933\n

    The UMA and BER dissectors could go into an infinite loop.

    • \n
  • CVE-2006-1934\n

    The Network Instruments file code could overrun a buffer.

    • \n
  • CVE-2006-1935\n

    The COPS dissector contains a potential buffer overflow.

    • \n
  • CVE-2006-1936\n

    The telnet dissector contains a buffer overflow.

    • \n
  • CVE-2006-1937\n

    Bugs in the SRVLOC and AIM dissector, and in the statistics\n counter could crash ethereal.

    • \n
  • CVE-2006-1938\n

    Null pointer dereferences in the SMB PIPE dissector and when\n reading a malformed Sniffer capture could crash ethereal.

    • \n
  • CVE-2006-1939\n

    Null pointer dereferences in the ASN.1, GSM SMS, RPC and\n ASN.1-based dissector and an invalid display filter could crash\n ethereal.

    • \n
  • CVE-2006-1940\n

    The SNDCP dissector could cause an unintended abortion.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 0.9.4-1woody15.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge5.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody15_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody15_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody15_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody15_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1050": "
\n

Debian Security Advisory

\n

DSA-1050-1 clamav -- buffer overflow

\n
\n
Date Reported:
\n
02 May 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17754.
In Mitre's CVE dictionary: CVE-2006-1989.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar and an anonymous researcher from Germany discovered a\nvulnerability in the protocol code of freshclam, a command line\nutility responsible for downloading and installing virus signature\nupdates for ClamAV, the antivirus scanner for Unix. This could lead\nto a denial of service or potentially the execution of arbitrary code.

\n

The old stable distribution (woody) does not contain clamav packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.84-2.sarge.9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.88.2-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.9_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.9_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1051": "
\n

Debian Security Advisory

\n

DSA-1051-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
04 May 2006
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 15773, BugTraq ID 16476, BugTraq ID 16476, BugTraq ID 16770, BugTraq ID 16881, BugTraq ID 17516.
In Mitre's CVE dictionary: CVE-2005-2353, CVE-2005-4134, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790.
CERT's vulnerabilities, advisories and incident notes: VU#179014, VU#252324, VU#329500, VU#350262, VU#488774, VU#492382, VU#592425, VU#736934, VU#813230, VU#842094, VU#932734, VU#935556.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla\nThunderbird. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2005-2353\n

    The \"run-mozilla.sh\" script allows local users to create or\n overwrite arbitrary files when debugging is enabled via a symlink\n attack on temporary files.

    • \n
  • CVE-2005-4134\n

    Web pages with extremely long titles cause subsequent launches of\n the browser to appear to \"hang\" for up to a few minutes, or even\n crash if the computer has insufficient memory. [MFSA-2006-03]

    • \n
  • CVE-2006-0292\n

    The JavaScript interpreter does not properly dereference objects,\n which allows remote attackers to cause a denial of service or\n execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0293\n

    The function allocation code allows attackers to cause a denial of\n service and possibly execute arbitrary code. [MFSA-2006-01]

    • \n
  • CVE-2006-0296\n

    XULDocument.persist() did not validate the attribute name,\n allowing an attacker to inject arbitrary XML and JavaScript code\n into localstore.rdf that would be read and acted upon during\n startup. [MFSA-2006-05]

    • \n
  • CVE-2006-0748\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative reported that an invalid and nonsensical ordering of\n table-related tags can be exploited to execute arbitrary code.\n [MFSA-2006-27]

    • \n
  • CVE-2006-0749\n

    A particular sequence of HTML tags can cause memory corruption\n that can be exploited to execute arbitrary code. [MFSA-2006-18]

    • \n
  • CVE-2006-0884\n

    Georgi Guninski reports that forwarding mail in-line while using\n the default HTML \"rich mail\" editor will execute JavaScript\n embedded in the e-mail message with full privileges of the client.\n [MFSA-2006-21]

    • \n
  • CVE-2006-1045\n

    The HTML rendering engine does not properly block external images\n from inline HTML attachments when \"Block loading of remote images\n in mail messages\" is enabled, which could allow remote attackers\n to obtain sensitive information. [MFSA-2006-26]

    • \n
  • CVE-2006-1529\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1530\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1531\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1723\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1724\n

    A vulnerability potentially allows remote attackers to cause a\n denial of service and possibly execute arbitrary code. [MFSA-2006-20]

    • \n
  • CVE-2006-1727\n

    Georgi Guninski reported two variants of using scripts in an XBL\n control to gain chrome privileges when the page is viewed under\n \"Print Preview\". [MFSA-2006-25]

    • \n
  • CVE-2006-1728\n

    \"shutdown\" discovered that the crypto.generateCRMFRequest method\n can be used to run arbitrary code with the privilege of the user\n running the browser, which could enable an attacker to install\n malware. [MFSA-2006-24]

    • \n
  • CVE-2006-1729\n

    Claus J\u00f8rgensen reported that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-23]

    • \n
  • CVE-2006-1730\n

    An anonymous researcher for TippingPoint and the Zero Day\n Initiative discovered an integer overflow triggered by the CSS\n letter-spacing property, which could be exploited to execute\n arbitrary code. [MFSA-2006-22]

    • \n
  • CVE-2006-1731\n

    \"moz_bug_r_a4\" discovered that some internal functions return\n prototypes instead of objects, which allows remote attackers to\n conduct cross-site scripting attacks. [MFSA-2006-19]

    • \n
  • CVE-2006-1732\n

    \"shutdown\" discovered that it is possible to bypass same-origin\n protections, allowing a malicious site to inject script into\n content from another site, which could allow the malicious page to\n steal information such as cookies or passwords from the other\n site, or perform transactions on the user's behalf if the user\n were already logged in. [MFSA-2006-17]

    • \n
  • CVE-2006-1733\n

    \"moz_bug_r_a4\" discovered that the compilation scope of privileged\n built-in XBL bindings is not fully protected from web content and\n can still be executed which could be used to execute arbitrary\n JavaScript, which could allow an attacker to install malware such\n as viruses and password sniffers. [MFSA-2006-16]

    • \n
  • CVE-2006-1734\n

    \"shutdown\" discovered that it is possible to access an internal\n function object which could then be used to run arbitrary\n JavaScript code with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-15]

    • \n
  • CVE-2006-1735\n

    It is possible to create JavaScript functions that would get\n compiled with the wrong privileges, allowing an attacker to run\n code of their choice with full permissions of the user running the\n browser, which could be used to install spyware or viruses.\n [MFSA-2006-14]

    • \n
  • CVE-2006-1736\n

    It is possible to trick users into downloading and saving an\n executable file via an image that is overlaid by a transparent\n image link that points to the executable. [MFSA-2006-13]

    • \n
  • CVE-2006-1737\n

    An integer overflow allows remote attackers to cause a denial of\n service and possibly execute arbitrary bytecode via JavaScript\n with a large regular expression. [MFSA-2006-11]

    • \n
  • CVE-2006-1738\n

    An unspecified vulnerability allows remote attackers to cause a\n denial of service. [MFSA-2006-11]

    • \n
  • CVE-2006-1739\n

    Certain Cascading Style Sheets (CSS) can cause an out-of-bounds\n array write and buffer overflow that could lead to a denial of\n service and the possible execution of arbitrary code. [MFSA-2006-11]

    • \n
  • CVE-2006-1740\n

    It is possible for remote attackers to spoof secure site\n indicators such as the locked icon by opening the trusted site in\n a popup window, then changing the location to a malicious site.\n [MFSA-2006-12]

    • \n
  • CVE-2006-1741\n

    \"shutdown\" discovered that it is possible to inject arbitrary\n JavaScript code into a page on another site using a modal alert to\n suspend an event handler while a new page is being loaded. This\n could be used to steal confidential information. [MFSA-2006-09]

    • \n
  • CVE-2006-1742\n

    Igor Bukanov discovered that the JavaScript engine does not\n properly handle temporary variables, which might allow remote\n attackers to trigger operations on freed memory and cause memory\n corruption. [MFSA-2006-10]

    • \n
  • CVE-2006-1790\n

    A regression fix that could lead to memory corruption allows\n remote attackers to cause a denial of service and possibly execute\n arbitrary code. [MFSA-2006-11]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.2-1 of thunderbird.

\n

We recommend that you upgrade your Mozilla Thunderbird packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1052": "
\n

Debian Security Advisory

\n

DSA-1052-1 cgiirc -- buffer overflows

\n
\n
Date Reported:
\n
08 May 2006
\n
Affected Packages:
\n
\ncgiirc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365680.
In Mitre's CVE dictionary: CVE-2006-2148.
\n
More information:
\n
\n

Several buffer overflows have been discovered in cgiirc, a web-based\nIRC client, which could be exploited to execute arbitrary code.

\n

The old stable distribution (woody) does not contain cgiirc packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.5.4-6sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.5.4-6sarge1.

\n

We recommend that you upgrade your cgiirc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cgiirc/cgiirc_0.5.4-6sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1053": "
\n

Debian Security Advisory

\n

DSA-1053-1 mozilla -- programming error

\n
\n
Date Reported:
\n
09 May 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17671.
In Mitre's CVE dictionary: CVE-2006-1993.
CERT's vulnerabilities, advisories and incident notes: VU#866300.
\n
More information:
\n
\n

Martijn Wargers and Nick Mott described crashes of Mozilla due to the\nuse of a deleted controller context. In theory this could be abused to\nexecute malicious code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.7.8-1sarge6.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your mozilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1054": "
\n

Debian Security Advisory

\n

DSA-1054-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
09 May 2006
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17730, BugTraq ID 17732, BugTraq ID 17733.
In Mitre's CVE dictionary: CVE-2006-2024, CVE-2006-2025, CVE-2006-2026.
\n
More information:
\n
\n

Tavis Ormandy discovered several vulnerabilities in the TIFF library\nthat can lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-2024\n

    Multiple vulnerabilities allow attackers to cause a denial of\n service.

    • \n
  • CVE-2006-2025\n

    An integer overflow allows attackers to cause a denial of service\n and possibly execute arbitrary code.

    • \n
  • CVE-2006-2026\n

    A double-free vulnerability allows attackers to cause a denial of\n service and possibly execute arbitrary code.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed\nin version 3.5.5-7woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.7.2-3sarge1.

\n

The unstable distribution (sid) is not vulnerable to these problems.

\n

We recommend that you upgrade your libtiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1055": "
\n

Debian Security Advisory

\n

DSA-1055-1 mozilla-firefox -- programming error

\n
\n
Date Reported:
\n
11 May 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17671.
In Mitre's CVE dictionary: CVE-2006-1993.
CERT's vulnerabilities, advisories and incident notes: VU#866300.
\n
More information:
\n
\n

Martijn Wargers and Nick Mott described crashes of Mozilla due to the\nuse of a deleted controller context. In theory this could be abused to\nexecute malicious code. Since Mozilla and Firefox share the same\ncodebase, Firefox may be vulnerable as well.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.4-2sarge7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.dfsg+1.5.0.3-1.

\n

We recommend that you upgrade your Mozilla Firefox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1056": "
\n

Debian Security Advisory

\n

DSA-1056-1 webcalendar -- verbose error message

\n
\n
Date Reported:
\n
15 May 2006
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366927.
In Mitre's CVE dictionary: CVE-2006-2247.
\n
More information:
\n
\n

David Maciejak noticed that webcalendar, a PHP-based multi-user\ncalendar, returns different error messages on login attempts for an\ninvalid password and a non-existing user, allowing remote attackers to\ngain information about valid usernames.

\n

The old stable distribution (woody) does not contain a webcalendar package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge4.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge4.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1057": "
\n

Debian Security Advisory

\n

DSA-1057-1 phpldapadmin -- missing input sanitising

\n
\n
Date Reported:
\n
15 May 2006
\n
Affected Packages:
\n
\nphpldapadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365313.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17643.
In Mitre's CVE dictionary: CVE-2006-2016.
\n
More information:
\n
\n

Several cross-site scripting vulnerabilities have been discovered in\nphpLDAPadmin, a web based interface for administering LDAP servers,\nthat allows remote attackers to inject arbitrary web script or HTML.

\n

The old stable distribution (woody) does not contain phpldapadmin\npackages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.5-3sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.8.3-1.

\n

We recommend that you upgrade your phpldapadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_0.9.5-3sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1058": "
\n

Debian Security Advisory

\n

DSA-1058-1 awstats -- missing input sanitising

\n
\n
Date Reported:
\n
18 May 2006
\n
Affected Packages:
\n
\nawstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 364443, Bug 365909.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17844.
In Mitre's CVE dictionary: CVE-2006-2237.
\n
More information:
\n
\n

Hendrik Weimer discovered that specially crafted web requests can\ncause awstats, a powerful and featureful web server log analyzer, to\nexecute arbitrary commands.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.4-1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.5-2.

\n

We recommend that you upgrade your awstats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1059": "
\n

Debian Security Advisory

\n

DSA-1059-1 quagga -- several vulnerabilities

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365940, Bug 366980.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17808.
In Mitre's CVE dictionary: CVE-2006-2223, CVE-2006-2224, CVE-2006-2276.
\n
More information:
\n
\n

Konstantin Gavrilenko discovered several vulnerabilities in quagga,\nthe BGP/OSPF/RIP routing daemon. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2006-2223\n

    Remote attackers may obtain sensitive information via RIPv1\n REQUEST packets even if the quagga has been configured to use MD5\n authentication.

    • \n
  • CVE-2006-2224\n

    Remote attackers could inject arbitrary routes using the RIPv1\n RESPONSE packet even if the quagga has been configured to use MD5\n authentication.

    • \n
  • CVE-2006-2276\n

    Fredrik Widell discovered that local users can cause a denial\n of service in a certain sh ip bgp command entered in the telnet\n interface.

    • \n
\n

The old stable distribution (woody) does not contain quagga packages.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.98.3-7.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.99.4-1.

\n

We recommend that you upgrade your quagga package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.dsc
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1060": "
\n

Debian Security Advisory

\n

DSA-1060-1 kernel-patch-vserver -- programming error

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\nkernel-patch-vserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2110.
\n
More information:
\n
\n

Jan Rekorajski discovered that the kernel patch for virtual private servers\ndoes not limit context capabilities to the root user within the virtual\nserver, which might lead to privilege escalation for some virtual server\nspecific operations.

\n

The old stable distribution (woody) does not contain kernel-patch-vserver\npackages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.5.6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.1-4.

\n

We recommend that you upgrade your kernel-patch-vserver package and\nrebuild your kernel immediately.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.6.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-vserver/kernel-patch-vserver_1.9.5.6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1061": "
\n

Debian Security Advisory

\n

DSA-1061-1 popfile -- missing input sanitising

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\npopfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 354464.
In Mitre's CVE dictionary: CVE-2006-0876.
\n
More information:
\n
\n

It has been discovered that popfile, a bayesian mail classifier, can\nbe forced into a crash through malformed character sets within email\nmessages, which allows denial of service.

\n

The old stable distribution (woody) does not contain popfile packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.22.2-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.22.4-1.

\n

We recommend that you upgrade your popfile package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/popfile/popfile_0.22.2-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/popfile/popfile_0.22.2-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/popfile/popfile_0.22.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/popfile/popfile_0.22.2-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1062": "
\n

Debian Security Advisory

\n

DSA-1062-1 kphone -- insecure file creation

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\nkphone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 337830.
In Mitre's CVE dictionary: CVE-2006-2442.
\n
More information:
\n
\n

Sven Dreyer discovered that KPhone, a Voice over IP client for KDE,\ncreates a configuration file world-readable, which could leak sensitive\ninformation like SIP passwords.

\n

The old stable distribution (woody) doesn't contain kphone packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.1.0-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.2-6.

\n

We recommend that you upgrade your kphone package. If your current kphonerc\nhas too lax permissions, you'll need to reset them manually.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kphone/kphone_4.1.0-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1063": "
\n

Debian Security Advisory

\n

DSA-1063-1 phpgroupware -- missing input sanitising

\n
\n
Date Reported:
\n
08 May 2006
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340094.
In Mitre's CVE dictionary: CVE-2005-2781.
\n
More information:
\n
\n

It was discovered that the Avatar upload feature of FUD Forum, a component\nof the web based groupware system phpgroupware, does not sufficiently\nvalidate uploaded files, which might lead to the execution of injected web\nscript code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.9.14-0.RC3.2.woody6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.16.005-3.sarge5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.16.009-1.

\n

We recommend that you upgrade your phpgroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api-doc_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-api_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookkeeping_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-brewer_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chora_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core-doc_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-inv_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-napster_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpwebhosting_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wap_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-weather_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.14-0.RC3.2.woody6_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.14-0.RC3.2.woody6_all.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-addressbook_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-admin_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-bookmarks_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-calendar_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-chat_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-comic_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-core_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-developer-tools_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-dj_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-eldaptir_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-email_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-etemplate_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-felamimail_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-filemanager_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-folders_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-forum_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-ftp_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-fudforum_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-headlines_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-hr_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-img_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-infolog_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-manual_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-messenger_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-news-admin_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-nntp_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-notes_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phonelog_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpbrain_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpgwapi_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-phpsysinfo_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-polls_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-preferences_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-projects_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-qmailldap_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-registration_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-setup_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-sitemgr_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-skel_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-soap_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-stocks_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-todo_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-tts_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-wiki_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-xmlrpc_0.9.16.005-3.sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.005-3.sarge5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1064": "
\n

Debian Security Advisory

\n

DSA-1064-1 cscope -- buffer overflows

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\ncscope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340177.
In Mitre's CVE dictionary: CVE-2004-2541.
\n
More information:
\n
\n

Jason Duell discovered that cscope, a source code browsing tool, does not\nverify the length of file names sourced in include statements, which may\npotentially lead to the execution of arbitrary code through specially\ncrafted source code files.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 15.3-1woody3.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 15.5-1.1sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your cscope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.3-1woody3_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1065": "
\n

Debian Security Advisory

\n

DSA-1065-1 hostapd -- missing input sanitising

\n
\n
Date Reported:
\n
19 May 2006
\n
Affected Packages:
\n
\nhostapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365897.
In Mitre's CVE dictionary: CVE-2006-2213.
\n
More information:
\n
\n

Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network\nauthenticator daemon, performs insufficient boundary checks on a key length\nvalue, which might be exploited to crash the service.

\n

The old stable distribution (woody) does not contain hostapd packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.3.7-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5-1.

\n

We recommend that you upgrade your hostapd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1066": "
\n

Debian Security Advisory

\n

DSA-1066-1 phpbb2 -- missing input sanitising

\n
\n
Date Reported:
\n
20 May 2006
\n
Affected Packages:
\n
\nphpbb2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365533.
In Mitre's CVE dictionary: CVE-2006-1896.
\n
More information:
\n
\n

It was discovered that phpbb2, a web based bulletin board, does\ninsufficiently sanitise values passed to the \"Font Colour 3\" setting,\nwhich might lead to the execution of injected code by admin users.

\n

The old stable distribution (woody) does not contain phpbb2 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.13+1-6sarge3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your phpbb2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1067": "
\n

Debian Security Advisory

\n

DSA-1067-1 kernel-source-2.4.16 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 May 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.16
kernel-image-2.4.16-lart
kernel-image-2.4.16-riscpc
kernel-image-2.4.16-netwinder\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-0427\n

    A local denial of service vulnerability in do_fork() has been found.

    • \n
  • CVE-2005-0489\n

    A local denial of service vulnerability in proc memory handling has\n been found.

    • \n
  • CVE-2004-0394\n

    A buffer overflow in the panic handling code has been found.

    • \n
  • CVE-2004-0447\n

    A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found.

    • \n
  • CVE-2004-0554\n

    A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found.

    • \n
  • CVE-2004-0565\n

    An information leak in the context switch code has been found on\n the IA64 architecture.

    • \n
  • CVE-2004-0685\n

    Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information.

    • \n
  • CVE-2005-0001\n

    A race condition in the i386 page fault handler may allow privilege\n escalation.

    • \n
  • CVE-2004-0883\n

    Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service or information disclosure.

    • \n
  • CVE-2004-0949\n

    An information leak discovered in the SMB filesystem code.

    • \n
  • CVE-2004-1016\n

    A local denial of service vulnerability has been found in the SCM layer.

    • \n
  • CVE-2004-1333\n

    An integer overflow in the terminal code may allow a local denial of\n service vulnerability.

    • \n
  • CVE-2004-0997\n

    A local privilege escalation in the MIPS assembly code has been found.

    • \n
  • CVE-2004-1335\n

    A memory leak in the ip_options_get() function may lead to denial of\n service.

    • \n
  • CVE-2004-1017\n

    Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.

    • \n
  • CVE-2005-0124\n

    Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.

    • \n
  • CVE-2003-0984\n

    Inproper initialization of the RTC may disclose information.

    • \n
  • CVE-2004-1070\n

    Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation.

    • \n
  • CVE-2004-1071\n

    Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation.

    • \n
  • CVE-2004-1072\n

    A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service.

    • \n
  • CVE-2004-1073\n

    The open_exec function may disclose information.

    • \n
  • CVE-2004-1074\n

    The binfmt code is vulnerable to denial of service through malformed\n a.out binaries.

    • \n
  • CVE-2004-0138\n

    A denial of service vulnerability in the ELF loader has been found.

    • \n
  • CVE-2004-1068\n

    A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation.

    • \n
  • CVE-2004-1234\n

    The ELF loader is vulnerable to denial of service through malformed\n binaries.

    • \n
  • CVE-2005-0003\n

    Crafted ELF binaries may lead to privilege escalation, due to\n insufficient checking of overlapping memory regions.

    • \n
  • CVE-2004-1235\n

    A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation.

    • \n
  • CVE-2005-0504\n

    An integer overflow in the Moxa driver may lead to privilege escalation.

    • \n
  • CVE-2005-0384\n

    A remote denial of service vulnerability has been found in the PPP\n driver.

    • \n
  • CVE-2005-0135\n

    An IA64 specific local denial of service vulnerability has been found\n in the unw_unwind_to_user() function.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfixes the problems mentioned above:

\n
\n\n\n\n\n\n
Debian 3.0 (woody)
Source 2.4.16-1woody2
arm/lart 20040419woody1
arm/netwinder 20040419woody1
arm/riscpc 20040419woody1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16.orig.tar.gz
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-lart/kernel-image-2.4.16-lart_20040419woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-headers-2.4.16_20040419woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-netwinder/kernel-image-2.4.16-netwinder_20040419woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.16-riscpc/kernel-image-2.4.16-riscpc_20040419woody1_arm.deb
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-doc-2.4.16_2.4.16-1woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.16/kernel-source-2.4.16_2.4.16-1woody3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1068": "
\n

Debian Security Advisory

\n

DSA-1068-1 fbi -- insecure temporary file

\n
\n
Date Reported:
\n
20 May 2006
\n
Affected Packages:
\n
\nfbi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 361370.
In Mitre's CVE dictionary: CVE-2006-1695.
\n
More information:
\n
\n

Jan Braun discovered that the fbgs script of fbi, an image viewer for\nthe framebuffer environment, creates an directory in a predictable manner,\nwhich allows denial of service through symlink attacks.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.23woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.01-1.2sarge1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your fbi package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_1.23woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1069": "
\n

Debian Security Advisory

\n

DSA-1069-1 kernel-source-2.4.18 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 May 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.18
kernel-image-2.4.18-1-alpha
kernel-image-2.4.18-1-i386
kernel-image-2.4.18-hppa
kernel-image-2.4.18-powerpc-xfs
kernel-patch-2.4.18-powerpc
kernel-patch-benh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-0427\n

    A local denial of service vulnerability in do_fork() has been found.

    • \n
  • CVE-2005-0489\n

    A local denial of service vulnerability in proc memory handling has\n been found.

    • \n
  • CVE-2004-0394\n

    A buffer overflow in the panic handling code has been found.

    • \n
  • CVE-2004-0447\n

    A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found.

    • \n
  • CVE-2004-0554\n

    A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found.

    • \n
  • CVE-2004-0565\n

    An information leak in the context switch code has been found on\n the IA64 architecture.

    • \n
  • CVE-2004-0685\n

    Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information.

    • \n
  • CVE-2005-0001\n

    A race condition in the i386 page fault handler may allow privilege\n escalation.

    • \n
  • CVE-2004-0883\n

    Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service or information disclosure.

    • \n
  • CVE-2004-0949\n

    An information leak discovered in the SMB filesystem code.

    • \n
  • CVE-2004-1016\n

    A local denial of service vulnerability has been found in the SCM layer.

    • \n
  • CVE-2004-1333\n

    An integer overflow in the terminal code may allow a local denial of\n service vulnerability.

    • \n
  • CVE-2004-0997\n

    A local privilege escalation in the MIPS assembly code has been found.

    • \n
  • CVE-2004-1335\n

    A memory leak in the ip_options_get() function may lead to denial of\n service.

    • \n
  • CVE-2004-1017\n

    Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.

    • \n
  • CVE-2005-0124\n

    Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.

    • \n
  • CVE-2003-0984\n

    Inproper initialization of the RTC may disclose information.

    • \n
  • CVE-2004-1070\n

    Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation.

    • \n
  • CVE-2004-1071\n

    Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation.

    • \n
  • CVE-2004-1072\n

    A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service.

    • \n
  • CVE-2004-1073\n

    The open_exec function may disclose information.

    • \n
  • CVE-2004-1074\n

    The binfmt code is vulnerable to denial of service through malformed\n a.out binaries.

    • \n
  • CVE-2004-0138\n

    A denial of service vulnerability in the ELF loader has been found.

    • \n
  • CVE-2004-1068\n

    A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation.

    • \n
  • CVE-2004-1234\n

    The ELF loader is vulnerable to denial of service through malformed\n binaries.

    • \n
  • CVE-2005-0003\n

    Crafted ELF binaries may lead to privilege escalation, due to\n insufficient checking of overlapping memory regions.

    • \n
  • CVE-2004-1235\n

    A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation.

    • \n
  • CVE-2005-0504\n

    An integer overflow in the Moxa driver may lead to privilege escalation.

    • \n
  • CVE-2005-0384\n

    A remote denial of service vulnerability has been found in the PPP\n driver.

    • \n
  • CVE-2005-0135\n

    An IA64 specific local denial of service vulnerability has been found\n in the unw_unwind_to_user() function.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfixes the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n
Debian 3.0 (woody)
Source 2.4.18-14.4
Alpha architecture 2.4.18-15woody1
Intel IA-32 architecture 2.4.18-13.2
HP Precision architecture 62.4
PowerPC architecture 2.4.18-1woody6
PowerPC architecture/XFS 20020329woody1
PowerPC architecture/benh 20020304woody1
Sun Sparc architecture 22woody1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-alpha_2.4.18-15woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-i386_2.4.18-13.2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-powerpc-xfs/kernel-image-2.4.18-powerpc-xfs_20020329woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-powerpc-xfs/kernel-image-2.4.18-powerpc-xfs_20020329woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-benh/kernel-patch-benh_20020304woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-benh/kernel-patch-benh_20020304woody1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-doc-2.4.18_2.4.18-14.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.18/kernel-source-2.4.18_2.4.18-14.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-patch-2.4.18-powerpc_2.4.18-1woody6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-benh/kernel-patch-benh_20020304woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1_2.4.18-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-generic_2.4.18-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-headers-2.4.18-1-smp_2.4.18-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-generic_2.4.18-15woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-alpha/kernel-image-2.4.18-1-smp_2.4.18-15woody1_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-386_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-586tsc_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-686-smp_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k6_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-headers-2.4.18-1-k7_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-386_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-586tsc_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-686-smp_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k6_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-386_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-586tsc_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-686-smp_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k6_2.4.18-13.2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-pcmcia-modules-2.4.18-1-k7_2.4.18-13.2_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-powerpc-xfs/kernel-image-2.4.18-powerpc-xfs_20020329woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-headers-2.4.18_2.4.18-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-newpmac_2.4.18-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc_2.4.18-1woody6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.18-powerpc/kernel-image-2.4.18-powerpc-smp_2.4.18-1woody6_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1070": "
\n

Debian Security Advisory

\n

DSA-1070-1 kernel-source-2.4.19 -- several vulnerabilities

\n
\n
Date Reported:
\n
21 May 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.19
kernel-image-sparc-2.4
kernel-patch-2.4.19-mips\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-0427\n

    A local denial of service vulnerability in do_fork() has been found.

    • \n
  • CVE-2005-0489\n

    A local denial of service vulnerability in proc memory handling has\n been found.

    • \n
  • CVE-2004-0394\n

    A buffer overflow in the panic handling code has been found.

    • \n
  • CVE-2004-0447\n

    A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found.

    • \n
  • CVE-2004-0554\n

    A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found.

    • \n
  • CVE-2004-0565\n

    An information leak in the context switch code has been found on\n the IA64 architecture.

    • \n
  • CVE-2004-0685\n

    Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information.

    • \n
  • CVE-2005-0001\n

    A race condition in the i386 page fault handler may allow privilege\n escalation.

    • \n
  • CVE-2004-0883\n

    Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service or information disclosure.

    • \n
  • CVE-2004-0949\n

    An information leak discovered in the SMB filesystem code.

    • \n
  • CVE-2004-1016\n

    A local denial of service vulnerability has been found in the SCM layer.

    • \n
  • CVE-2004-1333\n

    An integer overflow in the terminal code may allow a local denial of\n service vulnerability.

    • \n
  • CVE-2004-0997\n

    A local privilege escalation in the MIPS assembly code has been found.

    • \n
  • CVE-2004-1335\n

    A memory leak in the ip_options_get() function may lead to denial of\n service.

    • \n
  • CVE-2004-1017\n

    Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.

    • \n
  • CVE-2005-0124\n

    Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.

    • \n
  • CVE-2003-0984\n

    Inproper initialization of the RTC may disclose information.

    • \n
  • CVE-2004-1070\n

    Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation.

    • \n
  • CVE-2004-1071\n

    Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation.

    • \n
  • CVE-2004-1072\n

    A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service.

    • \n
  • CVE-2004-1073\n

    The open_exec function may disclose information.

    • \n
  • CVE-2004-1074\n

    The binfmt code is vulnerable to denial of service through malformed\n a.out binaries.

    • \n
  • CVE-2004-0138\n

    A denial of service vulnerability in the ELF loader has been found.

    • \n
  • CVE-2004-1068\n

    A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation.

    • \n
  • CVE-2004-1234\n

    The ELF loader is vulnerable to denial of service through malformed\n binaries.

    • \n
  • CVE-2005-0003\n

    Crafted ELF binaries may lead to privilege escalation, due to\n insufficient checking of overlapping memory regions.

    • \n
  • CVE-2004-1235\n

    A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation.

    • \n
  • CVE-2005-0504\n

    An integer overflow in the Moxa driver may lead to privilege escalation.

    • \n
  • CVE-2005-0384\n

    A remote denial of service vulnerability has been found in the PPP\n driver.

    • \n
  • CVE-2005-0135\n

    An IA64 specific local denial of service vulnerability has been found\n in the unw_unwind_to_user() function.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfixes the problems mentioned above:

\n
\n\n\n\n\n
Debian 3.0 (woody)
Source 2.4.19-4
Sun Sparc architecture 26woody1
Little endian MIPS architecture0.020911.1.woody5
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-sparc-2.4_26woody1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.18-sparc_22woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-headers-2.4.19-sparc_26woody1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-patch-2.4.19-mips_2.4.19-0.020911.1.woody5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-doc-2.4.19_2.4.19-4.woody3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.19/kernel-source-2.4.19_2.4.19-4.woody3_all.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u_22woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.18-sun4u-smp_22woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u_26woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-sparc-2.4/kernel-image-2.4.19-sun4u-smp_26woody1_sparc.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-headers-2.4.19_2.4.19-0.020911.1.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r4k-ip22_2.4.19-0.020911.1.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/kernel-image-2.4.19-r5k-ip22_2.4.19-0.020911.1.woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.19-mips/mips-tools_2.4.19-0.020911.1.woody5_mips.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1071": "
\n

Debian Security Advisory

\n

DSA-1071-1 mysql -- several vulnerabilities

\n
\n
Date Reported:
\n
22 May 2006
\n
Affected Packages:
\n
\nmysql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366044, Bug 366049, Bug 366163.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16850, BugTraq ID 17780.
In Mitre's CVE dictionary: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:

\n
    \n
  • CVE-2006-0903\n

    Improper handling of SQL queries containing the NULL character\n allows local users to bypass logging mechanisms.

    • \n
  • CVE-2006-1516\n

    Usernames without a trailing null byte allow remote attackers to\n read portions of memory.

    • \n
  • CVE-2006-1517\n

    A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.

    • \n
  • CVE-2006-1518\n

    Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.

    • \n
\n

The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49-8.15.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql_3.23.49.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-common_3.23.49-8.15_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-doc_3.23.49-8.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10_3.23.49-8.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/libmysqlclient10-dev_3.23.49-8.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-client_3.23.49-8.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql/mysql-server_3.23.49-8.15_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1072": "
\n

Debian Security Advisory

\n

DSA-1072-1 nagios -- buffer overflow

\n
\n
Date Reported:
\n
22 May 2006
\n
Affected Packages:
\n
\nnagios\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366682, Bug 366683, Bug 368193.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17879.
In Mitre's CVE dictionary: CVE-2006-2162, CVE-2006-2489.
\n
More information:
\n
\n

A buffer overflow has been discovered in nagios, a host, service and\nnetwork monitoring and management system, that could be exploited by\nremote attackers to execute arbitrary code.

\n

The old stable distribution (woody) does not contain nagios packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.3-cvs.20050402-2.sarge.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4-1 and 2.3-1.

\n

We recommend that you upgrade your nagios package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.dsc
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios_1.3-cvs.20050402.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-common_1.3-cvs.20050402-2.sarge.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-mysql_1.3-cvs.20050402-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios/nagios-text_1.3-cvs.20050402-2.sarge.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1073": "
\n

Debian Security Advisory

\n

DSA-1073-1 mysql-dfsg-4.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 May 2006
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366043, Bug 366048, Bug 366162.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16850, BugTraq ID 17780.
In Mitre's CVE dictionary: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518.
CERT's vulnerabilities, advisories and incident notes: VU#602457.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:

\n
    \n
  • CVE-2006-0903\n

    Improper handling of SQL queries containing the NULL character\n allows local users to bypass logging mechanisms.

    • \n
  • CVE-2006-1516\n

    Usernames without a trailing null byte allow remote attackers to\n read portions of memory.

    • \n
  • CVE-2006-1517\n

    A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.

    • \n
  • CVE-2006-1518\n

    Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.

    • \n
\n

The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1074": "
\n

Debian Security Advisory

\n

DSA-1074-1 mpg123 -- buffer overflow

\n
\n
Date Reported:
\n
24 May 2006
\n
Affected Packages:
\n
\nmpg123\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 361863.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17365.
In Mitre's CVE dictionary: CVE-2006-1655.
\n
More information:
\n
\n

A. Alejandro Hern\u00e1ndez discovered a vulnerability in mpg123, a\ncommand-line player for MPEG audio files. Insufficient validation of\nMPEG 2.0 layer 3 files results in several buffer overflows.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.59r-20sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.59r-22.

\n

We recommend that you upgrade your mpg123 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1.dsc
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1.diff.gz
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-nas_0.59r-20sarge1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-3dnow_0.59r-20sarge1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-oss-i486_0.59r-20sarge1_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123-esd_0.59r-20sarge1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/non-free/m/mpg123/mpg123_0.59r-20sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1075": "
\n

Debian Security Advisory

\n

DSA-1075-1 awstats -- programming error

\n
\n
Date Reported:
\n
26 May 2006
\n
Affected Packages:
\n
\nawstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 365910.
In Mitre's CVE dictionary: CVE-2006-2644.
\n
More information:
\n
\n

Hendrik Weimer discovered that awstats can execute arbitrary commands\nunder the user id the web-server runs when users are allowed to supply\narbitrary configuration files. Even though, this bug was referenced\nin DSA 1058 accidentally, it was not fixed yet.

\n

The new default behaviour is not to accept arbitrary configuration\ndirectories from the user. This can be overwritten by the\nAWSTATS_ENABLE_CONFIG_DIR environment variable when users are to be\ntrusted.

\n

The old stable distribution (woody) does not seem to be affected by\nthis problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.4-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.5-2.

\n

We recommend that you upgrade your awstats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.4-1sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1076": "
\n

Debian Security Advisory

\n

DSA-1076-1 lynx -- programming error

\n
\n
Date Reported:
\n
26 May 2006
\n
Affected Packages:
\n
\nlynx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 296340.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11443.
In Mitre's CVE dictionary: CVE-2004-1617.
\n
More information:
\n
\n

Michal Zalewski discovered that lynx, the popular text-mode WWW\nBrowser, is not able to grok invalid HTML including a TEXTAREA tag\nwith a large COLS value and a large tag name in an element that is not\nterminated, and loops forever trying to render the broken HTML.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.8.5-2sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.8.5-2sarge2.

\n

We recommend that you upgrade your lynx package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.5-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1077": "
\n

Debian Security Advisory

\n

DSA-1077-1 lynx-ssl -- programming error

\n
\n
Date Reported:
\n
26 May 2006
\n
Affected Packages:
\n
\nlynx-ssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 296340.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11443.
In Mitre's CVE dictionary: CVE-2004-1617.
\n
More information:
\n
\n

Michal Zalewski discovered that lynx, the popular text-mode WWW\nBrowser, is not able to grok invalid HTML including a TEXTAREA tag\nwith a large COLS value and a large tag name in an element that is not\nterminated, and loops forever trying to render the broken HTML. The\nsame code is present in lynx-ssl.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.8.4.1b-3.3.

\n

The stable distribution (sarge) does not contain lynx-ssl packages\nanymore.

\n

The unstable distribution (sid) does not contain lynx-ssl packages\nanymore.

\n

We recommend that you upgrade your lynx-ssl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1078": "
\n

Debian Security Advisory

\n

DSA-1078-1 tiff -- out-of-bounds read

\n
\n
Date Reported:
\n
27 May 2006
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366588.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17809.
In Mitre's CVE dictionary: CVE-2006-2120.
\n
More information:
\n
\n

Andrey Kiselev discovered a problem in the TIFF library that may allow\nan attacker with a specially crafted TIFF image with Yr/Yg/Yb values\nthat exceed the YCR/YCG/YCB values to crash the library and hence the\nsurrounding application.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-4.

\n

The unstable distribution (sid) is not affected by this problem.

\n

We recommend that you upgrade your tiff packages and restart the\nprograms using it.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1079": "
\n

Debian Security Advisory

\n

DSA-1079-1 mysql-dfsg -- several vulnerabilities

\n
\n
Date Reported:
\n
29 May 2006
\n
Affected Packages:
\n
\nmysql-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366044, Bug 366049, Bug 366163.
In the Bugtraq database (at SecurityFocus): BugTraq ID 16850, BugTraq ID 17780.
In Mitre's CVE dictionary: CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-1518.
CERT's vulnerabilities, advisories and incident notes: VU#602457.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in MySQL, a popular SQL\ndatabase. The Common Vulnerabilities and Exposures Project identifies\nthe following problems:

\n
    \n
  • CVE-2006-0903\n

    Improper handling of SQL queries containing the NULL character\n allows local users to bypass logging mechanisms.

    • \n
  • CVE-2006-1516\n

    Usernames without a trailing null byte allow remote attackers to\n read portions of memory.

    • \n
  • CVE-2006-1517\n

    A request with an incorrect packet length allows remote attackers\n to obtain sensitive information.

    • \n
  • CVE-2006-1518\n

    Specially crafted request packets with invalid length values allow\n the execution of arbitrary code.

    • \n
\n

The following vulnerability matrix shows which version of MySQL in\nwhich distribution has this problem fixed:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0woodysargesid
mysql3.23.49-8.15n/an/a
mysql-dfsgn/a4.0.24-10sarge2n/a
mysql-dfsg-4.1n/a4.1.11a-4sarge3n/a
mysql-dfsg-5.0n/an/a5.0.21-3
\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1080": "
\n

Debian Security Advisory

\n

DSA-1080-1 dovecot -- programming error

\n
\n
Date Reported:
\n
29 May 2006
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2414.
\n
More information:
\n
\n

A problem has been discovered in the IMAP component of Dovecot, a\nsecure mail server that supports mbox and maildir mailboxes, which can\nlead to information disclosure via directory traversal by\nauthenticated users.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.99.14-1sarge0.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0beta8-1.

\n

We recommend that you upgrade your dovecot-imapd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.dsc
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1081": "
\n

Debian Security Advisory

\n

DSA-1081-1 libextractor -- buffer overflow

\n
\n
Date Reported:
\n
29 May 2006
\n
Affected Packages:
\n
\nlibextractor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18021.
In Mitre's CVE dictionary: CVE-2006-2458.
\n
More information:
\n
\n

Luigi Auriemma discovered a buffer overflow in the processing of ASF\nfiles in libextractor, a library to extract arbitrary meta-data from\nfiles, which can lead to the execution of arbitrary code.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.4.2-2sarge5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.5.14-1.

\n

We recommend that you upgrade your libextractor packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1082": "
\n

Debian Security Advisory

\n

DSA-1082-1 kernel-source-2.4.17 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 May 2006
\n
Affected Packages:
\n
\nkernel-image-2.4.17-hppa
kernel-image-2.4.17-ia64
kernel-image-2.4.17-s390
kernel-patch-2.4.17-apus
kernel-patch-2.4.17-mips
kernel-patch-2.4.17-s390
kernel-source-2.4.17\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-0427\n

    A local denial of service vulnerability in do_fork() has been found.

    • \n
  • CVE-2005-0489\n

    A local denial of service vulnerability in proc memory handling has\n been found.

    • \n
  • CVE-2004-0394\n

    A buffer overflow in the panic handling code has been found.

    • \n
  • CVE-2004-0447\n

    A local denial of service vulnerability through a null pointer\n dereference in the IA64 process handling code has been found.

    • \n
  • CVE-2004-0554\n

    A local denial of service vulnerability through an infinite loop in\n the signal handler code has been found.

    • \n
  • CVE-2004-0565\n

    An information leak in the context switch code has been found on\n the IA64 architecture.

    • \n
  • CVE-2004-0685\n

    Unsafe use of copy_to_user in USB drivers may disclose sensitive\n information.

    • \n
  • CVE-2005-0001\n

    A race condition in the i386 page fault handler may allow privilege\n escalation.

    • \n
  • CVE-2004-0883\n

    Multiple vulnerabilities in the SMB filesystem code may allow denial\n of service or information disclosure.

    • \n
  • CVE-2004-0949\n

    An information leak discovered in the SMB filesystem code.

    • \n
  • CVE-2004-1016\n

    A local denial of service vulnerability has been found in the SCM layer.

    • \n
  • CVE-2004-1333\n

    An integer overflow in the terminal code may allow a local denial of\n service vulnerability.

    • \n
  • CVE-2004-0997\n

    A local privilege escalation in the MIPS assembly code has been found.

    • \n
  • CVE-2004-1335\n

    A memory leak in the ip_options_get() function may lead to denial of\n service.

    • \n
  • CVE-2004-1017\n

    Multiple overflows exist in the io_edgeport driver which might be usable\n as a denial of service attack vector.

    • \n
  • CVE-2005-0124\n

    Bryan Fulton reported a bounds checking bug in the coda_pioctl function\n which may allow local users to execute arbitrary code or trigger a denial\n of service attack.

    • \n
  • CVE-2003-0984\n

    Inproper initialization of the RTC may disclose information.

    • \n
  • CVE-2004-1070\n

    Insufficient input sanitising in the load_elf_binary() function may\n lead to privilege escalation.

    • \n
  • CVE-2004-1071\n

    Incorrect error handling in the binfmt_elf loader may lead to privilege\n escalation.

    • \n
  • CVE-2004-1072\n

    A buffer overflow in the binfmt_elf loader may lead to privilege\n escalation or denial of service.

    • \n
  • CVE-2004-1073\n

    The open_exec function may disclose information.

    • \n
  • CVE-2004-1074\n

    The binfmt code is vulnerable to denial of service through malformed\n a.out binaries.

    • \n
  • CVE-2004-0138\n

    A denial of service vulnerability in the ELF loader has been found.

    • \n
  • CVE-2004-1068\n

    A programming error in the unix_dgram_recvmsg() function may lead to\n privilege escalation.

    • \n
  • CVE-2004-1234\n

    The ELF loader is vulnerable to denial of service through malformed\n binaries.

    • \n
  • CVE-2005-0003\n

    Crafted ELF binaries may lead to privilege escalation, due to\n insufficient checking of overlapping memory regions.

    • \n
  • CVE-2004-1235\n

    A race condition in the load_elf_library() and binfmt_aout() functions\n may allow privilege escalation.

    • \n
  • CVE-2005-0504\n

    An integer overflow in the Moxa driver may lead to privilege escalation.

    • \n
  • CVE-2005-0384\n

    A remote denial of service vulnerability has been found in the PPP\n driver.

    • \n
  • CVE-2005-0135\n

    An IA64 specific local denial of service vulnerability has been found\n in the unw_unwind_to_user() function.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfixes the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.4.17-1woody4
HP Precision architecture 32.5
Intel IA-64 architecture 011226.18
IBM S/390 architecture/image2.4.17-2.woody.5
IBM S/390 architecture/patch0.0.20020816-0.woody.4
PowerPC architecture (apus) 2.4.17-6
MIPS architecture 2.4.17-0.020226.2.woody7
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-hppa_32.5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-ia64_011226.18.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-source-2.4.17-hppa_32.5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-source-2.4.17-ia64_011226.18_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-patch-2.4.17-mips_2.4.17-0.020226.2.woody7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-s390/kernel-patch-2.4.17-s390_0.0.20020816-0.woody.4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-doc-2.4.17_2.4.17-1woody4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_all.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-headers-2.4.17-hppa_32.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32_32.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-32-smp_32.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64_32.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-hppa/kernel-image-2.4.17-64-smp_32.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_hppa.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-headers-2.4.17-ia64_011226.18_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium_011226.18_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-itanium-smp_011226.18_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley_011226.18_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-ia64/kernel-image-2.4.17-mckinley-smp_011226.18_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody4_ia64.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-headers-2.4.17_2.4.17-2.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.17-s390/kernel-image-2.4.17-s390_2.4.17-2.woody.5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_s390.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-headers-2.4.17-apus_2.4.17-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-2.4.17-apus_2.4.17-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-image-apus_2.4.17-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-apus/kernel-patch-2.4.17-apus_2.4.17-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_powerpc.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-ip22_2.4.17-0.020226.2.woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r5k-ip22_2.4.17-0.020226.2.woody7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-headers-2.4.17_2.4.17-0.020226.2.woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r3k-kn02_2.4.17-0.020226.2.woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/kernel-image-2.4.17-r4k-kn04_2.4.17-0.020226.2.woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.17-mips/mips-tools_2.4.17-0.020226.2.woody7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_mipsel.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_m68k.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.17/mkcramfs_2.4.17-1woody3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1083": "
\n

Debian Security Advisory

\n

DSA-1083-1 motor -- buffer overflow

\n
\n
Date Reported:
\n
31 May 2006
\n
Affected Packages:
\n
\nmotor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 368400.
In Mitre's CVE dictionary: CVE-2005-3863.
\n
More information:
\n
\n

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in motor, an integrated development\nenvironment for C, C++ and Java, which may lead local attackers to\nexecute arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.2.2-2woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.4.0-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.4.0-6.

\n

We recommend that you upgrade your motor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.dsc
\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.2.2-2woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/motor/motor-common_3.4.0-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/motor/motor_3.4.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/motor/motor-fribidi_3.4.0-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1084": "
\n

Debian Security Advisory

\n

DSA-1084-1 typespeed -- buffer overflow

\n
\n
Date Reported:
\n
31 May 2006
\n
Affected Packages:
\n
\ntypespeed\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1515.
\n
More information:
\n
\n

Niko Tyni discovered a buffer overflow in the processing of network\ndata in typespeed, a game for testing and improving typing speed, which\ncould lead to the execution of arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.4.1-2.4.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.4.4-8sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.4.4-10.

\n

We recommend that you upgrade your typespeed packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1085": "
\n

Debian Security Advisory

\n

DSA-1085-1 lynx-cur -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jun 2006
\n
Affected Packages:
\n
\nlynx-cur\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 296340.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11443.
In Mitre's CVE dictionary: CVE-2004-1617, CVE-2005-3120.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in lynx, the popular\ntext-mode WWW browser. The Common Vulnerabilities and Exposures\nProject identifies the following vulnerabilities:

\n
    \n
  • CVE-2004-1617\n

    Michal Zalewski discovered that lynx is not able to grok invalid\n HTML including a TEXTAREA tag with a large COLS value and a large\n tag name in an element that is not terminated, and loops forever\n trying to render the broken HTML.

    • \n
  • CVE-2005-3120\n

    Ulf H\u00e4rnhammar discovered a buffer overflow that can be remotely\n exploited. During the handling of Asian characters when connecting\n to an NNTP server lynx can be tricked to write past the boundary\n of a buffer which can lead to the execution of arbitrary code.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 2.8.5-2.5woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.6-9sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your lynx-cur package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur-wrapper_2.8.5-2.5woody1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.5-2.5woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur-wrapper_2.8.6-9sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lynx-cur/lynx-cur_2.8.6-9sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1086": "
\n

Debian Security Advisory

\n

DSA-1086-1 xmcd -- design flaw

\n
\n
Date Reported:
\n
02 Jun 2006
\n
Affected Packages:
\n
\nxmcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 366816.
In Mitre's CVE dictionary: CVE-2006-2542.
\n
More information:
\n
\n

The xmcdconfig creates directories world-writeable allowing local\nusers to fill the /usr and /var partition and hence cause a denial of\nservice. This problem has been half-fixed since version 2.3-1.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 2.6-14woody1.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.6-17sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.6-18.

\n

We recommend that you upgrade your xmcd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1087": "
\n

Debian Security Advisory

\n

DSA-1087-1 postgresql -- programming error

\n
\n
Date Reported:
\n
03 Jun 2006
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2313, CVE-2006-2314.
\n
More information:
\n
\n

Several encoding problems have been discovered in PostgreSQL, a\npopular SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2006-2313\n

    Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling\n of invalidly-encoded multibyte text data which could allow an\n attacker to inject arbitrary SQL commands.

    • \n
  • CVE-2006-2314\n

    A similar problem exists in client-side encodings (such as SJIS,\n BIG5, GBK, GB18030, and UHC) which contain valid multibyte\n characters that end with the backslash character. An attacker\n could supply a specially crafted byte sequence that is able to\n inject arbitrary SQL commands.

    \n

    This issue does not affect you if you only use single-byte (like\n SQL_ASCII or the ISO-8859-X family) or unaffected multibyte (like\n UTF-8) encodings.

    \n

    psycopg and python-pgsql use the old encoding for binary data and\n may have to be updated.

    • \n
\n

The old stable distribution (woody) is affected by these problems but\nwe're unable to correct the package.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 7.4.7-6sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 7.4.13-1.

\n

We recommend that you upgrade your postgresql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1088": "
\n

Debian Security Advisory

\n

DSA-1088-1 centericq -- buffer overflow

\n
\n
Date Reported:
\n
03 Jun 2006
\n
Affected Packages:
\n
\ncentericq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 340959.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15600.
In Mitre's CVE dictionary: CVE-2005-3863.
\n
More information:
\n
\n

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the\nktools library which is used in centericq, a text-mode multi-protocol\ninstant messenger client, which may lead local or remote attackers to\nexecute arbitrary code.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 4.5.1-1.1woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.20.0-1sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.21.0-6.

\n

We recommend that you upgrade your centericq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1089": "
\n

Debian Security Advisory

\n

DSA-1089-1 freeradius -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jun 2006
\n
Affected Packages:
\n
\nfreeradius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 359042.
In the Bugtraq database (at SecurityFocus): BugTraq ID 17171, BugTraq ID 17293.
In Mitre's CVE dictionary: CVE-2005-4744, CVE-2006-1354.
\n
More information:
\n
\n

Several problems have been discovered in freeradius, a\nhigh-performance and highly configurable RADIUS server. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2005-4744\n

    SuSE researchers have discovered several off-by-one errors may\n allow remote attackers to cause a denial of service and possibly\n execute arbitrary code.

    • \n
  • CVE-2006-1354\n

    Due to insufficient input validation it is possible for a remote\n attacker to bypass authentication or cause a denial of service.

    • \n
\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.2-4sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.0-1.2.

\n

We recommend that you upgrade your freeradius package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-dialupadmin_1.0.2-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1090": "
\n

Debian Security Advisory

\n

DSA-1090-1 spamassassin -- programming error

\n
\n
Date Reported:
\n
06 Jun 2006
\n
Affected Packages:
\n
\nspamassassin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2447.
\n
More information:
\n
\n

A vulnerability has been discovered in SpamAssassin, a Perl-based spam\nfilter using text analysis, that can allow remote attackers to execute\narbitrary commands. This problem only affects systems where spamd is\nreachable via the internet and used with vpopmail virtual users, via\nthe \"-v\" / \"--vpopmail\" switch, and with the \"-P\" / \"--paranoid\"\nswitch which is not the default setting on Debian.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.3-2sarge1.

\n

For the volatile archive for the stable distribution (sarge) this\nproblem has been fixed in version 3.1.0a-0volatile3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1.3-1.

\n

We recommend that you upgrade your spamd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamassassin_3.0.3-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/spamassassin/spamc_3.0.3-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1091": "
\n

Debian Security Advisory

\n

DSA-1091-1 tiff -- buffer overflows

\n
\n
Date Reported:
\n
08 Jun 2006
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 369819.
In Mitre's CVE dictionary: CVE-2006-2656, CVE-2006-2193.
\n
More information:
\n
\n

Several problems have been discovered in the TIFF library. The Common\nVulnerabilities and Exposures project identifies the following issues:

\n
    \n
  • CVE-2006-2193\n

    SuSE discovered a buffer overflow in the conversion of TIFF files\n into PDF documents which could be exploited when tiff2pdf is used\n e.g. in a printer filter.

    • \n
  • CVE-2006-2656\n

    The tiffsplit command from the TIFF library contains a buffer\n overflow in the commandline handling which could be exploited when\n the program is executed automatically on unknown filenames.

    • \n
\n

For the old stable distribution (woody) this problem has been fixed in\nversion 3.5.5-7woody2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.7.2-5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.8.2-4.

\n

We recommend that you upgrade your tiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5-7woody2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.5.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5.5-7woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7woody2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5.5-7woody2_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-5.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1092": "
\n

Debian Security Advisory

\n

DSA-1092-1 mysql-dfsg-4.1 -- programming error

\n
\n
Date Reported:
\n
08 Jun 2006
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18219.
In Mitre's CVE dictionary: CVE-2006-2753.
\n
More information:
\n
\n

Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL\ndatabase, incorrectly parses a string escaped with mysql_real_escape()\nwhich could lead to SQL injection. This problem does only exist in\nversions 4.1 and 5.0.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.1.11a-4sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 5.0.21-4.

\n

Version 4.0 in the stable distribution (sarge) is also not affected by\nthis problem.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge4.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1093": "
\n

Debian Security Advisory

\n

DSA-1093-1 xine -- format string

\n
\n
Date Reported:
\n
08 Jun 2006
\n
Affected Packages:
\n
\nxine-ui\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2230.
\n
More information:
\n
\n

Several format string vulnerabilities have been discovered in xine-ui,\nthe user interface of the xine video player, which may cause a denial\nof service.

\n

The old stable distribution (woody) is not affected by these problems.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.99.3-1sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your xine-ui package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-ui/xine-ui_0.99.3-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1094": "
\n

Debian Security Advisory

\n

DSA-1094-1 gforge -- missing input sanitising

\n
\n
Date Reported:
\n
08 Jun 2006
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 328224.
In Mitre's CVE dictionary: CVE-2005-2430.
\n
More information:
\n
\n

Joxean Koret discovered several cross-site scripting vulnerabilities in\nGforge, an online collaboration suite for software development, which\nallow injection of web script code.

\n

The old stable distribution (woody) does not contain gforge packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.1-31sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1-31sarge1.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1095": "
\n

Debian Security Advisory

\n

DSA-1095-1 freetype -- integer overflows

\n
\n
Date Reported:
\n
10 Jun 2006
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18034.
In Mitre's CVE dictionary: CVE-2006-0747, CVE-2006-1861, CVE-2006-2493, CVE-2006-2661.
\n
More information:
\n
\n

Several problems have been discovered in the FreeType 2 font engine.\nThe Common vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-0747\n

    Several integer underflows have been discovered which could allow\n remote attackers to cause a denial of service.

    • \n
  • CVE-2006-1861\n

    Chris Evans discovered several integer overflows that lead to a\n denial of service or could possibly even lead to the execution of\n arbitrary code.

    • \n
  • CVE-2006-2493\n

    Several more integer overflows have been discovered which could\n possibly lead to the execution of arbitrary code.

    • \n
  • CVE-2006-2661\n

    A null pointer dereference could cause a denial of service.

    • \n
\n

For the old stable distribution (woody) these problems have been fixed in\nversion 2.0.9-1woody1.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.1.7-2.5.

\n

For the unstable distribution (sid) these problems will be fixed soon

\n

We recommend that you upgrade your libfreetype packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1096": "
\n

Debian Security Advisory

\n

DSA-1096-1 webcalendar -- uninitialised variable

\n
\n
Date Reported:
\n
13 Jun 2006
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2762.
\n
More information:
\n
\n

A vulnerability has been discovered in webcalendar, a PHP-based\nmulti-user calendar, that allows a remote attacker to execute\narbitrary PHP code when register_globals is turned on.

\n

The old stable distribution (woody) does not contain a webcalendar package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.4-1

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1097": "
\n

Debian Security Advisory

\n

DSA-1097-1 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jun 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-0038, CVE-2006-0039, CVE-2006-0741, CVE-2006-0742, CVE-2006-1056, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1524, CVE-2006-1525, CVE-2006-1857, CVE-2006-1858, CVE-2006-1864, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-0038\n

    \"Solar Designer\" discovered that arithmetic computations in netfilter's\n do_replace() function can lead to a buffer overflow and the execution of\n arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,\n which is only an issue in virtualization systems or fine grained access\n control systems.

    • \n
  • CVE-2006-0039\n

    \"Solar Designer\" discovered a race condition in netfilter's\n do_add_counters() function, which allows information disclosure of\n kernel memory by exploiting a race condition. Like CVE-2006-0038,\n it requires CAP_NET_ADMIN privileges.

    • \n
  • CVE-2006-0741\n

    Intel EM64T systems were discovered to be susceptible to a local\n DoS due to an endless recursive fault related to a bad ELF entry\n address.

    • \n
  • CVE-2006-0742\n

    Incorrectly declared die_if_kernel() function as \"does never\n return\" which could be exploited by a local attacker resulting in\n a kernel crash.

    • \n
  • CVE-2006-1056\n

    AMD64 machines (and other 7th and 8th generation AuthenticAMD\n processors) were found to be vulnerable to sensitive information\n leakage, due to how they handle saving and restoring the FOP, FIP,\n and FDP x87 registers in FXSAVE/FXRSTOR when an exception is\n pending. This allows a process to determine portions of the state\n of floating point instructions of other processes.

    • \n
  • CVE-2006-1242\n

    Marco Ivaldi discovered that there was an unintended information\n disclosure allowing remote attackers to bypass protections against\n Idle Scans (nmap -sI) by abusing the ID field of IP packets and\n bypassing the zero IP ID in DF packet countermeasure. This was a\n result of the ip_push_pending_frames function improperly\n incremented the IP ID field when sending a RST after receiving\n unsolicited TCP SYN-ACK packets.

    • \n
  • CVE-2006-1343\n

    Pavel Kankovsky reported the existence of a potential information leak\n resulting from the failure to initialize sin.sin_zero in the IPv4 socket\n code.

    • \n
  • CVE-2006-1368\n

    Shaun Tancheff discovered a buffer overflow (boundary condition\n error) in the USB Gadget RNDIS implementation allowing remote\n attackers to cause a DoS. While creating a reply message, the\n driver allocated memory for the reply data, but not for the reply\n structure. The kernel fails to properly bounds-check user-supplied\n data before copying it to an insufficiently sized memory\n buffer. Attackers could crash the system, or possibly execute\n arbitrary machine code.

    • \n
  • CVE-2006-1524\n

    Hugh Dickins discovered an issue in the madvise_remove() function wherein\n file and mmap restrictions are not followed, allowing local users to\n bypass IPC permissions and replace portions of readonly tmpfs files with\n zeroes.

    • \n
  • CVE-2006-1525\n

    Alexandra Kossovsky reported a NULL pointer dereference condition in\n ip_route_input() that can be triggered by a local user by requesting\n a route for a multicast IP address, resulting in a denial of service\n (panic).

    • \n
  • CVE-2006-1857\n

    Vlad Yasevich reported a data validation issue in the SCTP subsystem\n that may allow a remote user to overflow a buffer using a badly formatted\n HB-ACK chunk, resulting in a denial of service.

    • \n
  • CVE-2006-1858\n

    Vlad Yasevich reported a bug in the bounds checking code in the SCTP\n subsystem that may allow a remote attacker to trigger a denial of service\n attack when rounded parameter lengths are used to calculate parameter\n lengths instead of the actual values.

    • \n
  • CVE-2006-1864\n

    Mark Mosely discovered that chroots residing on an SMB share can be\n escaped with specially crafted \"cd\" sequences.

    • \n
  • CVE-2006-2271\n

    The \"Mu security team\" discovered that carefully crafted ECNE chunks can\n cause a kernel crash by accessing incorrect state stable entries in the\n SCTP networking subsystem, which allows denial of service.

    • \n
  • CVE-2006-2272\n

    The \"Mu security team\" discovered that fragmented SCTP control\n chunks can trigger kernel panics, which allows for denial of\n service attacks.

    • \n
  • CVE-2006-2274\n

    It was discovered that SCTP packets with two initial bundled data\n packets can lead to infinite recursion, which allows for denial of\n service attacks.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.4.27-10sarge3
Alpha architecture 2.4.27-10sarge3
ARM architecture 2.4.27-2sarge3
Intel IA-32 architecture 2.4.27-10sarge3
Intel IA-64 architecture 2.4.27-10sarge3
Motorola 680x0 architecture 2.4.27-3sarge3
Big endian MIPS 2.4.27-10.sarge3.040815-1
Little endian MIPS 2.4.27-10.sarge3.040815-1
PowerPC architecture 2.4.27-10sarge3
IBM S/390 architecture 2.4.27-2sarge3
Sun Sparc architecture 2.4.27-9sarge3
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge2
kernel-image-2.4.27-speakup 2.4.27-1.1sarge2
mindi-kernel 2.4.27-2sarge2
systemimager 3.2.3-6sarge2
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge3.040815-1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge3.040815-1.tar.+gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge3.dsc
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-client_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-common_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-doc_3.2.3-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge3_alpha.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge3_alpha.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge3_alpha.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge3_i386+.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge3_+i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge3_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge3_i386.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge3_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge3_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge3_i386.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge3_i+386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge3_i386.de+b
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge3_i+386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge2_i386.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge3_i386.+deb
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge3_i386+.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge3_ia+64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge3_ia64.d+eb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge3_ia64.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge3_ia64.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge3_ia6+4.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge3_ia64+.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge3_ia64.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge3.040815-1_+mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge3.040815-1_+mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge3.040815-1_mips.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge3.04081+5-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge3.040815-1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge3.04081+5-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge3.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge3.040815-1_+mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge3.040815-1_+mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge3.040815-1_mipsel.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge3.040815-+1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge3.040815-1+_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge3.040815-1_m+ipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge3_powerpc.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge3_powerpc.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge3_powerp+c.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge3_po+werpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge3_powerpc.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge3_powerpc.d+eb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge3_powerpc.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge3_powerpc.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge3_powe+rpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge3_powerpc.deb
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge3_powerpc.+deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge3_powerpc.de+b
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge3_powe+rpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge3_po+werpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge3_s390.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge3_sparc+.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge3_sparc.deb
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge3_sparc+.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge3_spa+rc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge3_sparc.d+eb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge3_spa+rc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge3_sparc.d+eb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1098": "
\n

Debian Security Advisory

\n

DSA-1098-1 horde3 -- missing input sanitising

\n
\n
Date Reported:
\n
14 Jun 2006
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2195.
\n
More information:
\n
\n

Michael Marek discovered that the Horde web application framework performs\ninsufficient input sanitising, which might lead to the injection of web\nscript code through cross-site scripting.

\n

The old stable distribution (woody) does not contain horde3 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.4-4sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1.1-3.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1099": "
\n

Debian Security Advisory

\n

DSA-1099-1 horde2 -- missing input sanitising

\n
\n
Date Reported:
\n
14 Jun 2006
\n
Affected Packages:
\n
\nhorde2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2195.
\n
More information:
\n
\n

Michael Marek discovered that the Horde web application framework performs\ninsufficient input sanitising, which might lead to the injection of web\nscript code through cross-site scripting.

\n

The old stable distribution (woody) does not contain horde2 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.8-1sarge3.

\n

The unstable distribution (sid) does no longer contain horde2 packages.

\n

We recommend that you upgrade your horde2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde2/horde2_2.2.8-1sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1100": "
\n

Debian Security Advisory

\n

DSA-1100-1 wv2 -- integer overflow

\n
\n
Date Reported:
\n
15 Jun 2006
\n
Affected Packages:
\n
\nwv2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2197.
\n
More information:
\n
\n

A boundary checking error has been discovered in wv2, a library for\naccessing Microsoft Word documents, which can lead to an integer\noverflow induced by processing word files.

\n

The old stable distribution (woody) does not contain wv2 packages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.2.2-1sarge1

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your libwv packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wv2/wv2_0.2.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-1_0.2.2-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wv2/libwv2-dev_0.2.2-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1101": "
\n

Debian Security Advisory

\n

DSA-1101-1 courier -- programming error

\n
\n
Date Reported:
\n
23 Jun 2006
\n
Affected Packages:
\n
\ncourier\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 368834.
In Mitre's CVE dictionary: CVE-2006-2659.
\n
More information:
\n
\n

A bug has been discovered in the Courier Mail Server that can result\nin a number of processes to consume arbitrary amounts of CPU power.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.37.3-2.9.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.47-4sarge5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.53.2-1.

\n

We recommend that you upgrade your courier packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.9.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.9.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.9_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge5.dsc
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47-4sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier/courier_0.47.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.47-4sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-authpostgresql_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-faxmail_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap_3.0.8-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-imap-ssl_3.0.8-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-mta-ssl_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-pop-ssl_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-ssl_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.47-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.47-4sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1102": "
\n

Debian Security Advisory

\n

DSA-1102-1 pinball -- design error

\n
\n
Date Reported:
\n
26 Jun 2006
\n
Affected Packages:
\n
\npinball\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2196.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that\npinball, a pinball simulator, can be tricked into loading level\nplugins from user-controlled directories without dropping privileges.

\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.3.1-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.3.1-6.

\n

We recommend that you upgrade your pinball package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-data_0.3.1-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1103": "
\n

Debian Security Advisory

\n

DSA-1103-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jun 2006
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3359, CVE-2006-0038, CVE-2006-0039, CVE-2006-0456, CVE-2006-0554, CVE-2006-0555, CVE-2006-0557, CVE-2006-0558, CVE-2006-0741, CVE-2006-0742, CVE-2006-0744, CVE-2006-1056, CVE-2006-1242, CVE-2006-1368, CVE-2006-1523, CVE-2006-1524, CVE-2006-1525, CVE-2006-1857, CVE-2006-1858, CVE-2006-1863, CVE-2006-1864, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2005-3359\n

    Franz Filz discovered that some socket calls permit causing inconsistent\n reference counts on loadable modules, which allows local users to cause\n a denial of service.

    • \n
  • CVE-2006-0038\n

    \"Solar Designer\" discovered that arithmetic computations in netfilter's\n do_replace() function can lead to a buffer overflow and the execution of\n arbitrary code. However, the operation requires CAP_NET_ADMIN privileges,\n which is only an issue in virtualization systems or fine grained access\n control systems.

    • \n
  • CVE-2006-0039\n

    \"Solar Designer\" discovered a race condition in netfilter's\n do_add_counters() function, which allows information disclosure of kernel\n memory by exploiting a race condition. Likewise, it requires CAP_NET_ADMIN\n privileges.

    • \n
  • CVE-2006-0456\n

    David Howells discovered that the s390 assembly version of the\n strnlen_user() function incorrectly returns some string size values.

    • \n
  • CVE-2006-0554\n

    It was discovered that the ftruncate() function of XFS can expose\n unallocated blocks, which allows information disclosure of previously deleted\n files.

    • \n
  • CVE-2006-0555\n

    It was discovered that some NFS file operations on handles mounted with\n O_DIRECT can force the kernel into a crash.

    • \n
  • CVE-2006-0557\n

    It was discovered that the code to configure memory policies allows\n tricking the kernel into a crash, thus allowing denial of service.

    • \n
  • CVE-2006-0558\n

    It was discovered by Cliff Wickman that perfmon for the IA64\n architecture allows users to trigger a BUG() assert, which allows\n denial of service.

    • \n
  • CVE-2006-0741\n

    Intel EM64T systems were discovered to be susceptible to a local\n DoS due to an endless recursive fault related to a bad ELF entry\n address.

    • \n
  • CVE-2006-0742\n

    Alan and Gareth discovered that the ia64 platform had an\n incorrectly declared die_if_kernel() function as \"does never\n return\" which could be exploited by a local attacker resulting in\n a kernel crash.

    • \n
  • CVE-2006-0744\n

    The Linux kernel did not properly handle uncanonical return\n addresses on Intel EM64T CPUs, reporting exceptions in the SYSRET\n instead of the next instruction, causing the kernel exception\n handler to run on the user stack with the wrong GS. This may result\n in a DoS due to a local user changing the frames.

    • \n
  • CVE-2006-1056\n

    AMD64 machines (and other 7th and 8th generation AuthenticAMD\n processors) were found to be vulnerable to sensitive information\n leakage, due to how they handle saving and restoring the FOP, FIP,\n and FDP x87 registers in FXSAVE/FXRSTOR when an exception is\n pending. This allows a process to determine portions of the state\n of floating point instructions of other processes.

    • \n
  • CVE-2006-1242\n

    Marco Ivaldi discovered that there was an unintended information\n disclosure allowing remote attackers to bypass protections against\n Idle Scans (nmap -sI) by abusing the ID field of IP packets and\n bypassing the zero IP ID in DF packet countermeasure. This was a\n result of the ip_push_pending_frames function improperly\n incremented the IP ID field when sending a RST after receiving\n unsolicited TCP SYN-ACK packets.

    • \n
  • CVE-2006-1368\n

    Shaun Tancheff discovered a buffer overflow (boundary condition\n error) in the USB Gadget RNDIS implementation allowing remote\n attackers to cause a DoS. While creating a reply message, the\n driver allocated memory for the reply data, but not for the reply\n structure. The kernel fails to properly bounds-check user-supplied\n data before copying it to an insufficiently sized memory\n buffer. Attackers could crash the system, or possibly execute\n arbitrary machine code.

    • \n
  • CVE-2006-1523\n

    Oleg Nesterov reported an unsafe BUG_ON call in signal.c which was\n introduced by RCU signal handling. The BUG_ON code is protected by\n siglock while the code in switch_exit_pids() uses tasklist_lock. It\n may be possible for local users to exploit this to initiate a denial\n of service attack (DoS).

    • \n
  • CVE-2006-1524\n

    Hugh Dickins discovered an issue in the madvise_remove() function wherein\n file and mmap restrictions are not followed, allowing local users to\n bypass IPC permissions and replace portions of readonly tmpfs files with\n zeroes.

    • \n
  • CVE-2006-1525\n

    Alexandra Kossovsky reported a NULL pointer dereference condition in\n ip_route_input() that can be triggered by a local user by requesting\n a route for a multicast IP address, resulting in a denial of service\n (panic).

    • \n
  • CVE-2006-1857\n

    Vlad Yasevich reported a data validation issue in the SCTP subsystem\n that may allow a remote user to overflow a buffer using a badly formatted\n HB-ACK chunk, resulting in a denial of service.

    • \n
  • CVE-2006-1858\n

    Vlad Yasevich reported a bug in the bounds checking code in the SCTP\n subsystem that may allow a remote attacker to trigger a denial of service\n attack when rounded parameter lengths are used to calculate parameter\n lengths instead of the actual values.

    • \n
  • CVE-2006-1863\n

    Mark Mosely discovered that chroots residing on an CIFS share can be\n escaped with specially crafted \"cd\" sequences.

    • \n
  • CVE-2006-1864\n

    Mark Mosely discovered that chroots residing on an SMB share can be\n escaped with specially crafted \"cd\" sequences.

    • \n
  • CVE-2006-2271\n

    The \"Mu security team\" discovered that carefully crafted ECNE chunks can\n cause a kernel crash by accessing incorrect state stable entries in the\n SCTP networking subsystem, which allows denial of service.

    • \n
  • CVE-2006-2272\n

    The \"Mu security team\" discovered that fragmented SCTP control\n chunks can trigger kernel panics, which allows for denial of\n service attacks.

    • \n
  • CVE-2006-2274\n

    It was discovered that SCTP packets with two initial bundled data\n packets can lead to infinite recursion, which allows for denial of\n service attacks.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.6.8-16sarge3
Alpha architecture 2.6.8-16sarge3
HP Precision architecture 2.6.8-6sarge3
Intel IA-32 architecture 2.6.8-16sarge3
Intel IA-64 architecture 2.6.8-14sarge3
Motorola 680x0 architecture 2.6.8-4sarge3
PowerPC architecture 2.6.8-12sarge3
IBM S/390 architecture 2.6.8-5sarge3
Sun Sparc architecture 2.6.8-15sarge3
\n

Due to technical problems the built amd64 packages couldn't be processed\nby the archive script. Once this problem is resolved, an updated DSA 1103-2\nwill be sent out with the checksums for amd64.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge2
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge3_alpha.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge3_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1104": "
\n

Debian Security Advisory

\n

DSA-1104-2 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Jun 2006
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2198, CVE-2006-2199, CVE-2006-3117.
\n
More information:
\n
\n

Loading malformed XML documents can cause buffer overflows in\nOpenOffice.org, a free office suite, and cause a denial of service or\nexecute arbitrary code. \u00a0It turned out that the correction in DSA\n1104-1 was not sufficient, hence, another update. For completeness\nplease find the original advisory text below:

\n
\n

Several vulnerabilities have been discovered in OpenOffice.org, a free\noffice suite. The Common Vulnerabilities and Exposures Project\nidentifies the following problems:

\n
    \n
  • CVE-2006-2198\n

    It turned out to be possible to embed arbitrary BASIC macros in\n documents in a way that OpenOffice.org does not see them but\n executes them anyway without any user interaction.

    • \n
  • CVE-2006-2199\n

    It is possible to evade the Java sandbox with specially crafted\n Java applets.

    • \n
  • CVE-2006-3117\n

    Loading malformed XML documents can cause buffer overflows and\n cause a denial of service or execute arbitrary code.

    \n
\n

This update has the Mozilla component disabled, so that the\nMozilla/LDAP addressbook feature won't work anymore. It didn't work on\nanything else than i386 on sarge either.

\n
\n

The old stable distribution (woody) does not contain OpenOffice.org\npackages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.3-1.

\n

We recommend that you upgrade your OpenOffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge3_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1105": "
\n

Debian Security Advisory

\n

DSA-1105-1 xine-lib -- buffer overflow

\n
\n
Date Reported:
\n
07 Jul 2006
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 369876.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18187.
In Mitre's CVE dictionary: CVE-2006-2802.
\n
More information:
\n
\n

Federico L. Bossi Bonin discovered a buffer overflow in the HTTP\nPlugin in xine-lib, the xine video/media player library, that could\nallow a remote attacker to cause a denial of service.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 0.9.8-2woody5.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.1-2.

\n

We recommend that you upgrade your libxine packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8-2woody5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_0.9.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_0.9.8-2woody5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine0_0.9.8-2woody5_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1106": "
\n

Debian Security Advisory

\n

DSA-1106-1 ppp -- programming error

\n
\n
Date Reported:
\n
10 Jul 2006
\n
Affected Packages:
\n
\nppp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2194.
\n
More information:
\n
\n

Marcus Meissner discovered that the winbind plugin in pppd does not\ncheck whether a setuid() call has been successful when trying to drop\nprivileges, which may fail with some PAM configurations.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.4.3-20050321+2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4.4rel-1.

\n

We recommend that you upgrade your ppp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp-dev_2.4.3-20050321+2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/ppp/ppp_2.4.3-20050321+2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1107": "
\n

Debian Security Advisory

\n

DSA-1107-1 gnupg -- integer overflow

\n
\n
Date Reported:
\n
10 Jul 2006
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3082.
\n
More information:
\n
\n

Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free\nPGP replacement contains an integer overflow that can cause a\nsegmentation fault and possibly overwrite memory via a large user ID\nstring.

\n

For the old stable distribution (woody) this problem has been fixed in\nversion 1.0.6-4woody6.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.3-2.

\n

We recommend that you upgrade your gnupg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.0 (woody)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.0.6-4woody6_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1108": "
\n

Debian Security Advisory

\n

DSA-1108-1 mutt -- buffer overflow

\n
\n
Date Reported:
\n
11 Jul 2006
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 375828.
In Mitre's CVE dictionary: CVE-2006-3242.
\n
More information:
\n
\n

It was discovered that the mutt mail reader performs insufficient\nvalidation of values returned from an IMAP server, which might overflow\na buffer and potentially lead to the injection of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.5.9-2sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.5.11+cvs20060403-2.

\n

We recommend that you upgrade your mutt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mutt/mutt_1.5.9-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1109": "
\n

Debian Security Advisory

\n

DSA-1109-1 rssh -- programming error

\n
\n
Date Reported:
\n
16 Jul 2006
\n
Affected Packages:
\n
\nrssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 346322.
In Mitre's CVE dictionary: CVE-2006-1320.
\n
More information:
\n
\n

Russ Allbery discovered that rssh, a restricted shell, performs\ninsufficient checking of incoming commands, which might lead to a bypass\nof access restrictions.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.3-1.sarge.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.0-1.1.

\n

We recommend that you upgrade your rssh package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2.dsc
\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rssh/rssh_2.2.3-1.sarge.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1110": "
\n

Debian Security Advisory

\n

DSA-1110-1 samba -- missing input sanitising

\n
\n
Date Reported:
\n
16 Jul 2006
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3403.
\n
More information:
\n
\n

Gerald Carter discovered that the smbd daemon from Samba, a free\nimplementation of the SMB/CIFS protocol, imposes insufficient limits\nin the code to handle shared connections, which can be exploited to\nexhaust system memory by sending maliciously crafted requests, leading\nto denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.0.14a-3sarge2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your samba package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1111": "
\n

Debian Security Advisory

\n

DSA-1111-2 kernel-source-2.6.8 -- race condition

\n
\n
Date Reported:
\n
26 Jul 2006
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3626.
\n
More information:
\n
\n

It was discovered that a race condition in the process filesystem can lead\nto privilege escalation.

\n

The following matrix explains which kernel version for which architecture\nfixes the problem mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.6.8-16sarge4
Alpha architecture 2.6.8-16sarge4
AMD64 architecture 2.6.8-16sarge4
Intel IA-32 architecture2.6.8-16sarge4
Intel IA-64 architecture2.6.8-14sarge4
PowerPC architecture 2.6.8-12sarge4
Sun Sparc architecture 2.6.8-15sarge4
IBM S/390 2.6.8-5sarge4
Motorola 680x0 2.6.8-4sarge4
HP Precision 2.6.8-6sarge3
FAI 1.9.1sarge3
\n

The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP\nPrecision architectures, which are now provided. Also, the kernels for the\nFAI installer have been updated.

\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge4_alpha.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge4_ia64.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge4_sparc.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge4_powerpc.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge3_hppa.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge4_s390.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge4_amd64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge4_m68k.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1112": "
\n

Debian Security Advisory

\n

DSA-1112-1 mysql-dfsg-4.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jul 2006
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 373913, Bug 375694.
In Mitre's CVE dictionary: CVE-2006-3081, CVE-2006-3469.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the MySQL database\nserver, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-3081\n

    \"Kanatoko\" discovered that the server can be crashed with feeding\n NULL values to the str_to_date() function.

    • \n
  • CVE-2006-3469\n

    Jean-David Maillefer discovered that the server can be crashed with\n specially crafted date_format() function calls.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge5.

\n

For the unstable distribution (sid) does no longer contain MySQL 4.1\npackages. MySQL 5.0 from sid is not affected.

\n

We recommend that you upgrade your mysql-dfsg-4.1 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1113": "
\n

Debian Security Advisory

\n

DSA-1113-1 zope2.7 -- programming error

\n
\n
Date Reported:
\n
18 Jul 2006
\n
Affected Packages:
\n
\nzope2.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 377277.
In Mitre's CVE dictionary: CVE-2006-3458.
\n
More information:
\n
\n

It was discovered that the Zope web application server allows read access\nto arbitrary pages on the server, if a user has the privilege to edit\n\"restructured text\" pages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7.5-2sarge2.

\n

The unstable distribution (sid) does no longer contain Zope 2.7 packages.

\n

We recommend that you upgrade your zope2.7 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1114": "
\n

Debian Security Advisory

\n

DSA-1114-1 hashcash -- buffer overflow

\n
\n
Date Reported:
\n
21 Jul 2006
\n
Affected Packages:
\n
\nhashcash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 376444.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18659.
In Mitre's CVE dictionary: CVE-2006-3251.
\n
More information:
\n
\n

Andreas Seltenreich discovered a buffer overflow in hashcash, a\npostage payment scheme for email that is based on hash calculations,\nwhich could allow attackers to execute arbitrary code via specially\ncrafted entries.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.17-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.21-1.

\n

We recommend that you upgrade your hashcash package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hashcash/hashcash_1.17-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1115": "
\n

Debian Security Advisory

\n

DSA-1115-1 gnupg2 -- integer overflow

\n
\n
Date Reported:
\n
21 Jul 2006
\n
Affected Packages:
\n
\ngnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3082.
\n
More information:
\n
\n

Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free\nPGP replacement contains an integer overflow that can cause a\nsegmentation fault and possibly overwrite memory via a large user ID\nstring.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge4 of GnuPG and in version 1.9.15-6sarge1 of GnuPG2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.3-2 of GnuPG, a fix for GnuPG2 is pending.

\n

We recommend that you upgrade your gnupg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1116": "
\n

Debian Security Advisory

\n

DSA-1116-1 gimp -- buffer overflow

\n
\n
Date Reported:
\n
21 Jul 2006
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3404.
\n
More information:
\n
\n

Henning Makholm discovered a buffer overflow in the XCF loading code\nof Gimp, an image editing program. Opening a specially crafted XCF\nimage might cause the application to execute arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.6-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.11-3.1.

\n

We recommend that you upgrade your gimp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 alias sarge

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
\n
Alpha architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
\n
AMD64 architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
\n
ARM architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
\n
Intel IA-32 architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
\n
Intel IA-64 architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
\n
HP Precision architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
\n
Motorola 680x0 architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
\n
Big endian MIPS architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
\n
Little endian MIPS architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
\n
PowerPC architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
\n
IBM S/390 architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
\n
Sun Sparc architecture:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "1117": "
\n

Debian Security Advisory

\n

DSA-1117-1 libgd2 -- insufficient input sanitising

\n
\n
Date Reported:
\n
21 Jul 2006
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 372912.
In Mitre's CVE dictionary: CVE-2006-2906.
\n
More information:
\n
\n

It was discovered that the GD graphics library performs insufficient checks\nof the validity of GIF images, which might lead to denial of service by\ntricking the application into an infinite loop.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.33-1.1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.33-5.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-1.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-1.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.33-1.1sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-1.1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-1.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-1.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1118": "
\n

Debian Security Advisory

\n

DSA-1118-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jul 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18228.
In Mitre's CVE dictionary: CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787.
CERT's vulnerabilities, advisories and incident notes: VU#237257, VU#243153, VU#421529, VU#466673, VU#575969.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CVE-2006-1942\n

    Eric Foley discovered that a user can be tricked to expose a local\n file to a remote attacker by displaying a local file as image in\n connection with other vulnerabilities. [MFSA-2006-39]

    • \n
  • CVE-2006-2775\n

    XUL attributes are associated with the wrong URL under certain\n circumstances, which might allow remote attackers to bypass\n restrictions. [MFSA-2006-35]

    • \n
  • CVE-2006-2776\n

    Paul Nickerson discovered that content-defined setters on an\n object prototype were getting called by privileged user interface\n code, and moz_bug_r_a4 demonstrated that the higher privilege\n level could be passed along to the content-defined attack code.\n [MFSA-2006-37]

    • \n
  • CVE-2006-2777\n

    A vulnerability allows remote attackers to execute arbitrary code\n and create notifications that are executed in a privileged\n context. [MFSA-2006-43]

    • \n
  • CVE-2006-2778\n

    Mikolaj Habryn discovered a buffer overflow in the crypto.signText function\n that allows remote attackers to execute arbitrary code via certain\n optional Certificate Authority name arguments. [MFSA-2006-38]

    • \n
  • CVE-2006-2779\n

    Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. This problem has\n only partially been corrected. [MFSA-2006-32]

    • \n
  • CVE-2006-2780\n

    An integer overflow allows remote attackers to cause a denial of\n service and may permit the execution of arbitrary code.\n [MFSA-2006-32]

    • \n
  • CVE-2006-2781\n

    Masatoshi Kimura discovered a double-free vulnerability that\n allows remote attackers to cause a denial of service and possibly\n execute arbitrary code via a VCard. [MFSA-2006-40]

    • \n
  • CVE-2006-2782\n

    Chuck McAuley discovered that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

    • \n
  • CVE-2006-2783\n

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)\n is stripped from UTF-8 pages during the conversion to Unicode\n before the parser sees the web page, which allows remote attackers\n to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]

    • \n
  • CVE-2006-2784\n

    Paul Nickerson discovered that the fix for CVE-2005-0752 can be\n bypassed using nested javascript: URLs, allowing the attacker to\n execute privileged code. [MFSA-2005-34, MFSA-2006-36]

    • \n
  • CVE-2006-2785\n

    Paul Nickerson demonstrated that if an attacker could convince a\n user to right-click on a broken image and choose View Image from\n the context menu then he could get JavaScript to\n run. [MFSA-2006-34]

    • \n
  • CVE-2006-2786\n

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP\n header syntax may allow remote attackers to trick the browser to\n interpret certain responses as if they were responses from two\n different sites. [MFSA-2006-33]

    • \n
  • CVE-2006-2787\n

    The Mozilla researcher moz_bug_r_a4 discovered that JavaScript\n run via EvalInSandbox can escape the sandbox and gain elevated\n privilege. [MFSA-2006-31]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge7.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.7.13-0.3.

\n

We recommend that you upgrade your Mozilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1119": "
\n

Debian Security Advisory

\n

DSA-1119-1 hiki -- design flaw

\n
\n
Date Reported:
\n
22 Jul 2006
\n
Affected Packages:
\n
\nhiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378059.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18785.
In Mitre's CVE dictionary: CVE-2006-3379.
\n
More information:
\n
\n

Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine\nwritten in Ruby that allows remote attackers to cause a denial of\nservice via high CPU consumption using by performing a diff between\nlarge and specially crafted Wiki pages.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.6.5-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.6-1.

\n

We recommend that you upgrade your hiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.6.5-2.dsc
\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.6.5-2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.6.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.6.5-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1120": "
\n

Debian Security Advisory

\n

DSA-1120-1 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18228.
In Mitre's CVE dictionary: CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787.
CERT's vulnerabilities, advisories and incident notes: VU#237257, VU#243153, VU#421529, VU#466673, VU#575969.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CVE-2006-1942\n

    Eric Foley discovered that a user can be tricked to expose a local\n file to a remote attacker by displaying a local file as image in\n connection with other vulnerabilities. [MFSA-2006-39]

    • \n
  • CVE-2006-2775\n

    XUL attributes are associated with the wrong URL under certain\n circumstances, which might allow remote attackers to bypass\n restrictions. [MFSA-2006-35]

    • \n
  • CVE-2006-2776\n

    Paul Nickerson discovered that content-defined setters on an\n object prototype were getting called by privileged user interface\n code, and \"moz_bug_r_a4\" demonstrated that the higher privilege\n level could be passed along to the content-defined attack code.\n [MFSA-2006-37]

    • \n
  • CVE-2006-2777\n

    A vulnerability allows remote attackers to execute arbitrary code\n and create notifications that are executed in a privileged\n context. [MFSA-2006-43]

    • \n
  • CVE-2006-2778\n

    Mikolaj Habryn discovered a buffer overflow in the crypto.signText function\n that allows remote attackers to execute arbitrary code via certain\n optional Certificate Authority name arguments. [MFSA-2006-38]

    • \n
  • CVE-2006-2779\n

    Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. This problem has\n only partially been corrected. [MFSA-2006-32]

    • \n
  • CVE-2006-2780\n

    An integer overflow allows remote attackers to cause a denial of\n service and may permit the execution of arbitrary code.\n [MFSA-2006-32]

    • \n
  • CVE-2006-2782\n

    Chuck McAuley discovered that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

    • \n
  • CVE-2006-2783\n

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)\n is stripped from UTF-8 pages during the conversion to Unicode\n before the parser sees the web page, which allows remote attackers\n to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]

    • \n
  • CVE-2006-2784\n

    Paul Nickerson discovered that the fix for CVE-2005-0752 can be\n bypassed using nested javascript: URLs, allowing the attacker to\n execute privileged code. [MFSA-2005-34, MFSA-2006-36]

    • \n
  • CVE-2006-2785\n

    Paul Nickerson demonstrated that if an attacker could convince a\n user to right-click on a broken image and choose \"View Image\" from\n the context menu then he could get JavaScript to\n run. [MFSA-2006-34]

    • \n
  • CVE-2006-2786\n

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP\n header syntax may allow remote attackers to trick the browser to\n interpret certain responses as if they were responses from two\n different sites. [MFSA-2006-33]

    • \n
  • CVE-2006-2787\n

    The Mozilla researcher \"moz_bug_r_a4\" discovered that JavaScript\n run via EvalInSandbox can escape the sandbox and gain elevated\n privilege. [MFSA-2006-31]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge9.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.4-1.

\n

We recommend that you upgrade your Mozilla Firefox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1121": "
\n

Debian Security Advisory

\n

DSA-1121-1 postgrey -- format string

\n
\n
Date Reported:
\n
24 Jul 2006
\n
Affected Packages:
\n
\npostgrey\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-1127.
\n
More information:
\n
\n

Peter Bieringer discovered that postgrey, a greylisting\nimplementation for Postfix, is vulnerable to a format string attack\nthat allows remote attackers to cause a denial of service to the daemon.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.21-1sarge1.

\n

For the stable distribution (sarge) this problem has also been fixed\nin version 1.21-1volatile4 in the volatile archive.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.22-1.

\n

We recommend that you upgrade your postgrey package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1122": "
\n

Debian Security Advisory

\n

DSA-1122-1 libnet-server-perl -- format string

\n
\n
Date Reported:
\n
24 Jul 2006
\n
Affected Packages:
\n
\nlibnet-server-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378640.
In Mitre's CVE dictionary: CVE-2005-1127.
\n
More information:
\n
\n

Peter Bieringer discovered that the \"log\" function in the Net::Server\nPerl module, an extensible, general perl server engine, is not safe\nagainst format string exploits.

\n

The old stable distribution (woody) does not contain this package.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.87-3sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.89-1.

\n

We recommend that you upgrade your libnet-server-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1123": "
\n

Debian Security Advisory

\n

DSA-1123-1 libdumb -- buffer overflow

\n
\n
Date Reported:
\n
24 Jul 2006
\n
Affected Packages:
\n
\nlibdumb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 379064.
In Mitre's CVE dictionary: CVE-2006-3668.
\n
More information:
\n
\n

Luigi Auriemma discovered that DUMB, a tracker music library, performs\ninsufficient sanitising of values parsed from IT music files, which might\nlead to a buffer overflow and execution of arbitrary code if manipulated\nfiles are read.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.2-6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.3-5.

\n

We recommend that you upgrade your libdumb packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2-6.dsc
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2-6.diff.gz
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb_0.9.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0_0.9.2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libaldmb0-dev_0.9.2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0_0.9.2-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libd/libdumb/libdumb0-dev_0.9.2-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1124": "
\n

Debian Security Advisory

\n

DSA-1124-1 fbi -- typo

\n
\n
Date Reported:
\n
24 Jul 2006
\n
Affected Packages:
\n
\nfbi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3119.
\n
More information:
\n
\n

Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer\ncontains a typo, which prevents the intended filter against malicious\npostscript commands from working correctly. This might lead to the\ndeletion of user data when displaying a postscript file.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.01-1.2sarge2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your fbi package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fbi/exiftran_2.01-1.2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fbi/fbi_2.01-1.2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1125": "
\n

Debian Security Advisory

\n

DSA-1125-2 drupal -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jul 2006
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 368835.
In Mitre's CVE dictionary: CVE-2006-2742, CVE-2006-2743, CVE-2006-2831, CVE-2006-2832, CVE-2006-2833.
\n
More information:
\n
\n

The Drupal update in DSA 1125 contained a regression. This update corrects\nthis flaw. For completeness, the original advisory text below:

\n

Several remote vulnerabilities have been discovered in the Drupal web site\nplatform, which may lead to the execution of arbitrary web script. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-2742\n

    A SQL injection vulnerability has been discovered in the \"count\" and\n \"from\" variables of the database interface.

    • \n
  • CVE-2006-2743\n

    Multiple file extensions were handled incorrectly if Drupal ran on\n Apache with mod_mime enabled.

    • \n
  • CVE-2006-2831\n

    A variation of CVE-2006-2743 was addressed as well.

    • \n
  • CVE-2006-2832\n

    A Cross-Site-Scripting vulnerability in the upload module has been\n discovered.

    • \n
  • CVE-2006-2833\n

    A Cross-Site-Scripting vulnerability in the taxonomy module has been\n discovered.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.5.3-6.1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.5.8-1.1.

\n

We recommend that you upgrade your drupal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1126": "
\n

Debian Security Advisory

\n

DSA-1126-1 asterisk -- buffer overflow

\n
\n
Date Reported:
\n
27 Jul 2006
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18295.
In Mitre's CVE dictionary: CVE-2006-2898.
\n
More information:
\n
\n

A problem has been discovered in the IAX2 channel driver of Asterisk,\nan Open Source Private Branch Exchange and telephony toolkit, which\nmay allow a remote attacker to cause a crash of the Asterisk server.

\n

The old stable distribution (woody) is not affected by this problem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.7.dfsg.1-2sarge3.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1127": "
\n

Debian Security Advisory

\n

DSA-1127-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jul 2006
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 373913, Bug 375694.
In Mitre's CVE dictionary: CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Ethereal network\nsniffer, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-3628\n

    Ilja van Sprundel discovered that the FW-1 and MQ dissectors are\n vulnerable to format string attacks.

    • \n
  • CVE-2006-3629\n

    Ilja van Sprundel discovered that the MOUNT dissector is vulnerable\n to denial of service through memory exhaustion.

    • \n
  • CVE-2006-3630\n

    Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and\n NDPS dissectors.

    • \n
  • CVE-2006-3631\n

    Ilja van Sprundel discovered a buffer overflow in the NFS dissector.

    • \n
  • CVE-2006-3632\n

    Ilja van Sprundel discovered that the SSH dissector is vulnerable\n to denial of service through an infinite loop.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1128": "
\n

Debian Security Advisory

\n

DSA-1128-1 heartbeat -- permission error

\n
\n
Date Reported:
\n
28 Jul 2006
\n
Affected Packages:
\n
\nheartbeat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3815.
\n
More information:
\n
\n

Yan Rong Ge discovered that wrong permissions on a shared memory page\nin heartbeat, the subsystem for High-Availability Linux could be\nexploited by a local attacker to cause a denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.3-9sarge5.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your heartbeat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1129": "
\n

Debian Security Advisory

\n

DSA-1129-1 osiris -- format string

\n
\n
Date Reported:
\n
28 Jul 2006
\n
Affected Packages:
\n
\nosiris\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3120.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar and Max Vozeler from the Debian Security Audit Project\nhave found several format string security bugs in osiris, a\nnetwork-wide system integrity monitor control interface. A remote\nattacker could exploit them and cause a denial of service or execute\narbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.0.6-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.2.0-2.

\n

We recommend that you upgrade your osiris packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1130": "
\n

Debian Security Advisory

\n

DSA-1130-1 sitebar -- missing input validation

\n
\n
Date Reported:
\n
30 Jul 2006
\n
Affected Packages:
\n
\nsitebar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 377299.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18680.
In Mitre's CVE dictionary: CVE-2006-3320.
\n
More information:
\n
\n

A cross-site scripting vulnerability has been discovered in sitebar,\na web based bookmark manager written in PHP, which allows remote\nattackers to inject arbitrary web script or HTML.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.2.6-7.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.3.8-1.1.

\n

We recommend that you upgrade your sitebar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1.dsc
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1131": "
\n

Debian Security Advisory

\n

DSA-1131-1 apache -- buffer overflow

\n
\n
Date Reported:
\n
01 Aug 2006
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 380231.
In Mitre's CVE dictionary: CVE-2006-3747.
CERT's vulnerabilities, advisories and incident notes: VU#395412.
\n
More information:
\n
\n

Mark Dowd discovered a buffer overflow in the mod_rewrite component of\napache, a versatile high-performance HTTP server. In some situations a\nremote attacker could exploit this to execute arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in version 1.3.33-6sarge2.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your apache package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1132": "
\n

Debian Security Advisory

\n

DSA-1132-1 apache2 -- buffer overflow

\n
\n
Date Reported:
\n
01 Aug 2006
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 380182.
In Mitre's CVE dictionary: CVE-2006-3747.
CERT's vulnerabilities, advisories and incident notes: VU#395412.
\n
More information:
\n
\n

Mark Dowd discovered a buffer overflow in the mod_rewrite component of\napache, a versatile high-performance HTTP server. In some situations a\nremote attacker could exploit this to execute arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0.54-5sarge1.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your apache2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1133": "
\n

Debian Security Advisory

\n

DSA-1133-1 mantis -- missing input sanitising

\n
\n
Date Reported:
\n
01 Aug 2006
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 361138, Bug 378353.
In Mitre's CVE dictionary: CVE-2006-0664, CVE-2006-0665, CVE-2006-0841, CVE-2006-1577.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Mantis bug\ntracking system, which may lead to the execution of arbitrary web script.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-0664\n

    A cross-site scripting vulnerability was discovered in\n config_defaults_inc.php.

    • \n
  • CVE-2006-0665\n

    Cross-site scripting vulnerabilities were discovered in query_store.php\n and manage_proj_create.php.

    • \n
  • CVE-2006-0841\n

    Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php, manage_user_page.php, view_filters_page.php and\n proj_doc_delete.php.

    • \n
  • CVE-2006-1577\n

    Multiple cross-site scripting vulnerabilities were discovered in\n view_all_set.php.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.19.2-5sarge4.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.19.4-3.1.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge4.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1134": "
\n

Debian Security Advisory

\n

DSA-1134-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Aug 2006
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18228.
In Mitre's CVE dictionary: CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787.
CERT's vulnerabilities, advisories and incident notes: VU#237257, VU#243153, VU#421529, VU#466673, VU#575969.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla\nwhich are also present in Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2006-1942\n

    Eric Foley discovered that a user can be tricked to expose a local\n file to a remote attacker by displaying a local file as image in\n connection with other vulnerabilities. [MFSA-2006-39]

    • \n
  • CVE-2006-2775\n

    XUL attributes are associated with the wrong URL under certain\n circumstances, which might allow remote attackers to bypass\n restrictions. [MFSA-2006-35]

    • \n
  • CVE-2006-2776\n

    Paul Nickerson discovered that content-defined setters on an\n object prototype were getting called by privileged user interface\n code, and \"moz_bug_r_a4\" demonstrated that the higher privilege\n level could be passed along to the content-defined attack code.\n [MFSA-2006-37]

    • \n
  • CVE-2006-2777\n

    A vulnerability allows remote attackers to execute arbitrary code\n and create notifications that are executed in a privileged\n context. [MFSA-2006-43]

    • \n
  • CVE-2006-2778\n

    Mikolaj Habryn discovered a buffer overflow in the crypto.signText function\n that allows remote attackers to execute arbitrary code via certain\n optional Certificate Authority name arguments. [MFSA-2006-38]

    • \n
  • CVE-2006-2779\n

    Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. This problem has\n only partially been corrected. [MFSA-2006-32]

    • \n
  • CVE-2006-2780\n

    An integer overflow allows remote attackers to cause a denial of\n service and may permit the execution of arbitrary code.\n [MFSA-2006-32]

    • \n
  • CVE-2006-2781\n

    Masatoshi Kimura discovered a double-free vulnerability that\n allows remote attackers to cause a denial of service and possibly\n execute arbitrary code via a VCard. [MFSA-2006-40]

    • \n
  • CVE-2006-2782\n

    Chuck McAuley discovered that a text input box can be pre-filled\n with a filename and then turned into a file-upload control,\n allowing a malicious website to steal any local file whose name\n they can guess. [MFSA-2006-41, MFSA-2006-23, CVE-2006-1729]

    • \n
  • CVE-2006-2783\n

    Masatoshi Kimura discovered that the Unicode Byte-order-Mark (BOM)\n is stripped from UTF-8 pages during the conversion to Unicode\n before the parser sees the web page, which allows remote attackers\n to conduct cross-site scripting (XSS) attacks. [MFSA-2006-42]

    • \n
  • CVE-2006-2784\n

    Paul Nickerson discovered that the fix for CVE-2005-0752 can be\n bypassed using nested javascript: URLs, allowing the attacker to\n execute privileged code. [MFSA-2005-34, MFSA-2006-36]

    • \n
  • CVE-2006-2785\n

    Paul Nickerson demonstrated that if an attacker could convince a\n user to right-click on a broken image and choose \"View Image\" from\n the context menu then he could get JavaScript to\n run. [MFSA-2006-34]

    • \n
  • CVE-2006-2786\n

    Kazuho Oku discovered that Mozilla's lenient handling of HTTP\n header syntax may allow remote attackers to trick the browser to\n interpret certain responses as if they were responses from two\n different sites. [MFSA-2006-33]

    • \n
  • CVE-2006-2787\n

    The Mozilla researcher \"moz_bug_r_a4\" discovered that JavaScript\n run via EvalInSandbox can escape the sandbox and gain elevated\n privilege. [MFSA-2006-31]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8a.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.4-1 and xulrunner 1.5.0.4-1 for galeon and epiphany.

\n

We recommend that you upgrade your Mozilla Thunderbird packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8a_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8a_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8a_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8a_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8a_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1135": "
\n

Debian Security Advisory

\n

DSA-1135-1 libtunepimp -- buffer overflow

\n
\n
Date Reported:
\n
02 Aug 2006
\n
Affected Packages:
\n
\nlibtunepimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378091.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18961.
In Mitre's CVE dictionary: CVE-2006-3600.
\n
More information:
\n
\n

Kevin Kofler discovered several stack-based buffer overflows in the\nLookupTRM::lookup function in libtunepimp, a MusicBrainz tagging\nlibrary, which allows remote attackers to cause a denial of service or\nexecute arbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.3.0-3sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.4.2-4.

\n

We recommend that you upgrade your libtunepimp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp_0.3.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-bin_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp-perl_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/libtunepimp2-dev_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python-tunepimp_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.2-tunepimp_0.3.0-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtunepimp/python2.3-tunepimp_0.3.0-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1136": "
\n

Debian Security Advisory

\n

DSA-1136-1 gpdf -- wrong input sanitising

\n
\n
Date Reported:
\n
02 Aug 2006
\n
Affected Packages:
\n
\ngpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 334454.
In the Bugtraq database (at SecurityFocus): BugTraq ID 14529.
In Mitre's CVE dictionary: CVE-2005-2097.
\n
More information:
\n
\n

infamous41md and Chris Evans discovered several heap based buffer\noverflows in xpdf, the Portable Document Format (PDF) suite, which are\nalso present in gpdf, the viewer with Gtk bindings, and which can lead\nto a denial of service by crashing the application or possibly to the\nexecution of arbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.8.2-1.2sarge5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.10.0-4.

\n

We recommend that you upgrade your gpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1137": "
\n

Debian Security Advisory

\n

DSA-1137-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Aug 2006
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465.
\n
More information:
\n
\n

Tavis Ormandy of the Google Security Team discovered several problems\nin the TIFF library. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2006-3459\n

    Several stack-buffer overflows have been discovered.

    • \n
  • CVE-2006-3460\n

    A heap overflow vulnerability in the JPEG decoder may overrun a\n buffer with more data than expected.

    • \n
  • CVE-2006-3461\n

    A heap overflow vulnerability in the PixarLog decoder may allow an\n attacker to execute arbitrary code.

    • \n
  • CVE-2006-3462\n

    A heap overflow vulnerability has been discovered in the NeXT RLE\n decoder.

    • \n
  • CVE-2006-3463\n

    An loop was discovered where a 16bit unsigned short was used to\n iterate over a 32bit unsigned value so that the loop would never\n terminate and continue forever.

    • \n
  • CVE-2006-3464\n

    Multiple unchecked arithmetic operations were uncovered, including\n a number of the range checking operations designed to ensure the\n offsets specified in TIFF directories are legitimate.

    • \n
  • CVE-2006-3465\n

    A flaw was also uncovered in libtiffs custom tag support which may\n result in abnormal behaviour, crashes, or potentially arbitrary\n code execution.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.7.2-7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.8.2-6.

\n

We recommend that you upgrade your libtiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2-7.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.7.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1138": "
\n

Debian Security Advisory

\n

DSA-1138-1 cfs -- integer overflow

\n
\n
Date Reported:
\n
02 Aug 2006
\n
Affected Packages:
\n
\ncfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 371076.
In Mitre's CVE dictionary: CVE-2006-3123.
\n
More information:
\n
\n

Carlo Contavalli discovered an integer overflow in CFS, a cryptographic\nfilesystem, which allows local users to crash the encryption daemon.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-15sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.1-17.

\n

We recommend that you upgrade your cfs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cfs/cfs_1.4.1-15sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1139": "
\n

Debian Security Advisory

\n

DSA-1139-1 ruby1.6 -- missing privilege checks

\n
\n
Date Reported:
\n
03 Aug 2006
\n
Affected Packages:
\n
\nruby1.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378029.
In Mitre's CVE dictionary: CVE-2006-3694.
\n
More information:
\n
\n

It was discovered that the interpreter for the Ruby language does not\nproperly maintain \"safe levels\" for aliasing, directory accesses and\nregular expressions, which might lead to a bypass of security\nrestrictions.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.6.8-12sarge2.

\n

The unstable distribution (sid) does no longer contain ruby1.6 packages.

\n

We recommend that you upgrade your Ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1140": "
\n

Debian Security Advisory

\n

DSA-1140-1 gnupg -- integer overflow

\n
\n
Date Reported:
\n
03 Aug 2006
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 381204.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19110.
In Mitre's CVE dictionary: CVE-2006-3746.
\n
More information:
\n
\n

Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.1-1.sarge5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.5-1.

\n

We recommend that you upgrade your gnupg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1141": "
\n

Debian Security Advisory

\n

DSA-1141-1 gnupg2 -- integer overflow

\n
\n
Date Reported:
\n
04 Aug 2006
\n
Affected Packages:
\n
\ngnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 381204.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19110.
In Mitre's CVE dictionary: CVE-2006-3746.
\n
More information:
\n
\n

Evgeny Legerov discovered that overly large comments can crash gnupg,\nthe GNU privacy guard - a free PGP replacement, which is also present\nin the development branch.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9.15-6sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9.20-2.

\n

We recommend that you upgrade your gnupg2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_1.9.15-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_1.9.15-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_1.9.15-6sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1142": "
\n

Debian Security Advisory

\n

DSA-1142-1 freeciv -- missing boundary checks

\n
\n
Date Reported:
\n
04 Aug 2006
\n
Affected Packages:
\n
\nfreeciv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 381378.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19117.
In Mitre's CVE dictionary: CVE-2006-3913.
\n
More information:
\n
\n

Luigi Auriemma discovered missing boundary checks in freeciv, a clone\nof the well known Civilisation game, which can be exploited by remote\nattackers to cause a denial of service (crash) and possibly execute\narbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.1-1sarge2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your freeciv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-data_2.0.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-gtk_2.0.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-xaw3d_2.0.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv_2.0.1-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-gtk_2.0.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-client-xaw3d_2.0.1-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeciv/freeciv-server_2.0.1-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1143": "
\n

Debian Security Advisory

\n

DSA-1143-1 dhcp -- programming error

\n
\n
Date Reported:
\n
04 Aug 2006
\n
Affected Packages:
\n
\ndhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 380273.
In Mitre's CVE dictionary: CVE-2006-3122.
\n
More information:
\n
\n

Justin Winschief and Andrew Steets discovered a bug in dhcp, the DHCP\nserver for automatic IP address assignment, which causes the server to\nunexpectedly exit.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.0pl5-19.1sarge2.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your dhcp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1144": "
\n

Debian Security Advisory

\n

DSA-1144-1 chmlib -- missing input sanitising

\n
\n
Date Reported:
\n
07 Aug 2006
\n
Affected Packages:
\n
\nchmlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3178.
\n
More information:
\n
\n

It was discovered that one of the utilities shipped with chmlib, a\nlibrary for dealing with Microsoft CHM files, performs insufficient\nsanitising of filenames, which might lead to directory traversal.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.35-6sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.38-1.

\n

We recommend that you upgrade your chmlib-bin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib_0.35-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-bin_0.35-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/chmlib/chmlib-dev_0.35-6sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1145": "
\n

Debian Security Advisory

\n

DSA-1145-1 freeradius -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Aug 2006
\n
Affected Packages:
\n
\nfreeradius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-4745, CVE-2005-4746.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in freeradius, a\nhigh-performance RADIUS server, which may lead to SQL injection or denial\nof service. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2005-4745\n

    An SQL injection vulnerability has been discovered in the\n rlm_sqlcounter module.

    • \n
  • CVE-2005-4746\n

    Multiple buffer overflows have been discovered, allowing denial of\n service.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-4sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.5-1.

\n

We recommend that you upgrade your freeradius packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3.dsc
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-dialupadmin_1.0.2-4sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius_1.0.2-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-iodbc_1.0.2-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-krb5_1.0.2-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-ldap_1.0.2-4sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freeradius/freeradius-mysql_1.0.2-4sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1146": "
\n

Debian Security Advisory

\n

DSA-1146-1 krb5 -- programming error

\n
\n
Date Reported:
\n
09 Aug 2006
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3083, CVE-2006-3084.
CERT's vulnerabilities, advisories and incident notes: VU#580124, VU#401660.
\n
More information:
\n
\n

In certain application programs packaged in the MIT Kerberos 5 source\ndistribution, calls to setuid() and seteuid() are not always checked\nfor success and may fail with some PAM configurations. A local\nuser could exploit one of these vulnerabilities to result in privilege\nescalation. No exploit code is known to exist at this time.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.3-9.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1147": "
\n

Debian Security Advisory

\n

DSA-1147-1 drupal -- missing input sanitising

\n
\n
Date Reported:
\n
09 Aug 2006
\n
Affected Packages:
\n
\ndrupal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4002.
\n
More information:
\n
\n

Ayman Hourieh discovered that Drupal, a dynamic website platform,\nperforms insufficient input sanitising in the user module, which\nmight lead to cross-site scripting.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.5.3-6.1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.5.8-2.

\n

We recommend that you upgrade your drupal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-6.1sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1148": "
\n

Debian Security Advisory

\n

DSA-1148-1 gallery -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Aug 2006
\n
Affected Packages:
\n
\ngallery\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 325285.
In Mitre's CVE dictionary: CVE-2005-2734, CVE-2006-0330, CVE-2006-4030.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in gallery, a web-based\nphoto album. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2005-2734\n

    A cross-site scripting vulnerability allows injection of web script\n code through HTML or EXIF information.

    • \n
  • CVE-2006-0330\n

    A cross-site scripting vulnerability in the user registration allows\n injection of web script code.

    • \n
  • CVE-2006-4030\n

    Missing input sanitising in the stats modules allows information\n disclosure.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.5-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5-2.

\n

We recommend that you upgrade your gallery package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1149": "
\n

Debian Security Advisory

\n

DSA-1149-1 ncompress -- buffer underflow

\n
\n
Date Reported:
\n
10 Aug 2006
\n
Affected Packages:
\n
\nncompress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-1168.
\n
More information:
\n
\n

Tavis Ormandy from the Google Security Team discovered a missing\nboundary check in ncompress, the original Lempel-Ziv compress and\nuncompress programs, which allows a specially crafted datastream to\nunderflow a buffer with attacker controlled data.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.2.4-15sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.2.4-15sarge2.

\n

We recommend that you upgrade your ncompress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.dsc
\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4-15sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1150": "
\n

Debian Security Advisory

\n

DSA-1150-1 shadow -- programming error

\n
\n
Date Reported:
\n
12 Aug 2006
\n
Affected Packages:
\n
\nshadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18850.
In Mitre's CVE dictionary: CVE-2006-3378.
\n
More information:
\n
\n

A bug has been discovered in several packages that execute the\nsetuid() system call without checking for success when trying to drop\nprivileges, which may fail with some PAM configurations.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.0.3-31sarge8.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.17-2.

\n

We recommend that you upgrade your passwd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.dsc
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3-31sarge8.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.3-31sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.3-31sarge8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1151": "
\n

Debian Security Advisory

\n

DSA-1151-1 heartbeat -- out-of-bounds read

\n
\n
Date Reported:
\n
15 Aug 2006
\n
Affected Packages:
\n
\nheartbeat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3121.
\n
More information:
\n
\n

Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the\nsubsystem for High-Availability Linux. This could be used by a remote\nattacker to cause a denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.3-9sarge6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.4-14 and heartbeat-2 2.0.6-2.

\n

We recommend that you upgrade your heartbeat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.dsc
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1152": "
\n

Debian Security Advisory

\n

DSA-1152-1 trac -- missing input sanitising

\n
\n
Date Reported:
\n
18 Aug 2006
\n
Affected Packages:
\n
\ntrac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3695.
\n
More information:
\n
\n

Felix Wiemann discovered that trac, an enhanced Wiki and issue\ntracking system for software development projects, can be used to\ndisclose arbitrary local files. To fix this problem, python-docutils\nneeds to be updated as well.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1-3sarge5 of trac and version 0.3.7-2sarge1 of\npython-docutils.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.6-1.

\n

We recommend that you upgrade your trac and python-docutils packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-docutils/python-docutils_0.3.7-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python-docutils_0.3.7-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python-docutils_0.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge5.dsc
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python-docutils/python-docutils_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python-roman_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.1-difflib_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.1-textwrap_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.2-docutils_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.2-textwrap_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.3-docutils_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python-docutils/python2.4-docutils_0.3.7-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1153": "
\n

Debian Security Advisory

\n

DSA-1153-1 clamav -- buffer overflow

\n
\n
Date Reported:
\n
18 Aug 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19381.
In Mitre's CVE dictionary: CVE-2006-4018.
\n
More information:
\n
\n

Damian Put discovered a heap overflow vulnerability in the UPX\nunpacker of the ClamAV anti-virus toolkit which could allow remote\nattackers to execute arbitrary code or cause denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.84-2.sarge.10.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.88.4-0volatile1 in the volatile archive.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.88.4-2.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.10_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.10_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1154": "
\n

Debian Security Advisory

\n

DSA-1154-1 squirrelmail -- variable overwriting

\n
\n
Date Reported:
\n
20 Aug 2006
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4019.
\n
More information:
\n
\n

James Bercegay of GulfTech Security Research discovered a vulnerability\nin SquirrelMail where an authenticated user could overwrite random\nvariables in the compose script. This might be exploited to read or\nwrite the preferences or attachment files of other users.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4.4-9.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.8-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-9.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-9.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-9_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1155": "
\n

Debian Security Advisory

\n

DSA-1155-2 sendmail -- programming error

\n
\n
Date Reported:
\n
24 Aug 2006
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 373801, Bug 380258.
In the Bugtraq database (at SecurityFocus): BugTraq ID 18433.
In Mitre's CVE dictionary: CVE-2006-1173.
CERT's vulnerabilities, advisories and incident notes: VU#146718.
\n
More information:
\n
\n

It turned out that the sendmail binary depends on libsasl2 (>= 2.1.19.dfsg1)\nwhich is neither available in the stable nor in the security archive.\nThis version is scheduled for the inclusion in the next update of the\nstable release, though.

\n

You'll have to download the referenced file for your architecture from\nbelow and install it with dpkg -i.

\n

As an alternative, temporarily adding the following line to\n/etc/apt/sources.list will mitigate the problem as well:

\n\n deb http://ftp.debian.de/debian stable-proposed-updates main\n\n

Here is the original security advisory for completeness:

\n
\n

Frank Sheiness discovered that a MIME conversion routine in sendmail,\na powerful, efficient, and scalable mail transport agent, could be\ntricked by a specially crafted mail to perform an endless recursion.

\n
\n

For the stable distribution (sarge) this problem has been fixed in\nversion 8.13.4-3sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.13.7-1.

\n

We recommend that you upgrade your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1-0sarge2.dsc
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1-0sarge2.diff.gz
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/cyrus-sasl2_2.1.19.dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_alpha.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_arm.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_i386.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_ia64.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_hppa.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_m68k.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mips.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_mipsel.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_powerpc.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_s390.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge2_sparc.deb
\n
http://ftp.debian.org/debian/pool/main/c/cyrus-sasl2/libsasl2_2.1.19.dfsg1-0sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1156": "
\n

Debian Security Advisory

\n

DSA-1156-1 kdebase -- programming error

\n
\n
Date Reported:
\n
27 Aug 2006
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 374002.
In Mitre's CVE dictionary: CVE-2006-2449.
\n
More information:
\n
\n

Ludwig Nussel discovered that kdm, the X display manager for KDE, handles\naccess to the session type configuration file insecurely, which may lead\nto the disclosure of arbitrary files through a symlink attack.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.3.2-1sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5.2-2.

\n

We recommend that you upgrade your kdm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.3.2-1sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.3.2-1sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.3.2-1sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/xfonts-konsole_3.3.2-1sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1157": "
\n

Debian Security Advisory

\n

DSA-1157-1 ruby1.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Aug 2006
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378029, Bug 365520.
In Mitre's CVE dictionary: CVE-2006-3694, CVE-2006-1931.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for the\nRuby language, which may lead to the bypass of security restrictions or\ndenial of service. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-1931\n

    It was discovered that the use of blocking sockets can lead to denial\n of service.

    • \n
  • CVE-2006-3964\n

    It was discovered that Ruby does not properly maintain \"safe levels\"\n for aliasing, directory accesses and regular expressions, which might\n lead to a bypass of security restrictions.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.8.2-7sarge4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.8.4-3.

\n

We recommend that you upgrade your Ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1158": "
\n

Debian Security Advisory

\n

DSA-1158-1 streamripper -- buffer overflow

\n
\n
Date Reported:
\n
25 Aug 2006
\n
Affected Packages:
\n
\nstreamripper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3124.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar from the Debian Security Audit Project discovered that\nstreamripper, a utility to record online radio-streams, performs\ninsufficient sanitising of data received from the streaming server,\nwhich might lead to buffer overflows and the execution of arbitrary\ncode.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.61.7-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.61.25-2.

\n

We recommend that you upgrade your streamripper package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.7-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1159": "
\n

Debian Security Advisory

\n

DSA-1159-2 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Aug 2006
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18228, BugTraq ID 19181.
In Mitre's CVE dictionary: CVE-2006-2779, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810.
CERT's vulnerabilities, advisories and incident notes: VU#466673, VU#655892, VU#687396, VU#876420, VU#911004.
\n
More information:
\n
\n

The latest security updates of Mozilla Thunderbird introduced a\nregression that led to a dysfunctional attachment panel which warrants\na correction to fix this issue. For reference please find below the\noriginal advisory text:

\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2006-2779\n

    Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. The last bit of\n this problem will be corrected with the next update. You can\n prevent any trouble by disabling Javascript. [MFSA-2006-32]

    • \n
  • CVE-2006-3805\n

    The Javascript engine might allow remote attackers to execute\n arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3806\n

    Multiple integer overflows in the Javascript engine might allow\n remote attackers to execute arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3807\n

    Specially crafted Javascript allows remote attackers to execute\n arbitrary code. [MFSA-2006-51]

    • \n
  • CVE-2006-3808\n

    Remote Proxy AutoConfig (PAC) servers could execute code with elevated\n privileges via a specially crafted PAC script. [MFSA-2006-52]

    • \n
  • CVE-2006-3809\n

    Scripts with the UniversalBrowserRead privilege could gain\n UniversalXPConnect privileges and possibly execute code or obtain\n sensitive data. [MFSA-2006-53]

    • \n
  • CVE-2006-3810\n

    A cross-site scripting vulnerability allows remote attackers to\n inject arbitrary web script or HTML. [MFSA-2006-54]

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8b.2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.5-1.

\n

We recommend that you upgrade your mozilla-thunderbird package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1160": "
\n

Debian Security Advisory

\n

DSA-1160-2 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18228, BugTraq ID 19181.
In Mitre's CVE dictionary: CVE-2006-2779, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810.
CERT's vulnerabilities, advisories and incident notes: VU#466673, VU#655892, VU#687396, VU#876420, VU#911004.
\n
More information:
\n
\n

The latest security updates of Mozilla introduced a regression that\nled to a dysfunctional attachment panel which warrants a correction to\nfix this issue. For reference please find below the original advisory\ntext:

\n
\n

Several security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2006-2779\n

    Mozilla team members discovered several crashes during testing of\n the browser engine showing evidence of memory corruption which may\n also lead to the execution of arbitrary code. The last bit of\n this problem will be corrected with the next update. You can\n prevent any trouble by disabling Javascript. [MFSA-2006-32]

    • \n
  • CVE-2006-3805\n

    The Javascript engine might allow remote attackers to execute\n arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3806\n

    Multiple integer overflows in the Javascript engine might allow\n remote attackers to execute arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3807\n

    Specially crafted Javascript allows remote attackers to execute\n arbitrary code. [MFSA-2006-51]

    • \n
  • CVE-2006-3808\n

    Remote Proxy AutoConfig (PAC) servers could execute code with elevated\n privileges via a specially crafted PAC script. [MFSA-2006-52]

    • \n
  • CVE-2006-3809\n

    Scripts with the UniversalBrowserRead privilege could gain\n UniversalXPConnect privileges and possibly execute code or obtain\n sensitive data. [MFSA-2006-53]

    • \n
  • CVE-2006-3810\n

    A cross-site scripting vulnerability allows remote attackers to\n inject arbitrary web script or HTML. [MFSA-2006-54]

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge7.2.2.

\n

For the unstable distribution (sid) these problems won't be fixed\nsince its end of lifetime has been reached and the package will soon\nbe removed.

\n

We recommend that you upgrade your mozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.2.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.2.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1161": "
\n

Debian Security Advisory

\n

DSA-1161-2 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19181.
In Mitre's CVE dictionary: CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811.
CERT's vulnerabilities, advisories and incident notes: VU#655892, VU#687396, VU#876420.
\n
More information:
\n
\n

The latest security updates of Mozilla Firefox introduced a regression\nthat led to a dysfunctional attachment panel which warrants a\ncorrection to fix this issue. For reference please find below the\noriginal advisory text:

\n
\n

Several security related problems have been discovered in Mozilla and\nderived products like Mozilla Firefox. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-3805\n

    The Javascript engine might allow remote attackers to execute\n arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3806\n

    Multiple integer overflows in the Javascript engine might allow\n remote attackers to execute arbitrary code. [MFSA-2006-50]

    • \n
  • CVE-2006-3807\n

    Specially crafted Javascript allows remote attackers to execute\n arbitrary code. [MFSA-2006-51]

    • \n
  • CVE-2006-3808\n

    Remote Proxy AutoConfig (PAC) servers could execute code with elevated\n privileges via a specially crafted PAC script. [MFSA-2006-52]

    • \n
  • CVE-2006-3809\n

    Scripts with the UniversalBrowserRead privilege could gain\n UniversalXPConnect privileges and possibly execute code or obtain\n sensitive data. [MFSA-2006-53]

    • \n
  • CVE-2006-3811\n

    Multiple vulnerabilities allow remote attackers to cause a denial\n of service (crash) and possibly execute arbitrary code.\n [MFSA-2006-55]

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge11.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.5-1.

\n

We recommend that you upgrade your mozilla-firefox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1162": "
\n

Debian Security Advisory

\n

DSA-1162-1 libmusicbrainz-2.0 -- buffer overflows

\n
\n
Date Reported:
\n
30 Aug 2006
\n
Affected Packages:
\n
\nlibmusicbrainz-2.0, libmusicbrainz-2.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 383030.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19508.
In Mitre's CVE dictionary: CVE-2006-4197.
\n
More information:
\n
\n

Luigi Auriemma discovered several buffer overflows in libmusicbrainz,\na CD index library, that allow remote attackers to cause a denial of\nservice or execute arbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.0.2-10sarge1 and 2.1.1-3sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1.4-1.

\n

We recommend that you upgrade your libmusicbrainz packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz-2.1_2.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz-2.0_2.0.2-10sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python-musicbrainz_2.0.2-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.3-musicbrainz_2.0.2-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4-dev_2.1.1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2-dev_2.0.2-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/libmusicbrainz2_2.0.2-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.1/libmusicbrainz4_2.1.1-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.1-musicbrainz_2.0.2-10sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmusicbrainz-2.0/python2.2-musicbrainz_2.0.2-10sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1163": "
\n

Debian Security Advisory

\n

DSA-1163-1 gtetrinet -- programming error

\n
\n
Date Reported:
\n
30 Aug 2006
\n
Affected Packages:
\n
\ngtetrinet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3125.
\n
More information:
\n
\n

Michael Gehring discovered several potential out-of-bounds index\naccesses in gtetrinet, a multiplayer Tetris-like game, which may allow\na remote server to execute arbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.7.8-1sarge2.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your gtetrinet package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1164": "
\n

Debian Security Advisory

\n

DSA-1164-1 sendmail -- programming error

\n
\n
Date Reported:
\n
31 Aug 2006
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 385054.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19714.
In Mitre's CVE dictionary: CVE-2006-4434.
\n
More information:
\n
\n

A programming error has been discovered in sendmail, an alternative\nmail transport agent for Debian, that could allow a remote attacker to\ncrash the sendmail process by sending a specially crafted email\nmessage.

\n

Please note that in order to install this update you also need\nlibsasl2 library from proposed updates as outlined in DSA 1155-2.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 8.13.3-3sarge3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.13.8-1.

\n

We recommend that you upgrade your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1165": "
\n

Debian Security Advisory

\n

DSA-1165-1 capi4hylafax -- missing input sanitising

\n
\n
Date Reported:
\n
01 Sep 2006
\n
Affected Packages:
\n
\ncapi4hylafax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3126.
\n
More information:
\n
\n

Lionel Elie Mamane discovered a security vulnerability in\ncapi4hylafax, tools for faxing over a CAPI 2.0 device, that allows\nremote attackers to execute arbitrary commands on the fax receiving\nsystem.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 01.02.03-10sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 01.03.00.99.svn.300-3.

\n

We recommend that you upgrade your capi4hylafax package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1166": "
\n

Debian Security Advisory

\n

DSA-1166-2 cheesetracker -- buffer overflow

\n
\n
Date Reported:
\n
03 Sep 2006
\n
Affected Packages:
\n
\ncheesetracker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 380364.
In the Bugtraq database (at SecurityFocus): BugTraq ID 20060723.
In Mitre's CVE dictionary: CVE-2006-3814.
\n
More information:
\n
\n

Luigi Auriemma discovered a buffer overflow in the loading component\nof cheesetracker, a sound module tracking program, which could allow a\nmaliciously constructed input file to execute arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.9-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.9-6.

\n

We recommend that you upgrade your cheesetracker package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1167": "
\n

Debian Security Advisory

\n

DSA-1167-1 apache -- missing input sanitising

\n
\n
Date Reported:
\n
04 Sep 2006
\n
Affected Packages:
\n
\napache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 381381, Bug 343466.
In Mitre's CVE dictionary: CVE-2006-3918, CVE-2005-3352.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2005-3352\n

    A cross-site scripting (XSS) flaw exists in the mod_imap component of\n the Apache server.

    • \n
  • CVE-2006-3918\n

    Apache does not sanitize the Expect header from an HTTP request when\n it is reflected back in an error message, which might allow cross-site\n scripting (XSS) style attacks.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.33-6sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.34-3.

\n

We recommend that you upgrade your apache package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1168": "
\n

Debian Security Advisory

\n

DSA-1168-1 imagemagick -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Sep 2006
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 345595.
In Mitre's CVE dictionary: CVE-2006-2440, CVE-2006-3743, CVE-2006-3744.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Imagemagick, a\ncollection of image manipulation tools, which may lead to the execution\nof arbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-2440\n

    Eero H\u00e4kkinen discovered that the display tool allocates insufficient\n memory for globbing patterns, which might lead to a buffer overflow.

    • \n
  • CVE-2006-3743\n

    Tavis Ormandy from the Google Security Team discovered that the Sun\n bitmap decoder performs insufficient input sanitising, which might\n lead to buffer overflows and the execution of arbitrary code.

    • \n
  • CVE-2006-3744\n

    Tavis Ormandy from the Google Security Team discovered that the XCF\n image decoder performs insufficient input sanitising, which might\n lead to buffer overflows and the execution of arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 6:6.0.6.2-2.7.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1169": "
\n

Debian Security Advisory

\n

DSA-1169-1 mysql-dfsg-4.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Sep 2006
\n
Affected Packages:
\n
\nmysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19559.
In Mitre's CVE dictionary: CVE-2006-4226, CVE-2006-4380.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the MySQL\ndatabase server. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-4226\n

    Michal Prokopiuk discovered that remote authenticated users are\n permitted to create and access a database if the lowercase\n spelling is the same as one they have been granted access to.

    • \n
  • CVE-2006-4380\n

    Beat Vontobel discovered that certain queries replicated to a\n slave could crash the client and thus terminate the replication.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.1.11a-4sarge7. Version 4.0 is not affected by these\nproblems.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.0.24-3. The replication problem only exists in version 4.1.

\n

We recommend that you upgrade your mysql-server-4.1 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge7.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1170": "
\n

Debian Security Advisory

\n

DSA-1170-1 gcc-3.4 -- missing sanity check

\n
\n
Date Reported:
\n
06 Sep 2006
\n
Affected Packages:
\n
\ngcc-3.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 368397.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15669.
In Mitre's CVE dictionary: CVE-2006-3619.
\n
More information:
\n
\n

J\u00fcrgen Weigert discovered that upon unpacking JAR archives fastjar\nfrom the GNU Compiler Collection does not check the path for included\nfiles and allows to create or overwrite files in upper directories.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.4.3-13sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.1.1-11.

\n

We recommend that you upgrade your fastjar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4-doc_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4-doc_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-doc_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4-doc_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4-doc_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-common_3.4.3-13sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-doc_3.4.3-13sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib32gcc1_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib32stdc++6_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgnat-3.4_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-0_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-0-dbg_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-0-dev_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-0-pic_3.4.3-13sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-hppa64_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc2_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgnat-3.4_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64gcc1_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64stdc++6_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgnat-3.4_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgnat-3.4_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc2_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64gcc1_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64stdc++6_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/cpp-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/fastjar_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g++-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/g77-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcc-3.4-base_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gcj-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gij-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gnat-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gobjc-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/gpc-2.1-3.4_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64gcc1_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/lib64stdc++6_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libffi3-dev_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcc1_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-awt_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libgcj5-dev_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dbg_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-dev_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/libstdc++6-pic_3.4.3-13sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gcc-3.4/treelang-3.4_3.4.3-13sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1171": "
\n

Debian Security Advisory

\n

DSA-1171-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Sep 2006
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 384528, Bug 334880.
In Mitre's CVE dictionary: CVE-2006-4333, CVE-2005-3241, CVE-2005-3242, CVE-2005-3243, CVE-2005-3244, CVE-2005-3246, CVE-2005-3248.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Ethereal network\nscanner, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-4333\n

    It was discovered that the Q.2391 dissector is vulnerable to denial\n of service caused by memory exhaustion.

    • \n
  • CVE-2005-3241\n

    It was discovered that the FC-FCS, RSVP and ISIS-LSP dissectors are\n vulnerable to denial of service caused by memory exhaustion.

    • \n
  • CVE-2005-3242\n

    It was discovered that the IrDA and SMB dissectors are vulnerable to\n denial of service caused by memory corruption.

    • \n
  • CVE-2005-3243\n

    It was discovered that the SLIMP3 and AgentX dissectors are vulnerable\n to code injection caused by buffer overflows.

    • \n
  • CVE-2005-3244\n

    It was discovered that the BER dissector is vulnerable to denial of\n service caused by an infinite loop.

    • \n
  • CVE-2005-3246\n

    It was discovered that the NCP and RTnet dissectors are vulnerable to\n denial of service caused by a null pointer dereference.

    • \n
  • CVE-2005-3248\n

    It was discovered that the X11 dissector is vulnerable to denial of service\n caused by a division through zero.

    • \n
\n

This update also fixes a 64 bit-specific regression in the ASN.1 decoder, which\nwas introduced in a previous DSA.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.99.2-5.1 of wireshark, the network sniffer formerly known as\nethereal.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1172": "
\n

Debian Security Advisory

\n

DSA-1172-1 bind9 -- programming error

\n
\n
Date Reported:
\n
09 Sep 2006
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4095, CVE-2006-4096.
CERT's vulnerabilities, advisories and incident notes: VU#697164, VU#915404.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in BIND9, the Berkeley\nInternet Name Domain server. The first relates to SIG query\nprocessing and the second relates to a condition that can trigger an\nINSIST failure, both lead to a denial of service.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 9.2.4-1sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 9.3.2-P1-1.

\n

We recommend that you upgrade your bind9 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1173": "
\n

Debian Security Advisory

\n

DSA-1173-1 openssl -- cryptographic weakness

\n
\n
Date Reported:
\n
10 Sep 2006
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 386247.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19849.
In Mitre's CVE dictionary: CVE-2006-4339.
\n
More information:
\n
\n

Daniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package\nthat could allow an attacker to generate a forged signature that OpenSSL\nwill accept as valid.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.7e-3sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.9.8b-3.

\n

We recommend that you upgrade your openssl packages. Note that services\nlinking against the openssl shared libraries will need to be restarted.\nCommon examples of such services include most Mail Transport Agents, SSH\nservers, and web servers.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1174": "
\n

Debian Security Advisory

\n

DSA-1174-1 openssl096 -- cryptographic weakness

\n
\n
Date Reported:
\n
11 Sep 2006
\n
Affected Packages:
\n
\nopenssl096\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 386247.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19849.
In Mitre's CVE dictionary: CVE-2006-4339.
\n
More information:
\n
\n

Daniel Bleichenbacher discovered a flaw in the OpenSSL cryptographic package\nthat could allow an attacker to generate a forged signature that OpenSSL\nwill accept as valid.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.6m-1sarge2.

\n

This package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.

\n

We recommend that you upgrade your openssl packages. Note that services\nlinking against the openssl shared libraries will need to be restarted.\nCommon examples of such services include most Mail Transport Agents, SSH\nservers, and web servers.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1175": "
\n

Debian Security Advisory

\n

DSA-1175-1 isakmpd -- programming error

\n
\n
Date Reported:
\n
13 Sep 2006
\n
Affected Packages:
\n
\nisakmpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 385894.
In the Bugtraq database (at SecurityFocus): BugTraq ID 19712.
In Mitre's CVE dictionary: CVE-2006-4436.
\n
More information:
\n
\n

A flaw has been found in isakmpd, OpenBSD's implementation of the\nInternet Key Exchange protocol, that caused Security Associations to be\ncreated with a replay window of 0 when isakmpd was acting as the\nresponder during SA negotiation. This could allow an attacker to\nre-inject sniffed IPsec packets, which would not be checked against the\nreplay counter.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 20041012-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 20041012-4.

\n

We recommend that you upgrade your isakmpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/isakmpd/isakmpd_20041012-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1176": "
\n

Debian Security Advisory

\n

DSA-1176-1 zope2.7 -- programming error

\n
\n
Date Reported:
\n
13 Sep 2006
\n
Affected Packages:
\n
\nzope2.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4684.
\n
More information:
\n
\n

It was discovered that the Zope web application server does not disable\nthe csv_table directive in web pages containing ReST markup, allowing\nthe exposure of files readable by the Zope server.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.7.5-2sarge2.

\n

The unstable distribution (sid) doesn't contain zope2.7 any longer, for\nzope2.8 this problem has been fixed in version 2.8.8-2.

\n

We recommend that you upgrade your Zope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1177": "
\n

Debian Security Advisory

\n

DSA-1177-1 usermin -- programming error

\n
\n
Date Reported:
\n
15 Sep 2006
\n
Affected Packages:
\n
\nusermin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 374609.
In Mitre's CVE dictionary: CVE-2006-4246.
\n
More information:
\n
\n

Hendrik Weimer discovered that it is possible for a normal user to\ndisable the login shell of the root account via usermin, a web-based\nadministration tool.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.110-3.1.

\n

In the upstream distribution this problem is fixed in version 1.220.

\n

We recommend that you upgrade your usermin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1.dsc
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-at_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-changepass_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-chfn_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-commands_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-cron_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-cshrc_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-fetchmail_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-forward_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-gnupg_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-htaccess_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-htpasswd_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-mailbox_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-man_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-mysql_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-plan_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-postgresql_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-proc_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-procmail_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-quota_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-schedule_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-shell_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-spamassassin_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-ssh_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-tunnel_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-updown_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin-usermount_1.110-3.1_all.deb
\n
http://security.debian.org/pool/updates/main/u/usermin/usermin_1.110-3.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1178": "
\n

Debian Security Advisory

\n

DSA-1178-1 freetype -- integer overflow

\n
\n
Date Reported:
\n
16 Sep 2006
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 379920.
In Mitre's CVE dictionary: CVE-2006-3467.
\n
More information:
\n
\n

It was discovered that an integer overflow in freetype's PCF font code\nmay lead to denial of service and potential execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1.7-6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.1-5.

\n

We recommend that you upgrade your freetype package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-6.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1179": "
\n

Debian Security Advisory

\n

DSA-1179-1 alsaplayer -- programming error

\n
\n
Date Reported:
\n
19 Sep 2006
\n
Affected Packages:
\n
\nalsaplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4089.
\n
More information:
\n
\n

Luigi Auriemma discovered several buffer overflows in alsaplayer, a\nPCM player designed for ALSA, that can lead to a crash of the\napplication and maybe worse outcome.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.99.76-0.3sarge1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your alsaplayer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-0.3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-0.3sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1180": "
\n

Debian Security Advisory

\n

DSA-1180-1 bomberclone -- programming error

\n
\n
Date Reported:
\n
19 Sep 2006
\n
Affected Packages:
\n
\nbomberclone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 382082.
In Mitre's CVE dictionary: CVE-2006-4005, CVE-2006-4006.
\n
More information:
\n
\n

Luigi Auriemma discovered two security related bugs in bomberclone, a\nfree Bomberman clone. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2006-4005\n

    The program copies remotely provided data unchecked which could\n lead to a denial of service via an application crash.

    • \n
  • CVE-2006-4006\n

    Bomberclone uses remotely provided data as length argument which\n can lead to the disclosure of private information.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.11.5-1sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.11.7-0.1.

\n

We recommend that you upgrade your bomberclone package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone-data_0.11.5-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bomberclone/bomberclone_0.11.5-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1181": "
\n

Debian Security Advisory

\n

DSA-1181-1 gzip -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Sep 2006
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338.
\n
More information:
\n
\n

Tavis Ormandy from the Google Security Team discovered several\nvulnerabilities in gzip, the GNU compression utility. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-4334\n

    A null pointer dereference may lead to denial of service if gzip is\n used in an automated manner.

    • \n
  • CVE-2006-4335\n

    Missing boundary checks may lead to stack modification, allowing\n execution of arbitrary code.

    • \n
  • CVE-2006-4336\n

    A buffer underflow in the pack support code may lead to execution of\n arbitrary code.

    • \n
  • CVE-2006-4337\n

    A buffer underflow in the LZH support code may lead to execution of\n arbitrary code.

    • \n
  • CVE-2006-4338\n

    An infinite loop may lead to denial of service if gzip is used in\n an automated manner.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.5-10sarge2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.5-15.

\n

We recommend that you upgrade your gzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1182": "
\n

Debian Security Advisory

\n

DSA-1182-1 gnutls11 -- cryptographic weakness

\n
\n
Date Reported:
\n
22 Sep 2006
\n
Affected Packages:
\n
\ngnutls11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4790.
\n
More information:
\n
\n

Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package\nthat could allow an attacker to generate a forged signature that GNU TLS\nwill accept as valid.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.16-13.2sarge2.

\n

The unstable distribution (sid) does no longer contain gnutls11, for\ngnutls13 this problem has been fixed in version 1.4.4-1.

\n

We recommend that you upgrade your GNU TLS package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1183": "
\n

Debian Security Advisory

\n

DSA-1183-1 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Sep 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 18081, BugTraq ID 18101, BugTraq ID 18847, BugTraq ID 19666, BugTraq ID 20087.
In Mitre's CVE dictionary: CVE-2005-4798, CVE-2006-2935, CVE-2006-1528, CVE-2006-2444, CVE-2006-2446, CVE-2006-3745, CVE-2006-4535.
CERT's vulnerabilities, advisories and incident notes: VU#681569.
\n
More information:
\n
\n

Several security related problems have been discovered in the Linux\nkernel which may lead to a denial of service or even the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-4798\n

    A buffer overflow in NFS readlink handling allows a malicious\n remote server to cause a denial of service.

    • \n
  • CVE-2006-2935\n

    Diego Calleja Garcia discovered a buffer overflow in the DVD\n handling code that could be exploited by a specially crafted DVD\n USB storage device to execute arbitrary code.

    • \n
  • CVE-2006-1528\n

    A bug in the SCSI driver allows a local user to cause a denial of\n service.

    • \n
  • CVE-2006-2444\n

    Patrick McHardy discovered a bug in the SNMP NAT helper that\n allows remote attackers to cause a denial of service.

    • \n
  • CVE-2006-2446\n

    A race condition in the socket buffer handling allows remote\n attackers to cause a denial of service.

    • \n
  • CVE-2006-3745\n

    Wei Wang discovered a bug in the SCTP implementation that allows\n local users to cause a denial of service and possibly gain root\n privileges.

    • \n
  • CVE-2006-4535\n

    David Miller reported a problem with the fix for CVE-2006-3745\n that allows local users to crash the system via an SCTP\n socket with a certain SO_LINGER value.

    • \n
\n

The following matrix explains which kernel version for which\narchitecture fixes the problem mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0stable (sarge)
Source2.4.27-10sarge4
Alpha architecture2.4.27-10sarge4
ARM architecture2.4.27-2sarge4
Intel IA-32 architecture2.4.27-10sarge4
Intel IA-64 architecture2.4.27-10sarge4
Motorola 680x0 architecture2.4.27-3sarge4
MIPS architectures2.4.27-10.sarge4.040815-1
PowerPC architecture2.4.27-10sarge4
IBM S/3902.4.27-2sarge4
Sun Sparc architecture2.4.27-9sarge4
FAI1.9.1sarge4
mindi-kernel2.4.27-2sarge3
kernel-image-speakup-i3862.4.27-1.1sarge3
systemimager3.2.3-6sarge3
\n

For the unstable distribution (sid) these problems won't be fixed\nanymore in the 2.4 kernel series.

\n

We recommend that you upgrade your kernel package and reboot the\nmachine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-s390/kernel-patch-2.4.27-s390_2.4.27-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-s390/kernel-patch-2.4.27-s390_2.4.27-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-s390/kernel-patch-2.4.27-s390_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge3.dsc
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-s390/kernel-patch-2.4.27-s390_2.4.27-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-client_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-common_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-doc_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server_3.2.3-6sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-2_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390-tape_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390x_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1184": "
\n

Debian Security Advisory

\n

DSA-1184-2 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Sep 2006
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 17203, BugTraq ID 17830, BugTraq ID 18081, BugTraq ID 18099, BugTraq ID 18101, BugTraq ID 18105, BugTraq ID 18847, BugTraq ID 19033, BugTraq ID 19396, BugTraq ID 19562, BugTraq ID 19615, BugTraq ID 19666, BugTraq ID 20087.
In Mitre's CVE dictionary: CVE-2004-2660, CVE-2005-4798, CVE-2006-1052, CVE-2006-1343, CVE-2006-1528, CVE-2006-1855, CVE-2006-1856, CVE-2006-2444, CVE-2006-2446, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3745, CVE-2006-4093, CVE-2006-4145, CVE-2006-4535.
CERT's vulnerabilities, advisories and incident notes: VU#681569.
\n
More information:
\n
\n

This advisory covers the S/390 components of the recent security\nupdate for the Linux 2.6.8 kernel that were missing due to technical\nproblems. For reference, please see the text of the original advisory.

\n
\n

Several security related problems have been discovered in the Linux\nkernel which may lead to a denial of service or even the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2004-2660\n

    Toshihiro Iwamoto discovered a memory leak in the handling of\n direct I/O writes that allows local users to cause a denial of\n service.

    • \n
  • CVE-2005-4798\n

    A buffer overflow in NFS readlink handling allows a malicious\n remote server to cause a denial of service.

    • \n
  • CVE-2006-1052\n

    Stephen Smalley discovered a bug in the SELinux ptrace handling\n that allows local users with ptrace permissions to change the\n tracer SID to the SID of another process.

    • \n
  • CVE-2006-1343\n

    Pavel Kankovsky discovered an information leak in the getsockopt\n system call which can be exploited by a local program to leak\n potentially sensitive memory to userspace.

    • \n
  • CVE-2006-1528\n

    Douglas Gilbert reported a bug in the sg driver that allows local\n users to cause a denial of service by performing direct I/O\n transfers from the sg driver to memory mapped I/O space.

    • \n
  • CVE-2006-1855\n

    Mattia Belletti noticed that certain debugging code left in the\n process management code could be exploited by a local attacker to\n cause a denial of service.

    • \n
  • CVE-2006-1856\n

    Kostik Belousov discovered a missing LSM file_permission check in\n the readv and writev functions which might allow attackers to\n bypass intended access restrictions.

    • \n
  • CVE-2006-2444\n

    Patrick McHardy discovered a bug in the SNMP NAT helper that\n allows remote attackers to cause a denial of service.

    • \n
  • CVE-2006-2446\n

    A race condition in the socket buffer handling allows remote\n attackers to cause a denial of service.

    • \n
  • CVE-2006-2935\n

    Diego Calleja Garcia discovered a buffer overflow in the DVD\n handling code that could be exploited by a specially crafted DVD\n USB storage device to execute arbitrary code.

    • \n
  • CVE-2006-2936\n

    A bug in the serial USB driver has been discovered that could be\n exploited by a custom made USB serial adapter to consume arbitrary\n amounts of memory.

    • \n
  • CVE-2006-3468\n

    James McKenzie discovered a denial of service vulnerability in the\n NFS driver. When exporting an ext3 file system over NFS, a remote\n attacker could exploit this to trigger a file system panic by\n sending a specially crafted UDP packet.

    • \n
  • CVE-2006-3745\n

    Wei Wang discovered a bug in the SCTP implementation that allows\n local users to cause a denial of service and possibly gain root\n privileges.

    • \n
  • CVE-2006-4093\n

    Olof Johansson discovered that the kernel does not disable the HID0\n bit on PowerPC 970 processors which could be exploited by a local\n attacker to cause a denial of service.

    • \n
  • CVE-2006-4145\n

    A bug in the Universal Disk Format (UDF) filesystem driver could\n be exploited by a local user to cause a denial of service.

    • \n
  • CVE-2006-4535\n

    David Miller reported a problem with the fix for CVE-2006-3745\n that allows local users to crash the system via an SCTP\n socket with a certain SO_LINGER value.

    • \n
\n
\n

The following matrix explains which kernel version for which\narchitecture fixes the problem mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0stable (sarge)
Source2.6.8-16sarge5
Alpha architecture2.6.8-16sarge5
AMD64 architecture2.6.8-16sarge5
HP Precision architecture2.6.8-6sarge5
Intel IA-32 architecture2.6.8-16sarge5
Intel IA-64 architecture2.6.8-14sarge5
Motorola 680x0 architecture2.6.8-4sarge5
PowerPC architecture2.6.8-12sarge5
IBM S/3902.6.8-5sarge5
Sun Sparc architecture2.6.8-15sarge5
FAI1.9.1sarge4
\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.18-1.

\n

We recommend that you upgrade your kernel package and reboot the\nmachine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-generic_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-2-smp_2.6.8-16sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-32-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-2-64-smp_2.6.8-6sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-generic_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-amd64-k8-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-11-em64t-p4-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-386_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-686-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-2-k7-smp_2.6.8-16sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-itanium-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-2-mckinley-smp_2.6.8-14sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge5_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power3-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-power4-smp_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc_2.6.8-12sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-powerpc-smp_2.6.8-12sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc32_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-2-sparc64-smp_2.6.8-15sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1185": "
\n

Debian Security Advisory

\n

DSA-1185-2 openssl -- denial of service

\n
\n
Date Reported:
\n
28 Sep 2006
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2940, CVE-2006-3738, CVE-2006-4343, CVE-2006-2937.
\n
More information:
\n
\n

The fix used to correct CVE-2006-2940 introduced code that could lead to\nthe use of uninitialized memory. Such use is likely to cause the\napplication using the openssl library to crash, and has the potential to\nallow an attacker to cause the execution of arbitrary code.\nFor reference please find below the original advisory text:

\n
\n

Multiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.

\n
    \n
  • CVE-2006-2937\n

    Dr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL two denial of service vulnerabilities were discovered.

    \n

    During the parsing of certain invalid ASN1 structures an error\n\tcondition is mishandled. This can result in an infinite loop\n\twhich consumes system memory.

    \n

    Any code which uses OpenSSL to parse ASN1 data from untrusted\n\tsources is affected. This includes SSL servers which enable\n\tclient authentication and S/MIME applications.

    • \n
  • CVE-2006-3738\n

    Tavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a buffer overflow in SSL_get_shared_ciphers utility\n\tfunction, used by some applications such as exim and mysql. An\n\tattacker could send a list of ciphers that would overrun a\n\tbuffer.

    • \n
  • CVE-2006-4343\n

    Tavis Ormandy and Will Drewry of the Google Security Team\n\tdiscovered a possible DoS in the sslv2 client code. Where a\n\tclient application uses OpenSSL to make a SSLv2 connection to\n\ta malicious server that server could cause the client to\n\tcrash.

    • \n
  • CVE-2006-2940\n

    Dr S N Henson of the OpenSSL core team and Open Network\n\tSecurity recently developed an ASN1 test suite for NISCC\n\t(www.niscc.gov.uk). When the test suite was run against\n\tOpenSSL a DoS was discovered.

    \n

    Certain types of public key can take disproportionate amounts\n\tof time to process. This could be used by an attacker in a\n\tdenial of service attack.

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.7e-3sarge4.

\n

For the unstable and testing distributions (sid and etch,\nrespectively), these problems will be fixed in version 0.9.7k-3 of the\nopenssl097 compatibility libraries, and version 0.9.8c-3 of the\nopenssl package.

\n

We recommend that you upgrade your openssl package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1186": "
\n

Debian Security Advisory

\n

DSA-1186-1 cscope -- buffer overflows

\n
\n
Date Reported:
\n
30 Sep 2006
\n
Affected Packages:
\n
\ncscope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 385893.
In Mitre's CVE dictionary: CVE-2006-4262.
\n
More information:
\n
\n

Will Drewry of the Google Security Team discovered several buffer overflows\nin cscope, a source browsing tool, which might lead to the execution of\narbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 15.5-1.1sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 15.5+cvs20060902-1.

\n

We recommend that you upgrade your cscope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.5-1.1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1187": "
\n

Debian Security Advisory

\n

DSA-1187-1 migrationtools -- insecure temporary files

\n
\n
Date Reported:
\n
30 Sep 2006
\n
Affected Packages:
\n
\nmigrationtools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 338920.
In Mitre's CVE dictionary: CVE-2006-0512.
\n
More information:
\n
\n

Jason Hoover discovered that migrationtools, a collection of scripts\nto migrate user data to LDAP creates several temporary files insecurely,\nwhich might lead to denial of service through a symlink attack.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 46-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 46-2.1.

\n

We recommend that you upgrade your migrationtools package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/migrationtools/migrationtools_46-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1188": "
\n

Debian Security Advisory

\n

DSA-1188-1 mailman -- format string

\n
\n
Date Reported:
\n
04 Oct 2006
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19831.
In Mitre's CVE dictionary: CVE-2006-3636, CVE-2006-4624.
\n
More information:
\n
\n

Several security related problems have been discovered in mailman, the\nweb-based GNU mailing list manager. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2006-3636\n

    Moritz Naumann discovered several cross-site scripting problems\n that could allow remote attackers to inject arbitrary web script code\n or HTML.

    • \n
  • CVE-2006-4624\n

    Moritz Naumann discovered that a remote attacker can inject\n arbitrary strings into the logfile.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.1.5-8sarge5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.1.8-3.

\n

We recommend that you upgrade your mailman package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5.dsc
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1189": "
\n

Debian Security Advisory

\n

DSA-1189-1 openssh-krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Oct 2006
\n
Affected Packages:
\n
\nopenssh-krb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4924, CVE-2006-5051.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in OpenSSH, a free\nimplementation of the Secure Shell protocol, which may lead to denial of\nservice and potentially the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-4924\n

    Tavis Ormandy of the Google Security Team discovered a denial of\n service vulnerability in the mitigation code against complexity\n attacks, which might lead to increased CPU consumption until a\n timeout is triggered. This is only exploitable if support for\n SSH protocol version 1 is enabled.

    • \n
  • CVE-2006-5051\n

    Mark Dowd discovered that insecure signal handler usage could\n potentially lead to execution of arbitrary code through a double\n free. The Debian Security Team doesn't believe the general openssh\n package without Kerberos support to be exploitable by this issue.\n However, due to the complexity of the underlying code we will\n issue an update to rule out all eventualities.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.8.1p1-7sarge1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.3p2-4 of openssh. openssh-krb5 will soon be converted towards\na transitional package against openssh.

\n

We recommend that you upgrade your openssh-krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/openssh-krb5_3.8.1p1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh-krb5/ssh-krb5_3.8.1p1-7sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1190": "
\n

Debian Security Advisory

\n

DSA-1190-1 maxdb-7.5.00 -- buffer overflow

\n
\n
Date Reported:
\n
04 Oct 2006
\n
Affected Packages:
\n
\nmaxdb-7.5.00\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 386182.
In Mitre's CVE dictionary: CVE-2006-4305.
\n
More information:
\n
\n

Oliver Karow discovered that the WebDBM frontend of the MaxDB database\nperforms insufficient sanitising of requests passed to it, which might\nlead to the execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 7.5.00.24-4.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your maxdb-7.5.00 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1191": "
\n

Debian Security Advisory

\n

DSA-1191-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2006
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 20042.
In Mitre's CVE dictionary: CVE-2006-2788, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2006-2788\n

    Fernando Ribeiro discovered that a vulnerability in the getRawDER\n function allows remote attackers to cause a denial of service\n (hang) and possibly execute arbitrary code.

    • \n
  • CVE-2006-4340\n

    Daniel Bleichenbacher recently described an implementation error\n in RSA signature verification that cause the application to\n incorrectly trust SSL certificates.

    • \n
  • CVE-2006-4565, CVE-2006-4566\n

    Priit Laes reported that a JavaScript regular expression can\n trigger a heap-based buffer overflow which allows remote attackers\n to cause a denial of service and possibly execute arbitrary code.

    • \n
  • CVE-2006-4568\n

    A vulnerability has been discovered that allows remote attackers\n to bypass the security model and inject content into the sub-frame\n of another site.

    • \n
  • CVE-2006-4570\n

    Georgi Guninski demonstrated that even with JavaScript disabled in\n mail (the default) an attacker can still execute JavaScript when a\n mail message is viewed, replied to, or forwarded.

    • \n
  • CVE-2006-4571\n

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and\n SeaMonkey allow remote attackers to cause a denial of service,\n corrupt memory, and possibly execute arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8c.1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.0.7-1.

\n

We recommend that you upgrade your Mozilla Thunderbird packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1192": "
\n

Debian Security Advisory

\n

DSA-1192-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Oct 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 20042.
In Mitre's CVE dictionary: CVE-2006-2788, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2006-2788\n

    Fernando Ribeiro discovered that a vulnerability in the getRawDER\n function allows remote attackers to cause a denial of service\n (hang) and possibly execute arbitrary code.

    • \n
  • CVE-2006-4340\n

    Daniel Bleichenbacher recently described an implementation error\n in RSA signature verification that cause the application to\n incorrectly trust SSL certificates.

    • \n
  • CVE-2006-4565, CVE-2006-4566\n

    Priit Laes reported that a JavaScript regular expression can\n trigger a heap-based buffer overflow which allows remote attackers\n to cause a denial of service and possibly execute arbitrary code.

    • \n
  • CVE-2006-4568\n

    A vulnerability has been discovered that allows remote attackers\n to bypass the security model and inject content into the sub-frame\n of another site.

    • \n
  • CVE-2006-4570\n

    Georgi Guninski demonstrated that even with JavaScript disabled in\n mail (the default) an attacker can still execute JavaScript when a\n mail message is viewed, replied to, or forwarded.

    • \n
  • CVE-2006-4571\n

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and\n SeaMonkey allow remote attackers to cause a denial of service,\n corrupt memory, and possibly execute arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge7.3.1.

\n

We recommend that you upgrade your Mozilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge7.3.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge7.3.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1193": "
\n

Debian Security Advisory

\n

DSA-1193-1 xfree86 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Oct 2006
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3467, CVE-2006-3739, CVE-2006-3740, CVE-2006-4447.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the X Window System,\nwhich may lead to the execution of arbitrary code or denial of service.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-3467\n

    Chris Evan discovered an integer overflow in the code to handle\n PCF fonts, which might lead to denial of service if a malformed\n font is opened.

    • \n
  • CVE-2006-3739\n

    It was discovered that an integer overflow in the code to handle\n Adobe Font Metrics might lead to the execution of arbitrary code.

    • \n
  • CVE-2006-3740\n

    It was discovered that an integer overflow in the code to handle\n CMap and CIDFont font data might lead to the execution of arbitrary\n code.

    • \n
  • CVE-2006-4447\n

    The XFree86 initialization code performs insufficient checking of\n the return value of setuid() when dropping privileges, which might\n lead to local privilege escalation.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.3.0.dfsg.1-14sarge2. This release lacks builds for the\nMotorola 680x0 architecture, which failed due to diskspace constraints\non the build host. They will be released once this problem has been\nresolved.

\n

For the unstable distribution (sid) these problems have been fixed\nin version 1:1.2.2-1 of libxfont and version 1:1.0.2-9 of xorg-server.

\n

We recommend that you upgrade your XFree86 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge2.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1194": "
\n

Debian Security Advisory

\n

DSA-1194-1 libwmf -- integer overflow

\n
\n
Date Reported:
\n
09 Oct 2006
\n
Affected Packages:
\n
\nlibwmf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 381538.
In Mitre's CVE dictionary: CVE-2006-3376.
\n
More information:
\n
\n

It was discovered that an integer overflow in libwmf, the library to read\nWindows Metafile Format files, can be exploited to execute arbitrary code\nif a crafted WMF file is parsed.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.2.8.3-2sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.2.8.4-2.

\n

We recommend that you upgrade your libwmf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.3-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.3-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.3-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.3-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.3-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1195": "
\n

Debian Security Advisory

\n

DSA-1195-1 openssl096 -- denial of service (multiple)

\n
\n
Date Reported:
\n
10 Oct 2006
\n
Affected Packages:
\n
\nopenssl096\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2940, CVE-2006-3738, CVE-2006-4343.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the OpenSSL\ncryptographic software package that could allow an attacker to launch\na denial of service attack by exhausting system resources or crashing\nprocesses on a victim's computer.

\n
    \n
  • CVE-2006-3738\n

    Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a buffer overflow in SSL_get_shared_ciphers utility\n function, used by some applications such as exim and mysql. An\n attacker could send a list of ciphers that would overrun a\n buffer.

    • \n
  • CVE-2006-4343\n

    Tavis Ormandy and Will Drewry of the Google Security Team\n discovered a possible DoS in the sslv2 client code. Where a\n client application uses OpenSSL to make a SSLv2 connection to\n a malicious server that server could cause the client to\n crash.

    • \n
  • CVE-2006-2940\n

    Dr S N Henson of the OpenSSL core team and Open Network\n Security recently developed an ASN1 test suite for NISCC\n (www.niscc.gov.uk). When the test suite was run against\n OpenSSL a DoS was discovered.

    \n

    Certain types of public key can take disproportionate amounts\n of time to process. This could be used by an attacker in a\n denial of service attack.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.9.6m-1sarge4.

\n

This package exists only for compatibility with older software, and is\nnot present in the unstable or testing branches of Debian.

\n

We recommend that you upgrade your openssl096 package. Note that\nservices linking against the openssl shared libraries will need to be\nrestarted. Common examples of such services include most Mail\nTransport Agents, SSH servers, and web servers.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1196": "
\n

Debian Security Advisory

\n

DSA-1196-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Oct 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4182, CVE-2006-5295.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the ClamAV malware\nscan engine, which may lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-4182\n

    Damian Put discovered a heap overflow error in the script to rebuild\n PE files, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2006-5295\n

    Damian Put discovered that missing input sanitising in the CHM\n handling code might lead to denial of service.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.11. Due to technical problems with the build host\nthis update lacks a build for the Sparc architecture. It will be\nprovided soon.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.88.5-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.11_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.11_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.11_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1197": "
\n

Debian Security Advisory

\n

DSA-1197-1 python2.4 -- buffer overflow

\n
\n
Date Reported:
\n
22 Oct 2006
\n
Affected Packages:
\n
\npython2.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 391589.
In Mitre's CVE dictionary: CVE-2006-4980.
\n
More information:
\n
\n

Benjamin C. Wiley Sittler discovered that the repr() of the Python\ninterpreter allocates insufficient memory when parsing UCS-4 Unicode\nstrings, which might lead to execution of arbitrary code through\na buffer overflow.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.4.1-2sarge1. Due to build problems this update lacks fixed\npackages for the m68k architecture. Once they are sorted out, binaries\nfor m68k will be released.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.4.4-1.

\n

We recommend that you upgrade your Python 2.4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.1-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-doc_2.4.1-2sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.1-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-gdbm_2.4.1-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-tk_2.4.1-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1198": "
\n

Debian Security Advisory

\n

DSA-1198-1 python2.3 -- buffer overflow

\n
\n
Date Reported:
\n
23 Oct 2006
\n
Affected Packages:
\n
\npython2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 391589.
In Mitre's CVE dictionary: CVE-2006-4980.
\n
More information:
\n
\n

Benjamin C. Wiley Sittler discovered that the repr() of the Python\ninterpreter allocates insufficient memory when parsing UCS-4 Unicode\nstrings, which might lead to execution of arbitrary code through\na buffer overflow.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.3.5-3sarge2. Due to build problems this update lacks fixed\npackages for the Alpha and Sparc architectures. Once they are sorted\nout, fixed binaries will be released.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.5-16.

\n

We recommend that you upgrade your Python 2.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.3/idle-python2.3_2.3.5-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-doc_2.3.5-3sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-examples_2.3.5-3sarge2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3_2.3.5-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-dev_2.3.5-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-gdbm_2.3.5-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-mpz_2.3.5-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.3/python2.3-tk_2.3.5-3sarge2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1199": "
\n

Debian Security Advisory

\n

DSA-1199-1 webmin -- multiple vulnerabilities

\n
\n
Date Reported:
\n
23 Oct 2006
\n
Affected Packages:
\n
\nwebmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 341394, Bug 381537, Bug 391284.
In the Bugtraq database (at SecurityFocus): BugTraq ID 15629, BugTraq ID 18744, BugTraq ID 19820.
In Mitre's CVE dictionary: CVE-2005-3912, CVE-2006-3392, CVE-2006-4542.
\n
More information:
\n
\n

Several vulnerabilities have been identified in webmin, a web-based\nadministration toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2005-3912\n

    A format string vulnerability in miniserv.pl could allow an\n\tattacker to cause a denial of service by crashing the\n\tapplication or exhausting system resources, and could\n\tpotentially allow arbitrary code execution.

    • \n
  • CVE-2006-3392\n

    Improper input sanitization in miniserv.pl could allow an\n\tattacker to read arbitrary files on the webmin host by providing\n\ta specially crafted URL path to the miniserv http server.

    • \n
  • CVE-2006-4542\n

    Improper handling of null characters in URLs in miniserv.pl\n\tcould allow an attacker to conduct cross-site scripting attacks,\n\tread CGI program source code, list local directories, and\n\tpotentially execute arbitrary code.

    • \n
\n

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64,\nm68k, mips, mipsel, powerpc, s390 and sparc.

\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.180-3sarge1.

\n

Webmin is not included in unstable (sid) or testing (etch), so these\nproblems are not present.

\n

We recommend that you upgrade your webmin (1.180-3sarge1) package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webmin/webmin-core_1.180-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/w/webmin/webmin_1.180-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1200": "
\n

Debian Security Advisory

\n

DSA-1200-1 qt-x11-free -- integer overflow

\n
\n
Date Reported:
\n
30 Oct 2006
\n
Affected Packages:
\n
\nqt-x11-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 394313.
In the Bugtraq database (at SecurityFocus): BugTraq ID 20599.
In Mitre's CVE dictionary: CVE-2006-4811.
\n
More information:
\n
\n

An integer overflow has been found in the pixmap handling routines in\nthe Qt GUI libraries. This could allow an attacker to cause a denial of\nservice and possibly execute arbitrary code by providing a specially\ncrafted image file and inducing the victim to view it in an application\nbased on Qt.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 3:3.3.4-3sarge1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversions 3:3.3.7-1 and 4.2.1-1.

\n

We recommend that you upgrade your qt-x11-free packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-i18n_3.3.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-doc_3.3.4-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-examples_3.3.4-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-ibase_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-ibase_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1201": "
\n

Debian Security Advisory

\n

DSA-1201-1 ethereal -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Oct 2006
\n
Affected Packages:
\n
\nethereal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 396258.
In Mitre's CVE dictionary: CVE-2006-4574, CVE-2006-4805.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Ethereal network\nscanner. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2005-4574\n

    It was discovered that the MIME multipart dissector is vulnerable to\n denial of service caused by an off-by-one overflow.

    • \n
  • CVE-2006-4805\n

    It was discovered that the XOT dissector is vulnerable to denial\n of service caused by memory corruption.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.10.10-2sarge9. Due to technical problems with the security\nbuildd infrastructure this update lacks builds for the hppa and sparc\narchitecture. They will be released as soon as the problems are resolved.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge9_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1202": "
\n

Debian Security Advisory

\n

DSA-1202-1 screen -- programming error

\n
\n
Date Reported:
\n
31 Oct 2006
\n
Affected Packages:
\n
\nscreen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 395225, Bug 395999.
In Mitre's CVE dictionary: CVE-2006-4573.
\n
More information:
\n
\n

cstone and Rich Felker discovered that specially crafted UTF-8 sequences\nmay lead an out of bands memory write when displayed inside the screen\nterminal multiplexer, allowing denial of service and potentially the\nexecution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 4.0.2-4.1sarge1. Due to technical problems with the security\nbuildd infrastructure this update lacks a build for the Sun Sparc\narchitecture. It will be released as soon as the problems are resolved.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.0.3-0.1.

\n

We recommend that you upgrade your screen package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/screen/screen_4.0.2-4.1sarge1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1203": "
\n

Debian Security Advisory

\n

DSA-1203-1 libpam-ldap -- programming error

\n
\n
Date Reported:
\n
02 Nov 2006
\n
Affected Packages:
\n
\nlibpam-ldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 392984.
In Mitre's CVE dictionary: CVE-2006-5170.
\n
More information:
\n
\n

Steve Rigler discovered that the PAM module for authentication against\nLDAP servers processes PasswordPolicyReponse control messages incorrectly,\nwhich might lead to an attacker being able to login into a suspended\nsystem account.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 178-1sarge3. Due to technical problems with the security\nbuildd infrastructure this update lacks a build for the Sun Sparc\narchitecture. It will be released as soon as the problems are resolved.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 180-1.2.

\n

We recommend that you upgrade your libpam-ldap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-ldap/libpam-ldap_178-1sarge3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1204": "
\n

Debian Security Advisory

\n

DSA-1204-1 ingo1 -- missing input sanitising

\n
\n
Date Reported:
\n
02 Nov 2006
\n
Affected Packages:
\n
\ningo1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 396099.
In Mitre's CVE dictionary: CVE-2006-5449.
\n
More information:
\n
\n

It was discovered that the Ingo email filter rules manager performs\ninsufficient escaping of user-provided data in created procmail rules\nfiles, which allows the execution of arbitrary shell commands.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 1.0.1-1sarge1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2-1.

\n

We recommend that you upgrade your ingo1 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ingo1/ingo1_1.0.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/ingo1/ingo1_1.0.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ingo1/ingo1_1.0.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ingo1/ingo1_1.0.1-1sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1205": "
\n

Debian Security Advisory

\n

DSA-1205-2 thttpd -- insecure temporary files

\n
\n
Date Reported:
\n
02 Nov 2006
\n
Affected Packages:
\n
\nthttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 396277.
In Mitre's CVE dictionary: CVE-2006-4248.
\n
More information:
\n
\n

The original advisory for this issue didn't contain fixed packages for all\nsupported architectures which are corrected in this update. For reference\nplease find below the original advisory text:

\n
\n

Marco d'Itri discovered that thttpd, a small, fast and secure webserver,\nmakes use of insecure temporary files when its logfiles are rotated,\nwhich might lead to a denial of service through a symlink attack.

\n
\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.23beta1-3sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.23beta1-5.

\n

We recommend that you upgrade your thttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1206": "
\n

Debian Security Advisory

\n

DSA-1206-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Nov 2006
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-3353, CVE-2006-3017, CVE-2006-4482, CVE-2006-5465.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2005-3353\n

    Tim Starling discovered that missing input sanitising in the EXIF\n module could lead to denial of service.

    • \n
  • CVE-2006-3017\n

    Stefan Esser discovered a security-critical programming error in the\n hashtable implementation of the internal Zend engine.

    • \n
  • CVE-2006-4482\n

    It was discovered that str_repeat() and wordwrap() functions perform\n insufficient checks for buffer boundaries on 64 bit systems, which\n might lead to the execution of arbitrary code.

    • \n
  • CVE-2006-5465\n

    Stefan Esser discovered a buffer overflow in the htmlspecialchars()\n and htmlentities(), which might lead to the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-18. Builds for hppa and m68k will be provided later\nonce they are available.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.

\n

We recommend that you upgrade your php4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-18_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1207": "
\n

Debian Security Advisory

\n

DSA-1207-2 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2006
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 339437, Bug 340438, Bug 362567, Bug 368082, Bug 391090.
In Mitre's CVE dictionary: CVE-2006-1678, CVE-2006-2418, CVE-2005-3621, CVE-2005-3665, CVE-2006-5116.
\n
More information:
\n
\n

The phpmyadmin update in DSA 1207 introduced a regression. This update\ncorrects this flaw. For completeness, please find below the original\nadvisory text:

\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a\nprogram to administrate MySQL over the web. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2005-3621\n

    CRLF injection vulnerability allows remote attackers to conduct\n HTTP response splitting attacks.

    • \n
  • CVE-2005-3665\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST\n variable and (2) various scripts in the libraries directory that\n handle header generation.

    • \n
  • CVE-2006-1678\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML via scripts in the\n themes directory.

    • \n
  • CVE-2006-2418\n

    A cross-site scripting (XSS) vulnerability allows remote attackers\n to inject arbitrary web script or HTML via the db parameter of\n footer.inc.php.

    • \n
  • CVE-2006-5116\n

    A remote attacker could overwrite internal variables through the\n _FILES global variable.

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.6.2-3sarge3.

\n

For the upcoming stable release (etch) and unstable distribution (sid)\nthese problems have been fixed in version 2.9.0.3-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1208": "
\n

Debian Security Advisory

\n

DSA-1208-1 bugzilla -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Nov 2006
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 395094, Bug 329387.
In Mitre's CVE dictionary: CVE-2005-4534, CVE-2006-5453.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Bugzilla\nbug tracking system, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2005-4534\n

    Javier Fern\u00e1ndez-Sanguino Pe\u00f1a discovered that insecure temporary\n file usage may lead to denial of service through a symlink attack.

    • \n
  • CVE-2006-5453\n

    Several cross-site scripting vulnerabilities may lead to injection\n of arbitrary web script code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.16.7-7sarge2.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 2.22.1-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.22.1-1.

\n

We recommend that you upgrade your bugzilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.16.7-7sarge2.dsc
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.16.7-7sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.16.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla-doc_2.16.7-7sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_2.16.7-7sarge2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1209": "
\n

Debian Security Advisory

\n

DSA-1209-2 trac -- cross-site request forgery

\n
\n
Date Reported:
\n
12 Nov 2006
\n
Affected Packages:
\n
\ntrac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that Trac, a wiki and issue tracking system for\nsoftware development projects, performs insufficient validation against\ncross-site request forgery, which might lead to an attacker being able\nto perform manipulation of a Trac site with the privileges of the\nattacked Trac user.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1-3sarge7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.10.1-1.

\n

We recommend that you upgrade your trac package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.dsc
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1210": "
\n

Debian Security Advisory

\n

DSA-1210-1 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Nov 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 20042.
In Mitre's CVE dictionary: CVE-2006-2788, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4571.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common\nVulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2006-2788\n

    Fernando Ribeiro discovered that a vulnerability in the getRawDER\n function allows remote attackers to cause a denial of service\n (hang) and possibly execute arbitrary code.

    • \n
  • CVE-2006-4340\n

    Daniel Bleichenbacher recently described an implementation error\n in RSA signature verification that cause the application to\n incorrectly trust SSL certificates.

    • \n
  • CVE-2006-4565, CVE-2006-4566\n

    Priit Laes reported that a JavaScript regular expression can\n trigger a heap-based buffer overflow which allows remote attackers\n to cause a denial of service and possibly execute arbitrary code.

    • \n
  • CVE-2006-4568\n

    A vulnerability has been discovered that allows remote attackers\n to bypass the security model and inject content into the sub-frame\n of another site.

    • \n
  • CVE-2006-4571\n

    Multiple unspecified vulnerabilities in Firefox, Thunderbird and\n SeaMonkey allow remote attackers to cause a denial of service,\n corrupt memory, and possibly execute arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge12.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.5.dfsg+1.5.0.7-1 of firefox.

\n

We recommend that you upgrade your Mozilla Firefox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1211": "
\n

Debian Security Advisory

\n

DSA-1211-1 pdns -- buffer overflow

\n
\n
Date Reported:
\n
14 Nov 2006
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4251.
\n
More information:
\n
\n

It was discovered that malformed TCP packets may lead to denial of service\nand possibly the execution of arbitrary code if the PowerDNS nameserver\nacts as a recursive nameserver.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.9.17-13sarge3.

\n

For the upcoming stable distribution (etch) this problem has been fixed\nin version 3.1.4-1 of pdns-recursor.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.1.4-1 of pdns-recursor.

\n

We recommend that you upgrade your PowerDNS packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge3_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1212": "
\n

Debian Security Advisory

\n

DSA-1212-1 openssh -- Denial of service

\n
\n
Date Reported:
\n
15 Nov 2006
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 392428.
In the Bugtraq database (at SecurityFocus): BugTraq ID 20216, BugTraq ID 20241.
In Mitre's CVE dictionary: CVE-2006-4924, CVE-2006-5051.
\n
More information:
\n
\n

Two denial of service problems have been found in the OpenSSH\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing vulnerabilities:

\n
    \n
  • CVE-2006-4924\n

    The sshd support for ssh protocol version 1 does not properly\n handle duplicate incoming blocks. This could allow a remote\n attacker to cause sshd to consume significant CPU resources\n leading to a denial of service.

    • \n
  • CVE-2006-5051\n

    A signal handler race condition could potentially allow a remote\n attacker to crash sshd and could theoretically lead to the\n ability to execute arbitrary code.

    • \n
\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1:3.8.1p1-8.sarge.6.

\n

For the unstable and testing distributions, these problems have been\nfixed in version 1:4.3p2-4.

\n

We recommend that you upgrade your openssh package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_3.8.1p1-8.sarge.6.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_arm.udeb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_m68k.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_m68k.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_3.8.1p1-8.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.6_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.6_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1213": "
\n

Debian Security Advisory

\n

DSA-1213-1 imagemagick -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Nov 2006
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 345876, Bug 383314, Bug 393025.
In Mitre's CVE dictionary: CVE-2006-0082, CVE-2006-4144, CVE-2006-5456, CVE-2006-5868.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Imagemagick,\na collection of image manipulation programs, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2006-0082\n

    Daniel Kobras discovered that Imagemagick is vulnerable to format\n string attacks in the filename parsing code.

    • \n
  • CVE-2006-4144\n

    Damian Put discovered that Imagemagick is vulnerable to buffer\n overflows in the module for SGI images.

    • \n
  • CVE-2006-5456\n

    M Joonas Pihlaja discovered that Imagemagick is vulnerable to buffer\n overflows in the module for DCM and PALM images.

    • \n
  • CVE-2006-5868\n

    Daniel Kobras discovered that Imagemagick is vulnerable to buffer\n overflows in the module for SGI images.

    • \n
\n

This update also addresses regressions in the XCF codec, which were\nintroduced in the previous security update.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 6:6.0.6.2-2.8.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 7:6.2.4.5.dfsg1-0.11.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 7:6.2.4.5.dfsg1-0.11.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.8_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1214": "
\n

Debian Security Advisory

\n

DSA-1214-2 gv -- buffer overflow

\n
\n
Date Reported:
\n
20 Nov 2006
\n
Affected Packages:
\n
\ngv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 398292.
In Mitre's CVE dictionary: CVE-2006-5864.
\n
More information:
\n
\n

The original update provided in DSA 1214-1 was insufficient; this update\ncorrects this. For reference please find the original advisory text below:\n

\n
\n

Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X,\nperforms insufficient boundary checks in the Postscript parsing code,\nwhich allows the execution of arbitrary code through a buffer overflow.

\n
\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.6.1-10sarge2.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 3.6.2-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.6.2-2.

\n

We recommend that you upgrade your gv package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gv/gv_3.6.1-10sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1215": "
\n

Debian Security Advisory

\n

DSA-1215-1 xine-lib -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Nov 2006
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 369876.
In Mitre's CVE dictionary: CVE-2006-4799, CVE-2006-4800.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Xine multimedia\nlibrary, which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2006-4799\n

    The XFocus Security Team discovered that insufficient validation of\n AVI headers may lead to the execution of arbitrary code.

    • \n
  • CVE-2006-4800\n

    Michael Niedermayer discovered that a buffer overflow in the 4XM\n codec may lead to the execution of arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.1-1sarge4.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 1.1.2-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.1.2-1.

\n

We recommend that you upgrade your xine-lib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1216": "
\n

Debian Security Advisory

\n

DSA-1216-1 flexbackup -- insecure temporary file

\n
\n
Date Reported:
\n
20 Nov 2006
\n
Affected Packages:
\n
\nflexbackup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 334350.
In Mitre's CVE dictionary: CVE-2005-4802.
\n
More information:
\n
\n

Eric Romang discovered that the flexbackup backup tool creates temporary\nfiles in an insecure manner, which allows denial of service through a\nsymlink attack.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-2sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 1.2.1-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.1-3.

\n

We recommend that you upgrade your flexbackup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flexbackup/flexbackup_1.2.1-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1217": "
\n

Debian Security Advisory

\n

DSA-1217-1 linux-ftpd -- programming error

\n
\n
Date Reported:
\n
20 Nov 2006
\n
Affected Packages:
\n
\nlinux-ftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 384454.
In Mitre's CVE dictionary: CVE-2006-5778.
\n
More information:
\n
\n

Paul Szabo discovered that the netkit ftp server switches the user id too\nlate, which may lead to the bypass of access restrictions when running\non NFS. This update also adds return value checks to setuid() calls, which\nmay fail in some PAM configurations.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.17-20sarge2.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.17-22.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.17-22.

\n

We recommend that you upgrade your ftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17-20sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/linux-ftpd_0.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1218": "
\n

Debian Security Advisory

\n

DSA-1218-1 proftpd -- programming error

\n
\n
Date Reported:
\n
21 Nov 2006
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 399070.
In Mitre's CVE dictionary: CVE-2006-6171.
\n
More information:
\n
\n

It was discovered that the proftpd FTP daemon performs insufficient\nvalidation of FTP command buffer size limits, which may lead to denial of\nservice.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.10-15sarge2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.0-13 of the proftpd-dfsg package.

\n

We recommend that you upgrade your proftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1219": "
\n

Debian Security Advisory

\n

DSA-1219-1 texinfo -- buffer overflow

\n
\n
Date Reported:
\n
27 Nov 2006
\n
Affected Packages:
\n
\ntexinfo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 14854, BugTraq ID 20959.
In Mitre's CVE dictionary: CVE-2005-3011, CVE-2006-4810.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the GNU texinfo package, a\ndocumentation system for on-line information and printed output.

\n
    \n
  • CVE-2005-3011\n

    Handling of temporary files is performed in an insecure manner, allowing\n an attacker to overwrite any file writable by the victim.

    • \n
  • CVE-2006-4810\n

    A buffer overflow in util/texindex.c could allow an attacker to execute\n arbitrary code with the victim's access rights by inducing the victim to\n run texindex or tex2dvi on a specially crafted texinfo file.

    • \n
\n

For the stable distribution (sarge), these problems have been fixed in\nversion 4.7-2.2sarge2. Note that binary packages for the mipsel\narchitecture are not currently available due to technical problems with\nthe build host. These packages will be made available as soon as\npossible.

\n

For unstable (sid) and the upcoming stable release (etch), these\nproblems have been fixed in version 4.8.dfsg.1-4.

\n

We recommend that you upgrade your texinfo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1220": "
\n

Debian Security Advisory

\n

DSA-1220-1 pstotext -- insecure file name quoting

\n
\n
Date Reported:
\n
26 Nov 2006
\n
Affected Packages:
\n
\npstotext\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 356988.
In Mitre's CVE dictionary: CVE-2006-5869.
\n
More information:
\n
\n

Brian May discovered that pstotext, a utility to extract plain text from\nPostscript and PDF files, performs insufficient quoting of file names,\nwhich allows execution of arbitrary shell commands.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.9-1sarge2. The build for the mipsel architecture is not yet\navailable due to technical problems with the build host.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 1.9-4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.9-4.

\n

We recommend that you upgrade your pstotext package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1221": "
\n

Debian Security Advisory

\n

DSA-1221-1 libgsf -- buffer overflow

\n
\n
Date Reported:
\n
30 Nov 2006
\n
Affected Packages:
\n
\nlibgsf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

infamous41md discovered a heap buffer overflow vulnerability in\nlibgsf, a GNOME library for reading and writing structured file\nformats, which could lead to the execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.11.1-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.14.2-1.

\n

We recommend that you upgrade your libgsf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1222": "
\n

Debian Security Advisory

\n

DSA-1222-2 proftpd -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Nov 2006
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 399070.
In Mitre's CVE dictionary: CVE-2006-5815, CVE-2006-6170, CVE-2006-6171.
\n
More information:
\n
\n

Due to technical problems yesterday's proftpd update lacked a build for\nthe amd64 architecture, which is now available. For reference please find\nbelow the original advisory text:

\n
\n

Several remote vulnerabilities have been discovered in the proftpd FTP\ndaemon, which may lead to the execution of arbitrary code or denial\nof service. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2006-5815\n

    It was discovered that a buffer overflow in the sreplace() function\n may lead to denial of service and possibly the execution of arbitrary\n code.

    • \n
  • CVE-2006-6170\n

    It was discovered that a buffer overflow in the mod_tls addon module\n may lead to the execution of arbitrary code.

    • \n
  • CVE-2006-6171\n

    It was discovered that insufficient validation of FTP command buffer\n size limits may lead to denial of service. Due to unclear information\n this issue was already fixed in DSA-1218 as CVE-2006-5815.

    • \n
\n
\n

For the stable distribution (sarge) these problems have been fixed in version\n1.2.10-15sarge3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.3.0-16 of the proftpd-dfsg package.

\n

We recommend that you upgrade your proftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1223": "
\n

Debian Security Advisory

\n

DSA-1223-1 tar -- input validation error

\n
\n
Date Reported:
\n
01 Dec 2006
\n
Affected Packages:
\n
\ntar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 399845.
In the Bugtraq database (at SecurityFocus): BugTraq ID 21235.
In Mitre's CVE dictionary: CVE-2006-6097.
\n
More information:
\n
\n

Teemu Salmela discovered a vulnerability in GNU tar that could allow a\nmalicious user to overwrite arbitrary files by inducing the victim to\nattempt to extract a specially crafted tar file containing a\nGNUTYPE_NAMES record with a symbolic link.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 1.14-2.3.

\n

For the unstable distribution (sid) and the forthcoming stable release\n(etch), this problem will be fixed in version 1.16-2.

\n

We recommend that you upgrade your tar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1224": "
\n

Debian Security Advisory

\n

DSA-1224-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Dec 2006
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19678, BugTraq ID 20957.
In Mitre's CVE dictionary: CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748.
CERT's vulnerabilities, advisories and incident notes: VU#335392, VU#390480, VU#495288, VU#714496.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2006-4310\n

    Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.

    • \n
  • CVE-2006-5462\n

    Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.

    • \n
  • CVE-2006-5463\n

    shutdown discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.

    • \n
  • CVE-2006-5464\n

    Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.

    • \n
  • CVE-2006-5748\n

    Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.

    \n
    • \n
\n

This update also addresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge8.

\n

We recommend that you upgrade your mozilla package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1225": "
\n

Debian Security Advisory

\n

DSA-1225-2 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Dec 2006
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19678, BugTraq ID 20957.
In Mitre's CVE dictionary: CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748.
CERT's vulnerabilities, advisories and incident notes: VU#335392, VU#390480, VU#495288, VU#714496.
\n
More information:
\n
\n

This update covers packages for the little endian MIPS architecture\nmissing in the original advisory. For reference please find below the\noriginal advisory text:

\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-4310\n

    Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.

    • \n
  • CVE-2006-5462\n

    Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.

    • \n
  • CVE-2006-5463\n

    shutdown discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.

    • \n
  • CVE-2006-5464\n

    Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.

    • \n
  • CVE-2006-5748\n

    Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.

    \n
    • \n
\n

This update also addresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.

\n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.

\n

For the unstable distribution (sid) these problems have been fixed in\nthe current iceweasel package 2.0+dfsg-1.

\n

We recommend that you upgrade your mozilla-firefox package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge13_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge13_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1226": "
\n

Debian Security Advisory

\n

DSA-1226-1 links -- insufficient escaping

\n
\n
Date Reported:
\n
03 Dec 2006
\n
Affected Packages:
\n
\nlinks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 399187.
In Mitre's CVE dictionary: CVE-2006-5925.
\n
More information:
\n
\n

Teemu Salmela discovered that the links character mode web browser\nperforms insufficient sanitising of smb:// URIs, which might lead to the\nexecution of arbitrary shell commands.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.99+1.00pre12-1sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.99+1.00pre12-1.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.99+1.00pre12-1.1.

\n

We recommend that you upgrade your links package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/links/links-ssl_0.99+1.00pre12-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1227": "
\n

Debian Security Advisory

\n

DSA-1227-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Dec 2006
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 19678, BugTraq ID 20957.
In Mitre's CVE dictionary: CVE-2006-4310, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5748.
CERT's vulnerabilities, advisories and incident notes: VU#335392, VU#390480, VU#495288, VU#714496.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Thunderbird. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-4310\n

    Tomas Kempinsky discovered that malformed FTP server responses\n could lead to denial of service.

    • \n
  • CVE-2006-5462\n

    Ulrich K\u00fchn discovered that the correction for a cryptographic\n flaw in the handling of PKCS-1 certificates was incomplete, which\n allows the forgery of certificates.

    • \n
  • CVE-2006-5463\n

    shutdown discovered that modification of JavaScript objects\n during execution could lead to the execution of arbitrary\n JavaScript bytecode.

    • \n
  • CVE-2006-5464\n

    Jesse Ruderman and Martijn Wargers discovered several crashes in\n the layout engine, which might also allow execution of arbitrary\n code.

    • \n
  • CVE-2006-5748\n

    Igor Bukanov and Jesse Ruderman discovered several crashes in the\n JavaScript engine, which might allow execution of arbitrary code.

    \n
    • \n
\n

This update also addresses several crashes, which could be triggered by\nmalicious websites and fixes a regression introduced in the previous\nMozilla update.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge13.

\n

For the unstable distribution (sid) these problems have been fixed in\nthe current icedove package 1.5.0.8.

\n

We recommend that you upgrade your mozilla-thunderbird package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8d.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8d.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8d.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8d.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8d.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1228": "
\n

Debian Security Advisory

\n

DSA-1228-1 elinks -- insufficient escaping

\n
\n
Date Reported:
\n
05 Dec 2006
\n
Affected Packages:
\n
\nelinks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 399188.
In Mitre's CVE dictionary: CVE-2006-5925.
\n
More information:
\n
\n

Teemu Salmela discovered that the elinks character mode web browser\nperforms insufficient sanitising of smb:// URIs, which might lead to the\nexecution of arbitrary shell commands.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.10.4-7.1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.11.1-1.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.11.1-1.2.

\n

We recommend that you upgrade your elinks package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.dsc
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1229": "
\n

Debian Security Advisory

\n

DSA-1229-1 asterisk -- integer overflow

\n
\n
Date Reported:
\n
06 Dec 2006
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 20617.
In Mitre's CVE dictionary: CVE-2006-5444.
CERT's vulnerabilities, advisories and incident notes: VU#521252.
\n
More information:
\n
\n

Adam Boileau discovered an integer overflow in the Skinny channel\ndriver in Asterisk, an Open Source Private Branch Exchange or\ntelephone system, as used by Cisco SCCP phones, which allows remote\nattackers to execute arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.7.dfsg.1-2sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.13~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1230": "
\n

Debian Security Advisory

\n

DSA-1230-1 l2tpns -- buffer overflow

\n
\n
Date Reported:
\n
08 Dec 2006
\n
Affected Packages:
\n
\nl2tpns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 401742.
In Mitre's CVE dictionary: CVE-2006-5873.
\n
More information:
\n
\n

Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunnelling\nprotocol network server, which could be triggered by a remote user to\nexecute arbitrary code.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 2.0.14-1sarge1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1.21-1.

\n

We recommend that you upgrade your l2tpns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/l2tpns/l2tpns_2.0.14-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1231": "
\n

Debian Security Advisory

\n

DSA-1231-1 gnupg -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Dec 2006
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 401894, Bug 401898, Bug 401914.
In Mitre's CVE dictionary: CVE-2006-6169, CVE-2006-6235.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the GNU privacy guard,\na free PGP replacement, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-6169\n

    Werner Koch discovered that a buffer overflow in a sanitising function\n may lead to execution of arbitrary code when running gnupg\n interactively.

    • \n
  • CVE-2006-6235\n

    Tavis Ormandy discovered that parsing a carefully crafted OpenPGP\n packet may lead to the execution of arbitrary code, as a function\n pointer of an internal structure may be controlled through the\n decryption routines.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge6.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-1.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1232": "
\n

Debian Security Advisory

\n

DSA-1232-1 clamav -- missing sanity checks

\n
\n
Date Reported:
\n
09 Dec 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5874.
\n
More information:
\n
\n

Stephen Gran discovered that malformed base64-encoded MIME attachments\ncan lead to denial of service through a null pointer dereference.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.84-2.sarge.12.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.86-1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.86-1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.12_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.12_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.12_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.12_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1233": "
\n

Debian Security Advisory

\n

DSA-1233-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Dec 2006
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-3741, CVE-2006-4538, CVE-2006-4813, CVE-2006-4997, CVE-2006-5871.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-3741\n

    Stephane Eranian discovered a local DoS (Denial of Service) vulnerability\n on the ia64 architecture. A local user could exhaust the available file\n descriptors by exploiting a counting error in the permonctl() system call.

    • \n
  • CVE-2006-4538\n

    Kirill Korotaev reported a local DoS (Denial of Service) vulnerability\n on the ia64 and sparc architectures. A user could cause the system to\n crash by executing a malformed ELF binary due to insufficient verification\n of the memory layout.

    • \n
  • CVE-2006-4813\n

    Dmitriy Monakhov reported a potential memory leak in the\n __block_prepare_write function. __block_prepare_write does not properly\n sanitize kernel buffers during error recovery, which could be exploited\n by local users to gain access to sensitive kernel memory.

    • \n
  • CVE-2006-4997\n

    ADLab Venustech Info Ltd reported a potential remote DoS (Denial of\n Service) vulnerability in the IP over ATM subsystem. A remote system\n could cause the system to crash by sending specially crafted packets\n that would trigger an attempt to free an already-freed pointer\n resulting in a system crash.

    • \n
  • CVE-2006-5174\n

    Martin Schwidefsky reported a potential leak of sensitive information\n on s390 systems. The copy_from_user function did not clear the remaining\n bytes of the kernel buffer after receiving a fault on the userspace\n address, resulting in a leak of uninitialized kernel memory. A local user\n could exploit this by appending to a file from a bad address.

    • \n
  • CVE-2006-5619\n

    James Morris reported a potential local DoS (Denial of Service)\n vulnerability that could be used to hang or oops a system. The seqfile\n handling for /proc/net/ip6_flowlabel has a flaw that can be exploited to\n cause an infinite loop by reading this file after creating a flowlabel.

    • \n
  • CVE-2006-5649\n

    Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)\n vulnerability on powerpc systems. The alignment exception only\n checked the exception table for -EFAULT, not for other errors. This can\n be exploited by a local user to cause a system crash (panic).

    • \n
  • CVE-2006-5751\n

    Eugene Teo reported a vulnerability in the get_fdb_entries function that\n could potentially be exploited to allow arbitrary code execution with\n escalated privileges.

    • \n
  • CVE-2006-5871\n

    Bill Allombert reported that various mount options are ignored by smbfs\n when UNIX extensions are enabled. This includes the uid, gid and mode\n options. Client systems would silently use the server-provided settings\n instead of honoring these options, changing the security model. This\n update includes a fix from Haroldo Gamal that forces the kernel to honor\n these mount options. Note that, since the current versions of smbmount\n always pass values for these options to the kernel, it is not currently\n possible to activate unix extensions by omitting mount options. However,\n this behavior is currently consistent with the current behavior of the\n next Debian release, 'etch'.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.6.8-16sarge6
Alpha architecture 2.6.8-16sarge6
AMD64 architecture 2.6.8-16sarge6
HP Precision architecture 2.6.8-6sarge6
Intel IA-32 architecture 2.6.8-16sarge6
Intel IA-64 architecture 2.6.8-14sarge6
Motorola 680x0 architecture 2.6.8-4sarge6
PowerPC architecture 2.6.8-12sarge6
IBM S/390 architecture 2.6.8-5sarge6
Sun Sparc architecture 2.6.8-15sarge6
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge5
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge5.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge6_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge6_i386.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge6_hppa.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge6_m68k.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-3_2.6.8-5sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-3_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge6_sparc.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-3_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge6_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1234": "
\n

Debian Security Advisory

\n

DSA-1234-1 ruby1.6 -- denial of service

\n
\n
Date Reported:
\n
13 Dec 2006
\n
Affected Packages:
\n
\nruby1.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 398457.
In Mitre's CVE dictionary: CVE-2006-5467.
\n
More information:
\n
\n

A denial of service vulnerability has been discovered in the CGI library\nincluded with Ruby, the interpreted scripting language for quick and easy\nobject-oriented programming.

\n

For the stable distribution (sarge), this problem has been fixed in version\n1.6.8-12sarge3.

\n

We recommend that you upgrade your ruby1.6 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1235": "
\n

Debian Security Advisory

\n

DSA-1235-1 ruby1.8 -- denial of service

\n
\n
Date Reported:
\n
13 Dec 2006
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 398457.
In Mitre's CVE dictionary: CVE-2006-5467.
\n
More information:
\n
\n

A denial of service vulnerability has been discovered in the CGI library\nincluded with Ruby, the interpreted scripting language for quick and easy\nobject-oriented programming.

\n

For the stable distribution (sarge), this problem has been fixed in version\n1.8.2-7sarge5.

\n

We recommend that you upgrade your ruby1.8 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1236": "
\n

Debian Security Advisory

\n

DSA-1236-1 enemies-of-carlotta -- missing sanity checks

\n
\n
Date Reported:
\n
13 Dec 2006
\n
Affected Packages:
\n
\nenemies-of-carlotta\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5875.
\n
More information:
\n
\n

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple\nmanager for mailing lists, does not properly sanitise email addresses\nbefore passing them through to the system shell.

\n

For the stable distribution (sarge), this problem has been fixed in version\n1.0.3-1sarge1.

\n

We recommend that you upgrade your enemies-of-carlotta package.

\n
\n
Fixed in:
\n
\n

Debian 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz
\n
\n

MD5 checksums of the listed files are available in the original advisory.\n

\n\n
\n
", "1237": "
\n

Debian Security Advisory

\n

DSA-1237-1 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Dec 2006
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4093, CVE-2006-4538, CVE-2006-4997, CVE-2006-5174, CVE-2006-5871.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2005-4093\n

    Olof Johansson reported a local DoS (Denial of Service) vulnerability\n on the PPC970 platform. Unprivileged users can hang the system by\n executing the attn instruction, which was not being disabled at boot.

    • \n
  • CVE-2006-4538\n

    Kirill Korotaev reported a local DoS (Denial of Service) vulnerability\n on the ia64 and sparc architectures. A user could cause the system to\n crash by executing a malformed ELF binary due to insufficient verification\n of the memory layout.

    • \n
  • CVE-2006-4997\n

    ADLab Venustech Info Ltd reported a potential remote DoS (Denial of\n Service) vulnerability in the IP over ATM subsystem. A remote system\n could cause the system to crash by sending specially crafted packets\n that would trigger an attempt to free an already-freed pointer\n resulting in a system crash.

    • \n
  • CVE-2006-5174\n

    Martin Schwidefsky reported a potential leak of sensitive information\n on s390 systems. The copy_from_user function did not clear the remaining\n bytes of the kernel buffer after receiving a fault on the userspace\n address, resulting in a leak of uninitialized kernel memory. A local user\n could exploit this by appending to a file from a bad address.

    • \n
  • CVE-2006-5649\n

    Fabio Massimo Di Nitto reported a potential remote DoS (Denial of Service)\n vulnerability on powerpc systems. The alignment exception only\n checked the exception table for -EFAULT, not for other errors. This can\n be exploited by a local user to cause a system crash (panic).

    • \n
  • CVE-2006-5871\n

    Bill Allombert reported that various mount options are ignored by smbfs\n when UNIX extensions are enabled. This includes the uid, gid and mode\n options. Client systems would silently use the server-provided settings\n instead of honoring these options, changing the security model. This\n update includes a fix from Haroldo Gamal that forces the kernel to honor\n these mount options. Note that, since the current versions of smbmount\n always pass values for these options to the kernel, it is not currently\n possible to activate unix extensions by omitting mount options. However,\n this behavior is currently consistent with the current behavior of the\n next Debian release, 'etch'.

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.4.27-10sarge5
Alpha architecture 2.4.27-10sarge5
ARM architecture 2.4.27-2sarge5
Intel IA-32 architecture 2.4.27-10sarge5
Intel IA-64 architecture 2.4.27-10sarge5
Motorola 680x0 architecture 2.4.27-3sarge5
Big endian MIPS 2.4.27-10.sarge4.040815-2
Little endian MIPS 2.4.27-10.sarge4.040815-2
PowerPC architecture 2.4.27-10sarge5
IBM S/390 architecture 2.4.27-2sarge5
Sun Sparc architecture 2.4.27-9sarge5
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n
Debian 3.1 (sarge)
fai-kernels 1.9.1sarge5
kernel-image-2.4.27-speakup 2.4.27-1.1sarge4
mindi-kernel 2.4.27-2sarge4
systemimager 3.2.3-6sarge4
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-3_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-generic_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-2-smp_2.4.27-10sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-3_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-386_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-586tsc_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-686-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k6_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-2-k7-smp_2.4.27-10sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-3_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-itanium-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-2-mckinley-smp_2.4.27-10sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_m68k.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-2_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-3_2.4.27-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390-tape_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-2-s390x_2.4.27-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-3_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc32-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-2-sparc64-smp_2.4.27-9sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_sparc.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_hppa.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-2_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1238": "
\n

Debian Security Advisory

\n

DSA-1238-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Dec 2006
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6406, CVE-2006-6481.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-6406\n

    Hendrik Weimer discovered that invalid characters in base64 encoded\n data may lead to bypass of scanning mechanisms.

    • \n
  • CVE-2006-6481\n

    Hendrik Weimer discovered that deeply nested multipart/mime MIME\n data may lead to denial of service.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.13.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 0.88.7-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.88.7-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.13_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.13_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.13_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1239": "
\n

Debian Security Advisory

\n

DSA-1239-1 sql-ledger -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Dec 2006
\n
Affected Packages:
\n
\nsql-ledger\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 386519.
In Mitre's CVE dictionary: CVE-2006-4244, CVE-2006-4731, CVE-2006-5872.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in SQL Ledger, a web\nbased double-entry accounting program, which may lead to the execution\nof arbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-4244\n

    Chris Travers discovered that the session management can be tricked\n into hijacking existing sessions.

    • \n
  • CVE-2006-4731\n

    Chris Travers discovered that directory traversal vulnerabilities\n can be exploited to execute arbitrary Perl code.

    • \n
  • CVE-2006-5872\n

    It was discovered that missing input sanitising allows execution of\n arbitrary Perl code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.4.7-2sarge1.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 2.6.21-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.21-1.

\n

We recommend that you upgrade your sql-ledger packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sql-ledger/sql-ledger_2.4.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sql-ledger/sql-ledger_2.4.7-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1240": "
\n

Debian Security Advisory

\n

DSA-1240-1 links2 -- insufficient escaping

\n
\n
Date Reported:
\n
21 Dec 2006
\n
Affected Packages:
\n
\nlinks2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 400718.
In Mitre's CVE dictionary: CVE-2006-5925.
\n
More information:
\n
\n

Teemu Salmela discovered that the links2 character mode web browser\nperforms insufficient sanitising of smb:// URIs, which might lead to the\nexecution of arbitrary shell commands.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.1pre16-1sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 2.1pre26-1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.1pre26-1.

\n

We recommend that you upgrade your links2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_arm.deb
\n
Intel IA-32\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_mips.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1241": "
\n

Debian Security Advisory

\n

DSA-1241-1 squirrelmail -- cross-site scripting

\n
\n
Date Reported:
\n
25 Dec 2006
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6142.
\n
More information:
\n
\n

Martijn Brinkers discovered cross-site scripting vulnerabilities in\nthe mailto parameter of webmail.php, the session and delete_draft\nparameters of compose.php and through a shortcoming in the magicHTML\nfilter. An attacker could abuse these to execute malicious JavaScript in\nthe user's webmail session.

\n

Also, a workaround was made for Internet Explorer <= 5: IE will attempt\nto guess the MIME type of attachments based on content, not the MIME\nheader sent. Attachments could fake to be a 'harmless' JPEG, while they\nwere in fact HTML that Internet Explorer would render.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2:1.4.4-10.

\n

For the upcoming stable distribution (etch) these problems have been fixed\nin version 2:1.4.9a-1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2:1.4.9a-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-10.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-10.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-10_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1242": "
\n

Debian Security Advisory

\n

DSA-1242-1 elog -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Dec 2006
\n
Affected Packages:
\n
\nelog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5063, CVE-2006-5790, CVE-2006-5791, CVE-2006-6318.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in elog, a web-based\nelectronic logbook, which may lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-5063\n

    Tilman Koschnick discovered that log entry editing in HTML is vulnerable\n to cross-site scripting. This update disables the vulnerable code.

    • \n
  • CVE-2006-5790\n

    Ulf H\u00e4rnhammar of the Debian Security Audit Project discovered several\n format string vulnerabilities in elog, which may lead to execution of\n arbitrary code.

    • \n
  • CVE-2006-5791\n

    Ulf H\u00e4rnhammar of the Debian Security Audit Project discovered\n cross-site scripting vulnerabilities in the creation of new logbook\n entries.

    • \n
  • CVE-2006-6318\n

    Jayesh KS and Arun Kethipelly of OS2A discovered that elog performs\n insufficient error handling in config file parsing, which may lead to\n denial of service through a NULL pointer dereference.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 2.5.7+r1558-4+sarge3.

\n

The upcoming stable distribution (etch) will no longer include elog.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.6.2+r1754-1.

\n

We recommend that you upgrade your elog package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.dsc
\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1243": "
\n

Debian Security Advisory

\n

DSA-1243-1 evince -- buffer overflow

\n
\n
Date Reported:
\n
28 Dec 2006
\n
Affected Packages:
\n
\nevince\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5864.
\n
More information:
\n
\n

Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X,\nperforms insufficient boundary checks in the Postscript parsing code,\nwhich allows the execution of arbitrary code through a buffer overflow.\nEvince embeds a copy of gv and needs an update as well.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.1.5-2sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.4.0-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.4.0-3.

\n

We recommend that you upgrade your evince package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evince/evince_0.1.5-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1244": "
\n

Debian Security Advisory

\n

DSA-1244-1 xine-lib -- buffer overflow

\n
\n
Date Reported:
\n
28 Dec 2006
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 401740.
In Mitre's CVE dictionary: CVE-2006-6172.
\n
More information:
\n
\n

It was discovered that the Xine multimedia library performs insufficient\nsanitising of Real streams, which might lead to the execution of arbitrary\ncode through a buffer overflow.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.0.1-1sarge5.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 1.1.2+dfsg-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.1.2+dfsg-2.

\n

We recommend that you upgrade your xine-lib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge5.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1245": "
\n

Debian Security Advisory

\n

DSA-1245-1 proftpd -- programming error

\n
\n
Date Reported:
\n
07 Jan 2007
\n
Affected Packages:
\n
\nproftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 404751.
In Mitre's CVE dictionary: CVE-2005-4816.
\n
More information:
\n
\n

Martin Loewer discovered that the proftpd FTP daemon is vulnerable to\ndenial of service if the addon module for Radius authentication is enabled.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.10-15sarge4.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 1.2.10+1.3.0rc5-1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.10+1.3.0rc5-1.

\n

We recommend that you upgrade your proftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-doc_1.2.10-15sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1246": "
\n

Debian Security Advisory

\n

DSA-1246-1 openoffice.org -- buffer overflow

\n
\n
Date Reported:
\n
08 Jan 2007
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 405679, Bug 405986.
In Mitre's CVE dictionary: CVE-2006-5870.
\n
More information:
\n
\n

John Heasman from Next Generation Security Software discovered a heap\noverflow in the handling of Windows Metafiles in OpenOffice.org, the\nfree office suite, which could lead to a denial of service and\npotentially execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.4-1.

\n

We recommend that you upgrade your openoffice.org package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge4_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1247": "
\n

Debian Security Advisory

\n

DSA-1247-1 libapache-mod-auth-kerb -- heap overflow

\n
\n
Date Reported:
\n
08 Jan 2007
\n
Affected Packages:
\n
\nlibapache-mod-auth-kerb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 400589.
In the Bugtraq database (at SecurityFocus): BugTraq ID 21214.
In Mitre's CVE dictionary: CVE-2006-5989.
\n
More information:
\n
\n

An off-by-one error leading to a heap-based buffer overflow has been\nidentified in libapache-mod-auth-kerb, an Apache module for Kerberos\nauthentication. The error could allow an attacker to trigger an\napplication crash or potentially execute arbitrary code by sending a\nspecially crafted kerberos message.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 4.996-5.0-rc6-1sarge1.

\n

For the unstable distribution (sid) and the forthcoming stable distribution\n(etch), this problem has been fixed in version 5.3-1.

\n

We recommend that you upgrade your libapache-mod-auth-kerb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_4.996-5.0-rc6-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1248": "
\n

Debian Security Advisory

\n

DSA-1248-1 libsoup -- missing input sanitising

\n
\n
Date Reported:
\n
12 Jan 2007
\n
Affected Packages:
\n
\nlibsoup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 405197.
In Mitre's CVE dictionary: CVE-2006-5876.
\n
More information:
\n
\n

Roland Lezuo and Josselin Mouette discovered that the libsoup HTTP\nlibrary performs insufficient sanitising when parsing HTTP headers,\nwhich might lead to denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.2.3-2sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 2.2.98-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.98-2.

\n

We recommend that you upgrade your libsoup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.3-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.3-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.3-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-7_2.2.3-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.3-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1249": "
\n

Debian Security Advisory

\n

DSA-1249-1 xfree86 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jan 2007
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6101, CVE-2006-6102, CVE-2006-6103.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the X Window System,\nwhich may lead to privilege escalation or denial of service.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-6101\n

    Sean Larsson discovered an integer overflow in the Render extension,\n which might lead to denial of service or local privilege escalation.

    • \n
  • CVE-2006-6102\n

    Sean Larsson discovered an integer overflow in the DBE extension,\n which might lead to denial of service or local privilege escalation.

    • \n
  • CVE-2006-6103\n

    Sean Larsson discovered an integer overflow in the DBE extension,\n which might lead to denial of service or local privilege escalation.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4.3.0.dfsg.1-14sarge3. This update lacks builds for the\nMotorola 680x0 architecture, which had build problems. Packages will be\nreleased once this problem has been resolved.

\n

For the upcoming stable distribution (etch) these problems have been fixed\nin version 2:1.1.1-15 of xorg-server.

\n

For the unstable distribution (sid) these problems have been fixed\nin version 2:1.1.1-15 of xorg-server.

\n

We recommend that you upgrade your XFree86 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge3.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1250": "
\n

Debian Security Advisory

\n

DSA-1250-1 cacti -- missing input sanitising

\n
\n
Date Reported:
\n
17 Jan 2007
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 404818.
In Mitre's CVE dictionary: CVE-2006-6799.
\n
More information:
\n
\n

It was discovered that cacti, a frontend to rrdtool, performs insufficient\nvalidation of data passed to the cmd script, which allows SQL\ninjection and the execution of arbitrary shell commands.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.6c-7sarge4.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 0.8.6i-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.6i-3.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1251": "
\n

Debian Security Advisory

\n

DSA-1251-1 netrick -- insufficient escaping

\n
\n
Date Reported:
\n
21 Jan 2007
\n
Affected Packages:
\n
\nnetrik\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 404233.
In Mitre's CVE dictionary: CVE-2006-6678.
\n
More information:
\n
\n

It has been discovered that netrik, a text mode WWW browser with vi like\nkeybindings, doesn't properly sanitize temporary filenames when editing\ntextareas which could allow attackers to execute arbitrary commands via\nshell metacharacters.

\n

For the stable distribution (sarge), this problem has been fixed in version\n1.15.4-1sarge1.

\n

For the upcoming stable distribution (etch) this problem has been fixed in\nversion 1.15.3-1.1.

\n

For the unstable distribution (sid) this problem has been fixed in version\n1.15.3-1.1.

\n

We recommend that you upgrade your netrik package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1252": "
\n

Debian Security Advisory

\n

DSA-1252-1 vlc -- format string

\n
\n
Date Reported:
\n
27 Jan 2007
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 405425.
In the Bugtraq database (at SecurityFocus): BugTraq ID 21852.
In Mitre's CVE dictionary: CVE-2007-0017.
\n
More information:
\n
\n

Kevin Finisterre discovered several format string problems in vlc, a\nmultimedia player and streamer, that could lead to the execution of\narbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.8.1.svn20050314-1sarge2.

\n

For the testing distribution (etch) this problem has been fixed in\nversion 0.8.6-svn20061012.debian-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.6.a.debian-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1253": "
\n

Debian Security Advisory

\n

DSA-1253-1 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jan 2007
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 21668.
In Mitre's CVE dictionary: CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503.
CERT's vulnerabilities, advisories and incident notes: VU#263412, VU#405092, VU#427972, VU#428500, VU#447772, VU#606260.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-6497\n

    Several vulnerabilities in the layout engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6498\n

    Several vulnerabilities in the JavaScript engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6499\n

    A bug in the js_dtoa function allows remote attackers to cause a\n denial of service. [MFSA 2006-68]

    • \n
  • CVE-2006-6501\n

    \"shutdown\" discovered a vulnerability that allows remote attackers\n to gain privileges and install malicious code via the watch\n JavaScript function. [MFSA 2006-70]

    • \n
  • CVE-2006-6502\n

    Steven Michaud discovered a programming bug that allows remote\n attackers to cause a denial of service. [MFSA 2006-71]

    • \n
  • CVE-2006-6503\n

    \"moz_bug_r_a4\" reported that the src attribute of an IMG element\n could be used to inject JavaScript code. [MFSA 2006-72]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge15.

\n

For the testing (etch) and unstable (sid) distribution these problems\nhave been fixed in version 2.0.0.1+dfsg-2 of iceweasel.

\n

We recommend that you upgrade your firefox and iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1254": "
\n

Debian Security Advisory

\n

DSA-1254-1 bind9 -- insufficient input sanitising

\n
\n
Date Reported:
\n
27 Jan 2007
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0494.
\n
More information:
\n
\n

It was discovered that the Bind name server daemon is vulnerable to denial\nof service by triggering an assertion through a crafted DNS query. This\nonly affects installations which use the DNSSEC extentions.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 9.2.4-1sarge2.

\n

For the upcoming stable distribution (etch) this problem will be fixed\nsoon.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 9.3.4-1.

\n

We recommend that you upgrade your bind9 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1255": "
\n

Debian Security Advisory

\n

DSA-1255-1 libgtop2 -- buffer overflow

\n
\n
Date Reported:
\n
31 Jan 2007
\n
Affected Packages:
\n
\nlibgtop2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 407020.
In Mitre's CVE dictionary: CVE-2007-0235.
\n
More information:
\n
\n

Liu Qishuai discovered that the GNOME gtop library performs insufficient\nsanitising when parsing the system's /proc table, which may lead to\nthe execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.6.0-4sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 2.14.4-3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.14.4-3.

\n

We recommend that you upgrade your libgtop2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2_2.6.0-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2_2.6.0-4sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2_2.6.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-2_2.6.0-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-daemon_2.6.0-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgtop2/libgtop2-dev_2.6.0-4sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1256": "
\n

Debian Security Advisory

\n

DSA-1256-1 gtk+2.0 -- programming error

\n
\n
Date Reported:
\n
31 Jan 2007
\n
Affected Packages:
\n
\ngtk+2.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0010.
\n
More information:
\n
\n

It was discovered that the image loading code in the GTK+ graphical user\ninterface library performs insufficient error handling when loading\nmalformed images, which may lead to denial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 2.6.4-3.2. This update lacks builds for the Motorola 680x0\narchitecture, which had build problems. Packages will be released once\nthis problem has been resolved.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 2.8.20-5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.8.20-5.

\n

We recommend that you upgrade your GTK packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.dsc
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4-3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk+2.0_2.6.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-common_2.6.4-3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-doc_2.6.4-3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2-engines-pixbuf_2.6.4-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/gtk2.0-examples_2.6.4-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0_2.6.4-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-0-dbg_2.6.4-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-bin_2.6.4-3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gtk+2.0/libgtk2.0-dev_2.6.4-3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1257": "
\n

Debian Security Advisory

\n

DSA-1257-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Feb 2007
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0452, CVE-2007-0454.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in samba, a free\nimplementation of the SMB/CIFS protocol, which may lead to the execution\nof arbitrary code or denial of service. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-0452\n

    It was discovered that incorrect handling of deferred file open calls\n may lead to an infinite loop, which results in denial of service.

    • \n
  • CVE-2007-0454\n

    \"zybadawg333\" discovered that the AFS ACL mapping VFS plugin performs\n insecure format string handling, which may lead to the execution of\n arbitrary code.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 3.0.14a-3sarge4.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 3.0.23d-5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.0.23d-5.

\n

We recommend that you upgrade your samba package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1258": "
\n

Debian Security Advisory

\n

DSA-1258-1 mozilla-thunderbird -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Feb 2007
\n
Affected Packages:
\n
\nmozilla-thunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 21668.
In Mitre's CVE dictionary: CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503.
CERT's vulnerabilities, advisories and incident notes: VU#263412, VU#405092, VU#427972, VU#428500, VU#447772, VU#606260.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products such as Mozilla Firefox. The Common Vulnerabilities\nand Exposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2006-6497\n

    Several vulnerabilities in the layout engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6498\n

    Several vulnerabilities in the JavaScript engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6499\n

    A bug in the js_dtoa function allows remote attackers to cause a\n denial of service. [MFSA 2006-68]

    • \n
  • CVE-2006-6501\n

    \"shutdown\" discovered a vulnerability that allows remote attackers\n to gain privileges and install malicious code via the watch\n JavaScript function. [MFSA 2006-70]

    • \n
  • CVE-2006-6502\n

    Steven Michaud discovered a programming bug that allows remote\n attackers to cause a denial of service. [MFSA 2006-71]

    • \n
  • CVE-2006-6503\n

    \"moz_bug_r_a4\" reported that the src attribute of an IMG element\n could be used to inject JavaScript code. [MFSA 2006-72]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.0.2-2.sarge1.0.8e.2.

\n

For the testing (etch) and unstable (sid) distribution these problems\nhave been fixed in version 1.5.0.9.dfsg1-1 of icedove.

\n

We recommend that you upgrade your Mozilla Thunderbird and Icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird_1.0.2-2.sarge1.0.8e.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8e.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8e.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8e.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-thunderbird/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8e.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1259": "
\n

Debian Security Advisory

\n

DSA-1259-1 fetchmail -- programming error

\n
\n
Date Reported:
\n
14 Feb 2007
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5867.
\n
More information:
\n
\n

Isaac Wilcox discovered that fetchmail, a popular mail retrieval and\nforwarding utility, insufficiently enforces encryption of connections,\nwhich might lead to information disclosure.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6.2.5-12sarge5.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 6.3.6-1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 6.3.6-1.

\n

We recommend that you upgrade your fetchmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1260": "
\n

Debian Security Advisory

\n

DSA-1260-1 imagemagick -- buffer overflow

\n
\n
Date Reported:
\n
14 Feb 2007
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0770.
\n
More information:
\n
\n

Vladimir Nadvornik discovered that the fix for a vulnerability in the\nPALM decoder of Imagemagick, a collection of image manipulation programs,\nwas ineffective. To avoid confusion a new CVE ID has been assigned;\nthe original issue was tracked as CVE-2006-5456.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 6:6.0.6.2-2.9.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 7:6.2.4.5.dfsg1-0.14.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7:6.2.4.5.dfsg1-0.14.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.0.6.2-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6_6.0.6.2-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++6-dev_6.0.6.2-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6_6.0.6.2-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick6-dev_6.0.6.2-2.9_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.0.6.2-2.9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1261": "
\n

Debian Security Advisory

\n

DSA-1261-1 postgresql -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Feb 2007
\n
Affected Packages:
\n
\npostgresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0555.
\n
More information:
\n
\n

It was discovered that the PostgreSQL database performs insufficient type\nchecking for SQL function arguments, which might lead to denial of service\nor information disclosure.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 7.4.7-6sarge4.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 8.1.7-1 of the postgresql-8.1 package.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.1.7-1 of the postgresql-8.1 package.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1262": "
\n

Debian Security Advisory

\n

DSA-1262-1 gnomemeeting -- format string

\n
\n
Date Reported:
\n
04 Mar 2007
\n
Affected Packages:
\n
\ngnomemeeting\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1007.
\n
More information:
\n
\n

Mu Security discovered that a format string vulnerability in\nthe VoIP solution GnomeMeeting allows the execution of arbitrary code.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-1sarge1.

\n

For the upcoming stable distribution (etch) this problem has been\nfixed in version 2.0.3-2.1 of the ekiga package.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.3-2.1 of the ekiga package.

\n

We recommend that you upgrade your gnomemeeting package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1263": "
\n

Debian Security Advisory

\n

DSA-1263-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Mar 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 411118.
In Mitre's CVE dictionary: CVE-2007-0897, CVE-2007-0898.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-0897\n

    It was discovered that malformed CAB archives may exhaust file\n descriptors, which allows denial of service.

    • \n
  • CVE-2007-0898\n

    It was discovered that a directory traversal vulnerability in the MIME\n header parser may lead to denial of service.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.15.

\n

For the upcoming stable distribution (etch) these problems have been fixed\nin version 0.88.7-2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.90-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.15_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.15_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.15_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.15_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1264": "
\n

Debian Security Advisory

\n

DSA-1264-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Mar 2007
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2007-0906\n

    It was discovered that an integer overflow in the str_replace()\n function could lead to the execution of arbitrary code.

    • \n
  • CVE-2007-0907\n

    It was discovered that a buffer underflow in the sapi_header_op()\n function could crash the PHP interpreter.

    • \n
  • CVE-2007-0908\n

    Stefan Esser discovered that a programming error in the wddx\n extension allows information disclosure.

    • \n
  • CVE-2007-0909\n

    It was discovered that a format string vulnerability in the\n odbc_result_all() functions allows the execution of arbitrary code.

    • \n
  • CVE-2007-0910\n

    It was discovered that super-global variables could be overwritten\n with session data.

    • \n
  • CVE-2007-0988\n

    Stefan Esser discovered that the zend_hash_init() function could\n be tricked into an endless loop, allowing denial of service through\n resource consumption until a timeout is triggered.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 4:4.3.10-19.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 6:4.4.4-9 of php4 and version 5.2.0-9 of php5.

\n

We recommend that you upgrade your php4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-19_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1265": "
\n

Debian Security Advisory

\n

DSA-1265-1 mozilla -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Mar 2007
\n
Affected Packages:
\n
\nmozilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 21668.
In Mitre's CVE dictionary: CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505.
CERT's vulnerabilities, advisories and incident notes: VU#263412, VU#405092, VU#427972, VU#428500, VU#447772, VU#606260, VU#887332.
\n
More information:
\n
\n

Several security related problems have been discovered in Mozilla and\nderived products. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2006-6497\n

    Several vulnerabilities in the layout engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6498\n

    Several vulnerabilities in the JavaScript engine allow remote\n attackers to cause a denial of service and possibly permit them to\n execute arbitrary code. [MFSA 2006-68]

    • \n
  • CVE-2006-6499\n

    A bug in the js_dtoa function allows remote attackers to cause a\n denial of service. [MFSA 2006-68]

    • \n
  • CVE-2006-6501\n

    shutdown discovered a vulnerability that allows remote attackers\n to gain privileges and install malicious code via the watch\n JavaScript function. [MFSA 2006-70]

    • \n
  • CVE-2006-6502\n

    Steven Michaud discovered a programming bug that allows remote\n attackers to cause a denial of service. [MFSA 2006-71]

    • \n
  • CVE-2006-6503\n

    moz_bug_r_a4 reported that the src attribute of an IMG element\n could be used to inject JavaScript code. [MFSA 2006-72]

    • \n
  • CVE-2006-6505\n

    Georgi Guninski discovered several heap-based buffer overflows\n that allow remote attackers to execute arbitrary code. [MFSA 2006-74]

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.7.8-1sarge10.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.0.7-1 of iceape.

\n

We recommend that you upgrade your Mozilla and Iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr-dev_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnspr4_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss-dev_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/libnss3_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-browser_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-calendar_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-chatzilla_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dev_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-dom-inspector_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-js-debugger_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-mailnews_1.7.8-1sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla/mozilla-psm_1.7.8-1sarge10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1266": "
\n

Debian Security Advisory

\n

DSA-1266-1 gnupg -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Mar 2007
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 413922, Bug 414170.
In Mitre's CVE dictionary: CVE-2007-1263.
\n
More information:
\n
\n

Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides\ninsufficient user feedback if an OpenPGP message contains both unsigned\nand signed portions. Inserting text segments into an otherwise signed\nmessage could be exploited to forge the content of signed messages.\nThis update prevents such attacks; the old behaviour can still be\nactivated by passing the --allow-multiple-messages option.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.4.1-1.sarge7.

\n

For the upcoming stable distribution (etch) these problems have been\nfixed in version 1.4.6-2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.6-2.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg/gnupg_1.4.1-1.sarge7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1267": "
\n

Debian Security Advisory

\n

DSA-1267-1 webcalendar -- missing input sanitising

\n
\n
Date Reported:
\n
15 Mar 2007
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1343.
\n
More information:
\n
\n

It was discovered that WebCalendar, a PHP-based calendar application,\ninsufficiently protects an internal variable, which allows remote file\ninclusion.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge6.

\n

The upcoming stable distribution (etch) no longer contains webcalendar\npackages.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1268": "
\n

Debian Security Advisory

\n

DSA-1268-1 libwpd -- integer overflow

\n
\n
Date Reported:
\n
17 Mar 2007
\n
Affected Packages:
\n
\nlibwpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0002.
\n
More information:
\n
\n

iDefense reported several integer overflow bugs in libwpd, a library\nfor handling WordPerfect documents. Attackers were able to exploit\nthese with carefully crafted Word Perfect files that could cause an\napplication linked with libwpd to crash or possibly execute arbitrary code.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 0.8.1-1sarge1.

\n

For the testing distribution (etch) these problems have been fixed in\nversion 0.8.7-6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8.7-6.

\n

We recommend that you upgrade your libwpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-doc_0.8.1-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8_0.8.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8_0.8.1-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.1-1sarge1_sparc.deb
\n
\n

Debian GNU/Linux pre4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7-6.dsc
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7-6.diff.gz
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd_0.8.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-doc_0.8.7-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-stream8c2a_0.8.7-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd-tools_0.8.7-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8-dev_0.8.7-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwpd/libwpd8c2a_0.8.7-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1269": "
\n

Debian Security Advisory

\n

DSA-1269-1 lookup-el -- insecure temporary file

\n
\n
Date Reported:
\n
18 Mar 2007
\n
Affected Packages:
\n
\nlookup-el\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0237.
\n
More information:
\n
\n

Tatsuya Kinoshita discovered that Lookup, a search interface to\nelectronic dictionaries on emacsen, creates a temporary file in an\ninsecure fashion when the ndeb-binary feature is used, which allows a\nlocal attacker to craft a symlink attack to overwrite arbitrary files.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 1.4-3sarge1.

\n

For the testing distribution (etch) this problem has been fixed in\nversion 1.4-5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4-5.

\n

We recommend that you upgrade your lookup-el package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lookup-el/lookup-el_1.4-3sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1270": "
\n

Debian Security Advisory

\n

DSA-1270-2 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Mar 2007
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0002, CVE-2007-0238, CVE-2007-0239.
\n
More information:
\n
\n

Several security related problems have been discovered in\nOpenOffice.org, the free office suite. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-0002\n

    iDefense reported several integer overflow bugs in libwpd, a\n library for handling WordPerfect documents that is included in\n OpenOffice.org. Attackers are able to exploit these with\n carefully crafted WordPerfect files that could cause an\n application linked with libwpd to crash or possibly execute\n arbitrary code.

    • \n
  • CVE-2007-0238\n

    Next Generation Security discovered that the StarCalc parser in\n OpenOffice.org contains an easily exploitable stack overflow that\n could be used by a specially crafted document to execute\n arbitrary code.

    • \n
  • CVE-2007-0239\n

    It has been reported that OpenOffice.org does not escape shell\n meta characters and is hence vulnerable to execute arbitrary shell\n commands via a specially crafted document after the user clicked\n to a prepared link.

    • \n
\n

This updated advisory only provides packages for the upcoming etch\nrelease alias Debian GNU/Linux 4.0.

\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.1.3-9sarge6.

\n

For the testing distribution (etch) these problems have been fixed in\nversion 2.0.4.dfsg.2-5etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.4.dfsg.2-6.

\n

We recommend that you upgrade your OpenOffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge6_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1271": "
\n

Debian Security Advisory

\n

DSA-1271-1 openafs -- design error

\n
\n
Date Reported:
\n
20 Mar 2007
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1507.
\n
More information:
\n
\n

A design error has been identified in the OpenAFS, a cross-platform\ndistributed filesystem included with Debian.

\n

OpenAFS historically has enabled setuid filesystem support for the local\ncell. However, with its existing protocol, OpenAFS can only use\nencryption, and therefore integrity protection, if the user is\nauthenticated. Unauthenticated access doesn't do integrity protection.\nThe practical result is that it's possible for an attacker with\nknowledge of AFS to forge an AFS FetchStatus call and make an arbitrary\nbinary file appear to an AFS client host to be setuid. If they can then\narrange for that binary to be executed, they will be able to achieve\nprivilege escalation.

\n

OpenAFS 1.3.81-3sarge2 changes the default behavior to disable setuid\nfiles globally, including the local cell. It is important to note that\nthis change will not take effect until the AFS kernel module, built from\nthe openafs-modules-source package, is rebuilt and loaded into your\nkernel. As a temporary workaround until the kernel module can be\nreloaded, setuid support can be manually disabled for the local cell by\nrunning the following command as root

\n

fs setcell -cell <localcell> -nosuid

\n

Following the application of this update, if you are certain there is\nno security risk of an attacker forging AFS fileserver responses, you\ncan re-enable setuid status selectively with the following command,\nhowever this should not be done on sites that are visible to the\nInternet

\n

fs setcell -cell <localcell> -suid

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 1.3.81-3sarge2.

\n

For the unstable distribution (sid) and the upcoming stable\ndistribution (etch), this problem will be fixed in version 1.4.2-6.

\n

We recommend that you upgrade your openafs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.dsc
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.3.81-3sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1272": "
\n

Debian Security Advisory

\n

DSA-1272-1 tcpdump -- buffer overflow

\n
\n
Date Reported:
\n
22 Mar 2007
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1218.
\n
More information:
\n
\n

Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a\npowerful tool for network monitoring and data acquisition, which allows\ndenial of service.

\n

For the stable distribution (sarge) this problem has been fixed in\nversion 3.8.3-5sarge2.

\n

For the upcoming stable distribution (etch) this problem has been fixed\nin version 3.9.5-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.9.5-2.

\n

We recommend that you upgrade your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1273": "
\n

Debian Security Advisory

\n

DSA-1273-1 nas -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Mar 2007
\n
Affected Packages:
\n
\nnas\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 416038.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23017.
In Mitre's CVE dictionary: CVE-2007-1543, CVE-2007-1544, CVE-2007-1545, CVE-2007-1546, CVE-2007-1547.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in nas, the Network Audio\nSystem.

\n
    \n
  • CVE-2007-1543\n

    A stack-based buffer overflow in the accept_att_local function in\nserver/os/connection.c in nas allows remote attackers to execute\narbitrary code via a long path slave name in a USL socket connection.

    • \n
  • CVE-2007-1544\n

    An integer overflow in the ProcAuWriteElement function in\nserver/dia/audispatch.c allows remote attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a large\nmax_samples value.

    • \n
  • CVE-2007-1545\n

    The AddResource function in server/dia/resource.c allows remote\nattackers to cause a denial of service (server crash) via a\nnonexistent client ID.

    • \n
  • CVE-2007-1546\n

    An array index error allows remote attackers to cause a denial of service\n(crash) via (1) large num_action values in the ProcAuSetElements\nfunction in server/dia/audispatch.c or (2) a large inputNum parameter\nto the compileInputs function in server/dia/auutil.c.

    • \n
  • CVE-2007-1547\n

    The ReadRequestFromClient function in server/os/io.c allows remote\nattackers to cause a denial of service (crash) via multiple\nsimultaneous connections, which triggers a NULL pointer dereference.

    • \n
\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.7-2sarge1.

\n

For the upcoming stable distribution (etch) and the unstable\ndistribution (sid) these problems have been fixed in version 1.8-4.

\n

We recommend that you upgrade your nas package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nas/nas-doc_1.7-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nas/libaudio2_1.7-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas_1.7-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/libaudio-dev_1.7-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nas/nas-bin_1.7-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1274": "
\n

Debian Security Advisory

\n

DSA-1274-1 file -- buffer overflow

\n
\n
Date Reported:
\n
02 Apr 2007
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 415362, Bug 416678.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23021.
In Mitre's CVE dictionary: CVE-2007-1536.
\n
More information:
\n
\n

An integer underflow bug has been found in the file_printf function in\nfile, a tool to determine file types based analysis of file content.\nThe bug could allow an attacker to execute arbitrary code by inducing a\nlocal user to examine a specially crafted file that triggers a buffer\noverflow.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 4.12-1sarge1.

\n

For the upcoming stable distribution (etch), this problem has been fixed in\nversion 4.17-5etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\n4.20-1.

\n

We recommend that you upgrade your file package.

\n
\n
Fixed in:
\n
\n

Debian (testing)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_m68k.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1275": "
\n

Debian Security Advisory

\n

DSA-1275-1 zope2.7 -- cross-site scripting

\n
\n
Date Reported:
\n
02 Apr 2007
\n
Affected Packages:
\n
\nzope2.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 416500.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23084.
In Mitre's CVE dictionary: CVE-2007-0240.
\n
More information:
\n
\n

A cross-site scripting vulnerability in zope, a web application\nserver, could allow an attacker to inject arbitrary HTML and/or\nJavaScript into the victim's web browser. This code would run within\nthe security context of the web browser, potentially allowing the\nattacker to access private data such as authentication cookies, or to\naffect the rendering or behavior of zope web pages.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 2.7.5-2sarge4.

\n

The upcoming stable distribution (etch) and the unstable distribution\n(sid) include zope2.9, and this vulnerability is fixed in version\n2.9.6-4etch1 for etch and 2.9.7-1 for sid.

\n

We recommend that you upgrade your zope2.7 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.7/zope2.7_2.7.5-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1276": "
\n

Debian Security Advisory

\n

DSA-1276-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Apr 2007
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0956, CVE-2007-0957, CVE-2007-1216.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-0956\n

    It was discovered that the krb5 telnet daemon performs insufficient\n validation of usernames, which might allow unauthorized logins or\n privilege escalation.

    • \n
  • CVE-2007-0957\n

    iDefense discovered that a buffer overflow in the logging code of the\n KDC and the administration daemon might lead to arbitrary code\n execution.

    • \n
  • CVE-2007-1216\n

    It was discovered that a double free in the RPCSEC_GSS part of the\n GSS library code might lead to arbitrary code execution.

    • \n
\n

For the stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge4.

\n

For the upcoming stable distribution (etch) these problems have been fixed\nin version 1.4.4-7etch1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your Kerberos packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge4_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1277": "
\n

Debian Security Advisory

\n

DSA-1277-1 XMMS -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Apr 2007
\n
Affected Packages:
\n
\nxmms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 416423.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23078.
In Mitre's CVE dictionary: CVE-2007-0654, CVE-2007-0653.
\n
More information:
\n
\n

Multiple errors have been found in the skin handling routines in xmms,\nthe X Multimedia System. These vulnerabilities could allow an\nattacker to run arbitrary code as the user running xmms by inducing\nthe victim to load specially crafted interface skin files.

\n

For the stable distribution (sarge), these problems have been fixed in\nversion 1.2.10+cvs20050209-2sarge1.

\n

For the upcoming stable distribution (etch) and the unstable\ndistribution (sid), these problems have been fixed in versions\n1:1.2.10+20061101-1etch1 and 1:1.2.10+20070401-1, respectively.

\n

We recommend that you upgrade your xmms packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xmms/xmms-dev_1.2.10+cvs20050209-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xmms/xmms_1.2.10+cvs20050209-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1278": "
\n

Debian Security Advisory

\n

DSA-1278-1 man-db -- buffer overflow

\n
\n
Date Reported:
\n
06 Apr 2007
\n
Affected Packages:
\n
\nman-db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4250.
\n
More information:
\n
\n

A buffer overflow has been discovered in the man command that could\nallow an attacker to execute code as the man user by providing\nspecially crafted arguments to the -H flag. This is likely to be an\nissue only on machines with the man and mandb programs installed\nsetuid.

\n

For the stable distribution (sarge), this problem has been fixed in\nversion 2.4.2-21sarge1.

\n

For the upcoming stable distribution (etch) and the unstable\ndistribution (sid), this problem has been fixed in version 2.4.3-5.

\n

We recommend that you upgrade your man-db package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1.dsc
\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1279": "
\n

Debian Security Advisory

\n

DSA-1279-1 webcalendar -- missing input sanitising

\n
\n
Date Reported:
\n
22 Apr 2007
\n
Affected Packages:
\n
\nwebcalendar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6669.
\n
More information:
\n
\n

It was discovered that WebCalendar, a PHP-based calendar application,\nperforms insufficient sanitising in the exports handler, which allows\ninjection of web script.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 0.9.45-4sarge7.

\n

The stable distribution (etch) no longer contains WebCalendar packages.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.5-2.

\n

We recommend that you upgrade your webcalendar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge7.dsc
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1280": "
\n

Debian Security Advisory

\n

DSA-1280-1 aircrack-ng -- buffer overflow

\n
\n
Date Reported:
\n
24 Apr 2007
\n
Affected Packages:
\n
\naircrack-ng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2057.
\n
More information:
\n
\n

It was discovered that aircrack-ng, a WEP/WPA security analysis tool,\nperforms insufficient validation of 802.11 authentication packets, which\nallows the execution of arbitrary code.

\n

The oldstable distribution (sarge) doesn't contain aircrack-ng packages.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.6.2-7etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.7-3.

\n

We recommend that you upgrade your aircrack-ng packages. Packages for\nthe arm, sparc, mips and mipsel architectures are not yet available. They\nwill be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack_0.6.2-7etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1281": "
\n

Debian Security Advisory

\n

DSA-1281-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Apr 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1745, CVE-2007-1997, CVE-2007-2029.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-1745\n

    It was discovered that a file descriptor leak in the CHM handler may\n lead to denial of service.

    • \n
  • CVE-2007-1997\n

    It was discovered that a buffer overflow in the CAB handler may lead\n to the execution of arbitrary code.

    • \n
  • CVE-2007-2029\n

    It was discovered that a file descriptor leak in the PDF handler may\n lead to denial of service.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.16.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 0.90.1-3etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.90.2-1.

\n

We recommend that you upgrade your clamav packages. Packages for\nthe arm, sparc, m68k, mips and mipsel architectures are not yet available.\nThey will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.16_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.16_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.16_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.16_s390.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1282": "
\n

Debian Security Advisory

\n

DSA-1282-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2007
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1286, CVE-2007-1380, CVE-2007-1521, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-1286\n

    Stefan Esser discovered an overflow in the object reference handling\n code of the unserialize() function, which allows the execution of\n arbitrary code if malformed input is passed from an application.

    • \n
  • CVE-2007-1380\n

    Stefan Esser discovered that the session handler performs\n insufficient validation of variable name length values, which allows\n information disclosure through a heap information leak.

    • \n
  • CVE-2007-1521\n

    Stefan Esser discovered a double free vulnerability in the\n session_regenerate_id() function, which allows the execution of\n arbitrary code.

    • \n
  • CVE-2007-1711\n

    Stefan Esser discovered a double free vulnerability in the session\n management code, which allows the execution of arbitrary code.

    • \n
  • CVE-2007-1718\n

    Stefan Esser discovered that the mail() function performs\n insufficient validation of folded mail headers, which allows mail\n header injection.

    • \n
  • CVE-2007-1777\n

    Stefan Esser discovered that the extension to handle ZIP archives\n performs insufficient length checks, which allows the execution of\n arbitrary code.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 4.3.10-20.

\n

For the stable distribution (etch) these problems have been fixed\nin version 4.4.4-8+etch2.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.4.6-1. php4 will be removed from sid; thus you are strongly\nadvised to migrate to php5 if you prefer to follow the unstable\ndistribution.

\n

We recommend that you upgrade your PHP packages. Packages for the arm,\nm68k, mips and mipsel architectures are not yet available. They will be\nprovided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-20_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-20_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-20_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-20_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1283": "
\n

Debian Security Advisory

\n

DSA-1283-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Apr 2007
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-1286\n

    Stefan Esser discovered an overflow in the object reference handling\n code of the unserialize() function, which allows the execution of\n arbitrary code if malformed input is passed from an application.

    • \n
  • CVE-2007-1375\n

    Stefan Esser discovered that an integer overflow in the substr_compare()\n function allows information disclosure of heap memory.

    • \n
  • CVE-2007-1376\n

    Stefan Esser discovered that insufficient validation of shared memory\n functions allows the disclosure of heap memory.

    • \n
  • CVE-2007-1380\n

    Stefan Esser discovered that the session handler performs\n insufficient validation of variable name length values, which allows\n information disclosure through a heap information leak.

    • \n
  • CVE-2007-1453\n

    Stefan Esser discovered that the filtering framework performs insufficient\n input validation, which allows the execution of arbitrary code through a\n buffer underflow.

    • \n
  • CVE-2007-1454\n

    Stefan Esser discovered that the filtering framework can be bypassed\n with a special whitespace character.

    • \n
  • CVE-2007-1521\n

    Stefan Esser discovered a double free vulnerability in the\n session_regenerate_id() function, which allows the execution of\n arbitrary code.

    • \n
  • CVE-2007-1583\n

    Stefan Esser discovered that a programming error in the mb_parse_str()\n function allows the activation of register_globals.

    • \n
  • CVE-2007-1700\n

    Stefan Esser discovered that the session extension incorrectly maintains\n the reference count of session variables, which allows the execution of\n arbitrary code.

    • \n
  • CVE-2007-1711\n

    Stefan Esser discovered a double free vulnerability in the session\n management code, which allows the execution of arbitrary code.

    • \n
  • CVE-2007-1718\n

    Stefan Esser discovered that the mail() function performs\n insufficient validation of folded mail headers, which allows mail\n header injection.

    • \n
  • CVE-2007-1777\n

    Stefan Esser discovered that the extension to handle ZIP archives\n performs insufficient length checks, which allows the execution of\n arbitrary code.

    • \n
  • CVE-2007-1824\n

    Stefan Esser discovered an off-by-one error in the filtering framework, which\n allows the execution of arbitrary code.

    • \n
  • CVE-2007-1887\n

    Stefan Esser discovered that a buffer overflow in the sqlite extension\n allows the execution of arbitrary code.

    • \n
  • CVE-2007-1889\n

    Stefan Esser discovered that the PHP memory manager performs an\n incorrect type cast, which allows the execution of arbitrary code\n through buffer overflows.

    • \n
  • CVE-2007-1900\n

    Stefan Esser discovered that incorrect validation in the email filter\n extension allows the injection of mail headers.

    • \n
\n

The oldstable distribution (sarge) doesn't include php5.

\n

For the stable distribution (etch) these problems have been fixed\nin version 5.2.0-8+etch3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.2.0-11.

\n

We recommend that you upgrade your PHP packages. Packages for the arm,\nhppa, mips and mipsel architectures are not yet available. They will be\nprovided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1284": "
\n

Debian Security Advisory

\n

DSA-1284-1 qemu -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2007
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1320, CVE-2007-1321, CVE-2007-1322, CVE-2007-1323, CVE-2007-1366.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the QEMU processor\nemulator, which may lead to the execution of arbitrary code or denial of\nservice. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-1320\n

    Tavis Ormandy discovered that a memory management routine of the Cirrus\n video driver performs insufficient bounds checking, which might\n allow the execution of arbitrary code through a heap overflow.

    • \n
  • CVE-2007-1321\n

    Tavis Ormandy discovered that the NE2000 network driver and the socket\n code perform insufficient input validation, which might allow the\n execution of arbitrary code through a heap overflow.

    • \n
  • CVE-2007-1322\n

    Tavis Ormandy discovered that the icebp instruction can be abused to\n terminate the emulation, resulting in denial of service.

    • \n
  • CVE-2007-1323\n

    Tavis Ormandy discovered that the NE2000 network driver and the socket\n code perform insufficient input validation, which might allow the\n execution of arbitrary code through a heap overflow.

    • \n
  • CVE-2007-1366\n

    Tavis Ormandy discovered that the aam instruction can be abused to\n crash qemu through a division by zero, resulting in denial of\n service.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 0.6.1+20050407-1sarge1.

\n

For the stable distribution (etch) these problems have been fixed\nin version 0.8.2-4etch1.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your qemu packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407.orig.tar.gz
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.6.1+20050407-1sarge1_powerpc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1285": "
\n

Debian Security Advisory

\n

DSA-1285-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2007
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1622, CVE-2007-1893, CVE-2007-1894, CVE-2007-1897.
\n
More information:
\n
\n
    \n
  • CVE-2007-1622\n

    Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in\n WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series,\n allows remote authenticated users with theme privileges to inject\n arbitrary web script or HTML via the PATH_INFO in the administration\n interface, related to loose regular expression processing of PHP_SELF.

    • \n
  • CVE-2007-1893\n

    WordPress 2.1.2, and probably earlier, allows remote authenticated\n users with the contributor role to bypass intended access restrictions\n and invoke the publish_posts functionality, which can be used to\n publish a previously saved post.

    • \n
  • CVE-2007-1894\n

    Cross-site scripting (XSS) vulnerability in\n wp-includes/general-template.php in WordPress before 20070309 allows\n remote attackers to inject arbitrary web script or HTML via the year\n parameter in the wp_title function.

    • \n
  • CVE-2007-1897\n

    SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and\n probably earlier, allows remote authenticated users to execute\n arbitrary SQL commands via a string parameter value in an XML RPC\n mt.setPostCategories method call, related to the post_id variable.

    • \n
\n

For the stable distribution (etch) these issues have been fixed in\nversion 2.0.10-1.

\n

For the testing and unstable distributions (lenny and sid,\nrespectively), these issues have been fixed in version 2.1.3-1.

\n

We recommend that you upgrade your wordpress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1286": "
\n

Debian Security Advisory

\n

DSA-1286-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 May 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0005, CVE-2007-0958, CVE-2007-1357, CVE-2007-1592.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-0005\n

    Daniel Roethlisberger discovered two buffer overflows in the cm4040\n driver for the Omnikey CardMan 4040 device. A local user or malicious\n device could exploit this to execute arbitrary code in kernel space.

    • \n
  • CVE-2007-0958\n

    Santosh Eraniose reported a vulnerability that allows local users to read\n otherwise unreadable files by triggering a core dump while using PT_INTERP.\n This is related to CVE-2004-1073.

    • \n
  • CVE-2007-1357\n

    Jean Delvare reported a vulnerability in the appletalk subsystem.\n Systems with the appletalk module loaded can be triggered to crash\n by other systems on the local network via a malformed frame.

    • \n
  • CVE-2007-1592\n

    Masayuki Nakagawa discovered that flow labels were inadvertently\n being shared between listening sockets and child sockets. This defect\n can be exploited by local users to cause a DoS (Oops).

    • \n
\n

This problem has been fixed in the stable distribution in version\n2.6.18.dfsg.1-12etch1.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
Debian 4.0 (etch)
fai-kernels 1.17etch1
user-mode-linux 2.6.18-1um-2etch1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n

Updated packages for the mips and mipsel architectures are not yet available.\nThey will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-4_2.6.18.dfsg.1-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-12etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-alpha_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-generic_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-legacy_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-smp_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-alpha_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-generic_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-legacy_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-smp_2.6.18.dfsg.1-12etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-alpha_2.6.18.dfsg.1-12etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-arm_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-footbridge_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-iop32x_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-ixp4xx_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-rpc_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s3c2410_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-footbridge_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-iop32x_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-ixp4xx_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-rpc_2.6.18.dfsg.1-12etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s3c2410_2.6.18.dfsg.1-12etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-hppa_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc-smp_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc64_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc64-smp_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc-smp_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc64_2.6.18.dfsg.1-12etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc64-smp_2.6.18.dfsg.1-12etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-486_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-686-bigmem_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-i386_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-amd64_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-k7_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-k7_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-486_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-686-bigmem_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-amd64_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-k7_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-k7_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-ia64_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-itanium_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-mckinley_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-itanium_2.6.18.dfsg.1-12etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-mckinley_2.6.18.dfsg.1-12etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-powerpc_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc-miboot_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc-smp_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc64_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-prep_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-powerpc_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-powerpc64_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc-miboot_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc-smp_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc64_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-prep_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-powerpc_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-powerpc64_2.6.18.dfsg.1-12etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-s390_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s390_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s390x_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-s390x_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390-tape_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390x_2.6.18.dfsg.1-12etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-s390x_2.6.18.dfsg.1-12etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-sparc_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc32_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc64_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc64-smp_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-sparc64_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc32_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc64_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc64-smp_2.6.18.dfsg.1-12etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-sparc64_2.6.18.dfsg.1-12etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1287": "
\n

Debian Security Advisory

\n

DSA-1287-1 ldap-account-manager -- multiple vulnerabilities

\n
\n
Date Reported:
\n
07 May 2007
\n
Affected Packages:
\n
\nldap-account-manager\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 415379.
In Mitre's CVE dictionary: CVE-2006-7191, CVE-2007-1840.
\n
More information:
\n
\n

Two vulnerabilities have been identified in the version of\nldap-account-manager shipped with Debian 3.1 (sarge).

\n
    \n
  • CVE-2006-7191\n

    An untrusted PATH vulnerability could allow a local attacker to execute\n arbitrary code with elevated privileges by providing a malicious rm\n executable and specifying a PATH environment variable referencing this\n executable.

    • \n
  • CVE-2007-1840\n

    Improper escaping of HTML content could allow an attacker to execute a\n cross-site scripting attack (XSS) and execute arbitrary code in the\n victim's browser in the security context of the affected web site.

    • \n
\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.4.9-2sarge1. Newer versions of Debian (etch, lenny, and sid),\nare not affected.

\n

We recommend that you upgrade your ldap-account-manager package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/ldap-account-manager/ldap-account-manager_0.4.9-2sarge1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1288": "
\n

Debian Security Advisory

\n

DSA-1288-1 pptpd -- programming error

\n
\n
Date Reported:
\n
08 May 2007
\n
Affected Packages:
\n
\npptpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0244.
\n
More information:
\n
\n

It was discovered that the PoPToP Point to Point Tunneling Server\ncontains a programming error, which allows the tear-down of a PPTP\nconnection through a malformed GRE packet, resulting in denial of\nservice.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.3.0-2etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.4-1.

\n

We recommend that you upgrade your pptpd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pptpd/bcrelay_1.3.0-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pptpd/pptpd_1.3.0-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1289": "
\n

Debian Security Advisory

\n

DSA-1289-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 May 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1496, CVE-2007-1497, CVE-2007-1861.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-1496\n

    Michal Miroslaw reported a DoS vulnerability (crash) in netfilter.\n A remote attacker can cause a NULL pointer dereference in the\n nfnetlink_log function.

    • \n
  • CVE-2007-1497\n

    Patrick McHardy reported an vulnerability in netfilter that may\n allow attackers to bypass certain firewall rules. The nfctinfo\n value of reassembled IPv6 packet fragments were incorrectly initialized\n to 0 which allowed these packets to become tracked as ESTABLISHED.

    • \n
  • CVE-2007-1861\n

    Jaco Kroon reported a bug in which NETLINK_FIB_LOOKUP packages were\n incorrectly routed back to the kernel resulting in an infinite\n recursion condition. Local users can exploit this behavior\n to cause a DoS (crash).

    • \n
\n

For the stable distribution (etch) these problems have been fixed in version\n2.6.18.dfsg.1-12etch2.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n
Debian 4.0 (etch)
fai-kernels 1.17+etch2
user-mode-linux 2.6.18-1um-2etch2
kernel-patch-openvz028.18.1etch1
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-12etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch2.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-4_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-12etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-alpha_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-generic_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-legacy_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-alpha-smp_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-alpha_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-generic_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-legacy_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-alpha-smp_2.6.18.dfsg.1-12etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-alpha_2.6.18.dfsg.1-12etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-vserver-amd64_2.6.18.dfsg.1-12etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-arm_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-footbridge_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-iop32x_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-ixp4xx_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-rpc_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s3c2410_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-footbridge_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-iop32x_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-ixp4xx_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-rpc_2.6.18.dfsg.1-12etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s3c2410_2.6.18.dfsg.1-12etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-hppa_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc-smp_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc64_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-parisc64-smp_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc-smp_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc64_2.6.18.dfsg.1-12etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-parisc64-smp_2.6.18.dfsg.1-12etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-486_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-686-bigmem_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-i386_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-amd64_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-k7_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-k7_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-486_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-686-bigmem_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-amd64_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-k7_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-k7_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-4-xen-vserver-686_2.6.18.dfsg.1-12etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-ia64_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-itanium_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-mckinley_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-itanium_2.6.18.dfsg.1-12etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-mckinley_2.6.18.dfsg.1-12etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-mips_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-qemu_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-r4k-ip22_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-r5k-ip32_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sb1-bcm91250a_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sb1a-bcm91480b_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-qemu_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-r4k-ip22_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-r5k-ip32_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sb1-bcm91250a_2.6.18.dfsg.1-12etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sb1a-bcm91480b_2.6.18.dfsg.1-12etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-mipsel_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-qemu_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-r3k-kn02_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-r4k-kn04_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-r5k-cobalt_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sb1-bcm91250a_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sb1a-bcm91480b_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-qemu_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-r3k-kn02_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-r4k-kn04_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-r5k-cobalt_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sb1-bcm91250a_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sb1a-bcm91480b_2.6.18.dfsg.1-12etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-powerpc_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc-miboot_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc-smp_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-powerpc64_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-prep_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-powerpc_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-powerpc64_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc-miboot_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc-smp_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-powerpc64_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-prep_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-powerpc_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-powerpc64_2.6.18.dfsg.1-12etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-s390_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s390_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-s390x_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-s390x_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390-tape_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-s390x_2.6.18.dfsg.1-12etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-s390x_2.6.18.dfsg.1-12etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-all-sparc_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc32_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc64_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-sparc64-smp_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-4-vserver-sparc64_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc32_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc64_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-sparc64-smp_2.6.18.dfsg.1-12etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-4-vserver-sparc64_2.6.18.dfsg.1-12etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1290": "
\n

Debian Security Advisory

\n

DSA-1290-1 squirrelmail -- missing input sanitising

\n
\n
Date Reported:
\n
13 May 2007
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1262.
\n
More information:
\n
\n

It was discovered that the webmail package Squirrelmail performs\ninsufficient sanitising inside the HTML filter, which allows the\ninjection of arbitrary web script code during the display of HTML\nemail messages.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 2:1.4.4-11.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2:1.4.9a-2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2:1.4.10a-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.4-11_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1291": "
\n

Debian Security Advisory

\n

DSA-1291-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
15 May 2007
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447.
\n
More information:
\n
\n

Several issues have been identified in Samba, the SMB/CIFS\nfile- and print-server implementation for GNU/Linux.

\n
    \n
  • CVE-2007-2444\n

    When translating SIDs to/from names using Samba local list of user and\n group accounts, a logic error in the smbd daemon's internal security\n stack may result in a transition to the root user id rather than the\n non-root user. The user is then able to temporarily issue SMB/CIFS\n protocol operations as the root user. This window of opportunity may\n allow the attacker to establish addition means of gaining root access to\n the server.

    • \n
  • CVE-2007-2446\n

    Various bugs in Samba's NDR parsing can allow a user to send specially\n crafted MS-RPC requests that will overwrite the heap space with user\n defined data.

    • \n
  • CVE-2007-2447\n

    Unescaped user input parameters are passed as arguments to /bin/sh\n allowing for remote command execution.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.0.24-6etch1.

\n

For the testing and unstable distributions (lenny and sid,\nrespectively), these problems have been fixed in version 3.0.25-1.

\n

We recommend that you upgrade your samba package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch1_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1292": "
\n

Debian Security Advisory

\n

DSA-1292-1 qt4-x11 -- missing input validation

\n
\n
Date Reported:
\n
15 May 2007
\n
Affected Packages:
\n
\nqt4-x11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 417391.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23269.
In Mitre's CVE dictionary: CVE-2007-0242.
\n
More information:
\n
\n

Andreas Nolden discovered a bug in the UTF8 decoding routines in\nqt4-x11, a C++ GUI library framework, that could allow remote\nattackers to conduct cross-site scripting (XSS) and directory\ntraversal attacks via long sequences that decode to dangerous\nmetacharacters.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.2.1-2etch1.

\n

For the testing and unstable distribution (lenny and sid, respectively),\nthis problem has been fixed in version 4.2.2-2.

\n

We recommend that you upgrade your qt4-x11 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.2.1-2etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.2.1-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-debug_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.2.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.2.1-2etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1293": "
\n

Debian Security Advisory

\n

DSA-1293-1 quagga -- out of boundary read

\n
\n
Date Reported:
\n
17 May 2007
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 418323.
In the Bugtraq database (at SecurityFocus): BugTraq ID 23417.
In Mitre's CVE dictionary: CVE-2007-1995.
\n
More information:
\n
\n

Paul Jakma discovered that specially crafted UPDATE messages can\ntrigger an out of boundary read that can result in a system crash of\nquagga, the BGP/OSPF/RIP routing daemon.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 0.98.3-7.4.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.99.5-5etch2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.99.6-5.

\n

We recommend that you upgrade your quagga package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.dsc
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.4_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.dsc
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1294": "
\n

Debian Security Advisory

\n

DSA-1294-1 xfree86 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 May 2007
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the X Window System,\nwhich may lead to privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-1003\n

    Sean Larsson discovered an integer overflow in the XC-MISC extension,\n which might lead to denial of service or local privilege escalation.

    • \n
  • CVE-2007-1351\n

    Greg MacManus discovered an integer overflow in the font handling,\n which might lead to denial of service or local privilege escalation.

    • \n
  • CVE-2007-1352\n

    Greg MacManus discovered an integer overflow in the font handling,\n which might lead to denial of service or local privilege escalation.

    • \n
  • CVE-2007-1667\n

    Sami Leides discovered an integer overflow in the libx11 library\n which might lead to the execution of arbitrary code.\n This update introduces tighter sanity checking of input passed to\n XCreateImage(). To cope with this an updated rdesktop package is\n delivered along with this security update. Another application\n reported to break is the proprietary Opera browser, which isn't\n part of Debian. The vendor has released updated packages, though.

    • \n
\n

For the old stable distribution (sarge) these problems have been fixed in\nversion 4.3.0.dfsg.1-14sarge4. This update lacks builds for the Sparc\narchitecture, due to problems on the build host. Packages will be released\nonce this problem has been resolved.

\n

The stable distribution (etch) isn't affected by these problems, as the\nvulnerabilities have already been fixed during the Etch preparation\nfreeze phase.

\n

We recommend that you upgrade your XFree86 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge4.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.4.0-2sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1295": "
\n

Debian Security Advisory

\n

DSA-1295-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 May 2007
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2509, CVE-2007-2510.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-2509\n

    It was discovered that missing input sanitising inside the ftp\n extension permits an attacker to execute arbitrary FTP commands.\n This requires the attacker to already have access to the FTP\n server.

    • \n
  • CVE-2007-2510\n

    It was discovered that a buffer overflow in the SOAP extension permits\n the execution of arbitrary code.

    • \n
\n

The oldstable distribution (sarge) doesn't include php5.

\n

For the stable distribution (etch) these problems have been fixed\nin version 5.2.0-8+etch4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.2.2-1.

\n

We recommend that you upgrade your PHP packages. Packages for the Sparc\narchitectures are not yet available, due to problems on the build host. They\nwill be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch4_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1296": "
\n

Debian Security Advisory

\n

DSA-1296-1 php4 -- missing input sanitising

\n
\n
Date Reported:
\n
21 May 2007
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2509.
\n
More information:
\n
\n

It was discovered that the ftp extension of PHP, a server-side,\nHTML-embedded scripting language performs insufficient input sanitising,\nwhich permits an attacker to execute arbitrary FTP commands. This\nrequires the attacker to already have access to the FTP server.

\n

For the oldstable distribution (sarge) this problem has been fixed\nin version 4.3.10-21.

\n

For the stable distribution (etch) this problem has been fixed\nin version 4.4.4-8+etch3.

\n

For the unstable distribution (sid) this problem won't be fixed, as php4\nwill be removed from sid; thus you are strongly advised to migrate to\nphp5 if you prefer to follow the unstable distribution.

\n

We recommend that you upgrade your PHP packages. Packages for the Sparc\narchitectures are not yet available, due to problems on the build host. They\nwill be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-21.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-21.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-21_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-21_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-21_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-21_s390.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch3.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1297": "
\n

Debian Security Advisory

\n

DSA-1297-1 gforge-plugin-scmcvs -- missing input sanitising

\n
\n
Date Reported:
\n
24 May 2007
\n
Affected Packages:
\n
\ngforge-plugin-scmcvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0246.
\n
More information:
\n
\n

Bernhard R. Link discovered that the CVS browsing interface of Gforge, a\ncollaborative development tool, performs insufficient escaping of URLs,\nwhich allows the execution of arbitrary shell commands with the privileges\nof the www-data user.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4.5.14-5etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.5.14-6.

\n

We recommend that you upgrade your gforge-plugin-scmcvs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gforge-plugin-scmcvs_4.5.14-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gforge-plugin-scmcvs_4.5.14-5etch1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge-plugin-scmcvs/gforge-plugin-scmcvs_4.5.14-5etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1298": "
\n

Debian Security Advisory

\n

DSA-1298-1 otrs2 -- missing input sanitising

\n
\n
Date Reported:
\n
28 May 2007
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2524.
\n
More information:
\n
\n

It was discovered that the Open Ticket Request System performs\ninsufficient input sanitising for the Subaction parameter, which allows\nthe injection of arbitrary web script code.

\n

The oldstable distribution (sarge) doesn't include otrs2.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.0.4p01-18.

\n

The unstable distribution (sid) isn't affected by this problem.

\n

We recommend that you upgrade your otrs2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.0.4p01-18.dsc
\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.0.4p01-18.diff.gz
\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.0.4p01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.0.4p01-18_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1299": "
\n

Debian Security Advisory

\n

DSA-1299-1 ipsec-tools -- missing input sanitising

\n
\n
Date Reported:
\n
07 Jun 2007
\n
Affected Packages:
\n
\nipsec-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1841.
\n
More information:
\n
\n

It was discovered that a specially-crafted packet sent to the racoon\nipsec key exchange server could cause a tunnel to crash, resulting in\na denial of service.

\n

The oldstable distribution (sarge) isn't affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1:0.6.6-3.1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your racoon package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1300": "
\n

Debian Security Advisory

\n

DSA-1300-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jun 2007
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2870, CVE-2007-2871.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1362\n

    Nicolas Derouet discovered that Iceape performs insufficient\n validation of cookies, which could lead to denial of service.

    • \n
  • CVE-2007-1558\n

    Gatan Leurent discovered a cryptographical weakness in APOP\n authentication, which reduces the required efforts for an MITM attack\n to intercept a password. The update enforces stricter validation, which\n prevents this attack.

    • \n
  • CVE-2007-2867\n

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn\n Wargers and Olli Pettay discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2007-2868\n

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant\n discovered crashes in the javascript engine, which might allow the execution of\n arbitrary code.

    • \n
  • CVE-2007-2870\n

    moz_bug_r_a4 discovered that adding an event listener through the\n addEventListener() function allows cross-site scripting.

    • \n
  • CVE-2007-2871\n

    Chris Thomas discovered that XUL popups can be abused for spoofing or\n phishing attacks.

    • \n
\n

Fixes for the oldstable distribution (sarge) are not available. While there\nwill be another round of security updates for Mozilla products, Debian doesn't\nhave the resources to backport further security fixes to the old Mozilla\nproducts. You're strongly encouraged to upgrade to stable as soon as possible.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.0.9-0etch1. A build for the arm architecture is not yet available, it will\nbe provided later.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.9-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.9-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.9-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1301": "
\n

Debian Security Advisory

\n

DSA-1301-1 gimp -- buffer overflow

\n
\n
Date Reported:
\n
09 Jun 2007
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2356.
\n
More information:
\n
\n

A buffer overflow has been identified in Gimp's SUNRAS plugin in\nversions prior to 2.2.15. This bug could allow an attacker to execute\narbitrary code on the victim's computer by inducing the victim to open a\nspecially crafted RAS file.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.2.13-1etch1.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.2.6-1sarge2.

\n

For the unstable and testing distributions (sid and lenny,\nrespectively), this problem has been fixed in version 2.2.14-2.

\n

We recommend that you upgrade your gimp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge2_s390.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.13-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.13-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1302": "
\n

Debian Security Advisory

\n

DSA-1302-1 freetype -- integer overflow

\n
\n
Date Reported:
\n
10 Jun 2007
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 425625.
In Mitre's CVE dictionary: CVE-2007-2754.
\n
More information:
\n
\n

A problem was discovered in freetype, a FreeType2 font engine, which\ncould allow the execution of arbitrary code via an integer overflow in\nspecially crafted TTF files.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.2.1-5+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.1-6.

\n

We recommend that you upgrade your freetype package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1303": "
\n

Debian Security Advisory

\n

DSA-1303-1 lighttpd -- denial of service

\n
\n
Date Reported:
\n
10 Jun 2007
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 422254.
In Mitre's CVE dictionary: CVE-2007-1870, CVE-2007-1869.
\n
More information:
\n
\n

Two problems were discovered with lighttpd, a fast webserver with\nminimal memory footprint, which could allow denial of service.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-1869\n

    Remote attackers could cause denial of service by disconnecting\n partway through making a request.

    • \n
  • CVE-2007-1870\n

    A NULL pointer dereference could cause a crash when serving files\n with a mtime of 0.

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.4.13-4etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.4.14-1.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1304": "
\n

Debian Security Advisory

\n

DSA-1304-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Jun 2007
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-4811, CVE-2006-4814, CVE-2006-4623, CVE-2006-5753.
\n
More information:
\n
\n

CVE-2006-6060 CVE-2006-6106 CVE-2006-6535 CVE-2007-0958\nCVE-2007-1357 CVE-2007-1592

\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode.

\n

This update also fixes a regression in the smbfs subsystem which was introduced\nin DSA-1233\nwhich caused symlinks to be interpreted as regular files.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2005-4811\n

    David Gibson reported an issue in the hugepage code which could permit\n a local DoS (system crash) on appropriately configured systems.

    • \n
  • CVE-2006-4814\n

    Doug Chapman discovered a potential local DoS (deadlock) in the mincore\n function caused by improper lock handling.

    • \n
  • CVE-2006-4623\n

    Ang Way Chuang reported a remote DoS (crash) in the dvb driver which\n can be triggered by a ULE package with an SNDU length of 0.

    • \n
  • CVE-2006-5753\n

    Eric Sandeen provided a fix for a local memory corruption vulnerability\n resulting from a misinterpretation of return values when operating on\n inodes which have been marked bad.

    • \n
  • CVE-2006-5754\n

    Darrick Wong discovered a local DoS (crash) vulnerability resulting from\n the incorrect initialization of nr_pages in aio_setup_ring().

    • \n
  • CVE-2006-5757\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted iso9660 filesystem.

    • \n
  • CVE-2006-6053\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext3 filesystem.

    • \n
  • CVE-2006-6056\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted hfs filesystem on\n systems with SELinux hooks enabled (Debian does not enable SELinux by\n default).

    • \n
  • CVE-2006-6060\n

    LMH reported a potential local DoS (infinite loop) which could be exploited\n by a malicious user with the privileges to mount and read a corrupted NTFS\n filesystem.

    • \n
  • CVE-2006-6106\n

    Marcel Holtman discovered multiple buffer overflows in the Bluetooth\n subsystem which can be used to trigger a remote DoS (crash) and potentially\n execute arbitrary code.

    • \n
  • CVE-2006-6535\n

    Kostantin Khorenko discovered an invalid error path in dev_queue_xmit()\n which could be exploited by a local user to cause data corruption.

    • \n
  • CVE-2007-0958\n

    Santosh Eraniose reported a vulnerability that allows local users to read\n otherwise unreadable files by triggering a core dump while using PT_INTERP.\n This is related to CVE-2004-1073.

    • \n
  • CVE-2007-1357\n

    Jean Delvare reported a vulnerability in the appletalk subsystem.\n Systems with the appletalk module loaded can be triggered to crash\n by other systems on the local network via a malformed frame.

    • \n
  • CVE-2007-1592\n

    Masayuki Nakagawa discovered that flow labels were inadvertently\n being shared between listening sockets and child sockets. This defect\n can be exploited by local users to cause a DoS (Oops).

    • \n
\n

The following matrix explains which kernel version for which architecture\nfix the problems mentioned above:

\n
\n\n\n\n\n\n\n\n\n\n\n\n
Debian 3.1 (sarge)
Source 2.6.8-16sarge7
Alpha architecture 2.6.8-16sarge7
AMD64 architecture 2.6.8-16sarge7
HP Precision architecture2.6.8-6sarge7
Intel IA-32 architecture2.6.8-16sarge7
Intel IA-64 architecture2.6.8-14sarge7
Motorola 680x0 architecture2.6.8-4sarge7
PowerPC architecture2.6.8-12sarge7
IBM S/390 architecture2.6.8-5sarge7
Sun Sparc architecture2.6.8-15sarge7
\n
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge6.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-16sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-16sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-6sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-16sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-14sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-4sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-5sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-15sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-12sarge7.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge7.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8_0.9.70+2.6.8+12sarge2.dsc
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8_0.9.70+2.6.8+12sarge2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-5sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-16sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-16sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-16sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-16sarge7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4_2.6.8-16sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-generic_2.6.8-16sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-smp_2.6.8-16sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-generic_2.6.8-16sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-smp_2.6.8-16sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-16sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-16sarge7_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32-smp_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64-smp_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32-smp_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64_2.6.8-6sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64-smp_2.6.8-6sarge7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-386_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-586tsc_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-686-smp_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k6_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-3-k7-smp_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-386_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686-smp_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7-smp_0.3.7-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-386_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-386_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-16sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-16sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium-smp_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley_2.6.8-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley-smp_2.6.8-14sarge7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge7_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-4_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc-smp_2.6.8-12sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8-4-powerpc_0.9.70+2.6.8+12sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mol-modules-2.6.8/mol-modules-2.6.8-4-powerpc-smp_0.9.70+2.6.8+12sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-4_2.6.8-5sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390_2.6.8-5sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390-tape_2.6.8-5sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390x_2.6.8-5sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-4_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc32_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64-smp_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc32_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64_2.6.8-15sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64-smp_2.6.8-15sarge7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1305": "
\n

Debian Security Advisory

\n

DSA-1305-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Jun 2007
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1558, CVE-2007-2867, CVE-2007-2868.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove mail client,\nan unbranded version of the Thunderbird client. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-1558\n

    Gatan Leurent discovered a cryptographical weakness in APOP\n authentication, which reduces the required efforts for an MITM attack\n to intercept a password. The update enforces stricter validation, which\n prevents this attack.

    • \n
  • CVE-2007-2867\n

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn\n Wargers and Olli Pettay discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2007-2868\n

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant\n discovered crashes in the Javascript engine, which might allow the execution of\n arbitrary code. Generally, enabling Javascript in Icedove is not recommended.

    • \n
\n

Fixes for the oldstable distribution (sarge) are not available. While there\nwill be another round of security updates for Mozilla products, Debian doesn't\nhave the resources to backport further security fixes to the old Mozilla\nproducts. You're strongly encouraged to upgrade to stable as soon as possible.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.5.0.12.dfsg1-0etch1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.12.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.12.dfsg1-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.12.dfsg1-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1306": "
\n

Debian Security Advisory

\n

DSA-1306-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Jun 2007
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1362, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1362\n

    Nicolas Derouet discovered that Xulrunner performs insufficient\n validation of cookies, which could lead to denial of service.

    • \n
  • CVE-2007-2867\n

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn\n Wargers and Olli Pettay discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2007-2868\n

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir\n Palant discovered crashes in the Javascript engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2007-2869\n

    Marcel discovered that malicious web sites can cause massive\n resource consumption through the auto completion feature, resulting\n in denial of service.

    • \n
  • CVE-2007-2870\n

    moz_bug_r_a4 discovered that adding an event listener through the\n addEventListener() function allows cross-site scripting.

    • \n
  • CVE-2007-2871\n

    Chris Thomas discovered that XUL popups can be abused for spoofing\n or phishing attacks.

    • \n
\n

The oldstable distribution (sarge) doesn't include xulrunner.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.8.0.12-0etch1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.12-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1307": "
\n

Debian Security Advisory

\n

DSA-1307-1 openoffice.org -- heap overflow

\n
\n
Date Reported:
\n
12 Jun 2007
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0245.
\n
More information:
\n
\n

John Heasman discovered a heap overflow in the routines of OpenOffice.org\nthat parse RTF files. A specially crafted RTF file could cause the\nfilter to overwrite data on the heap, which may lead to the execution\nof arbitrary code.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge7.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.0.4.dfsg.2-7etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.1~rc1-1.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge7.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge7_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge7_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1308": "
\n

Debian Security Advisory

\n

DSA-1308-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jun 2007
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1362, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1362\n

    Nicolas Derouet discovered that Iceweasel performs insufficient\n validation of cookies, which could lead to denial of service.

    • \n
  • CVE-2007-2867\n

    Boris Zbarsky, Eli Friedman, Georgi Guninski, Jesse Ruderman, Martijn\n Wargers and Olli Pettay discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2007-2868\n

    Brendan Eich, Igor Bukanov, Jesse Ruderman, moz_bug_r_a4 and Wladimir Palant\n discovered crashes in the javascript engine, which might allow the execution of\n arbitrary code.

    • \n
  • CVE-2007-2869\n

    Marcel discovered that malicious web sites can cause massive\n resource consumption through the auto completion feature, resulting\n in denial of service.

    • \n
  • CVE-2007-2870\n

    moz_bug_r_a4 discovered that adding an event listener through the\n addEventListener() function allows cross-site scripting.

    • \n
  • CVE-2007-2871\n

    Chris Thomas discovered that XUL popups can be abused for spoofing or\n phishing attacks.

    • \n
\n

Fixes for the oldstable distribution (sarge) are not available. While there\nwill be another round of security updates for Mozilla products, Debian doesn't\nhave the resources to backport further security fixes to the old Mozilla\nproducts. You're strongly encouraged to upgrade to stable as soon as possible.

\n

For the stable distribution (etch) these problems have been fixed in version\n2.0.0.4-0etch1. A build for the Alpha architecture is not yet available, it will\nbe provided later.

\n

For the unstable distribution (sid) these problems have been fixed in version\n2.0.0.4-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.4-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.4-0etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.4-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.4-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.4-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1309": "
\n

Debian Security Advisory

\n

DSA-1309-1 postgresql-8.1 -- programming error

\n
\n
Date Reported:
\n
16 Jun 2007
\n
Affected Packages:
\n
\npostgresql-8.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2138.
\n
More information:
\n
\n

It was discovered that the PostgreSQL database performs insufficient\nvalidation of variables passed to privileged SQL statements, so called\nsecurity definers, which could lead to SQL privilege escalation.

\n

The oldstable distribution (sarge) doesn't contain PostgreSQL 8.1.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 8.1.9-0etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 8.1.9-1.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.9-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.9-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.9-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1310": "
\n

Debian Security Advisory

\n

DSA-1310-1 libexif -- integer overflow

\n
\n
Date Reported:
\n
16 Jun 2007
\n
Affected Packages:
\n
\nlibexif\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 424775.
In Mitre's CVE dictionary: CVE-2006-4168.
\n
More information:
\n
\n

A vulnerability has been discovered in libexif, a library to parse EXIF\nfiles, which allows denial of service and possible execution of arbitrary\ncode via malformed EXIF data.

\n

For the old-stable distribution (sarge), this problem has been fixed\nin version 0.6.9-6sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.6.13-5etch1.

\n

We recommend that you upgrade your libexif package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz
\n Size/MD5 checksum: 4786 7f1c3acc1bd7a5cbba3d5902243641f3\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc
\n Size/MD5 checksum: 591 42d25baee97586f3ea1498a8f48ccf4a\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
\n Size/MD5 checksum: 520956 0aa142335a8a00c32bb6c7dbfe95fc24\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb
\n Size/MD5 checksum: 87472 b89fd309bcdbffe922868fdc94ae3995\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb
\n Size/MD5 checksum: 87512 dfe1e955fa930314229d7bb60e3ff836\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb
\n Size/MD5 checksum: 82032 4c5f701021eb2000bc3ef6f883567ce2\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb
\n Size/MD5 checksum: 67686 16b056d71ca768c86008dcee30866f60\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb
\n Size/MD5 checksum: 77166 2aa58aba802cace8d19c69bde064353f\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb
\n Size/MD5 checksum: 63856 c4d53b9592202e1fdd33488fd60c6d34\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb
\n Size/MD5 checksum: 72520 ee8e668619021e6b7835008ff995b7d9\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb
\n Size/MD5 checksum: 87552 98de1cc25069f89469b2d27163f5899b\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb
\n Size/MD5 checksum: 81852 c160054570be46b37aea3eab9b4eaccb\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb
\n Size/MD5 checksum: 67106 d068596d9648d1ce07eab1cc960cc64c\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb
\n Size/MD5 checksum: 84206 0246ab59dabd154efd976ff66bc92f41\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb
\n Size/MD5 checksum: 95380 154b1660da3aa9de555d2a01771069f6\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb
\n Size/MD5 checksum: 79144 d4efcd6b0d598fbdb5f63a8737f49964\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb
\n Size/MD5 checksum: 57968 d746fafbc55a58c83920a6630b416365\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb
\n Size/MD5 checksum: 68116 231d9384f29995322dca3d138aa0bd41\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb
\n Size/MD5 checksum: 77876 d245ced8cef61e9b29c01891fb28be83\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb
\n Size/MD5 checksum: 77066 a803eeb2551df736a9ad6bfbcd4aec5d\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mipsel.deb
\n Size/MD5 checksum: 67570 a4962d489742e261878d1e76072de447\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_s390.deb
\n Size/MD5 checksum: 69688 921fe72654e3fb1d8f43dc40c67f2196\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_s390.deb
\n Size/MD5 checksum: 82194 e452ad17bc755a7896789d72ba6a19ef\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_sparc.deb
\n Size/MD5 checksum: 80210 5af15c3f4ba80c2349b22e31fdace319\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_sparc.deb
\n Size/MD5 checksum: 66224 eff51355ec2cc7ad61a8cafd51b7827d\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.dsc
\n Size/MD5 checksum: 611 1ef82262d96e0b157f7ee74bfad7cf1f\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
\n Size/MD5 checksum: 727418 e5ad93c170bfb4fed6dc3e1c7a7948cb\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.diff.gz
\n Size/MD5 checksum: 9163 476ae8f1ef4103144ca0f3ea59e88ca4\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_alpha.deb
\n Size/MD5 checksum: 1067984 e5c33b25fd459761ea2d19d9142b5cdf\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_alpha.deb
\n Size/MD5 checksum: 148336 88bc8cc66ad78ddf4b096015148dba82\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_amd64.deb
\n Size/MD5 checksum: 142954 ceeccbe1112250949070f1c06b78536c\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_amd64.deb
\n Size/MD5 checksum: 1044550 b55daeeb41735e7f3024d68186643805\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_arm.deb
\n Size/MD5 checksum: 997646 18411c1a63d5d4e537992140cbdf7721\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_arm.deb
\n Size/MD5 checksum: 135988 1195dbf898c9550590a2a76b327a4eb4\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_hppa.deb
\n Size/MD5 checksum: 147200 dece4fe67839197f3f4cbac78aec2a43\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_hppa.deb
\n Size/MD5 checksum: 1013194 6de2cec24dffdeffa1abf69175d48962\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_i386.deb
\n Size/MD5 checksum: 998686 19d1987a4222f5da26521ba96dbf20cf\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_i386.deb
\n Size/MD5 checksum: 139954 73713093a5b8e423284e7bc5bd55a120\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_ia64.deb
\n Size/MD5 checksum: 159424 f1a821774f55ffc4e1aa1238d05835e3\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_ia64.deb
\n Size/MD5 checksum: 1028554 c599bc392ff53a2f1b8da9d0270dd6b1\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mips.deb
\n Size/MD5 checksum: 136666 42403f5fe88c1608fbd99e24b0fba51a\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mips.deb
\n Size/MD5 checksum: 1008580 24c2d6980675f456a8771b665ea43b75\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mipsel.deb
\n Size/MD5 checksum: 136120 fea308e90afe74d83dbc00d800d08a3d\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mipsel.deb
\n Size/MD5 checksum: 1008154 6c88505ee31716eb604d1d1ccdbf33f0\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_powerpc.deb
\n Size/MD5 checksum: 1005486 997bbd5a30ba6012c8394df7bd95d095\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_powerpc.deb
\n Size/MD5 checksum: 138166 41e221f883a8eac1f080068e71633f1e\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_s390.deb
\n Size/MD5 checksum: 1007740 9aa83ad28b7b41d0c4121f0084a0650e\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_s390.deb
\n Size/MD5 checksum: 143518 4f99aa499f2d4d620a4f21709d2035f7\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_sparc.deb
\n Size/MD5 checksum: 1002722 c869b8a61874428e206f01b5e67fbb1b\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_sparc.deb
\n Size/MD5 checksum: 138310 13569b4111b772a4a2be29727dd21d2d\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1311": "
\n

Debian Security Advisory

\n

DSA-1311-1 postgresql-7.4 -- programming error

\n
\n
Date Reported:
\n
17 Jun 2007
\n
Affected Packages:
\n
\npostgresql-7.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2138.
\n
More information:
\n
\n

It was discovered that the PostgreSQL database performs insufficient\nvalidation of variables passed to privileged SQL statement called\nsecurity definers, which could lead to SQL privilege escalation.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 7.4.7-6sarge5. A powerpc build is not yet available due to\nproblems with the build host. It will be provided later.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 7.4.17-0etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7.4.17-1.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.17-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.17-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1312": "
\n

Debian Security Advisory

\n

DSA-1312-1 libapache-mod-jk -- programming error

\n
\n
Date Reported:
\n
18 Jun 2007
\n
Affected Packages:
\n
\nlibapache-mod-jk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1860.
\n
More information:
\n
\n

It was discovered that the Apache 1.3 connector for the Tomcat Java\nservlet engine decoded request URLs multiple times, which can lead\nto information disclosure.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 1.2.5-2sarge1. An updated package for powerpc is not yet\navailable due to problems with the build host. It will be provided\nlater.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.2.18-3etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.23-1.

\n

We recommend that you upgrade your libapache-mod-jk package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.5-2sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1313": "
\n

Debian Security Advisory

\n

DSA-1313-1 mplayer -- buffer overflow

\n
\n
Date Reported:
\n
19 Jun 2007
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2948.
\n
More information:
\n
\n

Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie\nplayer performs insufficient boundary checks when accessing CDDB data,\nwhich might lead to the execution of arbitrary code.

\n

The oldstable distribution (sarge) doesn't include MPlayer packages.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.0~rc1-12etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0~rc1-14.

\n

We recommend that you upgrade your mplayer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1314": "
\n

Debian Security Advisory

\n

DSA-1314-1 open-iscsi -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jun 2007
\n
Affected Packages:
\n
\nopen-iscsi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3099, CVE-2007-3100.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in\nopen-iscsi, a transport-independent iSCSI implementation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3099\n

    Olaf Kirch discovered that due to a programming error access to the\n management interface socket was insufficiently protected, which allows\n denial of service.

    • \n
  • CVE-2007-3100\n

    Olaf Kirch discovered that access to a semaphore used in the logging\n code was insufficiently protected, allowing denial of service.

    • \n
\n

The oldstable distribution (sarge) doesn't include open-iscsi.

\n

For the stable distribution (etch) these problems have been fixed\nin version 2.0.730-1etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.865-1.

\n

We recommend that you upgrade your open-iscsi packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/open-iscsi/open-iscsi_2.0.730-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1315": "
\n

Debian Security Advisory

\n

DSA-1315-1 libphp-phpmailer -- missing input validation

\n
\n
Date Reported:
\n
21 Jun 2007
\n
Affected Packages:
\n
\nlibphp-phpmailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3215.
\n
More information:
\n
\n

Thor Larholm discovered that libphp-phpmailer, an email transfer class\nfor PHP, performs insufficient input validition if configured to use\nSendmail. This allows the execution of arbitrary shell commands.

\n

The oldstable distribution (sarge) doesn't include libphp-phpmailer.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.73-2etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.73-4.

\n

We recommend that you upgrade your libphp-phpmailer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libphp-phpmailer/libphp-phpmailer_1.73.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libphp-phpmailer/libphp-phpmailer_1.73-2etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1316": "
\n

Debian Security Advisory

\n

DSA-1316-1 emacs21 -- denial of service

\n
\n
Date Reported:
\n
21 Jun 2007
\n
Affected Packages:
\n
\nemacs21\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 408929.
In Mitre's CVE dictionary: CVE-2007-2833.
\n
More information:
\n
\n

It has been discovered that emacs, the GNU Emacs editor, will crash when\nprocessing certain types of images.

\n

For the stable distribution (etch), this problem has been fixed in version 21.4a+1-3etch1.

\n

We recommend that you upgrade your emacs21 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-common_21.4a+1-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-el_21.4a+1-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs_21.4a+1-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1317": "
\n

Debian Security Advisory

\n

DSA-1317-1 tinymux -- buffer overflow

\n
\n
Date Reported:
\n
23 Jun 2007
\n
Affected Packages:
\n
\ntinymux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1655.
\n
More information:
\n
\n

duskwave discovered that tinymux, a text-based multi-user virtual world server,\nperforms insufficient boundary checks when working with user-supplied data,\nwhich might lead to the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.4.3.31-1etch1.

\n

We recommend that you upgrade your tinymux package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1318": "
\n

Debian Security Advisory

\n

DSA-1318-1 ekg -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jun 2007
\n
Affected Packages:
\n
\nekg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2005-2370, CVE-2005-2448, CVE-2007-1663, CVE-2007-1664, CVE-2007-1665.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in ekg, a console\nGadu Gadu client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2005-2370\n

    It was discovered that memory alignment errors may allow remote\n attackers to cause a denial of service on certain architectures\n such as sparc. This only affects Debian Sarge.

    • \n
  • CVE-2005-2448\n

    It was discovered that several endianess errors may allow remote\n attackers to cause a denial of service. This only affects\n Debian Sarge.

    • \n
  • CVE-2007-1663\n

    It was discovered that a memory leak in handling image messages may\n lead to denial of service. This only affects Debian Etch.

    • \n
  • CVE-2007-1664\n

    It was discovered that a null pointer deference in the token OCR code\n may lead to denial of service. This only affects Debian Etch.

    • \n
  • CVE-2007-1665\n

    It was discovered that a memory leak in the token OCR code may lead\n to denial of service. This only affects Debian Etch.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 1.5+20050411-7. This updates lacks updated packages for the m68k\narchitecture. They will be provided later.

\n

For the stable distribution (etch) these problems have been fixed\nin version 1:1.7~rc2-1etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1:1.7~rc2-2.

\n

We recommend that you upgrade your ekg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1319": "
\n

Debian Security Advisory

\n

DSA-1319-1 maradns -- memory leaks

\n
\n
Date Reported:
\n
23 Jun 2007
\n
Affected Packages:
\n
\nmaradns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3114, CVE-2007-3115, CVE-2007-3116.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in MaraDNS, a simple\nsecurity-aware Domain Name Service server. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-3114\n

    It was discovered that malformed DNS requests can trigger memory\n leaks, allowing denial of service.

    • \n
  • CVE-2007-3115\n

    It was discovered that malformed DNS requests can trigger memory\n leaks, allowing denial of service.

    • \n
  • CVE-2007-3116\n

    It was discovered that malformed DNS requests can trigger memory\n leaks, allowing denial of service.

    • \n
\n

The oldstable distribution (sarge) is not affected by these problems.

\n

For the stable distribution (etch) these problems have been fixed\nin version 1.2.12.04-1etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.12.06-1.

\n

We recommend that you upgrade your maradns packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1320": "
\n

Debian Security Advisory

\n

DSA-1320-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jun 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2650, CVE-2007-3023, CVE-2007-3024, CVE-2007-3122, CVE-2007-3123.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-2650\n

    It was discovered that the OLE2 parser can be tricked into an infinite\n loop and memory exhaustion.

    • \n
  • CVE-2007-3023\n

    It was discovered that the NsPack decompression code performed\n insufficient sanitising on an internal length variable, resulting in\n a potential buffer overflow.

    • \n
  • CVE-2007-3024\n

    It was discovered that temporary files were created with insecure\n permissions, resulting in information disclosure.

    • \n
  • CVE-2007-3122\n

    It was discovered that the decompression code for RAR archives allows\n bypassing a scan of a RAR archive due to insufficient validity checks.

    • \n
  • CVE-2007-3123\n

    It was discovered that the decompression code for RAR archives performs\n insufficient validation of header values, resulting in a buffer overflow.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 0.84-2.sarge.17. Please note that the fix for CVE-2007-3024 hasn't\nbeen backported to oldstable.

\n

For the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.90.2-1.

\n

We recommend that you upgrade your clamav packages. An updated package\nfor oldstable/powerpc is not yet available. It will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.84-2.sarge.17_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.84-2.sarge.17_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.84-2.sarge.17_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_m68k.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.84-2.sarge.17_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.84-2.sarge.17_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.84-2.sarge.17_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.84-2.sarge.17_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.84-2.sarge.17_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav1_0.84-2.sarge.17_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch3_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch3_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1321": "
\n

Debian Security Advisory

\n

DSA-1321-1 evolution-data-server -- programming error

\n
\n
Date Reported:
\n
23 Jun 2007
\n
Affected Packages:
\n
\nevolution-data-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3257.
\n
More information:
\n
\n

It was discovered that the IMAP code in the Evolution Data Server\nperforms insufficient sanitising of a value later used an array index,\nwhich can lead to the execution of arbitrary code.

\n

For the oldstable distribution (sarge) a different source package\nis affected and will be fixed separately.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.6.3-5etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.10.2-2.

\n

We recommend that you upgrade your evolution-data-server packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1322": "
\n

Debian Security Advisory

\n

DSA-1322-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jun 2007
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3390, CVE-2007-3392, CVE-2007-3393.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3390\n

    Off-by-one overflows were discovered in the iSeries dissector.

    • \n
  • CVE-2007-3392\n

    The MMS and SSL dissectors could be forced into an infinite loop.

    • \n
  • CVE-2007-3393\n

    An off-by-one overflow was discovered in the DHCP/BOOTP dissector.

    • \n
\n

The oldstable distribution (sarge) is not affected by these problems.\n(In Sarge Wireshark used to be called Ethereal).

\n

For the stable distribution (etch) these problems have been fixed\nin version 0.99.4-5.etch.0. Packages for the big endian MIPS architecture\nare not yet available. They will be provided later.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.99.6pre1-1.

\n

We recommend that you upgrade your Wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.0_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1323": "
\n

Debian Security Advisory

\n

DSA-1323-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jun 2007
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2442, CVE-2007-2443, CVE-2007-2798.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the MIT reference\nimplementation of the Kerberos network authentication protocol suite,\nwhich may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-2442\n

    Wei Wang discovered that the free of an uninitialised pointer in the\n Kerberos RPC library may lead to the execution of arbitrary code.

    • \n
  • CVE-2007-2443\n

    Wei Wang discovered that insufficient input sanitising in the\n Kerberos RPC library may lead to the execution of arbitrary code.

    • \n
  • CVE-2007-2798\n

    It was discovered that a buffer overflow in the Kerberos\n administration daemon may lead to the execution of arbitrary code.

    • \n
\n

For the old stable distribution (sarge) these problems have been fixed in\nversion 1.3.6-2sarge5. Packages for hppa, mips and powerpc are not yet\navailable. They will be provided later.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.4.4-7etch2. Packages for hppa and mips are not yet available.\nThey will be provided later.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.6.dfsg.1-5.

\n

We recommend that you upgrade your Kerberos packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch2.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1324": "
\n

Debian Security Advisory

\n

DSA-1324-1 hiki -- missing input sanitising

\n
\n
Date Reported:
\n
28 Jun 2007
\n
Affected Packages:
\n
\nhiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 430691.
In Mitre's CVE dictionary: CVE-2007-2836.
\n
More information:
\n
\n

Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written\nin Ruby, which could allow a remote attacker to delete arbitrary files\nwhich are writable to the Hiki user, via a specially crafted session\nparameter.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.8.6-1etch1.

\n

For the unstable distribution (sid) this problem has been fixed in version\n0.8.7-1.

\n

We recommend that you upgrade your hiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1325": "
\n

Debian Security Advisory

\n

DSA-1325-1 evolution -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Jun 2007
\n
Affected Packages:
\n
\nevolution\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1002, CVE-2007-3257.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Evolution, a\ngroupware suite with mail client and organizer. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1002\n

    Ulf H\u00e4rnhammar discovered that a format string vulnerability in\n the handling of shared calendars may allow the execution of arbitrary\n code.

    • \n
  • CVE-2007-3257\n

    It was discovered that the IMAP code in the Evolution Data Server\n performs insufficient sanitising of a value later used an array index,\n which can lead to the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 2.0.4-2sarge2. Packages for hppa, mips and powerpc are not yet\navailable. They will be provided later.

\n

For the stable distribution (etch) these problems have been fixed\nin version 2.6.3-6etch1. Packages for mips are not yet available. They\nwill be provided later.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your evolution packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch1_sparc.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1326": "
\n

Debian Security Advisory

\n

DSA-1326-1 fireflier-server -- insecure temporary files

\n
\n
Date Reported:
\n
01 Jul 2007
\n
Affected Packages:
\n
\nfireflier-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2837.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that\nfireflier-server, an interactive firewall rule creation tool, uses temporary\nfiles in an unsafe manner which may be exploited to remove arbitrary files from\nthe local system.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 1.1.5-1sarge1.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.1.6-3etch1.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your fireflier-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.6-3etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.6-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.6-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.6-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.6-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1327": "
\n

Debian Security Advisory

\n

DSA-1327-1 gsambad -- insecure temporary files

\n
\n
Date Reported:
\n
01 Jul 2007
\n
Affected Packages:
\n
\ngsambad\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2838.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that gsambad,\na GTK+ configuration tool for samba, uses temporary files in an unsafe\nmanner which may be exploited to truncate arbitrary files from the local system.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.1.4-2etch1.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your gsambad package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1328": "
\n

Debian Security Advisory

\n

DSA-1328-1 unicon-imc2 -- buffer overflow

\n
\n
Date Reported:
\n
01 Jul 2007
\n
Affected Packages:
\n
\nunicon-imc2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2835.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that\nunicon-imc2, a Chinese input method library, makes unsafe use of\nan environmental variable, which may be exploited to execute arbitrary\ncode.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 3.0.4-11etch1.

\n

For the unstable distribution (sid) this problem will be fixed shortly.

\n

We recommend that you upgrade your unicon-imc2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1329": "
\n

Debian Security Advisory

\n

DSA-1329-1 gfax -- insecure temporary files

\n
\n
Date Reported:
\n
05 Jul 2007
\n
Affected Packages:
\n
\ngfax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2839.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that\ngfax, a GNOME frontend for fax programs, uses temporary files in an\nunsafe manner which may be exploited to execute arbitrary commands\nwith the privileges of the root user.

\n

For the old stable distribution (sarge) this problem has been fixed\nin version 0.4.2-11sarge1.

\n

The stable distribution (etch) is not affected by this problem.

\n

The unstable distribution (sid) is not affected by this problem.

\n

We recommend that you upgrade your gfax package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 alias sarge

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.dsc
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_alpha.deb
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_arm.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_ia64.deb
\n
m68k architecture (Motorola Mc680x0)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_m68k.deb
\n
s390 architecture (IBM S/390)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_s390.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1330": "
\n

Debian Security Advisory

\n

DSA-1330-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jul 2007
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1399, CVE-2007-1864.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-1399\n

    Stefan Esser discovered that a buffer overflow in the zip extension\n allows the execution of arbitrary code.

    • \n
  • CVE-2007-1864\n

    It was discovered that a buffer overflow in the xmlrpc extension\n allows the execution of arbitrary code.

    • \n
\n

The oldstable distribution (sarge) doesn't include php5.

\n

For the stable distribution (etch) these problems have been fixed\nin version 5.2.0-8+etch7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 5.2.2-1.

\n

We recommend that you upgrade your PHP packages. Packages for the littleendian Mips architecture are not yet available, due to problems on the\nbuild host. They will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch7.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch7_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1331": "
\n

Debian Security Advisory

\n

DSA-1331-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jul 2007
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4486, CVE-2006-0207, CVE-2007-1864.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language, which may lead to the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2006-0207\n

    Stefan Esser discovered HTTP response splitting vulnerabilities\n in the session extension. This only affects Debian 3.1 (Sarge).

    • \n
  • CVE-2006-4486\n

    Stefan Esser discovered that an integer overflow in memory allocation\n routines allows the bypass of memory limit restrictions. This only\n affects Debian 3.1 (Sarge) on 64 bit architectures.

    • \n
  • CVE-2007-1864\n

    It was discovered that a buffer overflow in the xmlrpc extension\n allows the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed\nin version 4.3.10-22.

\n

For the stable distribution (etch) these problems have been fixed\nin version 4.4.4-8+etch4.

\n

The unstable distribution (sid) no longer contains php4.

\n

We recommend that you upgrade your PHP packages. Sarge packages for\nhppa, mips and powerpc are not yet available, due to problems on the\nbuild hosts. They will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-22_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1332": "
\n

Debian Security Advisory

\n

DSA-1332-1 vlc -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Jul 2007
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 429726.
In Mitre's CVE dictionary: CVE-2007-3316, CVE-2007-3467, CVE-2007-3468.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the VideoLan\nmultimedia player and streamer, which may lead to the execution of\narbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-3316\n

    David Thiel discovered that several format string vulnerabilities may\n lead to the execution of arbitrary code.

    • \n
  • CVE-2007-3467\n

    David Thiel discovered an integer overflow in the WAV processing code.

    • \n
\n

This update also fixes several crashes, which can be triggered through\nmalformed media files.

\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 0.8.1.svn20050314-1sarge3. Packages for the powerpc architecture\nare not yet available. They will be provided later.

\n

For the stable distribution (etch) these problems have been fixed\nin version 0.8.6-svn20061012.debian-5etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.8.6.c-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-glide_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/gnome-vlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/gvlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/kvlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/qvlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-alsa_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-esd_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-ggi_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gnome_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-gtk_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-qt_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-sdl_0.8.1.svn20050314-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.1.svn20050314-1sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5etch1_all.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1333": "
\n

Debian Security Advisory

\n

DSA-1333-1 libcurl3-gnutls -- missing input validation

\n
\n
Date Reported:
\n
18 Jul 2007
\n
Affected Packages:
\n
\nlibcurl3-gnutls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3564.
\n
More information:
\n
\n

It has been discovered that the GnuTLS certificate verification methods\nimplemented in libcurl-gnutls, a solid, usable, and portable multi-protocol\nfile transfer library, did not check for expired or invalid dates.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch1.

\n

We recommend that you upgrade your libcurl3-gnutls package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.dsc
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.diff.gz
\n
Architecture-independent component:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch1_all.deb
\n
Alpha:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_alpha.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_alpha.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_alpha.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_alpha.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_alpha.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_alpha.deb
\n
AMD64:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_amd64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_amd64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_amd64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_amd64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_amd64.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_amd64.deb
\n
ARM:\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_arm.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_arm.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_arm.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_arm.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_arm.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_arm.deb
\n
HPPA:\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_hppa.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_hppa.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_hppa.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_hppa.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_hppa.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_hppa.deb
\n
Intel IA-32:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_i386.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_i386.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_i386.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_i386.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_i386.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_i386.deb
\n
Intel IA-64:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_ia64.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_ia64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_ia64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_ia64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_ia64.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_ia64.deb
\n
Little endian MIPS:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_mipsel.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_mipsel.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_mipsel.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_mipsel.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_mipsel.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_mipsel.deb
\n
PowerPC:\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_powerpc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_powerpc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_powerpc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_powerpc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_powerpc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_powerpc.deb
\n
IBM S/390:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_s390.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_s390.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_s390.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_s390.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_s390.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_s390.deb
\n
Sun Sparc:\n
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_sparc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_sparc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_sparc.deb
\n
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_sparc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_sparc.deb
\n
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1334": "
\n

Debian Security Advisory

\n

DSA-1334-1 freetype -- integer overflow

\n
\n
Date Reported:
\n
18 Jul 2007
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2754.
\n
More information:
\n
\n

\nA problem was discovered with freetype, a FreeType2 font engine, which\ncould allow the execution of arbitrary code via an integer overflow in\nspecially crafted TTF files.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.1.7-8.

\n

We recommend that you upgrade your freetype package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 alias sarge

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb
\n
hppa architecture (HP PA RISC)\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_ia64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_ia64.deb
\n
m68k architecture (Motorola Mc680x0)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_m68k.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_m68k.deb
\n
mipsel architecture (MIPS (Little Endian))\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_mipsel.deb
\n
powerpc architecture (PowerPC)\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_powerpc.deb
\n
s390 architecture (IBM S/390)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_s390.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1335": "
\n

Debian Security Advisory

\n

DSA-1335-1 gimp -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jul 2007
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-4519, CVE-2007-2949.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Gimp, the GNU Image\nManipulation Program, which might lead to the execution of arbitrary code.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2006-4519\n

    Sean Larsson discovered several integer overflows in the processing\n code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead\n to the execution of arbitrary code if a user is tricked into opening\n such a malformed media file.

    • \n
  • CVE-2007-2949\n

    Stefan Cornelius discovered an integer overflow in the processing\n code for PSD images, which might lead to the execution of arbitrary\n code if a user is tricked into opening such a malformed media file.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 2.2.6-1sarge4. Packages for mips and mipsel are not yet\navailable.

\n

For the stable distribution (etch) these problems have been fixed\nin version 2.2.13-1etch4. Packages for mips are not yet available.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.2.17-1.

\n

We recommend that you upgrade your gimp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge4_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4.dsc
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.13-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.13-1etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-dbg_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.13-1etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.13-1etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1336": "
\n

Debian Security Advisory

\n

DSA-1336-1 mozilla-firefox -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jul 2007
\n
Affected Packages:
\n
\nmozilla-firefox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1282, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2007-0981, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0778, CVE-2007-0045, CVE-2006-6077.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Mozilla Firefox.

\n

This will be the last security update of Mozilla-based products for\nthe oldstable (sarge) distribution of Debian. We recommend to upgrade\nto stable (etch) as soon as possible.

\n

The Common Vulnerabilities and Exposures project identifies the following\nvulnerabilities:

\n
    \n
  • CVE-2007-1282\n

    It was discovered that an integer overflow in text/enhanced message\n parsing allows the execution of arbitrary code.

    • \n
  • CVE-2007-0994\n

    It was discovered that a regression in the Javascript engine allows\n the execution of Javascript with elevated privileges.

    • \n
  • CVE-2007-0995\n

    It was discovered that incorrect parsing of invalid HTML characters\n allows the bypass of content filters.

    • \n
  • CVE-2007-0996\n

    It was discovered that insecure child frame handling allows cross-site\n scripting.

    • \n
  • CVE-2007-0981\n

    It was discovered that Firefox handles URI with a null byte in the\n hostname insecurely.

    • \n
  • CVE-2007-0008\n

    It was discovered that a buffer overflow in the NSS code allows the\n execution of arbitrary code.

    • \n
  • CVE-2007-0009\n

    It was discovered that a buffer overflow in the NSS code allows the\n execution of arbitrary code.

    • \n
  • CVE-2007-0775\n

    It was discovered that multiple programming errors in the layout engine\n allow the execution of arbitrary code.

    • \n
  • CVE-2007-0778\n

    It was discovered that the page cache calculates hashes in an insecure\n manner.

    • \n
  • CVE-2006-6077\n

    It was discovered that the password manager allows the disclosure of\n passwords.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 1.0.4-2sarge17. You should upgrade to etch as soon as possible.

\n

The stable distribution (etch) isn't affected. These vulnerabilities have\nbeen fixed prior to the release of Debian etch.

\n

The unstable distribution (sid) no longer contains mozilla-firefox. Iceweasel\nis already fixed.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.dsc
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge17_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge17_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge17_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1337": "
\n

Debian Security Advisory

\n

DSA-1337-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jul 2007
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3089, CVE-2007-3285, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3089\n

    Ronen Zilberman and Michal Zalewski discovered that a timing race\n allows the injection of content into about:blank frames.

    • \n
  • CVE-2007-3656\n

    Michal Zalewski discovered that same-origin policies for wyciwyg://\n documents are insufficiently enforced.

    • \n
  • CVE-2007-3734\n

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,\n Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul\n Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3735\n

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the\n javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3736\n

    moz_bug_r_a4 discovered that the addEventListener() and setTimeout()\n functions allow cross-site scripting.

    • \n
  • CVE-2007-3737\n

    moz_bug_r_a4 discovered that a programming error in event handling\n allows privilege escalation.

    • \n
  • CVE-2007-3738\n

    shutdown and moz_bug_r_a4 discovered that the XPCNativeWrapper allows\n the execution of arbitrary code.

    \n
    • \n
\n

The oldstable distribution (sarge) doesn't include xulrunner.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.8.0.13~pre070720-0etch1. A build for the mips architecture is not yet\navailable, it will be provided later.

\n

For the unstable distribution (sid) these problems have been fixed in version\n1.8.1.5-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.13~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.13~pre070720-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.12-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1338": "
\n

Debian Security Advisory

\n

DSA-1338-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2007
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3089\n

    Ronen Zilberman and Michal Zalewski discovered that a timing race\n allows the injection of content into about:blank frames.

    • \n
  • CVE-2007-3656\n

    Michal Zalewski discovered that same-origin policies for wyciwyg://\n documents are insufficiently enforced.

    • \n
  • CVE-2007-3734\n

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,\n Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul\n Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3735\n

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the\n javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3736\n

    moz_bug_r_a4 discovered that the addEventListener() and setTimeout()\n functions allow cross-site scripting.

    • \n
  • CVE-2007-3737\n

    moz_bug_r_a4 discovered that a programming error in event handling\n allows privilege escalation.

    • \n
  • CVE-2007-3738\n

    shutdown and moz_bug_r_a4 discovered that the XPCNativeWrapper allows\n the execution of arbitrary code.

    \n
    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates. You're strongly encouraged to upgrade to\nstable as soon as possible.

\n

For the stable distribution (etch) these problems have been fixed in version\n2.0.0.5-0etch1. Builds for alpha and mips are not yet available, they will\nbe provided later.

\n

For the unstable distribution (sid) these problems have been fixed in version\n2.0.0.5-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.5-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.5-0etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.5-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.5-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.5-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1339": "
\n

Debian Security Advisory

\n

DSA-1339-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2007
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3089\n

    Ronen Zilberman and Michal Zalewski discovered that a timing race\n allows the injection of content into about:blank frames.

    • \n
  • CVE-2007-3656\n

    Michal Zalewski discovered that same-origin policies for wyciwyg://\n documents are insufficiently enforced.

    • \n
  • CVE-2007-3734\n

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,\n Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul\n Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3735\n

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the\n javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3736\n

    moz_bug_r_a4 discovered that the addEventListener() and setTimeout()\n functions allow cross-site scripting.

    • \n
  • CVE-2007-3737\n

    moz_bug_r_a4 discovered that a programming error in event handling\n allows privilege escalation.

    • \n
  • CVE-2007-3738\n

    shutdown and moz_bug_r_a4 discovered that the XPCNativeWrapper allows\n the execution of arbitrary code.

    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates. You're strongly encouraged to upgrade to\nstable as soon as possible.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.0.10~pre070720-0etch1. A build for the mips architecture is not yet available,\nit will be provided later.

\n

For the unstable distribution (sid) these problems have been fixed in version\n1.1.3-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1340": "
\n

Debian Security Advisory

\n

DSA-1340-1 clamav -- null pointer dereference

\n
\n
Date Reported:
\n
24 Jul 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3725.
\n
More information:
\n
\n

A NULL pointer dereference has been discovered in the RAR VM of Clam\nAntivirus (ClamAV) which allows user-assisted remote attackers to\ncause a denial of service via a specially crafted RAR archives.

\n

We are currently unable to provide fixed packages for the MIPS\narchitectures. Those packages will be installed in the security\narchive when they become available.

\n

The old stable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.90.1-3etch4.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.91-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch4_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch4_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1341": "
\n

Debian Security Advisory

\n

DSA-1341-2 bind9 -- design error

\n
\n
Date Reported:
\n
25 Jul 2007
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2926.
\n
More information:
\n
\n

This update provides fixed packages for the oldstable distribution (sarge).\nFor reference the original advisory text:

\n
\n

Amit Klein discovered that the BIND name server generates predictable\nDNS query IDs, which may lead to cache poisoning attacks.

\n
\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet\navailable, they will be released soon.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 9.3.4-2etch1. An update for mips is not yet available, it will\nbe released soon.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your BIND packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1342": "
\n

Debian Security Advisory

\n

DSA-1342-1 xfs -- race condition

\n
\n
Date Reported:
\n
30 Jul 2007
\n
Affected Packages:
\n
\nxfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3103.
\n
More information:
\n
\n

It was discovered that a race condition in the init.d script of the X Font\nServer allows the modification of file permissions of arbitrary files if\nthe local administrator can be tricked into restarting the X font server.

\n

For the oldstable distribution (sarge) xfs is present as part of the\nmonolithic xfree86 package. A fix will be provided along with a future\nsecurity update.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.0.1-6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.4-2.

\n

We recommend that you upgrade your xfs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6.dsc
\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1343": "
\n

Debian Security Advisory

\n

DSA-1343-1 file -- integer overflow

\n
\n
Date Reported:
\n
31 Jul 2007
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2799.
\n
More information:
\n
\n

Colin Percival discovered an integer overflow in file, a file type\nclassification tool, which may lead to the execution of arbitrary code.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 4.12-1sarge2.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4.17-5etch2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.21-1.

\n

We recommend that you upgrade your file package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_4.12.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/file/file_4.12-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.12-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.12-1sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.dsc
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/file/file_4.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/file/file_4.17-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic-dev_4.17-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/libmagic1_4.17-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/file/python-magic_4.17-5etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1344": "
\n

Debian Security Advisory

\n

DSA-1344-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Aug 2007
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3844, CVE-2007-3845.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3844\n

    moz_bug_r_a4 discovered that a regression in the handling of\n about:blank windows used by addons may lead to an attacker being\n able to modify the content of web sites.

    • \n
  • CVE-2007-3845\n

    Jesper Johansson discovered that missing sanitising of double-quotes\n and spaces in URIs passed to external programs may allow an attacker\n to pass arbitrary arguments to the helper program if the user is\n tricked into opening a malformed web page.

    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.

\n

For the stable distribution (etch) these problems have been fixed in version\n2.0.0.6-0etch1.

\n

For the unstable distribution (sid) these problems have been fixed in version\n2.0.0.6-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.6-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.6-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1345": "
\n

Debian Security Advisory

\n

DSA-1345-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2007
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3844, CVE-2007-3845.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3844\n

    moz_bug_r_a4 discovered that a regression in the handling of\n about:blank windows used by addons may lead to an attacker being\n able to modify the content of web sites.

    • \n
  • CVE-2007-3845\n

    Jesper Johansson discovered that missing sanitising of double-quotes\n and spaces in URIs passed to external programs may allow an attacker\n to pass arbitrary arguments to the helper program if the user is\n tricked into opening a malformed web page.

    • \n
\n

The oldstable distribution (sarge) doesn't include xulrunner.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.8.0.13~pre070720-0etch3.

\n

For the unstable distribution (sid) these problems have been fixed in version\n1.8.1.6-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.13~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.13~pre070720-0etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.13~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.13~pre070720-0etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1346": "
\n

Debian Security Advisory

\n

DSA-1346-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2007
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3844, CVE-2007-3845.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3844\n

    moz_bug_r_a4 discovered that a regression in the handling of\n about:blank windows used by addons may lead to an attacker being\n able to modify the content of web sites.

    • \n
  • CVE-2007-3845\n

    Jesper Johansson discovered that missing sanitising of double-quotes\n and spaces in URIs passed to external programs may allow an attacker\n to pass arbitrary arguments to the helper program if the user is\n tricked into opening a malformed web page.

    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.0.10~pre070720-0etch3.

\n

For the unstable distribution (sid) these problems have been fixed in version\n1.1.3-2.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.10~pre070720-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.10~pre070720-0etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.10~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.10~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.10~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.10~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.10~pre070720-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.10~pre070720-0etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1347": "
\n

Debian Security Advisory

\n

DSA-1347-1 xpdf -- integer overflow

\n
\n
Date Reported:
\n
04 Aug 2007
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.00-13.7.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 3.01-9etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1348": "
\n

Debian Security Advisory

\n

DSA-1348-1 poppler -- integer overflow

\n
\n
Date Reported:
\n
04 Aug 2007
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

poppler includes a copy of the xpdf code and required an update as well.

\n

The oldstable distribution (sarge) doesn't include poppler.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.4.5-5.1etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your poppler packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1349": "
\n

Debian Security Advisory

\n

DSA-1349-1 libextractor -- integer overflow

\n
\n
Date Reported:
\n
05 Aug 2007
\n
Affected Packages:
\n
\nlibextractor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

libextractor includes a copy of the xpdf code and required an update\nas well.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 0.4.2-2sarge6.

\n

The stable distribution (etch) isn't affected by this problem.

\n

The unstable distribution (sid) isn't affected by this problem.

\n

We recommend that you upgrade your libextractor packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1350": "
\n

Debian Security Advisory

\n

DSA-1350-1 tetex-bin -- integer overflow

\n
\n
Date Reported:
\n
06 Aug 2007
\n
Affected Packages:
\n
\ntetex-bin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

tetex-bin includes a copy of the xpdf code and required an update as\nwell.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 2.0.2-30sarge5.

\n

The package from the stable distribution (etch) links dynamically\nagainst libpoppler and doesn't require a separate update.

\n

The package from the unstable distribution (sid) links dynamically\nagainst libpoppler and doesn't require a separate update.

\n

We recommend that you upgrade your tetex-bin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.dsc
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_2.0.2-30sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_2.0.2-30sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_2.0.2-30sarge5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1351": "
\n

Debian Security Advisory

\n

DSA-1351-1 bochs -- buffer overflow

\n
\n
Date Reported:
\n
07 Aug 2007
\n
Affected Packages:
\n
\nbochs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2893.
\n
More information:
\n
\n

Tavis Ormandy discovered that bochs, a highly portable IA-32 PC emulator,\nis vulnerable to a buffer overflow in the emulated NE2000 network device\ndriver, which may lead to privilege escalation.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 2.1.1+20041109-3sarge1.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.3-2etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3+20070705-1.

\n

We recommend that you upgrade your bochs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1.dsc
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-doc_2.1.1+20041109-3sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochsbios_2.1.1+20041109-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-svga_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/sb16ctrl-bochs_2.1.1+20041109-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.1.1+20041109-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.1.1+20041109-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.1.1+20041109-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.1.1+20041109-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.1.1+20041109-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.1.1+20041109-3sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-doc_2.3-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochsbios_2.3-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-svga_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-svga_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/sb16ctrl-bochs_2.3-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bochs/bochs_2.3-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-sdl_2.3-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-term_2.3-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-wx_2.3-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bochs-x_2.3-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bochs/bximage_2.3-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1352": "
\n

Debian Security Advisory

\n

DSA-1352-1 pdfkit.framework -- integer overflow

\n
\n
Date Reported:
\n
07 Aug 2007
\n
Affected Packages:
\n
\npdfkit.framework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

pdfkit.framework includes a copy of the xpdf code and required an update\nas well.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 0.8-2sarge4.

\n

The package from the stable distribution (etch) links dynamically\nagainst libpoppler and doesn't require a separate update.

\n

The package from the unstable distribution (sid) links dynamically\nagainst libpoppler and doesn't require a separate update.

\n

We recommend that you upgrade your pdfkit.framework packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4.dsc
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_amd64.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1353": "
\n

Debian Security Advisory

\n

DSA-1353-1 tcpdump -- integer overflow

\n
\n
Date Reported:
\n
11 Aug 2007
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3798.
\n
More information:
\n
\n

It was discovered that an integer overflow in the BGP dissector of tcpdump,\na powerful tool for network monitoring and data acquisition, may lead to\nthe execution of arbitrary code.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.8.3-5sarge3.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 3.9.5-2etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.9.5-3.

\n

We recommend that you upgrade your tcpdump package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.8.3-5sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.9.5-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1354": "
\n

Debian Security Advisory

\n

DSA-1354-1 gpdf -- integer overflow

\n
\n
Date Reported:
\n
13 Aug 2007
\n
Affected Packages:
\n
\ngpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

gpdf includes a copy of the xpdf code and requires an update as well.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 2.8.2-1.2sarge6.

\n

The stable distribution (etch) no longer contains gpdf.

\n

The unstable distribution (sid) no longer contains gpdf.

\n

We recommend that you upgrade your gpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gpdf/gpdf_2.8.2-1.2sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1355": "
\n

Debian Security Advisory

\n

DSA-1355-1 kdegraphics -- integer overflow

\n
\n
Date Reported:
\n
13 Aug 2007
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

kpdf includes a copy of the xpdf code and required an update as well.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.3.2-2sarge5.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 3.5.5-3etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.5.7-3.

\n

We recommend that you upgrade your kpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.3.2-2sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.3.2-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.3.2-2sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1356": "
\n

Debian Security Advisory

\n

DSA-1356-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Aug 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1353, CVE-2007-2172, CVE-2007-2453, CVE-2007-2525, CVE-2007-2876, CVE-2007-3513, CVE-2007-3642, CVE-2007-3848, CVE-2007-3851.
\n
More information:
\n
\n

\nSeveral local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-1353\n

    Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.

    • \n
  • CVE-2007-2172\n

    Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.

    • \n
  • CVE-2007-2453\n

    A couple of issues with random number generation were discovered.\n Slightly less random numbers resulted from hashing a subset of the\n available entropy. Zero-entropy systems were seeded with the same\n inputs at boot time, resulting in repeatable series of random numbers.

    • \n
  • CVE-2007-2525\n

    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.

    • \n
  • CVE-2007-2876\n

    Vilmos Nebehaj discovered a NULL pointer dereference condition in the\n netfilter subsystem. This allows remote systems which communicate using\n the SCTP protocol to crash a system by creating a connection with an\n unknown chunk type.

    • \n
  • CVE-2007-3513\n

    Oliver Neukum reported an issue in the usblcd driver which, by not\n limiting the size of write buffers, permits local users with write access\n to trigger a DoS by consuming all available memory.

    • \n
  • CVE-2007-3642\n

    Zhongling Wen reported an issue in nf_conntrack_h323 where the lack of\n range checking may lead to NULL pointer dereferences. Remote attackers\n could exploit this to create a DoS condition (system crash).

    • \n
  • CVE-2007-3848\n

    Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.

    • \n
  • CVE-2007-3851\n

    Dave Airlie reported that Intel 965 and above chipsets have relocated\n their batch buffer security bits. Local X server users may exploit this\n to write user data to arbitrary physical memory addresses.

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch1.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch4
user-mode-linux 2.6.18-1um-2etch3
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1357": "
\n

Debian Security Advisory

\n

DSA-1357-1 koffice -- integer overflow

\n
\n
Date Reported:
\n
19 Aug 2007
\n
Affected Packages:
\n
\nkoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3387.
\n
More information:
\n
\n

It was discovered that an integer overflow in the xpdf PDF viewer may lead\nto the execution of arbitrary code if a malformed PDF file is opened.

\n

koffice includes a copy of the xpdf code and required an update as well.

\n

The oldstable distribution (sarge) will be fixed later.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.6.1-2etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.3-2.

\n

We recommend that you upgrade your koffice packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1358": "
\n

Debian Security Advisory

\n

DSA-1358-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Aug 2007
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1306, CVE-2007-1561, CVE-2007-2294, CVE-2007-2297, CVE-2007-2488, CVE-2007-3762, CVE-2007-3763, CVE-2007-3764.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Asterisk, a free\nsoftware PBX and telephony toolkit. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-1306\n

    Mu Security discovered that a NULL pointer dereference in the SIP\n implementation could lead to denial of service.

    • \n
  • CVE-2007-1561\n

    Inria Lorraine discovered that a programming error in the SIP\n implementation could lead to denial of service.

    • \n
  • CVE-2007-2294\n

    It was discovered that a NULL pointer dereference in the manager\n interface could lead to denial of service.

    • \n
  • CVE-2007-2297\n

    It was discovered that a programming error in the SIP implementation\n could lead to denial of service.

    • \n
  • CVE-2007-2488\n

    Tim Panton and Birgit Arkestein discovered that a programming error\n in the IAX2 implementation could lead to information disclosure.

    • \n
  • CVE-2007-3762\n

    Russell Bryant discovered that a buffer overflow in the IAX\n implementation could lead to the execution of arbitrary code.

    • \n
  • CVE-2007-3763\n

    Chris Clark and Zane Lackey discovered that several NULL pointer\n dereferences in the IAX2 implementation could lead to denial of\n service.

    • \n
  • CVE-2007-3764\n

    Will Drewry discovered that a programming error in the Skinny\n implementation could lead to denial of service.

    • \n
\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 1.0.7.dfsg.1-2sarge5.

\n

For the stable distribution (etch) these problems have been fixed\nin version 1:1.2.13~dfsg-2etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1:1.4.11~dfsg-1.

\n

We recommend that you upgrade your Asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1359": "
\n

Debian Security Advisory

\n

DSA-1359-1 dovecot -- directory traversal

\n
\n
Date Reported:
\n
28 Aug 2007
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2231.
\n
More information:
\n
\n

\nIt was discovered that dovecot, a secure mail server that supports mbox\nand maildir mailboxes, when configured to use non-system-user spools\nand compressed folders, may allow directory traversal in mailbox names.

\n

For the old stable distribution (sarge), this problem was not present.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0.rc15-2etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your dovecot package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.diff.gz
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_alpha.deb
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_arm.deb
\n
hppa architecture (HP PA RISC)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_hppa.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_ia64.deb
\n
mips architecture (MIPS (Big Endian))\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_mips.deb
\n
mipsel architecture (MIPS (Little Endian))\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_mipsel.deb
\n
s390 architecture (IBM S/390)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_s390.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1360": "
\n

Debian Security Advisory

\n

DSA-1360-1 rsync -- buffer overflow

\n
\n
Date Reported:
\n
28 Aug 2007
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4091.
\n
More information:
\n
\n

Sebastian Krahmer discovered that rsync, a fast remote file copy program,\ncontains an off-by-one error which might allow remote attackers to execute\narbitrary code via long directory names.

\n

For the old stable distribution (sarge), this problem is not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.9-2etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your rsync package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.diff.gz
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_alpha.deb
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_arm.deb
\n
hppa architecture (HP PA RISC)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_hppa.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_ia64.deb
\n
mips architecture (MIPS (Big Endian))\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mips.deb
\n
mipsel architecture (MIPS (Little Endian))\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mipsel.deb
\n
s390 architecture (IBM S/390)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_s390.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1361": "
\n

Debian Security Advisory

\n

DSA-1361-1 postfix-policyd -- buffer overflow

\n
\n
Date Reported:
\n
29 Aug 2007
\n
Affected Packages:
\n
\npostfix-policyd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3791.
\n
More information:
\n
\n

\nIt was discovered that postfix-policyd, an anti-spam plugin for postfix,\ndidn't correctly test lengths of incoming SMTP commands potentially allowing\nthe remote execution of arbitrary code.

\n

For the old stable distribution (sarge), this package was not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.80-2.1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n1.80-2.2.

\n

We recommend that you upgrade your postfix-policyd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80.orig.tar.gz
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_alpha.deb
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_arm.deb
\n
hppa architecture (HP PA RISC)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_hppa.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_ia64.deb
\n
mips architecture (MIPS (Big Endian))\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mips.deb
\n
mipsel architecture (MIPS (Little Endian))\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mipsel.deb
\n
s390 architecture (IBM S/390)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_s390.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1362": "
\n

Debian Security Advisory

\n

DSA-1362-2 lighttpd -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2007
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 434888.
In Mitre's CVE dictionary: CVE-2007-3946, CVE-2007-3947, CVE-2007-3949, CVE-2007-3950, CVE-2007-4727.
\n
More information:
\n
\n

Several vulnerabilities were discovered in lighttpd, a fast webserver with\nminimal memory footprint, which could allow the execution of arbitrary code via\nthe overflow of CGI variables when mod_fcgi was enabled. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3946\n

    The use of mod_auth could leave to a denial of service attack crashing\n the webserver.

    • \n
  • CVE-2007-3947\n

    The improper handling of repeated HTTP headers could cause a denial\n of service attack crashing the webserver.

    • \n
  • CVE-2007-3949\n

    A bug in mod_access potentially allows remote users to bypass\n access restrictions via trailing slash characters.

    • \n
  • CVE-2007-3950\n

    On 32-bit platforms users may be able to create denial of service\n attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or\n mod_scgi.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n1.4.13-4etch4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.16-1.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch4_all.deb
\n
alpha architecture (DEC Alpha)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_alpha.deb
\n
amd64 architecture (AMD x86_64 (AMD64))\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_amd64.deb
\n
arm architecture (ARM)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_arm.deb
\n
hppa architecture (HP PA RISC)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_hppa.deb
\n
i386 architecture (Intel ia32)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_i386.deb
\n
ia64 architecture (Intel ia64)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_ia64.deb
\n
mips architecture (MIPS (Big Endian))\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_mips.deb
\n
powerpc architecture (PowerPC)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_powerpc.deb
\n
sparc architecture (Sun SPARC/UltraSPARC)\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1363": "
\n

Debian Security Advisory

\n

DSA-1363-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Aug 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2172, CVE-2007-2875, CVE-2007-3105, CVE-2007-3843.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-2172\n

    Thomas Graf reported a typo in the IPv4 protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n The DECnet counterpart of this issue was already fixed in DSA-1356.

    • \n
  • CVE-2007-2875\n

    iDefense reported a potential integer underflow in the cpuset filesystem\n which may permit local attackers to gain access to sensitive kernel\n memory. This vulnerability is only exploitable if the cpuset filesystem\n is mounted.

    • \n
  • CVE-2007-3105\n

    The PaX Team discovered a potential buffer overflow in the random number\n generator which may permit local users to cause a denial of service or\n gain additional privileges. This issue is not believed to effect default\n Debian installations where only root has sufficient privileges to exploit\n it.

    • \n
  • CVE-2007-3843\n

    A coding error in the CIFS subsystem permits the use of unsigned messages\n even if the client has configured the system to enforce\n signing by passing the sec=ntlmv2i mount option. This may allow remote\n attackers to spoof CIFS network traffic.

    • \n
  • CVE-2007-4308\n

    Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch2.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch5
user-mode-linux 2.6.18-1um-2etch4
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1364": "
\n

Debian Security Advisory

\n

DSA-1364-2 vim -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Sep 2007
\n
Affected Packages:
\n
\nvim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2438, CVE-2007-2953.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the vim editor. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-2953\n

    Ulf H\u00e4rnhammar discovered that a format string flaw in helptags_one() from\n src/ex_cmds.c (triggered through the helptags command) can lead to the\n execution of arbitrary code.

    • \n
  • CVE-2007-2438\n

    Editors often provide a way to embed editor configuration commands (aka\n modelines) which are executed once a file is opened. Harmful commands\n are filtered by a sandbox mechanism. It was discovered that function\n calls to writefile(), feedkeys() and system() were not filtered, allowing\n shell command execution with a carefully crafted file opened in vim.

    • \n
\n

This updated advisory repairs issues with missing files in the packages\nfor the oldstable distribution (sarge) for the alpha, mips, and mipsel\narchitectures.

\n

For the oldstable distribution (sarge) these problems have been fixed in\nversion 6.3-071+1sarge2. Sarge is not affected by CVE-2007-2438.

\n

For the stable distribution (etch) these problems have been fixed\nin version 7.0-122+1etch3.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 7.1-056+1.

\n

We recommend that you upgrade your vim packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_6.3-071+1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-doc_6.3-071+1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2+b1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vim/vim_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_6.3-071+1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_6.3-071+1sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.dsc
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1365": "
\n

Debian Security Advisory

\n

DSA-1365-3 id3lib3.8.3 -- programming error

\n
\n
Date Reported:
\n
02 Oct 2007
\n
Affected Packages:
\n
\nid3lib3.8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 438540.
In Mitre's CVE dictionary: CVE-2007-4460.
\n
More information:
\n
\n

Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag\nLibrary, may lead to denial of service through symlink attacks.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.8.3-4.1sarge1.

\n

Due to a technical limitation in the archive management scripts the fix\nfor the stable distribution (etch) can only be released in a few days.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 3.8.3-7.

\n

We recommend that you upgrade your id3lib3.8.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-4.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3_3.8.3-4.1sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/id3lib3.8.3/libid3-3.8.3-dev_3.8.3-4.1sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1366": "
\n

Debian Security Advisory

\n

DSA-1366-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Sep 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4510, CVE-2007-4560.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-4510\n

    It was discovered that the RTF and RFC2397 parsers can be tricked\n into dereferencing a NULL pointer, resulting in denial of service.

    • \n
  • CVE-2007-4560\n

    It was discovered that clamav-milter performs insufficient input\n sanitising, resulting in the execution of arbitrary shell commands.

    • \n
\n

The oldstable distribution (sarge) is only affected by a subset of\nthe problems. An update will be provided later.

\n

For the stable distribution (etch) these problems have been fixed\nin version 0.90.1-3etch7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.91.2-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch7_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch7_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1367": "
\n

Debian Security Advisory

\n

DSA-1367-1 krb5 -- buffer overflow

\n
\n
Date Reported:
\n
04 Sep 2007
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3999.
\n
More information:
\n
\n

It was discovered that a buffer overflow of the RPC library of the MIT\nKerberos reference implementation allows the execution of arbitrary code.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.4.4-7etch3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.6.dfsg.1-7.

\n

We recommend that you upgrade your Kerberos packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch3.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1368": "
\n

Debian Security Advisory

\n

DSA-1368-1 librpcsecgss -- buffer overflow

\n
\n
Date Reported:
\n
04 Sep 2007
\n
Affected Packages:
\n
\nlibrpcsecgss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3999.
\n
More information:
\n
\n

It was discovered that a buffer overflow of the library for secure RPC\ncommunication over the rpcsec_gss protocol allows the execution of\narbitrary code.

\n

The oldstable distribution (sarge) doesn't contain librpcsecgss.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.14-2etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your librpcsecgss packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1369": "
\n

Debian Security Advisory

\n

DSA-1369-1 gforge -- missing input sanitising

\n
\n
Date Reported:
\n
06 Sep 2007
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3913.
\n
More information:
\n
\n

Sumit I. Siddharth discovered that Gforge, a collaborative development\ntool performs insufficient input sanitising, which allows SQL injection.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.1-31sarge2.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4.5.14-22etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge2.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge2_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1370": "
\n

Debian Security Advisory

\n

DSA-1370-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Sep 2007
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6942, CVE-2006-6944, CVE-2007-1325, CVE-2007-1395, CVE-2007-2245.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a\nprogram to administrate MySQL over the web. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1325\n

    The PMA_ArrayWalkRecursive function in libraries/common.lib.php\n does not limit recursion on arrays provided by users, which allows\n context-dependent attackers to cause a denial of service (web\n server crash) via an array with many dimensions.

    \n

    This issue affects only the stable distribution (Etch).

    • \n
  • CVE-2007-1395\n

    Incomplete blacklist vulnerability in index.php allows remote\n attackers to conduct cross-site scripting (XSS) attacks by\n injecting arbitrary JavaScript or HTML in a (1) db or (2) table\n parameter value followed by an uppercase </SCRIPT> end tag,\n which bypasses the protection against lowercase </script>.

    \n

    This issue affects only the stable distribution (Etch).

    • \n
  • CVE-2007-2245\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML via (1) the\n fieldkey parameter to browse_foreigners.php or (2) certain input\n to the PMA_sanitize function.

    • \n
  • CVE-2006-6942\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary HTML or web script via (1) a comment\n for a table name, as exploited through (a) db_operations.php,\n (2) the db parameter to (b) db_create.php, (3) the newname parameter\n to db_operations.php, the (4) query_history_latest,\n (5) query_history_latest_db, and (6) querydisplay_tab parameters to\n (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

    \n

    This issue affects only the oldstable distribution (Sarge).

    • \n
  • CVE-2006-6944\n

    phpMyAdmin allows remote attackers to bypass Allow/Deny access rules\n that use IP addresses via false headers.

    \n

    This issue affects only the oldstable distribution (Sarge).

    • \n
\n

For the old stable distribution (sarge) these problems have been fixed in\nversion 2.6.2-3sarge5.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.9.1.1-4.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.10.1-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge5_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1371": "
\n

Debian Security Advisory

\n

DSA-1371-1 phpwiki -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Sep 2007
\n
Affected Packages:
\n
\nphpwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 429201, Bug 441390.
In Mitre's CVE dictionary: CVE-2007-2024, CVE-2007-2025, CVE-2007-3193.
\n
More information:
\n
\n

\nSeveral vulnerabilities have been discovered in phpWiki, a wiki engine\nwritten in PHP. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n

\n
    \n
  • CVE-2007-2024\n

    \n It was discovered that phpWiki performs insufficient file name\n validation, which allows unrestricted file uploads.\n

    • \n
  • CVE-2007-2025\n

    \n It was discovered that phpWiki performs insufficient file name\n validation, which allows unrestricted file uploads.\n

    • \n
  • CVE-2007-3193\n

    \n If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM,\n phpWiki might allow remote attackers to bypass authentication via\n an empty password, which causes ldap_bind to return true when used\n with certain LDAP implementations.\n

    • \n
\n

\nThe old stable distribution (sarge) does not contain phpwiki packages.\n

\n

\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.3.12p3-5etch1.\n

\n

\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.3.12p3-6.1.\n

\n

\nWe recommend that you upgrade your phpwiki package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpwiki/phpwiki_1.3.12p3-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpwiki/phpwiki_1.3.12p3-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpwiki/phpwiki_1.3.12p3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpwiki/phpwiki_1.3.12p3-5etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1372": "
\n

Debian Security Advisory

\n

DSA-1372-1 xorg-server -- buffer overflow

\n
\n
Date Reported:
\n
09 Sep 2007
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4730.
\n
More information:
\n
\n

Aaron Plattner discovered a buffer overflow in the Composite extension\nof the X.org X server, which can lead to local privilege escalation.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.1.1-21etch1.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1373": "
\n

Debian Security Advisory

\n

DSA-1373-2 ktorrent -- directory traversal

\n
\n
Date Reported:
\n
11 Sep 2007
\n
Affected Packages:
\n
\nktorrent\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1799.
\n
More information:
\n
\n

It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable\nto a directory traversal bug which potentially allowed remote users to\noverwrite arbitrary files.

\n

For the old stable distribution (sarge), this package was not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.0.3+dfsg1-2.2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.2.1.dfsg.1-1.

\n

We recommend that you upgrade your ktorrent package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1374": "
\n

Debian Security Advisory

\n

DSA-1374-1 jffnms -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Sep 2007
\n
Affected Packages:
\n
\njffnms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3189, CVE-2007-3190, CVE-2007-3191.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in jffnms, a web-based\nNetwork Management System for IP networks. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3189\n

    \n Cross-site scripting (XSS) vulnerability in auth.php, which allows\n a remote attacker to inject arbitrary web script or HTML via the\n user parameter.\n

    \n
    • \n
  • CVE-2007-3190\n

    \n Multiple SQL injection vulnerabilities in auth.php, which allow\n remote attackers to execute arbitrary SQL commands via the\n user and pass parameters.\n

    \n
    • \n
  • CVE-2007-3192\n

    \n Direct requests to URLs make it possible for remote attackers to\n access configuration information, bypassing login restrictions.\n

    \n
    • \n
\n

\nFor the stable distribution (etch), these problems have been fixed in version\n0.8.3dfsg.1-2.1etch1.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.8.3dfsg.1-4.\n

\n

\nWe recommend that you upgrade your jffnms package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.diff.gz
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1375": "
\n

Debian Security Advisory

\n

DSA-1375-1 openoffice.org -- buffer overflow

\n
\n
Date Reported:
\n
17 Sep 2007
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2834.
\n
More information:
\n
\n

A heap overflow vulnerability has been discovered in the TIFF parsing\ncode of the OpenOffice.org suite. The parser uses untrusted values\nfrom the TIFF file to calculate the number of bytes of memory to\nallocate. A specially crafted TIFF image could trigger an integer\noverflow and subsequently a buffer overflow that could cause the\nexecution of arbitrary code.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 1.1.3-9sarge8.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.0.4.dfsg.2-7etch2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.1-9.

\n

For the experimental distribution this problem has been fixed in\nversion 2.3.0~src680m224-1.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge8.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge8.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge8_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge8_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge8_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1376": "
\n

Debian Security Advisory

\n

DSA-1376-1 kdebase -- programming error

\n
\n
Date Reported:
\n
21 Sep 2007
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4569.
\n
More information:
\n
\n

iKees Huijgen discovered that under certain circumstances KDM, an X\nsession manager for KDE, could be tricked into\nallowing user logins without a password.

\n

For the old stable distribution (sarge), this problem was not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n4:3.5.5a.dfsg.1-6etch1.

\n

We recommend that you upgrade your kdebase package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.5a.dfsg.1-6etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.5a.dfsg.1-6etch1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.5a.dfsg.1-6etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_hppa.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.5a.dfsg.1-6etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1377": "
\n

Debian Security Advisory

\n

DSA-1377-2 fetchmail -- null pointer dereference

\n
\n
Date Reported:
\n
21 Sep 2007
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4565.
\n
More information:
\n
\n

Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP\nand IMAP mail gatherer/forwarder, can under certain circumstances\nattempt to dereference a NULL pointer and crash.

\n

For the old stable distribution (sarge), this problem was not present.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your fetchmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1378": "
\n

Debian Security Advisory

\n

DSA-1378-2 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Sep 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-3731\n

    Evan Teran discovered a potential local denial of service (oops) in\n the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests.

    • \n
  • CVE-2007-3739\n

    Adam Litke reported a potential local denial of service (oops) on\n powerpc platforms resulting from unchecked VMA expansion into address\n space reserved for hugetlb pages.

    • \n
  • CVE-2007-3740\n

    Matt Keenan reported that CIFS filesystems with CAP_UNIX enabled\n were not honoring a process' umask which may lead to unintentionally\n relaxed permissions.

    • \n
  • CVE-2007-4573\n

    Wojciech Purczynski discovered a vulnerability that can be exploited\n by a local user to obtain superuser privileges on x86_64 systems.\n This resulted from improper clearing of the high bits of registers\n during ia32 system call emulation. This vulnerability is relevant\n to the Debian amd64 port as well as users of the i386 port who run\n the amd64 linux-image flavour.

    • \n
  • CVE-2007-4849\n

    Michael Stone reported an issue with the JFFS2 filesystem. Legacy\n modes for inodes that were created with POSIX ACL support enabled\n were not being written out to the medium, resulting in incorrect\n permissions upon remount.

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch3.

\n

This advisory has been updated to include a build for the arm\narchitecture, which was not yet available at the time of DSA-1378-1.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch3
user-mode-linux 2.6.18-1um-2etch.13etch3
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1379": "
\n

Debian Security Advisory

\n

DSA-1379-1 openssl -- off-by-one error/buffer overflow

\n
\n
Date Reported:
\n
02 Oct 2007
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 444435.
In Mitre's CVE dictionary: CVE-2007-5135.
\n
More information:
\n
\n

An off-by-one error has been identified in the SSL_get_shared_ciphers()\nroutine in the libssl library from OpenSSL, an implementation of Secure\nSocket Layer cryptographic libraries and utilities. This error could\nallow an attacker to crash an application making use of OpenSSL's libssl\nlibrary, or potentially execute arbitrary code in the security context\nof the user running such an application.

\n

\nFor the old stable distribution (sarge), this problem has been fixed in version\n0.9.7e-3sarge5.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch1.\n

\n

\nFor the unstable and testing distributions (sid and lenny, respectively),\nthis problem has been fixed in version 0.9.8e-9.\n

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_ia64.udeb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_m68k.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_m68k.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.7e-3sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3sarge5_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.7e-3sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.7_0.9.7e-3sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1380": "
\n

Debian Security Advisory

\n

DSA-1380-1 elinks -- programming error

\n
\n
Date Reported:
\n
02 Oct 2007
\n
Affected Packages:
\n
\nelinks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 443891.
In Mitre's CVE dictionary: CVE-2007-5034.
\n
More information:
\n
\n

Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW\nbrowser, sent HTTP POST data in cleartext when using an HTTPS proxy server\npotentially allowing private information to be disclosed.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.11.1-1.2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n0.11.1-1.5.

\n

We recommend that you upgrade your elinks package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1381": "
\n

Debian Security Advisory

\n

DSA-1381-2 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Oct 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5755, CVE-2007-4133, CVE-2007-4573, CVE-2007-5093.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Linux kernel\nthat may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-5755\n

    The NT bit maybe leaked into the next task which can make it possible for local attackers\n to cause a Denial of Service (crash) on systems which run the amd64\n flavour kernel. The stable distribution (etch) was not believed to\n be vulnerable to this issue at the time of release, however Bastian\n Blank discovered that this issue still applied to the xen-amd64 and\n xen-vserver-amd64 flavours, and is resolved by this DSA.

    • \n
  • CVE-2007-4133\n

    Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.\n A misconversion of hugetlb_vmtruncate_list to prio_tree may allow\n local users to trigger a BUG_ON() call in exit_mmap.

    • \n
  • CVE-2007-4573\n

    Wojciech Purczynski discovered a vulnerability that can be exploited\n by a local user to obtain superuser privileges on x86_64 systems.\n This resulted from improper clearing of the high bits of registers\n during ia32 system call emulation. This vulnerability is relevant\n to the Debian amd64 port as well as users of the i386 port who run\n the amd64 linux-image flavour.\n

    \n

    DSA-1378 resolved this problem for the amd64 flavour kernels, but\n Tim Wickberg and Ralf Hemmenst\u00e4dt reported an outstanding issue with\n the xen-amd64 and xen-vserver-amd64 flavours that is resolved by\n this DSA.

    • \n
  • CVE-2007-5093\n

    Alex Smith discovered an issue with the pwc driver for certain webcam\n devices. If the device is removed while a userspace application has it\n open, the driver will wait for userspace to close the device, resulting\n in a blocked USB subsystem. This issue is of low security impact as\n it requires the attacker to either have physical access to the system\n or to convince users with local access to remove the device on their\n behalf.\n

    • \n
\n

\nThese problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch4.

\n

This is an update to DSA-1381-1 which included only amd64 binaries for\nlinux-2.6. Builds for all other architectures are now available, as well as\nrebuilds of ancillary packages that make use of the included linux source.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch4
kernel-patch-openvz 028.18.1etch5
user-mode-linux 2.6.18-1um-2etch.13etch4
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 alias etch

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch5.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch4.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-openvz/kernel-patch-openvz_028.18.1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch4_all.deb
\n
Alpha architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch4_alpha.deb
\n
AMD64 architecture:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch4_amd64.deb
\n
ARM architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch4_arm.deb
\n
HP Precision architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch4_hppa.deb
\n
Intel IA-32 architecture:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch4_i386.deb
\n
Intel IA-64 architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch4_ia64.deb
\n
Big endian MIPS architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch4_mips.deb
\n
Little endian MIPS architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch4_mipsel.deb
\n
PowerPC architecture:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch4_powerpc.deb
\n
IBM S/390 architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch4_s390.deb
\n
Sun Sparc architecture:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1382": "
\n

Debian Security Advisory

\n

DSA-1382-1 quagga -- null pointer dereference

\n
\n
Date Reported:
\n
01 Oct 2007
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 442133.
In Mitre's CVE dictionary: CVE-2007-4826.
\n
More information:
\n
\n

It was discovered that BGP peers can trigger a NULL pointer dereference\nin the BGP daemon if debug logging is enabled, causing the BGP daemon to\ncrash.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.98.3-7.5.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.99.5-5etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.99.9-1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1383": "
\n

Debian Security Advisory

\n

DSA-1383-1 gforge -- cross site scripting

\n
\n
Date Reported:
\n
04 Oct 2007
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3918.
\n
More information:
\n
\n

It was discovered that a cross site scripting vulnerability in GForge,\na collaborative development tool, allows remote attackers to inject\narbitrary web script or HTML in the context of a logged in user's session.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 3.1-31sarge3.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4.5.14-22etch2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.6.99+svn6094-1.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge3.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge3_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch2.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1384": "
\n

Debian Security Advisory

\n

DSA-1384-1 xen-utils -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2007
\n
Affected Packages:
\n
\nxen-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 444430, Bug 444007.
In Mitre's CVE dictionary: CVE-2007-4993, CVE-2007-1320.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Xen hypervisor\npackages which may lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-4993\n

    By use of a specially crafted grub configuration file a domU user\n may be able to execute arbitrary code upon the dom0 when pygrub is\n being used.

    • \n
  • CVE-2007-1320\n

    Multiple heap-based buffer overflows in the Cirrus VGA extension,\n provided by QEMU, may allow local users to execute arbitrary code\n via bitblt heap overflow.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n3.0.3-0-3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-3_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1385": "
\n

Debian Security Advisory

\n

DSA-1385-1 xfs -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Oct 2007
\n
Affected Packages:
\n
\nxfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4568.
\n
More information:
\n
\n

Sean Larsson discovered that two code paths inside the X Font Server\nhandle integer values insecurely, which may lead to the execution of\narbitrary code.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 4.3.0.dfsg.1-14sarge5 of xfree86. Packages for m68k are not\nyet available. They will be provided later.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.0.1-7.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.5-1.

\n

We recommend that you upgrade your xfs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge5.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7.dsc
\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfs/xfs_1.0.1-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1386": "
\n

Debian Security Advisory

\n

DSA-1386-1 wesnoth -- programming error

\n
\n
Date Reported:
\n
15 Oct 2007
\n
Affected Packages:
\n
\nwesnoth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3917.
\n
More information:
\n
\n

A problem has been discovered in the processing of chat messages.\nOverly long messages are truncated by the server to a fixed length,\nwithout paying attention to the multibyte characters. This leads to\ninvalid UTF-8 on clients and causes an uncaught exception. Note that\nboth wesnoth and the wesnoth server are affected.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 0.9.0-6 and in version 1.2.7-1~bpo31+1 of sarge-backports.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.2-2 and in version 1.2.7-1~bpo40+1 of etch-backports.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.7-1.

\n

Packages for the oldstable mips architecture will be added to the\narchive later.

\n

We recommend that you upgrade your wesnoth packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.dsc
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-6_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_m68k.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.dsc
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-2_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1387": "
\n

Debian Security Advisory

\n

DSA-1387-1 librpcsecgss -- buffer overflow

\n
\n
Date Reported:
\n
15 Oct 2007
\n
Affected Packages:
\n
\nlibrpcsecgss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4743.
\n
More information:
\n
\n

It has been discovered that the original patch for a buffer overflow in\nsvc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5\n(CVE-2007-3999,\nDSA-1368-1) was insufficient to protect from arbitrary\ncode execution in some environments.

\n

The old stable distribution (sarge) does not contain a librpcsecgss\npackage.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.14-2etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.14-4.

\n

We recommend that you upgrade your librpcsecgss package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss_0.14-2etch3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss3_0.14-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libr/librpcsecgss/librpcsecgss-dev_0.14-2etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1388": "
\n

Debian Security Advisory

\n

DSA-1388-3 dhcp -- buffer overflow

\n
\n
Date Reported:
\n
29 Oct 2007
\n
Affected Packages:
\n
\ndhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 446354.
In Mitre's CVE dictionary: CVE-2007-5365.
\n
More information:
\n
\n

The patch used to correct the DHCP server buffer overflow in DSA-1388-1\nwas incomplete and did not adequately resolve the problem. This update\nto the previous advisory makes updated packages based on a\nnewer version of the patch available.

\n

For completeness, please find below the original advisory:

\n

It was discovered that dhcp, a DHCP server for automatic IP address assignment,\ndidn't correctly allocate space for network replies. This could potentially\nallow a malicious DHCP client to execute arbitrary code upon the DHCP server.

\n\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.0pl5-19.5etch2.\n

\n

\nFor the unstable distribution (sid), this problem will be fixed shortly.\n

\n

\nUpdates to the old stable version (sarge) are pending.\n

\n

\nWe recommend that you upgrade your dhcp packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_arm.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_i386.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mips.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_s390.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_sparc.udeb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1389": "
\n

Debian Security Advisory

\n

DSA-1389-2 zoph -- missing input sanitising

\n
\n
Date Reported:
\n
18 Oct 2007
\n
Affected Packages:
\n
\nzoph\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 435711.
In Mitre's CVE dictionary: CVE-2007-3905.
\n
More information:
\n
\n

It was discovered that zoph, a web based photo management system,\nperforms insufficient input sanitising, which allows SQL injection.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 0.3.3-12sarge3.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.6-2.1etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.7.0.2-1.

\n

We recommend that you upgrade your zoph package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge3.dsc
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.3.3-12sarge3_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.6-2.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.6-2.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zoph/zoph_0.6-2.1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1390": "
\n

Debian Security Advisory

\n

DSA-1390-1 t1lib -- buffer overflow

\n
\n
Date Reported:
\n
18 Oct 2007
\n
Affected Packages:
\n
\nt1lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 439927.
In Mitre's CVE dictionary: CVE-2007-4033.
\n
More information:
\n
\n

Hamid Ebadi discovered a buffer overflow in the\nintT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer\nlibrary. This flaw could allow an attacker to crash an application\nusing the t1lib shared libraries, and potentially execute arbitrary code\nwithin such an application's security context.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 5.0.2-3sarge1.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.1.0-2etch1.

\n

We recommend that you upgrade your t1lib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.0.2-3sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-doc_5.0.2-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.0.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.0.2-3sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.0.2-3sarge1_sparc.deb
\n

Debian GNU/Linux 4.0 (stable)

\n
Source:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib_5.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-doc_5.1.0-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-dev_5.1.0-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/t1lib-bin_5.1.0-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/t1lib/libt1-5_5.1.0-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1391": "
\n

Debian Security Advisory

\n

DSA-1391-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Oct 2007
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845, CVE-2007-5339, CVE-2007-5340.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove mail client,\nan unbranded version of the Thunderbird client. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-3734\n

    Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,\n Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul\n Nickerson and Vladimir Sukhoy discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3735\n

    Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-3844\n

    moz_bug_r_a4 discovered that a regression in the handling of\n about:blank windows used by addons may lead to an attacker being\n able to modify the content of web sites.

    • \n
  • CVE-2007-3845\n

    Jesper Johansson discovered that missing sanitising of double-quotes\n and spaces in URIs passed to external programs may allow an attacker\n to pass arbitrary arguments to the helper program if the user is\n tricked into opening a malformed web page.

    • \n
  • CVE-2007-5339\n

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-5340\n

    Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code. Generally,\n enabling Javascript in Icedove is not recommended.

    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.5.0.13+1.5.0.14b.dfsg1-0etch1. Builds for hppa will be provided later.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.14b.dfsg1-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.14b.dfsg1-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1392": "
\n

Debian Security Advisory

\n

DSA-1392-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Oct 2007
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1095\n

    Michal Zalewski discovered that the unload event handler had access to\n the address of the next page to be loaded, which could allow information\n disclosure or spoofing.

    • \n
  • CVE-2007-2292\n

    Stefano Di Paola discovered that insufficient validation of user names\n used in Digest authentication on a web site allows HTTP response splitting\n attacks.

    • \n
  • CVE-2007-3511\n

    It was discovered that insecure focus handling of the file upload\n control can lead to information disclosure. This is a variant of\n CVE-2006-2894.

    • \n
  • CVE-2007-5334\n

    Eli Friedman discovered that web pages written in Xul markup can hide the\n titlebar of windows, which can lead to spoofing attacks.

    • \n
  • CVE-2007-5337\n

    Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI\n schemes may lead to information disclosure. This vulnerability is only\n exploitable if Gnome-VFS support is present on the system.

    • \n
  • CVE-2007-5338\n

    moz_bug_r_a4 discovered that the protection scheme offered by XPCNativeWrappers\n could be bypassed, which might allow privilege escalation.

    • \n
  • CVE-2007-5339\n

    L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2007-5340\n

    Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.

    • \n
\n

The oldstable distribution (sarge) doesn't contain xulrunner.

\n

For the stable distribution (etch) these problems have been fixed in version\n1.8.0.14~pre071019b-0etch1. Builds for hppa and mipsel will be provided later.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.14~pre071019b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.14~pre071019b-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019b-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1393": "
\n

Debian Security Advisory

\n

DSA-1393-1 xfce4-terminal -- insecure execution

\n
\n
Date Reported:
\n
23 Oct 2007
\n
Affected Packages:
\n
\nxfce4-terminal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 437454.
In Mitre's CVE dictionary: CVE-2007-3770.
\n
More information:
\n
\n

It was discovered that xfce-terminal, a terminal emulator for the xfce\nenvironment, did not correctly escape arguments passed to the processes\nspawned by Open Link. This allowed malicious links to execute arbitrary\ncommands upon the local system.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.2.5.6rc1-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n0.2.6-3.

\n

We recommend that you upgrade your xfce4-terminal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1394": "
\n

Debian Security Advisory

\n

DSA-1394-1 reprepro -- authentication bypass

\n
\n
Date Reported:
\n
23 Oct 2007
\n
Affected Packages:
\n
\nreprepro\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 440535.
In Mitre's CVE dictionary: CVE-2007-4739.
\n
More information:
\n
\n

It was discovered that reprepro, a tool to create a repository of Debian\npackages, only checks the validity of known signatures when updating\nfrom a remote site, and thus does not reject packages with only unknown\nsignatures. This allows an attacker to bypass this authentication\nmechanism.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.3.1+1-1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.4-1.

\n

We recommend that you upgrade your reprepro package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1.dsc
\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/reprepro/reprepro_1.3.1+1-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1395": "
\n

Debian Security Advisory

\n

DSA-1395-1 xen-utils -- insecure temporary files

\n
\n
Date Reported:
\n
25 Oct 2007
\n
Affected Packages:
\n
\nxen-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 447795.
In Mitre's CVE dictionary: CVE-2007-3919.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that xen-utils,\na collection of XEN administrative tools, used temporary files insecurely\nwithin the xenmon tool allowing local users to truncate arbitrary files.

\n

For the old stable distribution (sarge) this package was not present.

\n

For the stable distribution (etch) this problem has been fixed in version\n3.0.3-0-4.

\n

For the unstable distribution (sid) this problem will be fixed soon.

\n

We recommend that you upgrade your xen-3.0 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.dsc
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-4_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1396": "
\n

Debian Security Advisory

\n

DSA-1396-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Oct 2007
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:\n

\n
    \n
  • CVE-2007-1095\n

    \n Michal Zalewski discovered that the unload event handler had access to\n the address of the next page to be loaded, which could allow information\n disclosure or spoofing.\n

    • \n
  • CVE-2007-2292\n

    \n Stefano Di Paola discovered that insufficient validation of user names\n used in Digest authentication on a web site allows HTTP response splitting\n attacks.

    \n
    • \n
  • CVE-2007-3511\n

    \n It was discovered that insecure focus handling of the file upload\n control can lead to information disclosure. This is a variant of\n CVE-2006-2894.\n

    • \n
  • CVE-2007-5334\n

    \n Eli Friedman discovered that web pages written in Xul markup can hide the\n titlebar of windows, which can lead to spoofing attacks.\n

    • \n
  • CVE-2007-5337\n

    \n Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI\n schemes may lead to information disclosure. This vulnerability is only\n exploitable if Gnome-VFS support is present on the system.\n

    • \n
  • CVE-2007-5338\n

    \nmoz_bug_r_a4 discovered that the protection scheme offered by XPCNativeWrappers\n could be bypassed, which might allow privilege escalation.\n

    • \n
  • CVE-2007-5339\n

    \n L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.\n

    • \n
  • CVE-2007-5340\n

    \n Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.

    • \n
\n

\nThe Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.\n

\n

\nFor the stable distribution (etch) these problems have been fixed in version\n2.0.0.6+2.0.0.8-0etch1. Builds for arm and sparc will be provided later.\n

\n

\nFor the unstable distribution (sid) these problems have been fixed in version\n2.0.0.8-1.\n

\n

\nWe recommend that you upgrade your iceweasel packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.6+2.0.0.8-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6+2.0.0.8-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6+2.0.0.8-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6+2.0.0.8-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.6-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.6-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.6-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1397": "
\n

Debian Security Advisory

\n

DSA-1397-1 mono -- integer overflow

\n
\n
Date Reported:
\n
03 Nov 2007
\n
Affected Packages:
\n
\nmono\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5197.
\n
More information:
\n
\n

\nAn integer overflow in the BigInteger data type implementation has been\ndiscovered in the free .NET runtime Mono.\n

\n

\nThe oldstable distribution (sarge) doesn't contain mono.\n

\n

\nFor the stable distribution (etch) this problem has been fixed in\nversion 1.2.2.1-1etch1. A powerpc build will be provided later.\n

\n

\nThe unstable distribution (sid) will be fixed soon.\n

\n

\nWe recommend that you upgrade your mono packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-accessibility2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.1-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-bytefx0.7.6.2-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-c5-1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-cairo1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-cairo2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-corlib1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-corlib2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd7.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-cscompmgd8.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-data-tds2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-firebirdsql1.7-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-ldap1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-ldap2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft-build2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft7.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-microsoft8.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-npgsql2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-oracle1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-oracle2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-peapi1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-peapi2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-relaxng2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-security1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-security2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.6-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip0.84-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.6-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sharpzip2.84-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-sqlite2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-data1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-data2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-ldap2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-messaging2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-runtime2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-web1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system-web2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-system2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-winforms1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono-winforms2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono1.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono2.0-cil_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-gac_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-gmcs_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-mcs_1.2.2.1-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-mjs_1.2.2.1-1etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mono/libmono-dev_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/libmono0_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-common_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-devel_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jay_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-jit_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-runtime_1.2.2.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mono/mono-utils_1.2.2.1-1etch1_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1398": "
\n

Debian Security Advisory

\n

DSA-1398-1 perdition -- format string error

\n
\n
Date Reported:
\n
05 Nov 2007
\n
Affected Packages:
\n
\nperdition\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 448853.
In Mitre's CVE dictionary: CVE-2007-5740.
\n
More information:
\n
\n

\nBernhard Mueller of SEC Consult has discovered a format string\nvulnerability in perdition, an IMAP proxy. This vulnerability could\nallow an unauthenticated remote user to run arbitrary code on the\nperdition server by providing a specially formatted IMAP tag.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 1.15-5sarge1.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.17-7etch1.\n

\n

\nWe recommend that you upgrade your perdition package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.15-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.15-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.15-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.15-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.15-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.15-5sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-postgresql_1.17-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-dev_1.17-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-ldap_1.17-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-odbc_1.17-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition_1.17-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perdition/perdition-mysql_1.17-7etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1399": "
\n

Debian Security Advisory

\n

DSA-1399-1 pcre3 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Nov 2007
\n
Affected Packages:
\n
\npcre3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768.
\n
More information:
\n
\n

\nTavis Ormandy of the Google Security Team has discovered several\nsecurity issues in PCRE, the Perl-Compatible Regular Expression library,\nwhich potentially allow attackers to execute arbitrary code by compiling\nspecially crafted regular expressions.\n

\n

\nVersion 7.0 of the PCRE library featured a major rewrite of the regular\nexpression compiler, and it was deemed infeasible to backport the\nsecurity fixes in version 7.3 to the versions in Debian's stable and\noldstable distributions (6.7 and 4.5, respectively). Therefore, this\nupdate is based on version 7.4 (which includes the security bug fixes of\nthe 7.3 version, plus several regression fixes), with special patches to\nimprove the compatibility with the older versions. As a result, extra\ncare is necessary when applying this update.\n

\n

\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n

\n
    \n
  • CVE-2007-1659\n

    \n Unmatched \\Q\\E sequences with orphan \\E codes can cause the compiled\n regex to become desynchronized, resulting in corrupt bytecode that may\n result in multiple exploitable conditions.\n

    • \n
  • CVE-2007-1660\n

    \n Multiple forms of character classes had their sizes miscalculated on\n initial passes, resulting in too little memory being allocated.\n

    • \n
  • CVE-2007-1661\n

    \n Multiple patterns of the form \\X?\\d or \\P{L}?\\d in non-UTF-8 mode\n could backtrack before the start of the string, possibly leaking\n information from the address space, or causing a crash by reading out\n of bounds.\n

    • \n
  • CVE-2007-1662\n

    \n A number of routines can be fooled into reading past the end of a\n string looking for unmatched parentheses or brackets, resulting in a\n denial of service.\n

    • \n
  • CVE-2007-4766\n

    \n Multiple integer overflows in the processing of escape sequences could\n result in heap overflows or out of bounds reads/writes.\n

    • \n
  • CVE-2007-4767\n

    \n Multiple infinite loops and heap overflows were discovered in the\n handling of \\P and \\P{x} sequences, where the length of these\n non-standard operations was mishandled.\n

    • \n
  • CVE-2007-4768\n

    \n Character classes containing a lone unicode sequence were incorrectly\n optimised, resulting in a heap overflow.\n

    • \n
\n

\nFor the old stable distribution (sarge), these problems have been fixed in\nversion 4.5+7.4-1.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 6.7+7.4-2.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.3-1.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-1.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-2.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1400": "
\n

Debian Security Advisory

\n

DSA-1400-1 perl -- heap overflow

\n
\n
Date Reported:
\n
06 Nov 2007
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5116.
\n
More information:
\n
\n

\nWill Drewry and Tavis Ormandy of the Google Security Team have\ndiscovered a UTF-8 related heap overflow in Perl's regular expression\ncompiler, probably allowing attackers to execute arbitrary code by\ncompiling specially crafted regular expressions.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 5.8.4-8sarge6.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 5.8.8-7etch1.\n

\n

\nFor the unstable distribution (sid), this problem will be fixed soon.\n

\n

\nSome architectures are missing from this DSA; these updates will be\nreleased once they are available.\n

\n

\nWe recommend that you upgrade your perl package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_ia64.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1401": "
\n

Debian Security Advisory

\n

DSA-1401-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Nov 2007
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:\n

\n
    \n
  • CVE-2007-1095\n

    \n Michal Zalewski discovered that the unload event handler had access to\n the address of the next page to be loaded, which could allow information\n disclosure or spoofing.\n

    • \n
  • CVE-2007-2292\n

    \n Stefano Di Paola discovered that insufficient validation of user names\n used in Digest authentication on a web site allows HTTP response splitting\n attacks.\n

    • \n
  • CVE-2007-3511\n

    \n It was discovered that insecure focus handling of the file upload\n control can lead to information disclosure. This is a variant of\n CVE-2006-2894.\n

    • \n
  • CVE-2007-5334\n

    \n Eli Friedman discovered that web pages written in Xul markup can hide the\n titlebar of windows, which can lead to spoofing attacks.\n

    • \n
  • CVE-2007-5337\n

    \n Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI\n schemes may lead to information disclosure. This vulnerability is only\n exploitable if Gnome-VFS support is present on the system.\n

    • \n
  • CVE-2007-5338\n

    \nmoz_bug_r_a4 discovered that the protection scheme offered by XPCNativeWrappers\n could be bypassed, which might allow privilege escalation.\n

    • \n
  • CVE-2007-5339\n

    \n L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,\n Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of arbitrary code.\n

    • \n
  • CVE-2007-5340\n

    \n Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the\n JavaScript engine, which might allow the execution of arbitrary code.\n

    • \n
\n

\nThe Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.\n

\n

\nFor the stable distribution (etch) these problems have been fixed in version\n1.0.11~pre071022-0etch1.\n

\n

\nFor the unstable distribution (sid) these problems have been fixed in version\n1.1.5-1.\n

\n

\nWe recommend that you upgrade your iceape packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.11~pre071022-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.11~pre071022-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.11~pre071022-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.11~pre071022-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.11~pre071022-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.11~pre071022-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.11~pre071022-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.11~pre071022-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1402": "
\n

Debian Security Advisory

\n

DSA-1402-1 gforge -- insecure temporary files

\n
\n
Date Reported:
\n
07 Nov 2007
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3921.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered that gforge,\na collaborative development tool, used temporary files insecurely which\ncould allow local users to truncate files upon the system with the privileges\nof the gforge user, or create a denial of service attack.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 3.1-31sarge4.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.5.14-22etch3.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge4_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1403": "
\n

Debian Security Advisory

\n

DSA-1403-1 phpmyadmin -- missing input sanitising

\n
\n
Date Reported:
\n
08 Nov 2007
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5589, CVE-2007-5386.
\n
More information:
\n
\n

Omer Singer of the DigiTrust Group discovered several vulnerabilities in\nphpMyAdmin, an application to administrate MySQL over the WWW. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-5589\n

    phpMyAdmin allows a remote attacker to inject arbitrary web script\n or HTML in the context of a logged in user's session (cross site\n scripting).

    • \n
  • CVE-2007-5386\n

    phpMyAdmin, when accessed by a browser that does not URL-encode\n requests, allows remote attackers to inject arbitrary web script\n or HTML via the query string.

    • \n
\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 4:2.6.2-3sarge6.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4:2.9.1.1-6.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4:2.11.1.2-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge6.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge6_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1404": "
\n

Debian Security Advisory

\n

DSA-1404-1 gallery2 -- programming error

\n
\n
Date Reported:
\n
08 Nov 2007
\n
Affected Packages:
\n
\ngallery2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4650.
\n
More information:
\n
\n

Nicklous Roberts discovered that the Reupload module of Gallery 2, a web\nbased photo management application, allowed unauthorized users to edit\nGallery's data file.

\n

The oldstable distribution (sarge) does not contain a gallery2 package.\nThe previous gallery package is not affected by this vulnerability.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.1.2-2.0.etch.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.2.3-1.

\n

We recommend that you upgrade your gallery2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gallery2/gallery2_2.1.2-2.0.etch.1.dsc
\n
http://security.debian.org/pool/updates/main/g/gallery2/gallery2_2.1.2-2.0.etch.1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gallery2/gallery2_2.1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gallery2/gallery2_2.1.2-2.0.etch.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1405": "
\n

Debian Security Advisory

\n

DSA-1405-3 zope-cmfplone -- missing input sanitising

\n
\n
Date Reported:
\n
09 Nov 2007
\n
Affected Packages:
\n
\nzope-cmfplone\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 449523.
In Mitre's CVE dictionary: CVE-2007-5741.
\n
More information:
\n
\n

It was discovered that Plone, a web content management system, allows\nremote attackers to execute arbitrary code via specially crafted web\nbrowser cookies.

\n

The oldstable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.5.1-4etch3.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.2-3.

\n

We recommend that you upgrade your zope-cmfplone package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch3.dsc
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.5.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/plone-site_2.5.1-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/z/zope-cmfplone/zope-cmfplone_2.5.1-4etch3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1406": "
\n

Debian Security Advisory

\n

DSA-1406-1 horde3 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2007
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 378281, Bug 383416, Bug 434045.
In Mitre's CVE dictionary: CVE-2006-3548, CVE-2006-3549, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Horde web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n

\n
    \n
  • CVE-2006-3548\n

    \n Moritz Naumann discovered that Horde allows remote attackers\n to inject arbitrary web script or HTML in the context of a logged\n in user (cross site scripting).\n

    \n

    \n This vulnerability applies to oldstable (sarge) only.\n

    \n
    • \n
  • CVE-2006-3549\n

    \n Moritz Naumann discovered that Horde does not properly restrict\n its image proxy, allowing remote attackers to use the server as a\n proxy.\n

    \n

    \n This vulnerability applies to oldstable (sarge) only.\n

    \n
    • \n
  • CVE-2006-4256\n

    \n Marc Ruef discovered that Horde allows remote attackers to\n include web pages from other sites, which could be useful for\n phishing attacks.\n

    \n

    \n This vulnerability applies to oldstable (sarge) only.\n

    \n
    • \n
  • CVE-2007-1473\n

    \n Moritz Naumann discovered that Horde allows remote attackers\n to inject arbitrary web script or HTML in the context of a logged\n in user (cross site scripting).\n

    \n

    \n This vulnerability applies to both stable (etch) and oldstable (sarge).\n

    \n
    • \n
  • CVE-2007-1474\n

    \n iDefense discovered that the cleanup cron script in Horde\n allows local users to delete arbitrary files.\n

    \n

    \n This vulnerability applies to oldstable (sarge) only.\n

    \n
    • \n
\n

\nFor the old stable distribution (sarge) these problems have been fixed in\nversion 3.0.4-4sarge6.\n

\n

\nFor the stable distribution (etch) these problems have been fixed in\nversion 3.1.3-4etch1.\n

\n

\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.1.4-1.\n

\n

\nWe recommend that you upgrade your horde3 package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge6_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1407": "
\n

Debian Security Advisory

\n

DSA-1407-1 cupsys -- buffer overflow

\n
\n
Date Reported:
\n
18 Nov 2007
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4351.
\n
More information:
\n
\n

\nAlin Rad Pop discovered that the Common UNIX Printing System is\nvulnerable to an off-by-one buffer overflow in the code to process IPP\npackets, which may lead to the execution of arbitrary code.\n

\n

\nThe cupsys version in the old stable distribution (sarge) is not\nvulnerable to arbitrary code execution.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.2.7-4etch1. Updated packages for the arm architecture will be\nprovided later.\n

\n

\nWe recommend that you upgrade your cupsys packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1408": "
\n

Debian Security Advisory

\n

DSA-1408-1 kdegraphics -- buffer overflow

\n
\n
Date Reported:
\n
21 Nov 2007
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5393.
\n
More information:
\n
\n

Alin Rad Pop discovered a buffer overflow in kpdf, which could allow\nthe execution of arbitrary code if a malformed PDF file is displayed.

\n

The old stable distribution (sarge) will be fixed later.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 4:3.5.5-3etch2. Builds for arm and sparc are not yet available.

\n

We recommend that you upgrade your kdegraphics packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1409": "
\n

Debian Security Advisory

\n

DSA-1409-3 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Nov 2007
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4572, CVE-2007-5398.
\n
More information:
\n
\n

This update fixes all currently known regressions introduced with\nthe previous two revisions of DSA-1409.\nThe original text is reproduced below:

\n
\n

Several local/remote vulnerabilities have been discovered in samba,\na LanManager-like file and printer server for Unix. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-5398\n

    Alin Rad Pop of Secunia Research discovered that nmbd did not properly\n check the length of netbios packets. When samba is configured as a WINS\n server, a remote attacker could send multiple crafted requests resulting\n in the execution of arbitrary code with root privileges.

    \n
    • \n
  • CVE-2007-4572\n

    Samba developers discovered that nmbd could be made to overrun a buffer\n during the processing of GETDC logon server requests. When samba is\n configured as a Primary or Backup Domain Controller, a remote attacker\n could send malicious logon requests and possibly cause a denial of\n service.

    \n
    • \n
\n
\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 3.0.14a-3sarge10.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.0.24-6etch8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.0.27-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch8_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1410": "
\n

Debian Security Advisory

\n

DSA-1410-1 ruby1.8 -- programming error

\n
\n
Date Reported:
\n
24 Nov 2007
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5162, CVE-2007-5770.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Ruby, an object-oriented\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-5162\n

    It was discovered that the Ruby HTTP(S) module performs insufficient\n validation of SSL certificates, which may lead to man-in-the-middle\n attacks.

    • \n
  • CVE-2007-5770\n

    It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP\n and SMTP perform insufficient validation of SSL certificates, which\n may lead to man-in-the-middle attacks.

    • \n
\n

For the old stable distribution (sarge) these problems have been fixed\nin version 1.8.2-7sarge6. Packages for sparc will be provided later.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.8.5-4etch1. Packages for sparc will be provided later.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge6_s390.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1411": "
\n

Debian Security Advisory

\n

DSA-1411-1 libopenssl-ruby -- programming error

\n
\n
Date Reported:
\n
24 Nov 2007
\n
Affected Packages:
\n
\nlibopenssl-ruby\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5162, CVE-2007-5770.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Ruby, an object-oriented\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-5162\n

    It was discovered that the Ruby HTTP(S) module performs insufficient\n validation of SSL certificates, which may lead to man-in-the-middle\n attacks.

    • \n
  • CVE-2007-5770\n

    It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP\n and SMTP perform insufficient validation of SSL certificates, which\n may lead to man-in-the-middle attacks.

    • \n
\n

For the old stable distribution (sarge) these problems have been fixed\nin version 0.1.4a-1sarge1. Packages for sparc will be provided later.

\n

The stable distribution (etch) no longer contains libopenssl-ruby.

\n

We recommend that you upgrade your libopenssl-ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby_0.1.4a-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby_0.1.4a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby_0.1.4a-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libo/libopenssl-ruby/libopenssl-ruby1.6_0.1.4a-1sarge1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1412": "
\n

Debian Security Advisory

\n

DSA-1412-1 ruby1.9 -- programming error

\n
\n
Date Reported:
\n
24 Nov 2007
\n
Affected Packages:
\n
\nruby1.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5162, CVE-2007-5770.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Ruby, an object-oriented\nscripting language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-5162\n

    It was discovered that the Ruby HTTP(S) module performs insufficient\n validation of SSL certificates, which may lead to man-in-the-middle\n attacks.

    • \n
  • CVE-2007-5770\n

    It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP\n and SMTP perform insufficient validation of SSL certificates, which\n may lead to man-in-the-middle attacks.

    • \n
\n

The old stable distribution (sarge) doesn't contain ruby1.9 packages.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.9.0+20060609-1etch1. Updated packages for hppa and sparc will\nbe provided later.

\n

We recommend that you upgrade your ruby1.9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1413": "
\n

Debian Security Advisory

\n

DSA-1413-1 mysql -- multiple vulnerabilities

\n
\n
Date Reported:
\n
26 Nov 2007
\n
Affected Packages:
\n
\nmysql-dfsg
mysql-dfsg-5.0
mysql-dfsg-4.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 426353, Bug 424778, Bug 424778, Bug 451235.
In Mitre's CVE dictionary: CVE-2007-2583, CVE-2007-2691, CVE-2007-2692.
\n
More information:
\n
\n

Several vulnerabilities have been found in the MySQL database packages\nwith implications ranging from unauthorized database modifications to\nremotely triggered server crashes. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-2583\n

    The in_decimal::set function in item_cmpfunc.cc in MySQL\n\tbefore 5.0.40 allows context-dependent attackers to cause a\n\tdenial of service (crash) via a crafted IF clause that results\n\tin a divide-by-zero error and a NULL pointer dereference.\n\t(Affects source version 5.0.32.)

    • \n
  • CVE-2007-2691\n

    MySQL does not require the DROP privilege for RENAME TABLE\n\tstatements, which allows remote authenticated users to rename\n\tarbitrary tables. (All supported versions affected.)

    • \n
  • CVE-2007-2692\n

    The mysql_change_db function does not restore THD::db_access\n\tprivileges when returning from SQL SECURITY INVOKER stored\n\troutines, which allows remote authenticated users to gain\n\tprivileges. (Affects source version 5.0.32.)

    • \n
  • CVE-2007-3780\n

    MySQL could be made to overflow a signed char during\n\tauthentication. Remote attackers could use specially crafted\n\tauthentication requests to cause a denial of\n\tservice. (Upstream source versions 4.1.11a and 5.0.32\n\taffected.)

    • \n
  • CVE-2007-3782\n

    Phil Anderton discovered that MySQL did not properly verify\n\taccess privileges when accessing external tables. As a result,\n\tauthenticated users could exploit this to obtain UPDATE\n\tprivileges to external tables. (Affects source version\n\t5.0.32.)

    • \n
  • CVE-2007-5925\n

    The convert_search_mode_to_innobase function in ha_innodb.cc\n\tin the InnoDB engine in MySQL 5.1.23-BK and earlier allows\n\tremote authenticated users to cause a denial of service\n\t(database crash) via a certain CONTAINS operation on an\n\tindexed column, which triggers an assertion error. (Affects\n\tsource version 5.0.32.)

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 4.0.24-10sarge3 of mysql-dfsg and version 4.1.11a-4sarge8 of\nmysql-dfsg-4.1.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch3 of the mysql-dfsg-5.0 packages.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch3_s390.deb
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-dfsg_4.0.24-10sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge8.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-dfsg-4.1_4.1.11a-4sarge8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-common_4.0.24-10sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-common-4.1_4.1.11a-4sarge8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14_4.1.11a-4sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-client_4.0.24-10sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12_4.0.24-10sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-server-4.1_4.1.11a-4sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/libmysqlclient12-dev_4.0.24-10sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/mysql-client-4.1_4.1.11a-4sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-4.1/libmysqlclient14-dev_4.1.11a-4sarge8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg/mysql-server_4.0.24-10sarge3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1414": "
\n

Debian Security Advisory

\n

DSA-1414-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Nov 2007
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6114, CVE-2007-6117, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-6114\n

    Stefan Esser discovered a buffer overflow in the SSL dissector.\n Fabiodds discovered a buffer overflow in the iSeries trace\n dissector.

    • \n
  • CVE-2007-6117\n

    A programming error was discovered in the HTTP dissector, which may\n lead to denial of service.

    • \n
  • CVE-2007-6118\n

    The MEGACO dissector could be tricked into resource exhaustion.

    • \n
  • CVE-2007-6120\n

    The Bluetooth SDP dissector could be tricked into an endless loop.

    • \n
  • CVE-2007-6121\n

    The RPC portmap dissector could be tricked into dereferencing\n a NULL pointer.

    • \n
\n

For the old stable distribution (sarge), these problems have been\nfixed in version 0.10.10-2sarge10. (In Sarge Wireshark used to be\ncalled Ethereal). Updated packages for sparc and m68k will be provided\nlater.

\n

For the stable distribution (etch), these problems have been fixed\nin version 0.99.4-5.etch.1. Updated packages for sparc will be provided\nlater.

\n

We recommend that you upgrade your wireshark/ethereal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.dsc
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge10_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge10_s390.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1415": "
\n

Debian Security Advisory

\n

DSA-1415-1 tk8.4 -- buffer overflow

\n
\n
Date Reported:
\n
27 Nov 2007
\n
Affected Packages:
\n
\ntk8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5378.
\n
More information:
\n
\n

It was discovered that Tk, a cross-platform graphical toolkit for Tcl,\nperforms insufficient input validation in the code used to load GIF\nimages, which may lead to the execution of arbitrary code.

\n

For the old stable distribution (sarge), this problem has been fixed\nin version 8.4.9-1sarge1.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 8.4.12-1etch1.

\n

We recommend that you upgrade your tk8.4 packages. Updated packages for\nsparc will be provided later.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge1_s390.deb
\n
\n

Debian 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1416": "
\n

Debian Security Advisory

\n

DSA-1416-1 tk8.3 -- buffer overflow

\n
\n
Date Reported:
\n
27 Nov 2007
\n
Affected Packages:
\n
\ntk8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5378.
\n
More information:
\n
\n

It was discovered that Tk, a cross-platform graphical toolkit for Tcl,\nperforms insufficient input validation in the code used to load GIF\nimages, which may lead to the execution of arbitrary code.

\n

Due to the technical limitation in the Debian archive scripts the update\nfor the old stable distribution (sarge) cannot be released in sync with\nthe update for the stable distribution. It will be provided in the next\ndays.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 8.3.5-6etch1.

\n

We recommend that you upgrade your tk8.3 packages.

\n
\n
Fixed in:
\n
\n

Debian 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1417": "
\n

Debian Security Advisory

\n

DSA-1417-1 asterisk -- missing input sanitising

\n
\n
Date Reported:
\n
02 Dec 2007
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6170.
\n
More information:
\n
\n

Tilghman Lesher discovered that the logging engine of Asterisk, a free\nsoftware PBX and telephony toolkit, performs insufficient sanitising of\ncall-related data, which may lead to SQL injection.

\n

For the old stable distribution (sarge), this problem has been fixed\nin version 1:1.0.7.dfsg.1-2sarge6.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1:1.2.13~dfsg-2etch2. Updated packages for ia64 will be provided\nlater.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.0.7.dfsg.1-2sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.0.7.dfsg.1-2sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.0.7.dfsg.1-2sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.0.7.dfsg.1-2sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.0.7.dfsg.1-2sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1418": "
\n

Debian Security Advisory

\n

DSA-1418-1 cacti -- missing input sanitising

\n
\n
Date Reported:
\n
02 Dec 2007
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 452085.
In Mitre's CVE dictionary: CVE-2007-6035.
\n
More information:
\n
\n

It was discovered that Cacti, a tool to monitor systems and networks,\nperforms insufficient input sanitising, which allows SQL injection.

\n

For the oldstable distribution (sarge) this problem has been fixed in\nversion 0.8.6c-7sarge5.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 0.8.6i-3.2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.8.7a-1.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6c-7sarge5_all.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1419": "
\n

Debian Security Advisory

\n

DSA-1419-1 openoffice.org -- programming error

\n
\n
Date Reported:
\n
05 Dec 2007
\n
Affected Packages:
\n
\nopenoffice.org, hsqldb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4575.
\n
More information:
\n
\n

A vulnerability has been discovered in HSQLDB, the default database\nengine shipped with OpenOffice.org. This could result in the\nexecution of arbitrary Java code embedded in a OpenOffice.org database\ndocument with the user's privilege. This update requires an update of\nboth openoffice.org and hsqldb.

\n

The old stable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.0.4.dfsg.2-7etch4 of OpenOffice.org and in version\n1.8.0.7-1etch1 of hsqldb.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.3.1-1 of OpenOffice.org and in version 1.8.0.9-2 of hsqldb.

\n

For the experimental distribution this problem has been fixed in\nversion 2.3.1~rc1-1 of OpenOffice.org and in version 1.8.0.9-1 of\nhsqldb.

\n

We recommend that you upgrade your OpenOffice.org and hsqldb packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hsqldb/hsqldb_1.8.0.7-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/hsqldb/hsqldb_1.8.0.7-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hsqldb/hsqldb_1.8.0.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/h/hsqldb/hsqldb-server_1.8.0.7-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/h/hsqldb/libhsqldb-java-doc_1.8.0.7-1etch1_all.deb
\n
http://security.debian.org/pool/updates/main/h/hsqldb/libhsqldb-java_1.8.0.7-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1420": "
\n

Debian Security Advisory

\n

DSA-1420-1 zabbix -- programming error

\n
\n
Date Reported:
\n
05 Dec 2007
\n
Affected Packages:
\n
\nzabbix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 452682.
In Mitre's CVE dictionary: CVE-2007-6210.
\n
More information:
\n
\n

\nBas van Schaik discovered that the agentd process of Zabbix, a network\nmonitor system, may run user-supplied commands as group id root, not\nzabbix, which may lead to a privilege escalation.\n

\n

\nzabbix is not included in the oldstable distribution (sarge).\n

\n

\nFor the stable distribution (etch), this problem has been fixed in version\n1:1.1.4-10etch1.\n

\n

\nWe recommend that you upgrade your zabbix packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4-10etch1.dsc
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4-10etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-frontend-php_1.1.4-10etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_hppa.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1421": "
\n

Debian Security Advisory

\n

DSA-1421-1 wesnoth -- directory traversal

\n
\n
Date Reported:
\n
06 Dec 2007
\n
Affected Packages:
\n
\nwesnoth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5742.
\n
More information:
\n
\n

A vulnerability has been discovered in Battle for Wesnoth that allows\nremote attackers to read arbitrary files the user running the client\nhas access to on the machine running the game client.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 0.9.0-7.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.2-3.

\n

For the stable backports distribution (etch-backports) this problem\nhas been fixed in version 1.2.8-1~bpo40+1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.2.8-1.

\n

For the experimental distribution this problem has been fixed in\nversion 1.3.12-1.

\n

We recommend that you upgrade your wesnoth package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7.dsc
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tdh_0.9.0-7_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_0.9.0-7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_m68k.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_0.9.0-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_0.9.0-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_0.9.0-7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3.dsc
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-3_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1422": "
\n

Debian Security Advisory

\n

DSA-1422-1 e2fsprogs -- integer overflows

\n
\n
Date Reported:
\n
07 Dec 2007
\n
Affected Packages:
\n
\ne2fsprogs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5497.
\n
More information:
\n
\n

Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, the\next2 file system utilities and libraries, contained multiple\ninteger overflows in memory allocations, based on sizes taken directly\nfrom filesystem information. These could result in heap-based\noverflows potentially allowing the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

\n

For the unstable distribution (sid), this problem will be fixed shortly.

\n

We recommend that you upgrade your e2fsprogs package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1423": "
\n

Debian Security Advisory

\n

DSA-1423-1 sitebar -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Dec 2007
\n
Affected Packages:
\n
\nsitebar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 447135, Bug 448690, Bug 448689.
In Mitre's CVE dictionary: CVE-2007-5491, CVE-2007-5492, CVE-2007-5693, CVE-2007-5694, CVE-2007-5695, CVE-2007-5692.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in sitebar, a\nweb based bookmark manager written in PHP. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-5491\n

    A directory traversal vulnerability in the translation module allows\n remote authenticated users to chmod arbitrary files to 0777 via ..\n sequences in the lang parameter.

    • \n
  • CVE-2007-5492\n

    A static code injection vulnerability in the translation module allows\n a remote authenticated user to execute arbitrary PHP code via the value\n parameter.

    • \n
  • CVE-2007-5693\n

    An eval injection vulnerability in the translation module allows\n remote authenticated users to execute arbitrary PHP code via the\n edit parameter in an upd cmd action.

    • \n
  • CVE-2007-5694\n

    A path traversal vulnerability in the translation module allows\n remote authenticated users to read arbitrary files via an absolute\n path in the dir parameter.

    • \n
  • CVE-2007-5695\n

    An error in command.php allows remote attackers to redirect users\n to arbitrary web sites via the forward parameter in a Log In action.

    • \n
  • CVE-2007-5692\n

    Multiple cross site scripting flaws allow remote attackers to inject\n arbitrary script or HTML fragments into several scripts.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 3.2.6-7.1sarge1.

\n

For the stable distribution (etch), these problems have been fixed in version\n3.3.8-7etch1.

\n

For the unstable distribution (sid), these problems have been fixed in version\n3.3.8-12.1.

\n

We recommend that you upgrade your sitebar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1424": "
\n

Debian Security Advisory

\n

DSA-1424-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Dec 2007
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5947, CVE-2007-5959, CVE-2007-5960.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-5947\n

    Jesse Ruderman and Petko D. Petkov discovered that the URI handler\n for JAR archives allows cross-site scripting.

    • \n
  • CVE-2007-5959\n

    Several crashes in the layout engine were discovered, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2007-5960\n

    Gregory Fleischer discovered a race condition in the handling of\n the window.location property, which might lead to cross-site\n request forgery.

    • \n
\n

The Mozilla products in the oldstable distribution (sarge) are no longer\nsupported with security updates.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.0.0.10-0etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.0.0.10-2.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.10-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.10-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.10-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.10-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.10-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1425": "
\n

Debian Security Advisory

\n

DSA-1425-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Dec 2007
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5947, CVE-2007-5959, CVE-2007-5960.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-5947\n

    Jesse Ruderman and Petko D. Petkov discovered that the URI handler\n for JAR archives allows cross-site scripting.

    • \n
  • CVE-2007-5959\n

    Several crashes in the layout engine were discovered, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2007-5960\n

    Gregory Fleischer discovered a race condition in the handling of\n the window.location property, which might lead to cross-site\n request forgery.

    • \n
\n

The oldstable distribution (sarge) doesn't contain xulrunner.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.8.0.14~pre071019c-0etch1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.8.1.11-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.14~pre071019c-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.14~pre071019c-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.14~pre071019c-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1426": "
\n

Debian Security Advisory

\n

DSA-1426-1 qt-x11-free -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Dec 2007
\n
Affected Packages:
\n
\nqt-x11-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3388, CVE-2007-4137.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in the Qt GUI\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-3388\n

    Tim Brown and Dirk M\u00fcller discovered several format string\n vulnerabilities in the handling of error messages, which might lead\n to the execution of arbitrary code.

    • \n
  • CVE-2007-4137\n

    Dirk M\u00fcller discovered an off-by-one buffer overflow in the Unicode\n handling, which might lead to the execution of arbitrary code.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed\nin version 3:3.3.4-3sarge3. Packages for m68k will be provided later.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 3:3.3.7-4etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3:3.3.7-8.

\n

We recommend that you upgrade your qt-x11-free packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4-3sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-i18n_3.3.4-3sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-doc_3.3.4-3sarge3_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-examples_3.3.4-3sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-ibase_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-ibase_3.3.4-3sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-odbc_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-psql_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-dev_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mysql_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-mysql_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-mt-sqlite_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-psql_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-sqlite_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3c102-odbc_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.4-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.4-3sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.7-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free_3.3.7-4etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-examples_3.3.7-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-doc_3.3.7-4etch1_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-i18n_3.3.7-4etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-ibase_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-ibase_3.3.7-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-designer_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-sqlite_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt-x11-free-dbg_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-psql_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-headers_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-apps-dev_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-compat_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-dev_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-odbc_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-assistant_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools-embedded_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-compat-headers_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-dev-tools_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-linguist_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/libqt3-mt-mysql_3.3.7-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt-x11-free/qt3-qtconfig_3.3.7-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1427": "
\n

Debian Security Advisory

\n

DSA-1427-1 samba -- buffer overflow

\n
\n
Date Reported:
\n
10 Dec 2007
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6015.
\n
More information:
\n
\n

\nAlin Rad Pop discovered that Samba, a LanManager-like file and printer server\nfor Unix, is vulnerable to a buffer overflow in the nmbd code which handles\nGETDC mailslot requests, which might lead to the execution of arbitrary code.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in version\n3.0.14a-3sarge11. Packages for m68k will be provided later.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in version\n3.0.24-6etch9.\n

\n

\nFor the unstable distribution (sid), this problem will be fixed soon.\n

\n

\nWe recommend that you upgrade your samba packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge11_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch9_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1428": "
\n

Debian Security Advisory

\n

DSA-1428-2 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Dec 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3104, CVE-2007-4997, CVE-2007-5500, CVE-2007-5904.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n

This is an update to DSA 1428-1 which omitted a reference to CVE-2007-5904.

\n
    \n
  • CVE-2007-3104\n

    Eric Sandeen provided a backport of Tejun Heo's fix for a local denial\n of service vulnerability in sysfs. Under memory pressure, a dentry\n structure maybe reclaimed resulting in a bad pointer dereference causing\n an oops during a readdir.

    • \n
  • CVE-2007-4997\n

    Chris Evans discovered an issue with certain drivers that make use of the\n Linux kernel's ieee80211 layer. A remote user could generate a malicious\n 802.11 frame that could result in a denial of service (crash). The ipw2100\n driver is known to be affected by this issue, while the ipw2200 is\n believed not to be.

    • \n
  • CVE-2007-5500\n

    Scott James Remnant diagnosed a coding error in the implementation of\n ptrace which could be used by a local user to cause the kernel to enter\n an infinite loop.

    • \n
  • CVE-2007-5904\n

    Przemyslaw Wegrzyn discovered an issue in the CIFS filesystem that could\n allow a malicious server to cause a denial of service (crash) by overflowing\n a buffer.

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch5.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch5
user-mode-linux 2.6.18-1um-2etch.13etch5
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch5_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1429": "
\n

Debian Security Advisory

\n

DSA-1429-1 htdig -- cross site scripting

\n
\n
Date Reported:
\n
11 Dec 2007
\n
Affected Packages:
\n
\nhtdig\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 453278.
In Mitre's CVE dictionary: CVE-2007-6110.
\n
More information:
\n
\n

Michael Skibbe discovered that htdig, a WWW search system for an intranet\nor small internet, did not adequately quote values submitted to the search\nscript, allowing remote attackers to inject arbitrary script or HTML\ninto specially crafted links.

\n

For the old stable distribution (sarge), this problem was not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n1:3.2.0b6-3.1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n1:3.2.0b6-4.

\n

We recommend that you upgrade your htdig package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.2.0b6-3.1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1430": "
\n

Debian Security Advisory

\n

DSA-1430-1 libnss-ldap -- denial of service

\n
\n
Date Reported:
\n
11 Dec 2007
\n
Affected Packages:
\n
\nlibnss-ldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 453868.
In Mitre's CVE dictionary: CVE-2007-5794.
\n
More information:
\n
\n

It was reported that a race condition exists in libnss-ldap, an\nNSS module for using LDAP as a naming service, which could cause\ndenial of service attacks if applications use pthreads.

\n

This problem was spotted in the dovecot IMAP/POP server but\npotentially affects more programs.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 238-1sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n251-7.5etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 256-1.

\n

We recommend that you upgrade your libnss-ldap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1431": "
\n

Debian Security Advisory

\n

DSA-1431-1 ruby-gnome2 -- format string

\n
\n
Date Reported:
\n
11 Dec 2007
\n
Affected Packages:
\n
\nruby-gnome2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 453689.
In Mitre's CVE dictionary: CVE-2007-6183.
\n
More information:
\n
\n

It was discovered that ruby-gnome2, the GNOME-related bindings for the Ruby\nlanguage, didn't properly sanitize input prior to constructing dialogs.\nThis could allow the execution of arbitrary code if untrusted input\nis displayed within a dialog.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.12.0-2sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.15.0-1.1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.16.0-10.

\n

We recommend that you upgrade your ruby-gnome2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.12.0-2sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.12.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.12.0-2sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.12.0-2sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.12.0-2sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.12.0-2sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.15.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.15.0-1.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.15.0-1.1etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/ruby-gnome2_0.15.0-1.1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgstreamer0.8-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomecanvas2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglade2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/librsvg2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgdk-pixbuf2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk-mozembed-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libglib2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprintui2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtksourceview1-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgda2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpango1-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkhtml2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomeprint2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgconf2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnomevfs2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libatk1-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtk2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgnome2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libpanel-applet2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libgtkglext1-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libart2-ruby_0.15.0-1.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby-gnome2/libvte-ruby_0.15.0-1.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1432": "
\n

Debian Security Advisory

\n

DSA-1432-1 link-grammar -- buffer overflow

\n
\n
Date Reported:
\n
16 Dec 2007
\n
Affected Packages:
\n
\nlink-grammar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 450695.
In Mitre's CVE dictionary: CVE-2007-5395.
\n
More information:
\n
\n

Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's\nlink grammar parser for English, performed insufficient validation within\nits tokenizer, which could allow a malicious input file to execute\narbitrary code.

\n

For the old stable distribution (sarge), this package is not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.2.2-4etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n4.2.5-1.

\n

We recommend that you upgrade your link-grammar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1433": "
\n

Debian Security Advisory

\n

DSA-1433-1 centericq -- buffer overflow

\n
\n
Date Reported:
\n
16 Dec 2007
\n
Affected Packages:
\n
\ncentericq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3713.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in centericq,\na text-mode multi-protocol instant messenger client, which could allow\nremote attackers to execute arbitrary code due to insufficient bounds-testing.\n

\n

\nFor the old stable distribution (sarge) these problems have been fixed in\nversion 4.20.0-1sarge5.\n

\n

\nFor the stable distribution (etch) these problems have been fixed in version\n4.21.0-18etch1.\n

\n

\nWe recommend that you upgrade your centericq package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.dsc
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.21.0-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.21.0-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.21.0-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.21.0-18etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1434": "
\n

Debian Security Advisory

\n

DSA-1434-1 mydns -- buffer overflow

\n
\n
Date Reported:
\n
16 Dec 2007
\n
Affected Packages:
\n
\nmydns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2362.
\n
More information:
\n
\n

\nIt was discovered that in MyDNS, a domain name server with database\nbackend, the daemon could be crashed through malicious remote update\nrequests, which may lead to denial of service.\n

\n

\nThe old stable distribution (sarge) is not affected.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1:1.1.0-7etch1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.1.0-8.\n

\n

We recommend that you upgrade your mydns packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns_1.1.0-7etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.1.0-7etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.1.0-7etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1435": "
\n

Debian Security Advisory

\n

DSA-1435-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Dec 2007
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6335, CVE-2007-6336.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam\nanti-virus toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-6335\n

    It was discovered that an integer overflow in the decompression code\n for MEW archives may lead to the execution of arbitrary code.

    • \n
  • CVE-2007-6336\n

    It was discovered that on off-by-one in the MS-ZIP decompression\n code may lead to the execution of arbitrary code.

    • \n
\n

The old stable distribution (sarge) is not affected by these problems.\nHowever, since the clamav version from Sarge cannot process all current\nClam malware signatures any longer, support for the ClamAV in Sarge is\nnow discontinued. We recommend to upgrade to the stable distribution\nor run a backport of the stable version.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 0.90.1-3etch8.

\n

For the unstable distribution (sid) these problems will be fixed soon.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1-3etch8_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1-3etch8_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1-3etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1-3etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1-3etch8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1436": "
\n

Debian Security Advisory

\n

DSA-1436-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Dec 2007
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-6058, CVE-2007-5966, CVE-2007-6063, CVE-2007-6206.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Linux kernel\nthat may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-6058\n

    LMH reported an issue in the minix filesystem that allows local users\n with mount privileges to create a DoS (printk flood) by mounting a\n specially crafted corrupt filesystem.

    • \n
  • CVE-2007-5966\n

    Warren Togami discovered an issue in the hrtimer subsystem that allows\n a local user to cause a DoS (soft lockup) by requesting a timer sleep\n for a long period of time leading to an integer overflow.

    • \n
  • CVE-2007-6063\n

    Venustech AD-LAB discovered a buffer overflow in the isdn ioctl\n handling, exploitable by a local user.

    • \n
  • CVE-2007-6206\n

    Blake Frantz discovered that when a core file owned by a non-root user\n exists, and a root-owned process dumps core over it, the core file\n retains its original ownership. This could be used by a local user to\n gain access to sensitive information.

    • \n
  • CVE-2007-6417\n

    Hugh Dickins discovered an issue in the tmpfs filesystem where, under\n a rare circumstance, a kernel page may be improperly cleared, leaking\n sensitive kernel memory to userspace or resulting in a DoS (crash).

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-13etch6.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.13etch6
user-mode-linux 2.6.18-1um-2etch.13etch6
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch6.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-13etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch6.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-13etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-13etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-13etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-13etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-5_2.6.18.dfsg.1-13etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-13etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-alpha_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-generic_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-legacy_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-alpha-smp_2.6.18.dfsg.1-13etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-alpha_2.6.18.dfsg.1-13etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-arm_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-rpc_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-footbridge_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-iop32x_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-ixp4xx_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-rpc_2.6.18.dfsg.1-13etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s3c2410_2.6.18.dfsg.1-13etch6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-hppa_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc-smp_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64_2.6.18.dfsg.1-13etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-parisc64-smp_2.6.18.dfsg.1-13etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-486_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-i386_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-amd64_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-k7_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-486_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-686-bigmem_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-amd64_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-k7_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-k7_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-5-xen-vserver-686_2.6.18.dfsg.1-13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.13etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-ia64_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-itanium_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-itanium_2.6.18.dfsg.1-13etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-mckinley_2.6.18.dfsg.1-13etch6_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mips_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-ip22_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-ip32_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-mipsel_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-qemu_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-qemu_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r3k-kn02_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r4k-kn04_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-r5k-cobalt_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1-bcm91250a_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sb1a-bcm91480b_2.6.18.dfsg.1-13etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-powerpc_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-prep_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-miboot_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc-smp_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-powerpc64_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-prep_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-powerpc64_2.6.18.dfsg.1-13etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.13etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-s390_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-s390x_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390-tape_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-s390x_2.6.18.dfsg.1-13etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-s390x_2.6.18.dfsg.1-13etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-all-sparc_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc32_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-sparc64-smp_2.6.18.dfsg.1-13etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-5-vserver-sparc64_2.6.18.dfsg.1-13etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1437": "
\n

Debian Security Advisory

\n

DSA-1437-1 cupsys -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Dec 2007
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5849, CVE-2007-6358.
\n
More information:
\n
\n

\nSeveral local vulnerabilities have been discovered in the Common UNIX Printing\nSystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n

\n
    \n
  • CVE-2007-5849\n

    \n Wei Wang discovered that an buffer overflow in the SNMP backend may lead to\n the execution of arbitrary code.\n

    • \n
  • CVE-2007-6358\n

    \n Elias Pipping discovered that insecure handling of a temporary file in the\n pdftops.pl script may lead to local denial of service. This vulnerability\n is not exploitable in the default configuration.\n

    • \n
\n

\nThe old stable distribution (sarge) is not affected by CVE-2007-5849.\nThe other issue doesn't warrant an update on it's own and has been\npostponed.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in version\n1.2.7-4etch2.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in version\n1.3.5-1.\n

\n

\nWe recommend that you upgrade your cupsys packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch2_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1438": "
\n

Debian Security Advisory

\n

DSA-1438-1 tar -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Dec 2007
\n
Affected Packages:
\n
\ntar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4131, CVE-2007-4476.
\n
More information:
\n
\n

\nSeveral vulnerabilities have been discovered in GNU Tar. The Common\nVulnerabilities and Exposures project identifies the following problems:\n

\n
    \n
  • CVE-2007-4131\n

    \n A directory traversal vulnerability enables attackers using\n specially crafted archives to extract contents outside the\n directory tree created by tar.\n

    • \n
  • CVE-2007-4476\n

    \n A stack-based buffer overflow in the file name checking code may\n lead to arbitrary code execution when processing maliciously\n crafted archives.\n

    • \n
\n

\nFor the old stable distribution (sarge), these problems have been\nfixed in version 1.14-2.4.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.16-2etch1.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.18-2.\n

\n

\nWe recommend that you upgrade your tar package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4.dsc
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.14-2.4_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tar/tar_1.16-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1439": "
\n

Debian Security Advisory

\n

DSA-1439-1 typo3-src -- missing input sanitising

\n
\n
Date Reported:
\n
28 Dec 2007
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 457446.
In Mitre's CVE dictionary: CVE-2007-6381.
\n
More information:
\n
\n

\nHenning Pingel discovered that TYPO3, a web content management framework,\nperforms insufficient input sanitising, making it vulnerable to SQL\ninjection by logged-in backend users.\n

\n

\nThe old stable distribution (sarge) doesn't contain typo3-src.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 4.0.2+debian-4.\n

\n

\nFor the unstable distribution (sid) and for the testing distribution\n(lenny), this problem has been fixed in version 4.1.5-1.\n

\n

\nWe recommend that you upgrade your typo3-src packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-4.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-4_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1440": "
\n

Debian Security Advisory

\n

DSA-1440-1 inotify-tools -- buffer overflow

\n
\n
Date Reported:
\n
28 Dec 2007
\n
Affected Packages:
\n
\ninotify-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 443913.
In Mitre's CVE dictionary: CVE-2007-5037.
\n
More information:
\n
\n

\nIt was discovered that a buffer overflow in the filename processing of\nthe inotify-tools, a command-line interface to inotify, may lead to\nthe execution of arbitrary code. This only affects the internal\nlibrary and none of the frontend tools shipped in Debian.\n

\n

\nThe old stable distribution (sarge) does not provide inotify-tools.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 3.3-2.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 3.11-1.\n

\n

\nWe recommend that you upgrade your inotify-tools package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2.dsc
\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/inotify-tools/inotify-tools_3.3-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1441": "
\n

Debian Security Advisory

\n

DSA-1441-1 peercast -- buffer overflow

\n
\n
Date Reported:
\n
28 Dec 2007
\n
Affected Packages:
\n
\npeercast\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 457300.
In Mitre's CVE dictionary: CVE-2007-6454.
\n
More information:
\n
\n

\nLuigi Auriemma discovered that PeerCast, a P2P audio and video streaming\nserver, is vulnerable to a heap overflow in the HTTP server code, which\nallows remote attackers to cause a denial of service and possibly execute\narbitrary code via a long SOURCE request.\n

\n

\nThe old stable distribution (sarge) does not contain peercast.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.1217.toots.20060314-1etch0.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.1218+svn20071220+2.\n

\n

\nWe recommend that you upgrade your peercast packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.dsc
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-handlers_0.1217.toots.20060314-1etch0_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_arm.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_arm.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_arm.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch0_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch0_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch0_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1442": "
\n

Debian Security Advisory

\n

DSA-1442-1 libsndfile -- buffer overflow

\n
\n
Date Reported:
\n
29 Dec 2007
\n
Affected Packages:
\n
\nlibsndfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4974.
\n
More information:
\n
\n

\nRubert Buchholz discovered that libsndfile, a library for reading /\nwriting audio files, performs insufficient boundary checks when\nprocessing FLAC files, which might lead to the execution of arbitrary\ncode.\n

\n

\nThe old stable distribution (sarge) is not affected by this problem.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.16-2.\n

\n

\nWe recommend that you upgrade your libsndfile packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1443": "
\n

Debian Security Advisory

\n

DSA-1443-1 tcpreen -- buffer overflows

\n
\n
Date Reported:
\n
03 Jan 2008
\n
Affected Packages:
\n
\ntcpreen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6562.
\n
More information:
\n
\n

\nIt was discovered that several buffer overflows in tcpreen, a tool for\nmonitoring a TCP connection, may lead to denial of service.\n

\n

\nThe old stable distribution (sarge) doesn't contain tcpreen.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.3-0.1etch1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.4.3-0.3.\n

\n

\nWe recommend that you upgrade your tcpreen package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tcpreen/tcpreen_1.4.3-0.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1444": "
\n

Debian Security Advisory

\n

DSA-1444-2 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2008
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4662, CVE-2007-5898, CVE-2007-5899.
\n
More information:
\n
\n

\nIt was discovered that the patch for CVE-2007-4659 could lead to\nregressions in some scenarios. The fix has been reverted for now,\na revised update will be provided in a future PHP DSA.\n

\n

For reference the original advisory below:

\n

\nSeveral remote vulnerabilities have been discovered in PHP, a\nserver-side, HTML-embedded scripting language. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n

\n
    \n
  • CVE-2007-3799\n

    \n It was discovered that the session_start() function allowed the\n insertion of attributes into the session cookie.\n

    • \n
  • CVE-2007-3998\n

    \n Mattias Bengtsson and Philip Olausson discovered that a\n programming error in the implementation of the wordwrap() function\n allowed denial of service through an infinite loop.\n

    • \n
  • CVE-2007-4658\n

    \n Stanislav Malyshev discovered that a format string vulnerability\n in the money_format() function could allow the execution of\n arbitrary code.\n

    • \n
  • CVE-2007-4659\n

    \n Stefan Esser discovered that execution control flow inside the\n zend_alter_ini_entry() function is handled incorrectly in case\n of a memory limit violation.\n

    • \n
  • CVE-2007-4660\n

    \n Gerhard Wagner discovered an integer overflow inside the\n chunk_split() function.\n

    • \n
  • CVE-2007-5898\n

    \n Rasmus Lerdorf discovered that incorrect parsing of multibyte\n sequences may lead to disclosure of memory contents.\n

    • \n
  • CVE-2007-5899\n

    \n It was discovered that the output_add_rewrite_var() function could\n leak session ID information, resulting in information disclosure.\n

    • \n
\n

\nThis update also fixes two bugs from the PHP 5.2.4 release which\ndon't have security impact according to the Debian PHP security policy\n(CVE-2007-4657 and CVE-2007-4662), but which are fixed nonetheless.\n

\n

\nThe old stable distribution (sarge) doesn't contain php5.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.2.0-8+etch10.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed\nin version 5.2.4-1, with the exception of CVE-2007-5898 and\nCVE-2007-5899, which will be fixed soon. Please note that Debian's\nversion of PHP is hardened with the Suhosin patch beginning with\nversion 5.2.4-1, which renders several vulnerabilities ineffective.\n

\n

\nWe recommend that you upgrade your php5 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch10.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch10.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch10_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1445": "
\n

Debian Security Advisory

\n

DSA-1445-1 maradns -- programming error

\n
\n
Date Reported:
\n
03 Jan 2008
\n
Affected Packages:
\n
\nmaradns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0061.
\n
More information:
\n
\n

\nMichael Krieger and Sam Trenholme discovered a programming error in\nMaraDNS, a simple security-aware Domain Name Service server, which\nmight lead to denial of service through malformed DNS packets.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed\nin version 1.0.27-2.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.2.12.04-1etch2.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.2.12.08-1.\n

\n

\nWe recommend that you upgrade your maradns package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2.dsc
\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.0.27-2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/maradns/maradns_1.2.12.04-1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1446": "
\n

Debian Security Advisory

\n

DSA-1446-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jan 2008
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6450, CVE-2007-6451.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:\n

\n
    \n
  • CVE-2007-6450\n

    \n The RPL dissector could be tricked into an infinite loop.\n

    • \n
  • CVE-2007-6451\n

    \n The CIP dissector could be tricked into excessive memory\n allocation.\n

    • \n
\n

\nFor the old stable distribution (sarge), these problems have been fixed in\nversion 0.10.10-2sarge11. (In Sarge Wireshark used to be called Ethereal).\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 0.99.4-5.etch.2.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.99.7-1.\n

\n

\nWe recommend that you upgrade your wireshark packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_m68k.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge11_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge11_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1447": "
\n

Debian Security Advisory

\n

DSA-1447-1 tomcat5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jan 2008
\n
Affected Packages:
\n
\ntomcat5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5342, CVE-2007-5461.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n

\n
    \n
  • CVE-2007-3382\n

    \n It was discovered that single quotes (') in cookies were treated\n as a delimiter, which could lead to an information leak.\n

    • \n
  • CVE-2007-3385\n

    \n It was discovered that the character sequence \\\" in cookies was\n handled incorrectly, which could lead to an information leak.\n

    • \n
  • CVE-2007-3386\n

    \n It was discovered that the host manager servlet performed\n insufficient input validation, which could lead to a cross-site\n scripting attack.\n

    • \n
  • CVE-2007-5342\n

    \n It was discovered that the JULI logging component did not restrict\n its target path, resulting in potential denial of service through\n file overwrites.\n

    • \n
  • CVE-2007-5461\n

    \n It was discovered that the WebDAV servlet is vulnerable to absolute\n path traversal.\n

    • \n
\n

\nThe old stable distribution (sarge) doesn't contain tomcat5.5.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch1.\n

\n

\nFor the unstable distribution (sid) these problems will be fixed soon.\n

\n

\nWe recommend that you upgrade your tomcat5.5 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1448": "
\n

Debian Security Advisory

\n

DSA-1448-1 eggdrop -- buffer overflow

\n
\n
Date Reported:
\n
05 Jan 2008
\n
Affected Packages:
\n
\neggdrop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 427157.
In Mitre's CVE dictionary: CVE-2007-2807.
\n
More information:
\n
\n

It was discovered that eggdrop, an advanced IRC robot, was vulnerable\nto a buffer overflow which could result in a remote user executing\narbitrary code.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 1.6.17-3sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.6.18-1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.18-1.1

\n

We recommend that you upgrade your eggdrop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1449": "
\n

Debian Security Advisory

\n

DSA-1449-1 loop-aes-utils -- programming error

\n
\n
Date Reported:
\n
05 Jan 2008
\n
Affected Packages:
\n
\nloop-aes-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5191.
\n
More information:
\n
\n

It was discovered that loop-aes-utils, tools for mounting and manipulating\nfilesystems, didn't drop privileged user and group permissions in the correct order\nin the mount and umount commands. This could potentially allow a local\nuser to gain additional privileges.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.12p-4sarge2.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.12r-15+etch1.

\n

We recommend that you upgrade your loop-aes-utils package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1450": "
\n

Debian Security Advisory

\n

DSA-1450-1 util-linux -- programming error

\n
\n
Date Reported:
\n
05 Jan 2008
\n
Affected Packages:
\n
\nutil-linux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5191.
\n
More information:
\n
\n

It was discovered that util-linux, miscellaneous system utilities,\ndidn't drop privileged user and group permissions in the correct order\nin the mount and umount commands. This could potentially allow a local\nuser to gain additional privileges.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.12p-4sarge2.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.12r-19etch1.

\n

We recommend that you upgrade your util-linux package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_ia64.udeb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mips.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_s390.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_sparc.udeb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.dsc
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12r-19etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1451": "
\n

Debian Security Advisory

\n

DSA-1451-1 mysql-dfsg-5.0 -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Jan 2008
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3781, CVE-2007-5969, CVE-2007-6304.
\n
More information:
\n
\n

\nSeveral local/remote vulnerabilities have been discovered in the MySQL\ndatabase server. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n

\n
    \n
  • CVE-2007-3781\n

    \n It was discovered that the privilege validation for the source table\n of CREATE TABLE LIKE statements was insufficiently enforced, which\n might lead to information disclosure. This is only exploitable by\n authenticated users.\n

    • \n
  • CVE-2007-5969\n

    \n It was discovered that symbolic links were handled insecurely during\n the creation of tables with DATA DIRECTORY or INDEX DIRECTORY\n statements, which might lead to denial of service by overwriting\n data. This is only exploitable by authenticated users.\n

    • \n
  • CVE-2007-6304\n

    \n It was discovered that queries to data in a FEDERATED table can\n lead to a crash of the local database server, if the remote server\n returns information with less columns than expected, resulting in\n denial of service.\n

    • \n
\n

\nThe old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch4.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 5.0.51-1.\n

\n

\nWe recommend that you upgrade your mysql-dfsg-5.0 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1452": "
\n

Debian Security Advisory

\n

DSA-1452-1 wzdftpd -- denial of service

\n
\n
Date Reported:
\n
06 Jan 2008
\n
Affected Packages:
\n
\nwzdftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 446192.
In Mitre's CVE dictionary: CVE-2007-5300.
\n
More information:
\n
\n

k1tk4t discovered that wzdftpd, a portable, modular, small and efficient\nftp server, did not correctly handle the receipt of long usernames. This\ncould allow remote users to cause the daemon to exit.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.5.2-1.1sarge3.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.8.1-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n0.8.2-2.1.

\n

We recommend that you upgrade your wzdftpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_i386.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_m68k.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-pgsql_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-avahi_0.8.1-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.8.1-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1453": "
\n

Debian Security Advisory

\n

DSA-1453-1 tomcat5 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jan 2008
\n
Affected Packages:
\n
\ntomcat5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3382, CVE-2007-3385, CVE-2007-5461.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n

\n
    \n
  • CVE-2007-3382\n

    \n It was discovered that single quotes (') in cookies were treated\n as a delimiter, which could lead to an information leak.\n

    • \n
  • CVE-2007-3385\n

    \n It was discovered that the character sequence \\\" in cookies was\n handled incorrectly, which could lead to an information leak.\n

    • \n
  • CVE-2007-5461\n

    \n It was discovered that the WebDAV servlet is vulnerable to absolute\n path traversal.\n

    • \n
\n

\nThe old stable distribution (sarge) doesn't contain tomcat5.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 5.0.30-12etch1.\n

\n

\nThe unstable distribution (sid) no longer contains tomcat5.\n

\n

\nWe recommend that you upgrade your tomcat5 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5_5.0.30-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5/libtomcat5-java_5.0.30-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-admin_5.0.30-12etch1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5/tomcat5-webapps_5.0.30-12etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1454": "
\n

Debian Security Advisory

\n

DSA-1454-1 freetype -- integer overflow

\n
\n
Date Reported:
\n
07 Jan 2008
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-1351.
\n
More information:
\n
\n

\nGreg MacManus discovered an integer overflow in the font handling of\nlibfreetype, a FreeType 2 font engine, which might lead to denial of\nservice or possibly the execution of arbitrary code if a user is tricked\ninto opening a malformed font.\n

\n

\nFor the old stable distribution (sarge) this problem will be fixed\nsoon.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.2.1-5+etch2.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.3.5-1.\n

\n

\nWe recommend that you upgrade your freetype packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_mips.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch2_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1455": "
\n

Debian Security Advisory

\n

DSA-1455-1 libarchive -- denial of service

\n
\n
Date Reported:
\n
08 Jan 2008
\n
Affected Packages:
\n
\nlibarchive1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 432924.
In Mitre's CVE dictionary: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in libarchive1,\na single library to read/write tar, cpio, pax, zip, iso9660 archives.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-3641\n

    It was discovered that libarchive1 would miscompute the length of a buffer\n resulting in a buffer overflow if yet another type of corruption occurred\n in a pax extension header.

    • \n
  • CVE-2007-3644\n

    It was discovered that if an archive prematurely ended within a pax\n extension header the libarchive1 library could enter an infinite loop.

    • \n
  • CVE-2007-3645\n

    If an archive prematurely ended within a tar header, immediately following\n a pax extension header, libarchive1 could dereference a NULL pointer.

    • \n
\n

The old stable distribution (sarge), does not contain this package.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.53-2etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.4-1.

\n

We recommend that you upgrade your libarchive package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1456": "
\n

Debian Security Advisory

\n

DSA-1456-1 fail2ban -- programming error

\n
\n
Date Reported:
\n
09 Jan 2008
\n
Affected Packages:
\n
\nfail2ban\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4321.
\n
More information:
\n
\n

\nDaniel B. Cid discovered that fail2ban, a tool to block IP addresses\nthat cause login failures, is too liberal about parsing SSH log files,\nallowing an attacker to block any IP address.\n

\n

\nThe old stable distribution (sarge) doesn't contain fail2ban.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.7.5-2etch1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.0-4.\n

\n

\nWe recommend that you upgrade your fail2ban package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fail2ban/fail2ban_0.7.5-2etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1457": "
\n

Debian Security Advisory

\n

DSA-1457-1 dovecot -- programming error

\n
\n
Date Reported:
\n
09 Jan 2008
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6598.
\n
More information:
\n
\n

\nIt was discovered that Dovecot, a POP3 and IMAP server, only when used\nwith LDAP authentication and base contains variables, could allow\na user to log in to the account of another user with the same password.\n

\n

\nThe old stable distribution (sarge) is not affected.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.0.rc15-2etch3.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.0.10-1.\n

\n

\nWe recommend that you upgrade your dovecot packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1458": "
\n

Debian Security Advisory

\n

DSA-1458-1 openafs -- programming error

\n
\n
Date Reported:
\n
10 Jan 2008
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 27132.
In Mitre's CVE dictionary: CVE-2007-6599.
\n
More information:
\n
\n

\nA race condition in the OpenAFS fileserver allows remote attackers to\ncause a denial of service (daemon crash) by simultaneously acquiring and\ngiving back file callbacks, which causes the handler for the\nGiveUpAllCallBacks RPC to perform linked-list operations without the\nhost_glock lock.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 1.3.81-3sarge3.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.2-6etch1.\n

\n

\nWe recommend that you upgrade your openafs packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge3.dsc
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.3.81-3sarge3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge3_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-doc_1.4.2-6etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.4.2-6etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1459": "
\n

Debian Security Advisory

\n

DSA-1459-1 gforge -- insufficient input validation

\n
\n
Date Reported:
\n
13 Jan 2008
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0173.
\n
More information:
\n
\n

\nIt was discovered that Gforge, a collaborative development tool, did not\nproperly sanitise some CGI parameters, allowing SQL injection in scripts\nrelated to RSS exports.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 3.1-31sarge5.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 4.5.14-22etch4.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 4.6.99+svn6330-1.\n

\n

\nWe recommend that you upgrade your gforge packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge5_all.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch4_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1460": "
\n

Debian Security Advisory

\n

DSA-1460-1 postgresql-8.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Jan 2008
\n
Affected Packages:
\n
\npostgresql-8.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601.
\n
More information:
\n
\n

\nSeveral local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n

\n
    \n
  • CVE-2007-3278\n

    \n It was discovered that the DBLink module performed insufficient\n credential validation. This issue is also tracked as CVE-2007-6601,\n since the initial upstream fix was incomplete.\n

    • \n
  • CVE-2007-4769\n

    \n Tavis Ormandy and Will Drewry discovered that a bug in the handling\n of back-references inside the regular expressions engine could lead\n to an out of bounds read, resulting in a crash. This constitutes only\n a security problem if an application using PostgreSQL processes\n regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-4772\n

    \n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked into an infinite loop, resulting in denial\n of service. This constitutes only a security problem if an application\n using PostgreSQL processes regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-6067\n

    \n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked massive resource consumption. This\n constitutes only a security problem if an application using PostgreSQL\n processes regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-6600\n

    \n Functions in index expressions could lead to privilege escalation. For\n a more in depth explanation please see the upstream announce available\n at http://www.postgresql.org/about/news.905.\n

    • \n
\n

\nThe old stable distribution (sarge), doesn't contain postgresql-8.1.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in version\npostgresql-8.1 8.1.11-0etch1.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 8.2.6-1 of postgresql-8.2.\n

\n

\nWe recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.11-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.11-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1461": "
\n

Debian Security Advisory

\n

DSA-1461-1 libxml2 -- missing input validation

\n
\n
Date Reported:
\n
13 Jan 2008
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6284.
\n
More information:
\n
\n

\nBrad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2,\nthe GNOME XML library, validate UTF-8 correctness insufficiently, which\nmay lead to denial of service by forcing libxml2 into an infinite loop.\n

\n

\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 2.6.16-7sarge1.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-2.\n

\n

\nFor the unstable distribution (sid), this problem will be fixed soon.\n

\n

\nWe recommend that you upgrade your libxml2 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1462": "
\n

Debian Security Advisory

\n

DSA-1462-1 hplip -- missing input sanitising

\n
\n
Date Reported:
\n
13 Jan 2008
\n
Affected Packages:
\n
\nhplip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5208.
\n
More information:
\n
\n

\nKees Cook discovered that the hpssd tool of the HP Linux Printing and\nImaging System (HPLIP) performs insufficient input sanitising of shell\nmeta characters, which may result in local privilege escalation to\nthe hplip user.\n

\n

\nThe old stable distribution (sarge) is not affected by this problem.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.6.10-3etch1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.6.10-4.3.\n

\n

\nWe recommend that you upgrade your hplip packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs-ppds_2.6.10+1.6.10-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-data_1.6.10-3etch1_all.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-doc_1.6.10-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1463": "
\n

Debian Security Advisory

\n

DSA-1463-1 postgresql-7.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jan 2008
\n
Affected Packages:
\n
\npostgresql-7.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601.
\n
More information:
\n
\n

\nSeveral local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n

\n
    \n
  • CVE-2007-3278\n

    \n It was discovered that the DBLink module performed insufficient\n credential validation. This issue is also tracked as CVE-2007-6601,\n since the initial upstream fix was incomplete.\n

    • \n
  • CVE-2007-4769\n

    \n Tavis Ormandy and Will Drewry discovered that a bug in the handling\n of back-references inside the regular expressions engine could lead\n to an out of bounds read, resulting in a crash. This constitutes only\n a security problem if an application using PostgreSQL processes\n regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-4772\n

    \n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked into an infinite loop, resulting in denial\n of service. This constitutes only a security problem if an application\n using PostgreSQL processes regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-6067\n

    \n Tavis Ormandy and Will Drewry discovered that the optimizer for regular\n expression could be tricked massive resource consumption. This\n constitutes only a security problem if an application using PostgreSQL\n processes regular expressions from untrusted sources.\n

    • \n
  • CVE-2007-6600\n

    \n Functions in index expressions could lead to privilege escalation. For\n a more in depth explanation please see the upstream announce available\n at http://www.postgresql.org/about/news.905.\n

    • \n
\n

\nFor the old stable distribution (sarge), some of these problems have been\nfixed in version 7.4.7-6sarge6 of the postgresql package. Please note that\nthe fix for CVE-2007-6600 and for the handling of regular expressions\nhavn't been backported due to the intrusiveness of the fix. We recommend\nto upgrade to the stable distribution if these vulnerabilities affect your\nsetup.\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 7.4.19-0etch1.\n

\n

\nThe unstable distribution (sid) no longer contains postgres-7.4.\n

\n

\nWe recommend that you upgrade your postgresql-7.4 packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-doc_7.4.7-6sarge6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-contrib_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-client_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql-dev_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl-dev_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg4_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpq3_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libpgtcl_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/postgresql_7.4.7-6sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql/libecpg-dev_7.4.7-6sarge6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.19-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.19-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1464": "
\n

Debian Security Advisory

\n

DSA-1464-1 syslog-ng -- null pointer dereference

\n
\n
Date Reported:
\n
15 Jan 2008
\n
Affected Packages:
\n
\nsyslog-ng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6437.
\n
More information:
\n
\n

\nOriol Carreras discovered that syslog-ng, a next generation logging\ndaemon can be tricked into dereferencing a NULL pointer through\nmalformed timestamps, which can lead to denial of service and the\ndisguise of an subsequent attack, which would otherwise be logged.\n

\n

\nThe old stable distribution (sarge) is not affected.\n

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.0.0-1etch1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.0.6-1.\n

\n

\nWe recommend that you upgrade your syslog-ng package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/syslog-ng/syslog-ng_2.0.0-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1465": "
\n

Debian Security Advisory

\n

DSA-1465-2 apt-listchanges -- programming error

\n
\n
Date Reported:
\n
17 Jan 2008
\n
Affected Packages:
\n
\napt-listchanges\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0302.
\n
More information:
\n
\n

Felipe Sateler discovered that apt-listchanges, a package change history\nnotification tool, used unsafe paths when importing its python libraries.\nThis could allow the execution of arbitrary shell commands if the root user\nexecuted the command in a directory which other local users may write\nto.

\n

For the old stable distribution (sarge), this problem was not present.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.72.5etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.82.

\n

We recommend that you upgrade your apt-listchanges package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1466": "
\n

Debian Security Advisory

\n

DSA-1466-1 xorg-server -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jan 2008
\n
Affected Packages:
\n
\nxfree86\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006.
\n
More information:
\n
\n

The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM\nextension, which prevented the start of a few applications. This update\nprovides updated packages for the xfree86 version included in Debian\nold stable (sarge) in addition to the fixed packages for Debian stable\n(etch), which were provided in DSA 1466-2.

\n

For reference the original advisory text below:

\n

Several local vulnerabilities have been discovered in the X.Org X\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-5760\n

    regenrecht discovered that missing input sanitising within\n the XFree86-Misc extension may lead to local privilege escalation.

    • \n
  • CVE-2007-5958\n

    It was discovered that error messages of security policy file\n handling may lead to a minor information leak disclosing the\n existence of files otherwise inaccessible to the user.

    • \n
  • CVE-2007-6427\n

    regenrecht discovered that missing input sanitising within\n the XInput-Misc extension may lead to local privilege escalation.

    • \n
  • CVE-2007-6428\n

    regenrecht discovered that missing input sanitising within\n the TOG-CUP extension may lead to disclosure of memory contents.

    • \n
  • CVE-2007-6429\n

    regenrecht discovered that integer overflows in the EVI\n and MIT-SHM extensions may lead to local privilege escalation.

    • \n
  • CVE-2008-0006\n

    It was discovered that insufficient validation of PCF fonts could lead\n to local privilege escalation.

    • \n
\n

For the oldstable distribution (sarge), this problem has been fixed in\nversion 4.3.0.dfsg.1-14sarge7 of xfree86.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.1.1-21etch3 of xorg-server and 1.2.2-2.etch1 of libxfont.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.4.1~git20080118-1 of xorg-server and version 1:1.3.1-2\nof libxfont.

\n

We recommend that you upgrade your X.org/Xfree86 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge7.dsc
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86_4.3.0.dfsg.1-14sarge7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xfree86/x-dev_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/pm-dev_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-pic_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi-transcoded_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-data_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-scalable_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfree86-common_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-cyrillic_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-100dpi-transcoded_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dev_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dev_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-75dpi_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfonts-base-transcoded_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-dbg_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xspecs_4.3.0.dfsg.1-14sarge7_all.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3-dbg_4.3.0.dfsg.1-14sarge7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-common_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/twm_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa4-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm4-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmuu1-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xbase-clients_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa3_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfs_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xutils_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xvfb_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxv1_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxext6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw6-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-glu-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtst6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-dri-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibosmesa-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/proxymngr_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libsm-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxp6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/x-window-system-core_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxft1_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libx11-6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxtrap6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxpm-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libice6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxi6-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xdm_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxmu6_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxaw7-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/lbxproxy_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibs-static-pic_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxrandr2-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libxt-dev_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xfwp_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xterm_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xlibmesa-gl-dbg_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xnest_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xserver-xfree86_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/libdps1_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xfree86/xmh_4.3.0.dfsg.1-14sarge7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch2.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont_1.2.2-2.etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont_1.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont_1.2.2-2.etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1-dbg_1.2.2-2.etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont-dev_1.2.2-2.etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxfont/libxfont1_1.2.2-2.etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1467": "
\n

Debian Security Advisory

\n

DSA-1467-1 mantis -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jan 2008
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 402802, Bug 458377.
In Mitre's CVE dictionary: CVE-2006-6574, CVE-2007-6611.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Mantis, a web based\nbug tracking system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2006-6574\n

    Custom fields were not appropriately protected by per-item access\n control, allowing for sensitive data to be published.

    • \n
  • CVE-2007-6611\n

    Multiple cross site scripting issues allowed a remote attacker to\n insert malicious HTML or web script into Mantis web pages.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 0.19.2-5sarge5.

\n

The stable distribution (etch) is not affected by these problems.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.8-4.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge5.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_0.19.2-5sarge5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1468": "
\n

Debian Security Advisory

\n

DSA-1468-1 tomcat5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jan 2008
\n
Affected Packages:
\n
\ntomcat5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0128, CVE-2007-2450.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-0128\n

    Olaf Kock discovered that HTTPS encryption was insufficiently\n enforced for single-sign-on cookies, which could result in\n information disclosure.

    • \n
  • CVE-2007-2450\n

    It was discovered that the Manager and Host Manager web applications\n performed insufficient input sanitising, which could lead to cross site\n scripting.

    • \n
\n

This update also adapts the tomcat5.5-webapps package to the tightened\nJULI permissions introduced in the previous tomcat5.5 DSA. However, it\nshould be noted, that the tomcat5.5-webapps is for demonstration and\ndocumentation purposes only and should not be used for production\nsystems.

\n

The old stable distribution (sarge) doesn't contain tomcat5.5.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.5.20-2etch2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your tomcat5.5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1469": "
\n

Debian Security Advisory

\n

DSA-1469-1 flac -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jan 2008
\n
Affected Packages:
\n
\nflac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4619, CVE-2007-6277.
\n
More information:
\n
\n

Sean de Regge and Greg Linares discovered multiple heap and stack based\nbuffer overflows in FLAC, the Free Lossless Audio Codec, which could\nlead to the execution of arbitrary code.

\n

For the old stable distribution (sarge), these problems have been\nfixed in version 1.1.1-5sarge1.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.1.2-8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.1-1.

\n

We recommend that you upgrade your flac packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/flac/libflac6_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++0c102_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++4_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac1_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.1-5sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.1-5sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8.dsc
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flac/libflac-doc_1.1.2-8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_arm.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_i386.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_mips.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_s390.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/flac/libflac7_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac-dev_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++-dev_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++-dev_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac++2_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/libflac++5_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/flac_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/xmms-flac_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac3_1.1.2-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/flac/liboggflac-dev_1.1.2-8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1470": "
\n

Debian Security Advisory

\n

DSA-1470-1 horde3 -- missing input sanitising

\n
\n
Date Reported:
\n
20 Jan 2008
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6018.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered that the HTML filter of the Horde web\napplication framework performed insufficient input sanitising, which\nmay lead to the deletion of emails if a user is tricked into viewing\na malformed email inside the Imp client.

\n

This update also provides backported bugfixes to the cross-site\nscripting filter and the user management API from the latest Horde\nrelease 3.1.6.

\n

The old stable distribution (sarge) is not affected. An update to\nEtch is recommended, though.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 3.1.3-4etch2.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch2.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1471": "
\n

Debian Security Advisory

\n

DSA-1471-1 libvorbis -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jan 2008
\n
Affected Packages:
\n
\nlibvorbis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3106, CVE-2007-4029, CVE-2007-4066.
\n
More information:
\n
\n

Several vulnerabilities were found in the Vorbis General Audio\nCompression Codec, which may lead to denial of service or the\nexecution of arbitrary code, if a user is tricked into opening\na malformed Ogg Audio file with an application linked against\nlibvorbis.

\n

For the old stable distribution (sarge), these problems have been fixed\nin version 1.1.0-2.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.dfsg-1.

\n

We recommend that you upgrade your libvorbis packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0-2.dsc
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.0-2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.0-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.0-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.0-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.0-2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.3.dsc
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.3.diff.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1472": "
\n

Debian Security Advisory

\n

DSA-1472-1 xine-lib -- buffer overflow

\n
\n
Date Reported:
\n
21 Jan 2008
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0225.
\n
More information:
\n
\n

Luigi Auriemma discovered that the Xine media player library performed\ninsufficient input sanitising during the handling of RTSP streams,\nwhich could lead to the execution of arbitrary code.

\n

For the old stable distribution (sarge), this problem has been fixed\nin version 1.0.1-1sarge6.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.1.2+dfsg-5.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 1.1.8-3+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your xine-lib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge6.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-5.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1473": "
\n

Debian Security Advisory

\n

DSA-1473-1 scponly -- design flaw

\n
\n
Date Reported:
\n
21 Jan 2008
\n
Affected Packages:
\n
\nscponly\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 437148.
In Mitre's CVE dictionary: CVE-2007-6350, CVE-2007-6415.
\n
More information:
\n
\n

Joachim Breitner discovered that Subversion support in scponly is\ninherently insecure, allowing execution of arbitrary commands. Further\ninvestigation showed that rsync and Unison support suffer from similar\nissues. This set of issues has been assigned CVE-2007-6350.

\n

In addition, it was discovered that it was possible to invoke scp\nwith certain options that may lead to the execution of arbitrary commands\n(CVE-2007-6415).

\n

This update removes Subversion, rsync and Unison support from the\nscponly package, and prevents scp from being invoked with the dangerous\noptions.

\n

For the old stable distribution (sarge), these problems have been fixed\nin version 4.0-1sarge2.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 4.6-1etch1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your scponly package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.0-1sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/scponly/scponly_4.6-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1474": "
\n

Debian Security Advisory

\n

DSA-1474-1 exiv2 -- integer overflow

\n
\n
Date Reported:
\n
23 Jan 2008
\n
Affected Packages:
\n
\nexiv2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6353.
\n
More information:
\n
\n

Meder Kydyraliev discovered an integer overflow in the thumbnail\nhandling of libexif, the EXIF/IPTC metadata manipulation library, which\ncould result in the execution of arbitrary code.

\n

The old stable distribution (sarge) doesn't contain exiv2 packages.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.10-1.5.

\n

We recommend that you upgrade your exiv2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5.dsc
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-doc_0.10-1.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_arm.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_mips.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-0.10_0.10-1.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/libexiv2-dev_0.10-1.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/exiv2/exiv2_0.10-1.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1475": "
\n

Debian Security Advisory

\n

DSA-1475-1 gforge -- missing input sanitising

\n
\n
Date Reported:
\n
26 Jan 2008
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-0176.
\n
More information:
\n
\n

Jos\u00e9 Ram\u00f3n Palanco discovered that a cross site scripting vulnerability\nin GForge, a collaborative development tool, allows remote attackers to\ninject arbitrary web script or HTML in the context of a logged in user's\nsession.

\n

The old stable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.5.14-22etch5.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 4.6.99+svn6347-1.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch5.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch5_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1476": "
\n

Debian Security Advisory

\n

DSA-1476-1 pulseaudio -- programming error

\n
\n
Date Reported:
\n
27 Jan 2008
\n
Affected Packages:
\n
\npulseaudio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0008.
\n
More information:
\n
\n

Marcus Meissner discovered that the PulseAudio sound server performed\ninsufficient checks when dropping privileges, which could lead to local\nprivilege escalation.

\n

The old stable distribution (sarge) doesn't contain pulseaudio.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.9.5-5etch1.

\n

We recommend that you upgrade your pulseaudio packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.5-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.5-5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1477": "
\n

Debian Security Advisory

\n

DSA-1477-1 yarssr -- missing input sanitising

\n
\n
Date Reported:
\n
27 Jan 2008
\n
Affected Packages:
\n
\nyarssr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5837.
\n
More information:
\n
\n

Duncan Gilmore discovered that yarssr, an RSS aggregator and reader,\nperforms insufficient input sanitising, which could result in the\nexecution of arbitrary shell commands if a malformed feed is read.

\n

Due to a technical limitation of the archive management scripts, the\nfix for the old stable distribution (sarge) needs to be postponed\nby a few days.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.2.2-1etch1.

\n

We recommend that you upgrade your yarssr packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/y/yarssr/yarssr_0.2.2-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/y/yarssr/yarssr_0.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/y/yarssr/yarssr_0.2.2-1etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/y/yarssr/yarssr_0.2.2-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1478": "
\n

Debian Security Advisory

\n

DSA-1478-1 mysql-dfsg-5.0 -- buffer overflows

\n
\n
Date Reported:
\n
28 Jan 2008
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0226, CVE-2008-0227.
\n
More information:
\n
\n

Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL\nimplementation included in the MySQL database package, which could lead\nto denial of service and possibly the execution of arbitrary code.

\n

The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.0.51-3.

\n

We recommend that you upgrade your mysql-dfsg-5.0 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1479": "
\n

Debian Security Advisory

\n

DSA-1479-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Jan 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2878, CVE-2007-4571, CVE-2007-6151, CVE-2008-0001.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Linux kernel\nthat may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-2878\n

    Bart Oldeman reported a denial of service (DoS) issue in the VFAT\n filesystem that allows local users to corrupt a kernel structure resulting\n in a system crash. This is only an issue for systems which make use\n of the VFAT compat ioctl interface, such as systems running an 'amd64'\n flavor kernel.

    • \n
  • CVE-2007-4571\n

    Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.\n Local users could exploit this issue to obtain sensitive information from\n the kernel.

    • \n
  • CVE-2007-6151\n

    ADLAB discovered a possible memory overrun in the ISDN subsystem that\n may permit a local user to overwrite kernel memory by issuing\n ioctls with unterminated data.

    • \n
  • CVE-2008-0001\n

    Bill Roman of Datalight noticed a coding error in the linux VFS subsystem\n that, under certain conditions, can allow local users to remove\n directories for which they should not have removal privileges.

    • \n
\n

These problems have been fixed in the stable distribution in version\n2.6.18.dfsg.1-17etch1.

\n

We recommend that you upgrade your kernel packages immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes_3.1d.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes_3.1d-13etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes_3.1d-13etch2.diff.gz
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-amd64/nvidia-graphics-modules-amd64_1.0.8776+6etch2.dsc
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/linux-modules-contrib-2.6_2.6.18-4+etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-graphics-modules-i386_1.0.8776+6etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.17etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.18-7+etch4.tar.gz
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-graphics-modules-i386_1.0.8776+6etch2.dsc
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-graphics-legacy-modules-i386_1.0.7184+6etch2.tar.gz
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-graphics-legacy-modules-i386_1.0.7184+6etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-latest-2.6_6etch3.dsc
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-amd64/nvidia-graphics-legacy-modules-amd64_1.0.7184+6etch2.tar.gz
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/linux-modules-nonfree-2.6_2.6.18-4etch2.tar.gz
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-amd64/nvidia-graphics-modules-amd64_1.0.8776+6etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.17etch1.dsc
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/linux-modules-nonfree-2.6_2.6.18-4etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.17etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-17etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.18-7+etch4.dsc
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-amd64/nvidia-graphics-legacy-modules-amd64_1.0.7184+6etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.17etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-latest-2.6_6etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-17etch1.dsc
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/linux-modules-contrib-2.6_2.6.18-4+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-17etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-testsuite_3.1d-13etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-source_3.1d-13etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-generic_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-alpha_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-alpha-legacy_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-alpha-generic_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-alpha-smp_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-alpha-generic_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-alpha_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-alpha-legacy_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-alpha-smp_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-smp_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-17etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-alpha-smp_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-alpha-generic_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-alpha-legacy_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-alpha_2.6.18+6etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-17etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-generic_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-amd64-k8-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-xen-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-amd64/nvidia-kernel-legacy-2.6-amd64_1.0.7184+6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-xen-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-amd64-generic_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-amd64/nvidia-kernel-legacy-2.6.18-6-amd64_1.0.7184+6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-em64t-p4-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-xen-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-em64t-p4_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-em64t-p4-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-k8-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-xen-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-xen-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-amd64-k8_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-amd64/nvidia-kernel-2.6-amd64_1.0.8776+6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-em64t-p4-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-em64t-p4_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-xen-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-k8_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-amd64/nvidia-kernel-2.6.18-6-amd64_1.0.8776+6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-amd64_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-amd64-k8-smp_2.6.18+6etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-17etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.17etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-rpc_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-ixp4xx_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-footbridge_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-ixp4xx_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-ixp4xx_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-rpc_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-iop32x_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-s3c2410_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-footbridge_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-rpc_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-s3c2410_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-17etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-s3c2410_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-footbridge_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-iop32x_2.6.18+6etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-iop32x_2.6.18+6etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-parisc64-smp_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-parisc64_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-parisc-smp_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-parisc-smp_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-parisc-smp_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-parisc_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-parisc64_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-parisc64_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-parisc_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-17etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-parisc64-smp_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-parisc_2.6.18+6etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-parisc64-smp_2.6.18+6etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-vserver-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-vserver-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-486_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-k7_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-xen-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-xen-vserver-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-k7_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-xen-vserver-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-amd64_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-686-bigmem_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-vserver-k7_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-vserver-k7_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6-xen-686_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-686-bigmem_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-486_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/loop-aes/loop-aes-modules-2.6.18-6-amd64_3.1d-13etch2_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-xen-vserver-686_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-amd64_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6-686-bigmem_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-686-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6-486_2.6.18-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-686-bigmem_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-amd64_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-486_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6-k7_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6.18-6-k7_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-686-bigmem_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-486_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-vserver-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-686-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-k7_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6-486_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-386_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-vserver-k7_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6-686-bigmem_2.6.18-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-xen-686_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-xen-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-686-bigmem_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-k7-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-486_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-xen-686_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6.18-6-k7_2.6.18+1.3.0~pre9-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-amd64_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-686_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-amd64_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-k7_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6.18-6-486_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-686-bigmem_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-486_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-686-bigmem_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6.18-6-686-bigmem_2.6.18+1.3.0~pre9-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-amd64_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-vserver-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-xen-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-686-bigmem_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-amd64_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-686-bigmem_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-xen-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-486_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-amd64_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-amd64_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-vserver-686_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-k7_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6.18-6-686_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-vserver-686_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-xen-686_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6.18-6-486_2.6.18+1.4+debian-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6-amd64_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-686_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-amd64_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-486_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-xen-vserver-686_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6-486_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-amd64_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-686_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-486_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-xen-686_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6.18-6-686_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-vserver-686_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-modules-i386/nvidia-kernel-2.6-686_1.0.8776+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-xen-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-xen-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-486_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-k7_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-xen-686_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-generic_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-xen-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-amd64_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-vserver-686_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-xen-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-vserver-k7_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-686-bigmem_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-486_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-xen-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-xen-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-k7_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-xen-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-686-bigmem_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-486_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-686_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-amd64_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6-686_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-vserver-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-xen-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-em64t-p4-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-xen-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-486_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6.18-6-k7_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-amd64_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-686-bigmem_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-xen-vserver-686_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-k7_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6-k7_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-amd64_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-xen-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6-amd64_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-686-bigmem_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-vserver-686_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-686_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-k7_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6-k7_2.6.18-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-vserver-686_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-486_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-686-bigmem_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6.18-6-686-bigmem_2.6.18+1.4+debian-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-xen-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-vserver-686_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-xen-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-vserver-k7_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-xen-vserver-686_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-k8-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6.18-6-686_2.6.18+1.3.0~pre9-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-vserver-k7_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-xen-vserver-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6.18-6-686_2.6.18+1.4+debian-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-686-bigmem_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-xen-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-xen-686_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-em64t-p4_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-686-bigmem_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-686-bigmem_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-486_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-xen-vserver-686_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-686-bigmem_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-vserver-k7_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-vserver-k7_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-vserver-k7_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-xen-vserver-686_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-amd64_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-xen-686_2.6.18+0.8.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-xen-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6-vserver-686_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/n/nvidia-graphics-legacy-modules-i386/nvidia-kernel-legacy-2.6.18-6-486_1.0.7184+6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-k7-smp_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6.18-6-k7_2.6.18+1.4+debian-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-486_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6-vserver-k7_2.6.18-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2200-modules-2.6.18-6-686_2.6.18+1.2.0-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-486_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-686_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-17etch1_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6.18-6-486_2.6.18+1.3.0~pre9-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-amd64_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/non-free/l/linux-modules-nonfree-2.6/kqemu-modules-2.6-686_2.6.18-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.18-6-xen-vserver-686_2.6.18+1.03.00-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6-k7_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6.18-6-amd64_2.6.18+1.4+debian-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.18-6-xen-vserver-686_2.6.18+3.1r2-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-amd64-k8_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-xen-686_2.6.18+6etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw2100-modules-2.6.18-6-686-bigmem_2.6.18+1.2.1-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.17etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.18-6-486_2.6.18+01.00.04-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/unionfs-modules-2.6-486_2.6.18-7+etch4_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ipw3945-modules-2.6.18-6-486_2.6.18+1.1.2-4+etch3_i386.deb
\n
http://security.debian.org/pool/updates/contrib/l/linux-modules-contrib-2.6/ivtv-modules-2.6.18-6-k7_2.6.18+0.8.2-4+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-mckinley-smp_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-mckinley_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-itanium_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-itanium_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-mckinley_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-mckinley_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-mckinley_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-itanium-smp_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-itanium-smp_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-itanium_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-itanium_2.6.18+6etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-17etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-mckinley-smp_2.6.18+6etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sb1a-bcm91480b_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-r5k-ip32_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-r4k-ip22_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-r5k-ip32_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-r5k-ip32_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sb1-bcm91250a_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-qemu_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sb1-bcm91250a_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sb1-bcm91250a_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sb1a-bcm91480b_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-r4k-ip22_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-r4k-ip22_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-qemu_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-17etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-qemu_2.6.18+6etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sb1a-bcm91480b_2.6.18+6etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-r3k-kn02_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-r3k-kn02_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sb1a-bcm91480b_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-r5k-cobalt_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-r5k-cobalt_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-r4k-kn04_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-qemu_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-r4k-kn04_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-r5k-cobalt_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-r4k-kn04_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-qemu_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sb1a-bcm91480b_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sb1-bcm91250a_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sb1a-bcm91480b_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-qemu_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-r3k-kn02_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sb1-bcm91250a_2.6.18+6etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-17etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sb1-bcm91250a_2.6.18+6etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-powerpc-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-powerpc-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-powerpc-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-power4-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-power4-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-power4_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-prep_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-powerpc-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-power4_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-powerpc-miboot_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-power3_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-power3-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-powerpc_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-power3_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-power3-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-powerpc-miboot_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-powerpc-smp_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-prep_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-prep_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-17etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-powerpc-miboot_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-powerpc64_2.6.18+6etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.17etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-s390-tape_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-s390_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-s390-tape_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-s390_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-s390_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-s390_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-s390x_2.6.18+6etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-s390x_2.6.18+6etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sparc32_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-sparc64-smp_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sparc64-smp_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-vserver-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sparc32_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-vserver-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-sparc64-smp_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sparc64-smp_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-sparc32_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-image-2.6-vserver-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/linux-headers-2.6-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-latest-2.6/kernel-image-2.6-sparc64_2.6.18+6etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-17etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-17etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1480": "
\n

Debian Security Advisory

\n

DSA-1480-1 poppler -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Feb 2008
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
\n
More information:
\n
\n

Alin Rad Pop discovered several buffer overflows in the Poppler PDF\nlibrary, which could allow the execution of arbitrary code if a\nmalformed PDF file is opened.

\n

The old stable distribution (sarge) doesn't contain poppler.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.4.5-5.1etch2.

\n

We recommend that you upgrade your poppler packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1481": "
\n

Debian Security Advisory

\n

DSA-1481-1 python-cherrypy -- missing input sanitising

\n
\n
Date Reported:
\n
05 Feb 2008
\n
Affected Packages:
\n
\npython-cherrypy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0252.
\n
More information:
\n
\n

It was discovered that a directory traversal vulnerability in CherryPy,\na pythonic, object-oriented web development framework, may lead to denial\nof service by deleting files through malicious session IDs in cookies.

\n

The old stable distribution (sarge) doesn't contain python-cherrypy.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.2.1-3etch1.

\n

We recommend that you upgrade your python-cherrypy packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python-cherrypy/python-cherrypy_2.2.1-3etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1482": "
\n

Debian Security Advisory

\n

DSA-1482-1 squid -- programming error

\n
\n
Date Reported:
\n
05 Feb 2008
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6239.
\n
More information:
\n
\n

It was discovered that malformed cache update replies against the Squid\nWWW proxy cache could lead to the exhaustion of system memory, resulting\nin potential denial of service.

\n

For the old stable distribution (sarge), the update cannot currently\nbe processed on the buildd security network due to a bug in the archive\nmanagement script. This will be resolved soon. An update for i386\nis temporarily available at https://people.debian.org/~jmm/squid/.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.6.5-6etch1.

\n

We recommend that you upgrade your squid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1483": "
\n

Debian Security Advisory

\n

DSA-1483-1 net-snmp -- design error

\n
\n
Date Reported:
\n
06 Feb 2008
\n
Affected Packages:
\n
\nnet-snmp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5846.
\n
More information:
\n
\n

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote\nattackers to cause a denial of service (CPU and memory consumption)\nvia a GETBULK request with a large max-repeaters value.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.2.3-7etch2.

\n

For the unstable and testing distributions (sid and lenny,\nrespectively), this problem has been fixed in version 5.4.1~dfsg-2.

\n

We recommend that you upgrade your net-snmp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch2.dsc
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch2_all.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1484": "
\n

Debian Security Advisory

\n

DSA-1484-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2008-0412\n

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2008-0413\n

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-0414\n

    hong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.

    • \n
  • CVE-2008-0415\n

    moz_bug_r_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.

    • \n
  • CVE-2008-0417\n

    Justin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.

    • \n
  • CVE-2008-0418\n

    Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.

    • \n
  • CVE-2008-0419\n

    David Bloom discovered a race condition in the image handling of\n designMode elements, which could lead to information disclosure or\n potentially the execution of arbitrary code.

    • \n
  • CVE-2008-0591\n

    Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (which disable dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.

    • \n
  • CVE-2008-0592\n

    It was discovered that malformed content declarations of saved\n attachments could prevent a user from opening local files\n with a .txt file name, resulting in minor denial of service.

    • \n
  • CVE-2008-0593\n

    Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.

    • \n
  • CVE-2008-0594\n

    Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.

    • \n
\n

The old stable distribution (sarge) doesn't contain xulrunner.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080131b-0etch1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080131a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080131b-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131a-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080131b-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1485": "
\n

Debian Security Advisory

\n

DSA-1485-2 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0412\n

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2008-0413\n

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-0415\n

    moz_bug_r_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.

    • \n
  • CVE-2008-0418\n

    Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.

    • \n
  • CVE-2008-0419\n

    David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.

    • \n
  • CVE-2008-0591\n

    Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1-0etch2.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch2.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15a.dfsg1-0etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1-0etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1486": "
\n

Debian Security Advisory

\n

DSA-1486-1 gnatsweb -- cross-site scripting

\n
\n
Date Reported:
\n
04 Feb 2008
\n
Affected Packages:
\n
\ngnatsweb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 427156.
In Mitre's CVE dictionary: CVE-2007-2808.
\n
More information:
\n
\n

r0t discovered that gnatsweb, a web interface to GNU GNATS, did not\ncorrectly sanitize the database parameter in the main CGI script. This\ncould allow the injection of arbitrary HTML, or JavaScript code.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.00-1etch1.

\n

We recommend that you upgrade your gnatsweb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1487": "
\n

Debian Security Advisory

\n

DSA-1487-1 libexif -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Feb 2008
\n
Affected Packages:
\n
\nlibexif\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2645, CVE-2007-6351, CVE-2007-6352.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the EXIF parsing code\nof the libexif library, which can lead to denial of service or the\nexecution of arbitrary code if a user is tricked into opening a\nmalformed image. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2007-2645\n

    Victor Stinner discovered an integer overflow, which may result in\n denial of service or potentially the execution of arbitrary code.

    • \n
  • CVE-2007-6351\n

    Meder Kydyraliev discovered an infinite loop, which may result in\n denial of service.

    • \n
  • CVE-2007-6352\n

    Victor Stinner discovered an integer overflow, which may result\n in denial of service or potentially the execution of arbitrary\n code.

    • \n
\n

This update also fixes two potential NULL pointer deferences.

\n

For the old stable distribution (sarge), these problems have been\nfixed in 0.6.9-6sarge2.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.6.13-5etch2.

\n

We recommend that you upgrade your libexif packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.dsc
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.dsc
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1488": "
\n

Debian Security Advisory

\n

DSA-1488-1 phpbb2 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Feb 2008
\n
Affected Packages:
\n
\nphpbb2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 388120, Bug 405980, Bug 463589.
In Mitre's CVE dictionary: CVE-2006-4758, CVE-2006-6839, CVE-2006-6840, CVE-2006-6508, CVE-2006-6841, CVE-2008-0471.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpBB, a web\nbased bulletin board. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-0471\n

    Private messaging allowed cross site request forgery, making\n\tit possible to delete all private messages of a user by sending\n\tthem to a crafted web page.

    • \n
  • CVE-2006-6841 / CVE-2006-6508\n

    Cross site request forgery enabled an attacker to perform various\n\tactions on behalf of a logged in user. (Applies to sarge only.)

    • \n
  • CVE-2006-6840\n

    A negative start parameter could allow an attacker to create\n\tinvalid output. (Applies to sarge only.)

    • \n
  • CVE-2006-6839\n

    Redirection targets were not fully checked, leaving room for\n\tunauthorised external redirections via a phpBB forum.\n\t(Applies to sarge only.)

    • \n
  • CVE-2006-4758\n

    An authenticated forum administrator may upload files of any\n\ttype by using specially crafted filenames. (Applies to sarge only.)

    • \n
\n

For the old stable distribution (sarge), these problems have been\nfixed in version 2.0.13+1-6sarge4.

\n

For the stable distribution (etch), these problems have been fixed\nin version 2.0.21-7.

\n

For the unstable distribution (sid) these problems have been fixed\nin version 2.0.22-3.

\n

We recommend that you upgrade your phpbb2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13+1-6sarge4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.13-6sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.13-6sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.13-6sarge4_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7.dsc
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-languages_2.0.21-7_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2_2.0.21-7_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpbb2/phpbb2-conf-mysql_2.0.21-7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1489": "
\n

Debian Security Advisory

\n

DSA-1489-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0412\n

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2008-0413\n

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the JavaScript\n engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-0414\n

    hong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.

    • \n
  • CVE-2008-0415\n

    moz_bug_r_a4 and Boris Zbarsky discovered several\n vulnerabilities in JavaScript handling, which could allow\n privilege escalation.

    • \n
  • CVE-2008-0417\n

    Justin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.

    • \n
  • CVE-2008-0418\n

    Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.

    • \n
  • CVE-2008-0419\n

    David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.

    • \n
  • CVE-2008-0591\n

    Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through JavaScript.

    • \n
  • CVE-2008-0592\n

    It was discovered that malformed content declarations of saved\n attachments could prevent a user from opening local files\n with a .txt file name, resulting in minor denial of service.

    • \n
  • CVE-2008-0593\n

    Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.

    • \n
  • CVE-2008-0594\n

    Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.12-0etch1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.12-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.12-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.12-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.12-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1490": "
\n

Debian Security Advisory

\n

DSA-1490-1 tk8.3 -- buffer overflow

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\ntk8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0553.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the GIF image parsing code\nof Tk, a cross-platform graphical toolkit, could lead to a denial of\nservice and potentially the execution of arbitrary code.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 8.3.5-4sarge1.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 8.3.5-6etch2.

\n

We recommend that you upgrade your tk8.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-4sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-4sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-4sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.dsc
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-doc_8.3.5-6etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3-dev_8.3.5-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.3/tk8.3_8.3.5-6etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1491": "
\n

Debian Security Advisory

\n

DSA-1491-1 tk8.4 -- buffer overflow

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\ntk8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0553.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the GIF image parsing code\nof Tk, a cross-platform graphical toolkit, could lead to a denial of\nservice and potentially the execution of arbitrary code.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 8.4.9-1sarge2.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 8.4.12-1etch2.

\n

We recommend that you upgrade your tk8.4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_m68k.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1492": "
\n

Debian Security Advisory

\n

DSA-1492-1 wml -- insecure temporary files

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\nwml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 463907.
In Mitre's CVE dictionary: CVE-2008-0665, CVE-2008-0666.
\n
More information:
\n
\n

Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML\ngeneration toolkit, creates insecure temporary files in the eperl and\nipp backends and in the wmg.cgi script, which could lead to a local denial\nof service by overwriting files.

\n

The old stable distribution (sarge) is not affected.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.11-1etch1.

\n

We recommend that you upgrade your wml packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wml/wml_2.0.11-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1493": "
\n

Debian Security Advisory

\n

DSA-1493-2 sdl-image1.2 -- buffer overflows

\n
\n
Date Reported:
\n
10 Feb 2008
\n
Affected Packages:
\n
\nsdl-image1.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6697, CVE-2008-0544.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in the image\nloading library for the Simple DirectMedia Layer 1.2. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-6697\n

    Gynvael Coldwind discovered a buffer overflow in GIF image parsing,\n which could result in denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-0544\n

    It was discovered that a buffer overflow in IFF ILBM image parsing\n could result in denial of service and potentially the execution of\n arbitrary code.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed\nin version 1.2.4-1etch1. Due to a copy & paste error etch1 was appended\nto the version number instead of sarge1. Since the update is otherwise\ntechnically correct, the update was not rebuilt on the buildd network.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.5-2+etch1.

\n

We recommend that you upgrade your sdl-image1.2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.4-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.4-1etch1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/sdl-image1.2_1.2.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2-dev_1.2.5-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sdl-image1.2/libsdl-image1.2_1.2.5-2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1494": "
\n

Debian Security Advisory

\n

DSA-1494-2 linux-2.6 -- missing access checks

\n
\n
Date Reported:
\n
11 Feb 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0010, CVE-2008-0163, CVE-2008-0600.
\n
More information:
\n
\n

The vmsplice system call did not properly verify address arguments\npassed by user space processes, which allowed local attackers to\noverwrite arbitrary kernel memory, gaining root privileges\n(CVE-2008-0010,\nCVE-2008-0600).

\n

In the vserver-enabled kernels, a missing access check on certain\nsymlinks in /proc enabled local attackers to access resources in other\nvservers (CVE-2008-0163).

\n

The old stable distribution (sarge) is not affected by this problem.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.18.dfsg.1-18etch1.

\n

In addition to these fixes, this update also incorporates changes from the\nupcoming point release of the stable distribution.

\n

Some architecture builds were not yet available at the time of DSA-1494-1.\nThis update to DSA-1494 provides linux-2.6 packages for these remaining\narchitectures, as well as additional binary packages that are built\nfrom source code provided by linux-2.6.

\n

The unstable (sid) and testing (lenny) distributions will be fixed soon.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch1.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch1_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-18etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n

MD5 checksums of the listed files are available in the revised advisory.

\n\n\n
\n
", "1495": "
\n

Debian Security Advisory

\n

DSA-1495-1 nagios-plugins -- buffer overflows

\n
\n
Date Reported:
\n
12 Feb 2008
\n
Affected Packages:
\n
\nnagios-plugins\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5198, CVE-2007-5623.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in two of\nthe plugins for the Nagios network monitoring and management system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-5198\n

    A buffer overflow has been discovered in the parser for HTTP\n Location headers (present in the check_http module).

    • \n
  • CVE-2007-5623\n

    A buffer overflow has been discovered in the check_snmp module.

    • \n
\n

For the old stable distribution (sarge), these problems have been\nfixed in version 1.4-6sarge1.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.4.5-1etch1.

\n

We recommend that you upgrade your nagios-plugins package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4-6sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins_1.4.5-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-basic_1.4.5-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios-plugins/nagios-plugins-standard_1.4.5-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1496": "
\n

Debian Security Advisory

\n

DSA-1496-1 mplayer -- buffer overflows

\n
\n
Date Reported:
\n
12 Feb 2008
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0485, CVE-2008-0486, CVE-2008-0629, CVE-2008-0630.
\n
More information:
\n
\n

Several buffer overflows have been discovered in the MPlayer movie player,\nwhich might lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0485\n

    Felipe Manzano and Anibal Sacco discovered a buffer overflow in\n the demuxer for MOV files.

    • \n
  • CVE-2008-0486\n

    Reimar Doeffinger discovered a buffer overflow in the FLAC header\n parsing.

    • \n
  • CVE-2008-0629\n

    Adam Bozanich discovered a buffer overflow in the CDDB access code.

    • \n
  • CVE-2008-0630\n

    Adam Bozanich discovered a buffer overflow in URL parsing.

    • \n
\n

The old stable distribution (sarge) doesn't contain mplayer.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch2.

\n

We recommend that you upgrade your mplayer packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1497": "
\n

Debian Security Advisory

\n

DSA-1497-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2008
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6595, CVE-2008-0318.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Clam anti-virus\ntoolkit, which may lead to the execution of arbitrary code or local denial\nof service. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2007-6595\n

    It was discovered that temporary files are created insecurely,\n which may result in local denial of service by overwriting files.

    • \n
  • CVE-2008-0318\n

    Silvio Cesare discovered an integer overflow in the parser for PE\n headers.

    • \n
\n

The version of clamav in the old stable distribution (sarge) is no\nlonger supported with security updates.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-3etch10. In addition to these fixes, this update\nalso incorporates changes from the upcoming point release of the\nstable distribution (non-free RAR handling code was removed).

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch10_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch10_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1498": "
\n

Debian Security Advisory

\n

DSA-1498-1 libimager-perl -- buffer overflow

\n
\n
Date Reported:
\n
19 Feb 2008
\n
Affected Packages:
\n
\nlibimager-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 421582.
In Mitre's CVE dictionary: CVE-2007-2459.
\n
More information:
\n
\n

It was discovered that libimager-perl, a Perl extension for generating 24-bit images,\ndid not correctly handle 8-bit compressed images, which could\nallow the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.50-1etch1.

\n

We recommend that you upgrade your libimager-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1499": "
\n

Debian Security Advisory

\n

DSA-1499-1 pcre3 -- buffer overflow

\n
\n
Date Reported:
\n
19 Feb 2008
\n
Affected Packages:
\n
\npcre3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0674.
\n
More information:
\n
\n

It was discovered that specially crafted regular expressions involving\ncodepoints greater than 255 could cause a buffer overflow in the PCRE\nlibrary (CVE-2008-0674).

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 4.5+7.4-2.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 6.7+7.4-3.

\n

For the unstable distribution (sid), this problem has been fixed in version\n7.6-1.

\n

We recommend that you upgrade your pcre3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4-2.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_4.5+7.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pcre3/pgrep_4.5+7.4-2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_m68k.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_4.5+7.4-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_4.5+7.4-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_4.5+7.4-2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1500": "
\n

Debian Security Advisory

\n

DSA-1500-1 splitvt -- privilege escalation

\n
\n
Date Reported:
\n
21 Feb 2008
\n
Affected Packages:
\n
\nsplitvt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0162.
\n
More information:
\n
\n

Mike Ashton discovered that splitvt, a utility to run two programs in a\nsplit screen, did not drop group privileges prior to executing xprop.\nThis could allow any local user to gain the privileges of group utmp.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.6.5-9etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.6-4.

\n

We recommend that you upgrade your splitvt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1501": "
\n

Debian Security Advisory

\n

DSA-1501-1 dspam -- programming error

\n
\n
Date Reported:
\n
21 Feb 2008
\n
Affected Packages:
\n
\ndspam\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 448519.
In Mitre's CVE dictionary: CVE-2007-6418.
\n
More information:
\n
\n

Tobias Gr\u00fctzmacher discovered that a Debian-provided CRON script in dspam,\na statistical spam filter, included a database password on the command line.\nThis allowed a local attacker to read the contents of the dspam database,\nsuch as emails.

\n

The old stable distribution (sarge) does not contain the dspam package.

\n

For the stable distribution (etch), this problem has been fixed in version\n3.6.8-5etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n3.6.8-5.1.

\n

We recommend that you upgrade your dspam package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dspam/dspam-doc_3.6.8-5etch1_all.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam-webfrontend_3.6.8-5etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-dev_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/libdspam7_3.6.8-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dspam/dspam_3.6.8-5etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1502": "
\n

Debian Security Advisory

\n

DSA-1502-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2008
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in wordpress, a weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-3238\n

    Cross-site scripting (XSS) vulnerability in functions.php in the default\n theme in WordPress allows remote authenticated administrators to inject\n arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to\n wp-admin/themes.php.

    • \n
  • CVE-2007-2821\n

    SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress\n before 2.2 allows remote attackers to execute arbitrary SQL commands via\n the cookie parameter.

    • \n
  • CVE-2008-0193\n

    Cross-site scripting (XSS) vulnerability in wp-db-backup.php in\n WordPress 2.0.11 and earlier allows remote attackers to inject\n arbitrary web script or HTML via the backup parameter in a\n wp-db-backup.php action to wp-admin/edit.php.

    • \n
  • CVE-2008-0194\n

    Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3\n and earlier allows remote attackers to read arbitrary files, delete\n arbitrary files, and cause a denial of service via a .. (dot dot) in the\n backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

    • \n
\n

Wordpress is not present in the oldstable distribution (sarge).

\n

For the stable distribution (etch), these problems have been fixed in version\n2.0.10-1etch1.

\n

We recommend that you upgrade your wordpress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1503": "
\n

Debian Security Advisory

\n

DSA-1503-1 kernel-source-2.4.27 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2008
\n
Affected Packages:
\n
\nkernel-source-2.4.27\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2004-2731\n

    infamous41md reported multiple integer overflows in the Sbus PROM\n driver that would allow for a DoS (Denial of Service) attack by a\n local user, and possibly the execution of arbitrary code.

    • \n
  • CVE-2006-4814\n

    Doug Chapman discovered a potential local DoS (deadlock) in the mincore\n function caused by improper lock handling.

    • \n
  • CVE-2006-5753\n

    Eric Sandeen provided a fix for a local memory corruption vulnerability\n resulting from a misinterpretation of return values when operating on\n inodes which have been marked bad.

    • \n
  • CVE-2006-5823\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted cramfs filesystem.

    • \n
  • CVE-2006-6053\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext3 filesystem.

    • \n
  • CVE-2006-6054\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext2 filesystem.

    • \n
  • CVE-2006-6106\n

    Marcel Holtman discovered multiple buffer overflows in the Bluetooth\n subsystem which can be used to trigger a remote DoS (crash) and potentially\n execute arbitrary code.

    • \n
  • CVE-2007-1353\n

    Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.

    • \n
  • CVE-2007-1592\n

    Masayuki Nakagawa discovered that flow labels were inadvertently\n being shared between listening sockets and child sockets. This defect\n can be exploited by local users to cause a DoS (Oops).

    • \n
  • CVE-2007-2172\n

    Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.

    • \n
  • CVE-2007-2525\n

    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.

    • \n
  • CVE-2007-3848\n

    Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.

    • \n
  • CVE-2007-4308\n

    Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.

    • \n
  • CVE-2007-4311\n

    PaX team discovered an issue in the random driver where a defect in the\n reseeding code leads to a reduction in entropy.

    • \n
  • CVE-2007-5093\n

    Alex Smith discovered an issue with the pwc driver for certain webcam\n devices. If the device is removed while a userspace application has it\n open, the driver will wait for userspace to close the device, resulting\n in a blocked USB subsystem. This issue is of low security impact as\n it requires the attacker to either have physical access to the system\n or to convince a user with local access to remove the device on their\n behalf.

    • \n
  • CVE-2007-6063\n

    Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl\n handling, exploitable by a local user.

    • \n
  • CVE-2007-6151\n

    ADLAB discovered a possible memory overrun in the ISDN subsystem that\n may permit a local user to overwrite kernel memory by issuing\n ioctls with unterminated data.

    • \n
  • CVE-2007-6206\n

    Blake Frantz discovered that when a core file owned by a non-root user\n exists, and a root-owned process dumps core over it, the core file\n retains its original ownership. This could be used by a local user to\n gain access to sensitive information.

    • \n
  • CVE-2007-6694\n

    Cyrill Gorcunov reported a NULL pointer dereference in code specific\n to the CHRP PowerPC platforms. Local users could exploit this issue\n to achieve a Denial of Service (DoS).

    • \n
  • CVE-2008-0007\n

    Nick Piggin of SuSE discovered a number of issues in subsystems which\n register a fault handler for memory mapped areas. This issue can be\n exploited by local users to achieve a Denial of Service (DoS) and possibly\n execute arbitrary code.

    • \n
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0 Debian 3.1 (sarge)
alsa-modules-i386 1.0.8+2sarge2
kernel-image-2.4.27-arm 2.4.27-2sarge6
kernel-image-2.4.27-m68k 2.4.27-3sarge6
kernel-image-speakup-i386 2.4.27-1.1sarge5
kernel-image-2.4.27-alpha 2.4.27-10sarge6
kernel-image-2.4.27-s390 2.4.27-2sarge6
kernel-image-2.4.27-sparc 2.4.27-9sarge6
kernel-image-2.4.27-i386 2.4.27-10sarge6
kernel-image-2.4.27-ia64 2.4.27-10sarge6
kernel-patch-2.4.27-mips 2.4.27-10.sarge4.040815-3
kernel-patch-powerpc-2.4.272.4.27-10sarge6
kernel-latest-2.4-alpha 101sarge3
kernel-latest-2.4-i386 101sarge2
kernel-latest-2.4-s390 2.4.27-1sarge2
kernel-latest-2.4-sparc 42sarge3
i2c 1:2.9.1-1sarge2
lm-sensors 1:2.9.1-1sarge4
mindi-kernel 2.4.27-2sarge5
pcmcia-modules-2.4.27-i386 3.2.5+2sarge2
hostap-modules-i386 1:0.3.7-1sarge3
systemimager 3.2.3-6sarge5
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge6.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-latest-2.4-i386_101sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager_3.2.3-6sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge3.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge5.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge6.dsc
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-latest-2.4-sparc_42sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-i386_3.2.5+2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-powerpc-2.4.27_2.4.27-10sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge6.dsc
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge5.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-latest-2.4-alpha_101sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge3.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-ia64_2.4.27-10sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-speakup-i386_2.4.27-1.1sarge5.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-latest-2.4-s390_2.4.27-1sarge2.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6.dsc
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c_2.9.1-1sarge2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-m68k_2.4.27-3sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-i386_2.4.27-10sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-alpha_2.4.27-10sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge6.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-arm_2.4.27-2sarge6.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-s390_2.4.27-2sarge6.dsc
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-i386_0.3.7-1sarge3.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-sparc_2.4.27-9sarge6.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-source_2.9.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-patch-debian-2.4.27_2.4.27-10sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/kernel-patch-2.4-lm-sensors_2.9.1-1sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-tree-2.4.27_2.4.27-10sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-10sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-client_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-server-flamethrowerd_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-ia64-standard_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/kernel-patch-2.4-i2c_2.9.1-1sarge2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.4.27/kernel-doc-2.4.27_2.4.27-10sarge6_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-doc_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-source_2.9.1-1sarge4_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-boot-i386-standard_3.2.3-6sarge5_all.deb
\n
http://security.debian.org/pool/updates/main/s/systemimager/systemimager-common_3.2.3-6sarge5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-generic_101sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4-generic_2.4.27-10sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-4-smp_2.4.27-10sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-build-2.4.27-4_2.4.27-10sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-generic_101sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4-smp_2.4.27-10sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-image-2.4-smp_101sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-alpha/kernel-headers-2.4-smp_101sarge3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-image-2.4.27-4-generic_2.4.27-10sarge6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-alpha/kernel-headers-2.4.27-4_2.4.27-10sarge6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-bast_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-lart_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-build-2.4.27_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-headers-2.4.27_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-386_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k7-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k7_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k7_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-386_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k7-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-386_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-586tsc_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k6_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k7-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-686_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k6_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-386_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-586tsc_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-686-smp_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors3_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-586tsc_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-386_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k6_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-686-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-386_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k7-smp_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-686-smp_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-686_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-586tsc_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-686-smp_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k7_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-686-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-k6_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-686-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-586tsc_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-686-smp_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-686-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-586tsc_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-speakup-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-686_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-386_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k7_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-686-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-k7-smp_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k7_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k6_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k6_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.6.8-4-386_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k7_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-k7-smp_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-686_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-686_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k7-smp_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-686_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/libsensors-dev_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-586tsc_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k7_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-k6_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-headers-2.4-k7_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-pcmcia-modules-2.4-k6_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-build-2.4.27-4_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-k6_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-686_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-k7_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-386_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors-2.4.27-4-586tsc_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mindi-kernel/mindi-kernel_2.4.27-2sarge5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-pcmcia-modules-2.4.27-4-k6_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/i/i2c/i2c-2.4.27-4-586tsc_2.9.1-1sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-686-smp_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-i386/kernel-image-2.4-686-smp_101sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/lm-sensors_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-386_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lm-sensors/sensord_2.9.1-1sarge4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-headers-2.4.27-4-k7-smp_2.4.27-10sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/h/hostap-modules-i386/hostap-modules-2.4.27-4-k7-smp_0.3.7-1sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcmcia-modules-2.4.27-i386/pcmcia-modules-2.4.27-4-386_3.2.5+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386/kernel-image-2.4.27-4-586tsc_2.4.27-10sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-mckinley-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-itanium_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-mckinley_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-itanium_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-mckinley_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-itanium-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4-mckinley-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4.27-4-itanium-smp_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-image-2.4-itanium_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-headers-2.4.27-4_2.4.27-10sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-ia64/kernel-build-2.4.27-4_2.4.27-10sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge6_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-nubus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-powerpc_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-powerpc_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-nubus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-powerpc_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-apus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-nubus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-patch-2.4.27-apus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-image-2.4.27-apus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-headers-2.4.27-apus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-nubus_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc_2.4.27-10sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.4.27/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390-tape_2.4.27-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390x_2.4.27-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-headers-2.4.27-4_2.4.27-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-headers-2.4-s390_2.4.27-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390x_2.4.27-1sarge2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-s390/kernel-image-2.4.27-4-s390_2.4.27-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-s390/kernel-image-2.4-s390_2.4.27-1sarge2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64-smp_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32-smp_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc32_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-image-2.4-sparc64_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc32-smp_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc32_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc64_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc64-smp_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64-smp_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-headers-2.4.27-4-sparc32-smp_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc32_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32-smp_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc64_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-2.4.27-mips/mips-tools_2.4.27-10.sarge4.040815-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-build-2.4.27-4_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc64_2.4.27-9sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-latest-2.4-sparc/kernel-headers-2.4-sparc32_42sarge3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-sparc/kernel-image-2.4.27-4-sparc64-smp_2.4.27-9sarge6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1504": "
\n

Debian Security Advisory

\n

DSA-1504-1 kernel-source-2.6.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2008
\n
Affected Packages:
\n
\nkernel-source-2.6.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007.
\n
More information:
\n
\n

Several local and remote vulnerabilities have been discovered in the Linux\nkernel that may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2006-5823\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted cramfs filesystem.

    • \n
  • CVE-2006-6054\n

    LMH reported a potential local DoS which could be exploited by a malicious\n user with the privileges to mount and read a corrupted ext2 filesystem.

    • \n
  • CVE-2006-6058\n

    LMH reported an issue in the minix filesystem that allows local users\n with mount privileges to create a DoS (printk flood) by mounting a\n specially crafted corrupt filesystem.

    • \n
  • CVE-2006-7203\n

    OpenVZ Linux kernel team reported an issue in the smbfs filesystem which\n can be exploited by local users to cause a DoS (oops) during mount.

    • \n
  • CVE-2007-1353\n

    Ilja van Sprundel discovered that kernel memory could be leaked via the\n Bluetooth setsockopt call due to an uninitialized stack buffer. This\n could be used by local attackers to read the contents of sensitive kernel\n memory.

    • \n
  • CVE-2007-2172\n

    Thomas Graf reported a typo in the DECnet protocol handler that could\n be used by a local attacker to overrun an array via crafted packets,\n potentially resulting in a Denial of Service (system crash).\n A similar issue exists in the IPV4 protocol handler and will be fixed\n in a subsequent update.

    • \n
  • CVE-2007-2525\n

    Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused\n by releasing a socket before PPPIOCGCHAN is called upon it. This could\n be used by a local user to DoS a system by consuming all available memory.

    • \n
  • CVE-2007-3105\n

    The PaX Team discovered a potential buffer overflow in the random number\n generator which may permit local users to cause a denial of service or\n gain additional privileges. This issue is not believed to effect default\n Debian installations where only root has sufficient privileges to exploit\n it.

    • \n
  • CVE-2007-3739\n

    Adam Litke reported a potential local denial of service (oops) on\n powerpc platforms resulting from unchecked VMA expansion into address\n space reserved for hugetlb pages.

    • \n
  • CVE-2007-3740\n

    Steve French reported that CIFS filesystems with CAP_UNIX enabled\n were not honoring a process' umask which may lead to unintentionally\n relaxed permissions.

    • \n
  • CVE-2007-3848\n

    Wojciech Purczynski discovered that pdeath_signal was not being reset\n properly under certain conditions which may allow local users to gain\n privileges by sending arbitrary signals to suid binaries.

    • \n
  • CVE-2007-4133\n

    Hugh Dickins discovered a potential local DoS (panic) in hugetlbfs.\n A misconversion of hugetlb_vmtruncate_list to prio_tree may allow\n local users to trigger a BUG_ON() call in exit_mmap.

    • \n
  • CVE-2007-4308\n

    Alan Cox reported an issue in the aacraid driver that allows unprivileged\n local users to make ioctl calls which should be restricted to admin\n privileges.

    • \n
  • CVE-2007-4573\n

    Wojciech Purczynski discovered a vulnerability that can be exploited\n by a local user to obtain superuser privileges on x86_64 systems.\n This resulted from improper clearing of the high bits of registers\n during ia32 system call emulation. This vulnerability is relevant\n to the Debian amd64 port as well as users of the i386 port who run\n the amd64 linux-image flavour.

    • \n
  • CVE-2007-5093\n

    Alex Smith discovered an issue with the pwc driver for certain webcam\n devices. If the device is removed while a userspace application has it\n open, the driver will wait for userspace to close the device, resulting\n in a blocked USB subsystem. This issue is of low security impact as\n it requires the attacker to either have physical access to the system\n or to convince a user with local access to remove the device on their\n behalf.

    • \n
  • CVE-2007-6063\n

    Venustech AD-LAB discovered a a buffer overflow in the isdn ioctl\n handling, exploitable by a local user.

    • \n
  • CVE-2007-6151\n

    ADLAB discovered a possible memory overrun in the ISDN subsystem that\n may permit a local user to overwrite kernel memory by issuing\n ioctls with unterminated data.

    • \n
  • CVE-2007-6206\n

    Blake Frantz discovered that when a core file owned by a non-root user\n exists, and a root-owned process dumps core over it, the core file\n retains its original ownership. This could be used by a local user to\n gain access to sensitive information.

    • \n
  • CVE-2007-6694\n

    Cyrill Gorcunov reported a NULL pointer dereference in code specific\n to the CHRP PowerPC platforms. Local users could exploit this issue\n to achieve a Denial of Service (DoS).

    • \n
  • CVE-2008-0007\n

    Nick Piggin of SuSE discovered a number of issues in subsystems which\n register a fault handler for memory mapped areas. This issue can be\n exploited by local users to achieve a Denial of Service (DoS) and possibly\n execute arbitrary code.

    • \n
\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n\n\n
\u00a0 Debian 3.1 (sarge)
kernel-image-2.6.8-alpha 2.6.8-17sarge1
kernel-image-2.6.8-amd64 2.6.8-17sarge1
kernel-image-2.6.8-hppa 2.6.8-7sarge1
kernel-image-2.6.8-i386 2.6.8-17sarge1
kernel-image-2.6.8-ia64 2.6.8-15sarge1
kernel-image-2.6.8-m68k 2.6.8-5sarge1
kernel-image-2.6.8-s390 2.6.8-6sarge1
kernel-image-2.6.8-sparc 2.6.8-16sarge1
kernel-patch-powerpc-2.6.8 2.6.8-13sarge1
fai-kernels 1.9.1sarge8
\n

We recommend that you upgrade your kernel package immediately and reboot\nthe machine. If you have built a custom kernel from the kernel source\npackage, you will need to rebuild to take advantage of these fixes.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-6sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-15sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-6sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-7sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-17sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-13sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-15sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-17sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-5sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-16sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-16sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-17sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-13sarge1.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-5sarge1.dsc
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-6sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-17sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-17sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-17sarge1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-generic_2.6.8-17sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-smp_2.6.8-17sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4_2.6.8-17sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-smp_2.6.8-17sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-generic_2.6.8-17sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-17sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-17sarge1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64-smp_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64-smp_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32-smp_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32-smp_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32_2.6.8-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64_2.6.8-7sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-386_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-386_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686-smp_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-17sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-17sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley-smp_2.6.8-15sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-15sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-5sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-5sarge1_m68k.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-4_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3-smp_2.6.8-13sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4_2.6.8-13sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390x_2.6.8-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390_2.6.8-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-4_2.6.8-6sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390-tape_2.6.8-6sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64-smp_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc32_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc32_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64-smp_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-4_2.6.8-16sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64_2.6.8-16sarge1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1505": "
\n

Debian Security Advisory

\n

DSA-1505-1 alsa-driver -- kernel memory leak

\n
\n
Date Reported:
\n
22 Feb 2008
\n
Affected Packages:
\n
\nalsa-driver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4571.
\n
More information:
\n
\n

Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module.\nLocal users could exploit this issue to obtain sensitive information from\nthe kernel (CVE-2007-4571).

\n

For the oldstable distribution (sarge), this problem has been fixed in\nversion 1.0.8-7sarge1. The prebuilt modules provided by alsa-modules-i386\nhave been rebuilt to take advantage of this update, and are available in\nversion 1.0.8+2sarge2.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0.13-5etch1. This issue was already fixed for the version\nof ALSA provided by linux-2.6 in DSA 1479.

\n

For the unstable distributions (sid), this problem was fixed in version\n1.0.15-1.

\n

We recommend that you upgrade your alsa-driver and alsa-modules-i386\npackages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.dsc
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-i386_1.0.8+2sarge2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-headers_1.0.8-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-source_1.0.8-7sarge1_all.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-base_1.0.8-7sarge1_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-386_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-386_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7-smp_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7-smp_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-686-smp_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686-smp_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-686_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k6_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k7_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-k7_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4.27-4-586tsc_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-586tsc_1.0.8+2sarge2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-modules-i386/alsa-modules-2.4-k6_1.0.8+2sarge2_i386.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-driver_1.0.13-5etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-source_1.0.13-5etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/alsa-base_1.0.13-5etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/alsa-driver/linux-sound-base_1.0.13-5etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1506": "
\n

Debian Security Advisory

\n

DSA-1506-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Feb 2008
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0412\n

    Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul\n Nickerson discovered crashes in the layout engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2008-0413\n

    Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,\n Philip Taylor and tgirmann discovered crashes in the Javascript\n engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-0414\n

    hong and Gregory Fleischer discovered that file input focus\n vulnerabilities in the file upload control could allow information\n disclosure of local files.

    • \n
  • CVE-2008-0415\n

    moz_bug_r_a4 and Boris Zbarsky discovered several\n vulnerabilities in Javascript handling, which could allow\n privilege escalation.

    • \n
  • CVE-2008-0417\n

    Justin Dolske discovered that the password storage mechanism could\n be abused by malicious web sites to corrupt existing saved passwords.

    • \n
  • CVE-2008-0418\n

    Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory\n traversal vulnerability in chrome: URI handling could lead to\n information disclosure.

    • \n
  • CVE-2008-0419\n

    David Bloom discovered a race condition in the image handling of\n designMode elements, which can lead to information disclosure and\n potentially the execution of arbitrary code.

    • \n
  • CVE-2008-0591\n

    Michal Zalewski discovered that timers protecting security-sensitive\n dialogs (by disabling dialog elements until a timeout is reached)\n could be bypassed by window focus changes through Javascript.

    • \n
  • CVE-2008-0592\n

    It was discovered that malformed content declarations of saved\n attachments could prevent a user in the opening local files\n with a .txt file name, resulting in minor denial of service.

    • \n
  • CVE-2008-0593\n

    Martin Straka discovered that insecure stylesheet handling during\n redirects could lead to information disclosure.

    • \n
  • CVE-2008-0594\n

    Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing\n protections could be bypassed with <div> elements.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported with security updates.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.0.12~pre080131b-0etch1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.12~pre080131b-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.12~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.12~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.12~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.12~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.12~pre080131b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.12~pre080131b-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1507": "
\n

Debian Security Advisory

\n

DSA-1507-1 turba2 -- programming error

\n
\n
Date Reported:
\n
24 Feb 2008
\n
Affected Packages:
\n
\nturba2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 464058.
In Mitre's CVE dictionary: CVE-2008-0807.
\n
More information:
\n
\n

Peter Paul Elfferich discovered that turba2, a contact management component\nfor horde framework, did not correctly check access rights before allowing\nusers to edit addresses. This could result in valid users being able to\nalter private address records.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.0.2-1sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.1.3-1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.1.7-1.

\n

We recommend that you upgrade your turba2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1508": "
\n

Debian Security Advisory

\n

DSA-1508-1 diatheke -- insufficient input sanitising

\n
\n
Date Reported:
\n
25 Feb 2008
\n
Affected Packages:
\n
\ndiatheke\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 466449.
In Mitre's CVE dictionary: CVE-2008-0932.
\n
More information:
\n
\n

Dan Dennison discovered that Diatheke, a CGI program to make a bible\nwebsite, performs insufficient sanitising of a parameter, allowing a\nremote attacker to execute arbitrary shell commands as the web server\nuser.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 1.5.7-7sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.5.9-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n1.5.9-8.

\n

We recommend that you upgrade your diatheke package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_m68k.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1509": "
\n

Debian Security Advisory

\n

DSA-1509-1 koffice -- multiple vulnerabilities

\n
\n
Date Reported:
\n
25 Feb 2008
\n
Affected Packages:
\n
\nkoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in xpdf code that is\nembedded in koffice, an integrated office suite for KDE. These flaws\ncould allow an attacker to execute arbitrary code by inducing the user\nto import a specially crafted PDF document. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-4352\n

    Array index error in the DCTStream::readProgressiveDataUnit method in\nxpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice,\nCUPS, and other products, allows remote attackers to trigger memory\ncorruption and execute arbitrary code via a crafted PDF file.

    • \n
  • CVE-2007-5392\n

    Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in\nXpdf 3.02p11 allows remote attackers to execute arbitrary code via a\ncrafted PDF file, resulting in a heap-based buffer overflow.

    • \n
  • CVE-2007-5393\n

    Heap-based buffer overflow in the CCITTFaxStream::lookChar method in\nxpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute\narbitrary code via a PDF file that contains a crafted CCITTFaxDecode\nfilter.

    • \n
\n

Updates for the old stable distribution (sarge) will be made available\nas soon as possible.

\n

For the stable distribution (etch), these problems have been fixed in version\n1:1.6.1-2etch2.

\n

We recommend that you upgrade your koffice package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1510": "
\n

Debian Security Advisory

\n

DSA-1510-1 ghostscript -- buffer overflow

\n
\n
Date Reported:
\n
27 Feb 2008
\n
Affected Packages:
\n
\ngs-esp, gs-gpl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0411.
\n
More information:
\n
\n

Chris Evans discovered a buffer overflow in the color space handling\ncode of the Ghostscript PostScript/PDF interpreter, which might result\nin the execution of arbitrary code if a user is tricked into processing\na malformed file.

\n

For the stable distribution (etch), this problem has been fixed in version\n8.54.dfsg.1-5etch1 of gs-gpl and 8.15.3.dfsg.1-1etch1 of gs-esp.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 8.01-6 of gs-gpl and 7.07.1-9sarge1 of gs-esp.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your gs-esp and gs-gpl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.dsc
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6.dsc
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.01-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_m68k.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.01-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_7.07.1-9sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gs-esp/gs-esp_8.15.3.dfsg.1-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1511": "
\n

Debian Security Advisory

\n

DSA-1511-1 libicu -- various

\n
\n
Date Reported:
\n
03 Mar 2008
\n
Affected Packages:
\n
\nlibicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 463688.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in libicu,\nInternational Components for Unicode, The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • \nCVE-2007-4770\n

    \n libicu in International Components for Unicode (ICU) 3.8.1 and earlier\n attempts to process backreferences to the nonexistent capture group\n zero (aka \\0), which might allow context-dependent attackers to read\n from, or write to, out-of-bounds memory locations, related to\n corruption of REStackFrames.

    \n
    • \n
  • \nCVE-2007-4771\n

    \n Heap-based buffer overflow in the doInterval function in regexcmp.cpp\n in libicu in International Components for Unicode (ICU) 3.8.1 and\n earlier allows context-dependent attackers to cause a denial of\n service (memory consumption) and possibly have unspecified other\n impact via a regular expression that writes a large amount of data to\n the backtracking stack.

    \n
    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.6-2etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.8-6.

\n

We recommend that you upgrade your libicu package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1512": "
\n

Debian Security Advisory

\n

DSA-1512-1 evolution -- format string attack

\n
\n
Date Reported:
\n
05 Mar 2008
\n
Affected Packages:
\n
\nevolution\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0072.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar discovered that Evolution, the e-mail and groupware suite,\nhad a format string vulnerability in the parsing of encrypted mail messages.\nIf the user opened a specially crafted email message, code execution was\npossible.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.3-6etch2.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.0.4-2sarge3. Some architectures have not yet completed building\nthe updated package for sarge, they will be added as they come available.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.3-1.1.

\n

We recommend that you upgrade your evolution package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1513": "
\n

Debian Security Advisory

\n

DSA-1513-1 lighttpd -- information disclosure

\n
\n
Date Reported:
\n
06 Mar 2008
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1111.
\n
More information:
\n
\n

It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, would display the source to CGI scripts if their execution\nfailed in some circumstances.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch5.

\n

For the unstable distribution, this problem will be fixed soon.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1514": "
\n

Debian Security Advisory

\n

DSA-1514-1 moin -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Mar 2008
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2423, CVE-2007-2637, CVE-2008-0780, CVE-2008-0781, CVE-2008-0782, CVE-2008-1098, CVE-2008-1099.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in MoinMoin, a\nPython clone of WikiWiki. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-2423\n

    A cross-site-scripting vulnerability has been discovered in\n attachment handling.

    • \n
  • CVE-2007-2637\n

    Access control lists for calendars and includes were\n insufficiently enforced, which could lead to information\n disclosure.

    • \n
  • CVE-2008-0780\n

    A cross-site-scripting vulnerability has been discovered in\n the login code.

    • \n
  • CVE-2008-0781\n

    A cross-site-scripting vulnerability has been discovered in\n attachment handling.

    • \n
  • CVE-2008-0782\n

    A directory traversal vulnerability in cookie handling could\n lead to local denial of service by overwriting files.

    • \n
  • CVE-2008-1098\n

    Cross-site-scripting vulnerabilities have been discovered in\n the GUI editor formatter and the code to delete pages.

    • \n
  • CVE-2008-1099\n

    The macro code validates access control lists insufficiently,\n which could lead to information disclosure.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.5.3-1.2etch1. This update also includes a bugfix with respect to the\nencoding of password reminder mails, which doesn't have security\nimplications.

\n

The old stable distribution (sarge) will not be updated due to\nthe many changes and support for Sarge ending end of this month\nanyway. You're advised to upgrade to the stable distribution if\nyou run moinmoin.

\n

We recommend that you upgrade your moin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1515": "
\n

Debian Security Advisory

\n

DSA-1515-1 libnet-dns-perl -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2008
\n
Affected Packages:
\n
\nlibnet-dns-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 457445.
In Mitre's CVE dictionary: CVE-2007-3377, CVE-2007-3409, CVE-2007-6341.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in libnet-dns-perl.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n

It was discovered that libnet-dns-perl generates very weak transaction\nIDs when sending queries (CVE-2007-3377). This update switches\ntransaction ID generation to the Perl random generator, making\nprediction attacks more difficult.

\n

Compression loops in domain names resulted in an infinite loop in the\ndomain name expander written in Perl (CVE-2007-3409). The Debian\npackage uses an expander written in C by default, but this vulnerability\nhas been addressed nevertheless.

\n

Decoding malformed A records could lead to a crash (via an uncaught\nPerl exception) of certain applications using libnet-dns-perl\n(CVE-2007-6341).

\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 0.48-1sarge1.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.59-1etch1.

\n

We recommend that you upgrade your libnet-dns-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.48-1sarge1_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libn/libnet-dns-perl/libnet-dns-perl_0.59-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1516": "
\n

Debian Security Advisory

\n

DSA-1516-1 dovecot -- privilege escalation

\n
\n
Date Reported:
\n
14 Mar 2008
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 469457.
In Mitre's CVE dictionary: CVE-2008-1199, CVE-2008-1218.
\n
More information:
\n
\n

Prior to this update, the default configuration for Dovecot used by\nDebian runs the server daemons with group mail privileges. This means\nthat users with write access to their mail directory on the server\n(for example, through an SSH login) could read and also delete via a symbolic link mailboxes owned by\nother users for which they do not have direct access\n(CVE-2008-1199). In addition, an internal interpretation conflict in\npassword handling has been addressed proactively, even though it is\nnot known to be exploitable (CVE-2008-1218).

\n

Note that applying this update requires manual action: The\nconfiguration setting mail_extra_groups = mail has been replaced\nwith mail_privileged_group = mail. The update will show a\nconfiguration file conflict in /etc/dovecot/dovecot.conf. It is\nrecommended that you keep the currently installed configuration file,\nand change the affected line. For your reference, the sample\nconfiguration (without your local changes) will have been written to\n/etc/dovecot/dovecot.conf.dpkg-new.

\n

If your current configuration uses mail_extra_groups with a value\ndifferent from mail, you may have to resort to the\nmail_access_groups configuration directive.

\n

For the old stable distribution (sarge), no updates are provided.\nWe recommend that you consider upgrading to the stable distribution.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.0.rc15-2etch4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.13-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.dsc
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1517": "
\n

Debian Security Advisory

\n

DSA-1517-1 ldapscripts -- programming error

\n
\n
Date Reported:
\n
15 Mar 2008
\n
Affected Packages:
\n
\nldapscripts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 445582.
In Mitre's CVE dictionary: CVE-2007-5373.
\n
More information:
\n
\n

Don Armstrong discovered that ldapscripts, a suite of tools to manipulate\nuser accounts in LDAP, sends the password as a command line argument when\ncalling LDAP programs, which may allow a local attacker to read this password\nfrom the process listing.

\n

The old stable distribution (sarge) does not contain an ldapscripts package.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.4-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n1.7.1-2.

\n

We recommend that you upgrade your ldapscripts package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/ldapscripts/ldapscripts_1.4-2etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1518": "
\n

Debian Security Advisory

\n

DSA-1518-1 backup-manager -- programming error

\n
\n
Date Reported:
\n
15 Mar 2008
\n
Affected Packages:
\n
\nbackup-manager\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 439392.
In Mitre's CVE dictionary: CVE-2007-4656.
\n
More information:
\n
\n

Micha Lenk discovered that backup-manager, a command-line backup tool,\nsends the password as a command line argument when calling a FTP client,\nwhich may allow a local attacker to read this password (which provides\naccess to all backed-up files) from the process listing.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.5.7-1sarge2.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.7.5-4.

\n

For the unstable distribution (sid), this problem has been fixed in version\n0.7.6-3.

\n

We recommend that you upgrade your backup-manager package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2.dsc
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.5.7-1sarge2_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4.dsc
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager-doc_0.7.5-4_all.deb
\n
http://security.debian.org/pool/updates/main/b/backup-manager/backup-manager_0.7.5-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1519": "
\n

Debian Security Advisory

\n

DSA-1519-1 horde3 -- insufficient input sanitising

\n
\n
Date Reported:
\n
15 Mar 2008
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 470640.
In Mitre's CVE dictionary: CVE-2008-1284.
\n
More information:
\n
\n

It was discovered that the Horde web application framework permits arbitrary\nfile inclusion by a remote attacker through the theme preference parameter.

\n

For the old stable distribution (sarge) this problem has been fixed in\nversion 3.0.4-4sarge7.

\n

For the stable distribution (etch) this problem has been fixed in version\n3.1.3-4etch3.

\n

For the unstable distribution (sid) this problem has been fixed in version\n3.1.7-1.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.0.4-4sarge7_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1520": "
\n

Debian Security Advisory

\n

DSA-1520-1 smarty -- insufficient input sanitising

\n
\n
Date Reported:
\n
16 Mar 2008
\n
Affected Packages:
\n
\nsmarty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 469492.
In Mitre's CVE dictionary: CVE-2008-1066.
\n
More information:
\n
\n

It was discovered that the regex module in Smarty, a PHP templating engine,\nallows attackers to call arbitrary PHP functions via templates using the\nregex_replace plugin by a specially crafted search string.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 2.6.9-1sarge1.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.14-1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.6.18-1.1.

\n

We recommend that you upgrade your smarty package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.dsc
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.9-1sarge1_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1521": "
\n

Debian Security Advisory

\n

DSA-1521-1 lighttpd -- file disclosure

\n
\n
Date Reported:
\n
16 Mar 2008
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1270.
\n
More information:
\n
\n

Julien Cayzac discovered that under certain circumstances lighttpd,\na fast webserver with minimal memory footprint, might allow the reading\nof arbitrary files from the system. This problem could only occur\nwith a non-standard configuration.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch6.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1522": "
\n

Debian Security Advisory

\n

DSA-1522-1 unzip -- programming error

\n
\n
Date Reported:
\n
17 Mar 2008
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0888.
\n
More information:
\n
\n

Tavis Ormandy discovered that unzip, when processing specially crafted\nZIP archives, could pass invalid pointers to the C library's free\nroutine, potentially leading to arbitrary code execution\n(CVE-2008-0888).

\n

For the old stable distribution (sarge), this problem has been fixed\nin version 5.52-1sarge5.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.52-9etch1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your unzip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-1sarge5_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unzip/unzip_5.52-9etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1523": "
\n

Debian Security Advisory

\n

DSA-1523-1 ikiwiki -- cross-site scripting

\n
\n
Date Reported:
\n
17 Mar 2008
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0808, CVE-2008-0809.
\n
More information:
\n
\n

Josh Triplett discovered that ikiwiki did not block Javascript in\nURLs, leading to cross-site scripting vulnerabilities (CVE-2008-0808,\nCVE-2008-0809).

\n

The old stable distribution (sarge) did not contain an ikiwiki package.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.33.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.31.1.

\n

We recommend that you upgrade your ikiwiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.4.dsc
\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.4.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1524": "
\n

Debian Security Advisory

\n

DSA-1524-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Mar 2008
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0062, CVE-2008-0063, CVE-2008-0947.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the kdc component\nof the krb5, a system for authenticating users and services on a\nnetwork. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-0062\n

    An unauthenticated remote attacker may cause a krb4-enabled KDC to\ncrash, expose information, or execute arbitrary code. Successful\nexploitation of this vulnerability could compromise the Kerberos key\ndatabase and host security on the KDC host.

    • \n
  • CVE-2008-0063\n

    An unauthenticated remote attacker may cause a krb4-enabled KDC to\nexpose information. It is theoretically possible for the exposed\ninformation to include secret key data on some platforms.

    • \n
  • CVE-2008-0947\n

    An unauthenticated remote attacker can cause memory corruption in the\nkadmind process, which is likely to cause kadmind to crash, resulting in\na denial of service. It is at least theoretically possible for such\ncorruption to result in database corruption or arbitrary code execution,\nthough we have no such exploit and are not aware of any such exploits in\nuse in the wild. In versions of MIT Kerberos shipped by Debian, this\nbug can only be triggered in configurations that allow large numbers of\nopen file descriptors in a process.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed\nin version krb5 1.3.6-2sarge6.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.4.4-7etch5.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.3.6-2sarge6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.3.6-2sarge6_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_m68k.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.3.6-2sarge6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.3.6-2sarge6_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1525": "
\n

Debian Security Advisory

\n

DSA-1525-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Mar 2008
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6430, CVE-2008-1332, CVE-2008-1333.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Asterisk, a free\nsoftware PBX and telephony toolkit. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-6430\n

    Tilghman Lesher discovered that database-based registrations are\n insufficiently validated. This only affects setups, which are\n configured to run without a password and only host-based\n authentication.

    • \n
  • CVE-2008-1332\n

    Jason Parker discovered that insufficient validation of From:\n headers inside the SIP channel driver may lead to authentication\n bypass and the potential external initiation of calls.

    • \n
  • CVE-2008-1333\n

    This update also fixes a format string vulnerability, which can only be\n triggered through configuration files under control of the local\n administrator. In later releases of Asterisk this issue is remotely\n exploitable and tracked as CVE-2008-1333.

    • \n
\n

The status of the old stable distribution (sarge) is currently being\ninvestigated. If affected, an update will be released through\nsecurity.debian.org.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1:1.2.13~dfsg-2etch3.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1526": "
\n

Debian Security Advisory

\n

DSA-1526-1 xwine -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Mar 2008
\n
Affected Packages:
\n
\nxwine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0930, CVE-2008-0931.
\n
More information:
\n
\n

Steve Kemp from the Debian Security Audit project discovered several local\nvulnerabilities in xwine, a graphical user interface for the WINE emulator.

\n

The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-0930\n

    The xwine command makes unsafe use of local temporary files when\n printing. This could allow the removal of arbitrary files belonging\n to users who invoke the program.

    • \n
  • CVE-2008-0931\n

    The xwine command changes the permissions of the global WINE configuration\n file such that it is world-writable. This could allow local users to edit\n it such that arbitrary commands could be executed whenever any local user\n executed a program under WINE.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n1.0.1-1etch1.

\n

We recommend that you upgrade your xwine package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1527": "
\n

Debian Security Advisory

\n

DSA-1527-1 debian-goodies -- insufficient input sanitising

\n
\n
Date Reported:
\n
24 Mar 2008
\n
Affected Packages:
\n
\ndebian-goodies\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 440411.
In Mitre's CVE dictionary: CVE-2007-3912.
\n
More information:
\n
\n

Thomas de Grenier de Latour discovered that the checkrestart tool in the\ndebian-goodies suite of utilities, allowed local users to gain privileges\nvia shell metacharacters in the name of the executable file for a running\nprocess.

\n

For the old stable distribution (sarge), this problem has been fixed in\nversion 0.24+sarge1.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.27+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.34.

\n

We recommend that you upgrade your debian-goodies package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.tar.gz
\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1_all.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1528": "
\n

Debian Security Advisory

\n

DSA-1528-1 serendipity -- insufficient input sanitising

\n
\n
Date Reported:
\n
24 Mar 2008
\n
Affected Packages:
\n
\nserendipity\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 469667.
In Mitre's CVE dictionary: CVE-2007-6205, CVE-2008-0124, CVE-2008-1476.
\n
More information:
\n
\n

Peter H\u00fcwe and Hanno B\u00f6ck discovered that Serendipity, a weblog manager,\ndid not properly sanitise input to several scripts which allowed\ncross site scripting.

\n

The old stable distribution (sarge) does not contain a serendipity package.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.0.4-1+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3-1.

\n

We recommend that you upgrade your serendipity package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/serendipity/serendipity_1.0.4-1+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1529": "
\n

Debian Security Advisory

\n

DSA-1529-1 firebird -- multiple vulnerabilities

\n
\n
Date Reported:
\n
24 Mar 2008
\n
Affected Packages:
\n
\nfirebird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 362001, Bug 432753, Bug 444976, Bug 441405, Bug 460048, Bug 463596.
In Mitre's CVE dictionary: CVE-2008-0387, CVE-2008-0467, CVE-2006-7211, CVE-2007-4664, CVE-2007-4665, CVE-2007-4666, CVE-2007-4667, CVE-2007-4668, CVE-2007-4669, CVE-2007-3527, CVE-2007-3181, CVE-2007-2606, CVE-2006-7212, CVE-2006-7213, CVE-2006-7214.
\n
More information:
\n
\n

\nMultiple security problems have been discovered in the Firebird database,\nwhich may lead to the execution of arbitrary code or denial of service.\n

\n

\nThis Debian security advisory is a bit unusual. While it's normally\nour strict policy to backport security bugfixes to older releases, this\nturned out to be infeasible for Firebird 1.5 due to large infrastructural\nchanges necessary to fix these issues. As a consequence security support\nfor Firebird 1.5 is hereby discontinued, leaving two options to\nadministrators running a Firebird database:\n

\n
    \n
  1. Administrators running Firebird in a completely internal setup with\n trusted users could leave it unchanged.
    2. \n
  2. Everyone else should upgrade to the firebird2.0 packages available at\n backports.org.

    \n Version 2.0.3.12981.ds1-6~bpo40+1 fixes all known issues.

    \n Please refer to the\n general backports.org documentation\n to add the packages to your package management configuration.

    \n These packages are backported to run with Debian stable. Since\n firebird2.0 is not a drop-in replacement for firebird2 (which\n is the source package name for the Firebird 1.5 packages)\n these updates are not released through security.debian.org.\n Corrections for potential future security problems affecting Debian stable will be\n released through backports.org as well.

    \n Arrangements have been made to ensure that Firebird in the upcoming\n Debian 5.0 release will be supportable with regular backported\n security bugfixes again.
    3. \n
\n

For a more detailed description of the security problems, please refer\nto the entries in the Debian Bug Tracking System referenced above and\nthe following URLs:

\n

\nhttp://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf
\nhttp://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf
\nhttp://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf

\n
\n
\n
\n
", "1530": "
\n

Debian Security Advisory

\n

DSA-1530-1 cupsys -- Several vulnerabilities

\n
\n
Date Reported:
\n
25 Mar 2008
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 472105, Bug 467653.
In Mitre's CVE dictionary: CVE-2008-0047, CVE-2008-0882.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in cupsys, the\nCommon Unix Printing System. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-0047\n

    \nHeap-based buffer overflow in CUPS, when printer sharing is enabled,\nallows remote attackers to execute arbitrary code via crafted search\nexpressions.\n

    \n
    • \n
  • CVE-2008-0882\n

    \nDouble free vulnerability in the process_browse_data function in CUPS\n1.3.5 allows remote attackers to cause a denial of service (daemon\ncrash) and possibly the execution of arbitrary code via crafted packets to the\ncupsd port (631/udp), related to an unspecified manipulation of a\nremote printer.\n

    \n
    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch3.

\n

We recommend that you upgrade your cupsys packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1531": "
\n

Debian Security Advisory

\n

DSA-1531-2 policyd-weight -- insecure temporary files

\n
\n
Date Reported:
\n
27 Mar 2008
\n
Affected Packages:
\n
\npolicyd-weight\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1569, CVE-2008-1570.
\n
More information:
\n
\n

Chris Howells discovered that policyd-weight, a policy daemon for the Postfix\nmail transport agent, created its socket in an insecure way, which may be\nexploited to overwrite or remove arbitrary files from the local system.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.1.14-beta-6etch2.

\n

The old stable distribution (sarge) does not contain a policyd-weight package.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your policyd-weight package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/policyd-weight/policyd-weight_0.1.14-beta-6etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1532": "
\n

Debian Security Advisory

\n

DSA-1532-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Mar 2008
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-4879\n

    Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.

    • \n
  • CVE-2008-1233\n

    moz_bug_r_a4 discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.

    • \n
  • CVE-2008-1234\n

    moz_bug_r_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.

    • \n
  • CVE-2008-1235\n

    Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.

    • \n
  • CVE-2008-1236\n

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-1237\n

    georgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.

    • \n
  • CVE-2008-1238\n

    Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.

    • \n
  • CVE-2008-1240\n

    Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.

    • \n
  • CVE-2008-1241\n

    Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080323b-0etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1.13-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080323b-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1533": "
\n

Debian Security Advisory

\n

DSA-1533-2 exiftags -- insufficient input sanitizing

\n
\n
Date Reported:
\n
27 Mar 2008
\n
Affected Packages:
\n
\nexiftags\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 457062.
In Mitre's CVE dictionary: CVE-2007-6354, CVE-2007-6355, CVE-2007-6356.
\n
More information:
\n
\n

Christian Schmid and Meder Kydyraliev (Google Security) discovered a\nnumber of vulnerabilities in exiftags, a utility for extracting EXIF\nmetadata from JPEG images. The Common Vulnerabilities and Exposures\nproject identified the following three problems:

\n
    \n
  • CVE-2007-6354\n

    Inadequate EXIF property validation could lead to invalid memory\n accesses if executed on a maliciously crafted image, potentially\n including heap corruption and the execution of arbitrary code.

    • \n
  • CVE-2007-6355\n

    Flawed data validation could lead to integer overflows, causing\n other invalid memory accesses, also with the potential for memory\n corruption or arbitrary code execution.

    • \n
  • CVE-2007-6356\n

    Cyclical EXIF image file directory (IFD) references could cause\n a denial of service (infinite loop).

    • \n
\n

For the oldstable distribution (sarge), these problems have been fixed\nin version 0.98-1.1+0sarge1.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.98-1.1+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.01-0.1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+0sarge1_s390.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/exiftags/exiftags_0.98-1.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1534": "
\n

Debian Security Advisory

\n

DSA-1534-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Mar 2008
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceape internet\nsuite, an unbranded version of the Seamonkey Internet Suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-4879\n

    Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.

    • \n
  • CVE-2008-1233\n

    moz_bug_r_a4 discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.

    • \n
  • CVE-2008-1234\n

    moz_bug_r_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.

    • \n
  • CVE-2008-1235\n

    Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.

    • \n
  • CVE-2008-1236\n

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-1237\n

    georgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.

    • \n
  • CVE-2008-1238\n

    Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.

    • \n
  • CVE-2008-1240\n

    Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.

    • \n
  • CVE-2008-1241\n

    Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.0.13~pre080323b-0etch1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1535": "
\n

Debian Security Advisory

\n

DSA-1535-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Mar 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4879, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-4879\n

    Peter Brodersen and Alexander Klink discovered that the\n autoselection of SSL client certificates could lead to users\n being tracked, resulting in a loss of privacy.

    • \n
  • CVE-2008-1233\n

    moz_bug_r_a4 discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.

    • \n
  • CVE-2008-1234\n

    moz_bug_r_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.

    • \n
  • CVE-2008-1235\n

    Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.

    • \n
  • CVE-2008-1236\n

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-1237\n

    georgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.

    • \n
  • CVE-2008-1238\n

    Gregory Fleischer discovered that HTTP Referrer headers were\n handled incorrectly in combination with URLs containing Basic\n Authentication credentials with empty usernames, resulting\n in potential Cross-Site Request Forgery attacks.

    • \n
  • CVE-2008-1240\n

    Gregory Fleischer discovered that web content fetched through\n the jar: protocol can use Java to connect to arbitrary ports.\n This is only an issue in combination with the non-free Java\n plugin.

    • \n
  • CVE-2008-1241\n

    Chris Thomas discovered that background tabs could generate\n XUL popups overlaying the current tab, resulting in potential\n spoofing attacks.

    • \n
\n

The Mozilla products from the old stable distribution (sarge) are no\nlonger supported.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.13-0etch1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.13-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.13-0etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.13-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.13-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.13-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1536": "
\n

Debian Security Advisory

\n

DSA-1536-1 libxine -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Mar 2008
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 464696.
In Mitre's CVE dictionary: CVE-2007-1246, CVE-2007-1387, CVE-2008-0073, CVE-2008-0486, CVE-2008-1161.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in Xine, a\nmedia player library, allowed for a denial of service or arbitrary code\nexecution, which could be exploited through viewing malicious content.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-1246 / CVE-2007-1387\n

    The DMO_VideoDecoder_Open function does not set the biSize before use in a\n memcpy, which allows user-assisted remote attackers to cause a buffer overflow\n and possibly execute arbitrary code (applies to sarge only).

    • \n
  • CVE-2008-0073\n

    Array index error in the sdpplin_parse function allows remote RTSP servers\n to execute arbitrary code via a large streamid SDP parameter.

    • \n
  • CVE-2008-0486\n

    Array index vulnerability in libmpdemux/demux_audio.c might allow remote\n attackers to execute arbitrary code via a crafted FLAC tag, which triggers\n a buffer overflow (applies to etch only).

    • \n
  • CVE-2008-1161\n

    Buffer overflow in the Matroska demuxer allows remote attackers to cause a\n denial of service (crash) and possibly execute arbitrary code via a Matroska\n file with invalid frame sizes.

    • \n
\n

For the old stable distribution (sarge), these problems have been fixed in\nversion 1.0.1-1sarge7.

\n

For the stable distribution (etch), these problems have been fixed in version\n1.1.2+dfsg-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.11-1.

\n

We recommend that you upgrade your xine-lib package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.0.1-1sarge7.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_ia64.deb
\n
Motorola 680x0:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_m68k.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_m68k.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.0.1-1sarge7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.0.1-1sarge7_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.dsc
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-6.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1537": "
\n

Debian Security Advisory

\n

DSA-1537-1 xpdf -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Apr 2008
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
\n
More information:
\n
\n

Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set\nof tools for display and conversion of Portable Document Format (PDF) files.\nThe Common Vulnerabilities and Exposures project identifies the following\nthree problems:

\n
    \n
  • CVE-2007-4352\n

    Inadequate DCT stream validation allows an attacker to corrupt\n memory and potentially execute arbitrary code by supplying a\n maliciously crafted PDF file.

    • \n
  • CVE-2007-5392\n

    An integer overflow vulnerability in DCT stream handling could\n allow an attacker to overflow a heap buffer, enabling the execution\n of arbitrary code.

    • \n
  • CVE-2007-5393\n

    A buffer overflow vulnerability in xpdf's CCITT image compression\n handlers allows overflow on the heap, allowing an attacker to\n execute arbitrary code by supplying a maliciously crafted\n CCITTFaxDecode filter.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.01-9.1+etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.02-1.3.

\n

We recommend that you upgrade your xpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch2.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1538": "
\n

Debian Security Advisory

\n

DSA-1538-1 alsaplayer -- buffer overrun

\n
\n
Date Reported:
\n
04 Apr 2008
\n
Affected Packages:
\n
\nalsaplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 446034.
In Mitre's CVE dictionary: CVE-2007-5301.
\n
More information:
\n
\n

Erik Sj\u00f6lund discovered a buffer overflow vulnerability in the Ogg\nVorbis input plugin of the alsaplayer audio playback application.\nSuccessful exploitation of this vulnerability through the opening of a\nmaliciously crafted Vorbis file could lead to the execution of\narbitrary code.

\n

For the stable distribution (etch), the problem has been fixed in\nversion 0.99.76-9+etch1.

\n

For the unstable distribution (sid), the problem was fixed in version\n0.99.80~rc4-1.

\n

We recommend that you upgrade your alsaplayer packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer_0.99.76-9+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer-dev_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/libalsaplayer0_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-daemon_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-gtk_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-nas_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-alsa_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-jack_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-xosd_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-common_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-esd_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-oss_0.99.76-9+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/alsaplayer/alsaplayer-text_0.99.76-9+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1539": "
\n

Debian Security Advisory

\n

DSA-1539-1 mapserver -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Apr 2008
\n
Affected Packages:
\n
\nmapserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4542, CVE-2007-4629.
\n
More information:
\n
\n

Chris Schmidt and Daniel Morissette discovered two vulnerabilities\nin mapserver, a development environment for spatial and mapping\napplications. The Common Vulnerabilities and Exposures project\nidentifies the following two problems:

\n
    \n
  • CVE-2007-4542\n

    Lack of input sanitizing and output escaping in the CGI\n mapserver's template handling and error reporting routines leads\n to cross-site scripting vulnerabilities.

    • \n
  • CVE-2007-4629\n

    Missing bounds checking in mapserver's template handling leads to\n a stack-based buffer overrun vulnerability, allowing a remote\n attacker to execute arbitrary code with the privileges of the CGI\n or httpd user.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 4.10.0-5.1+etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.10.3-1.

\n

We recommend that you upgrade your mapserver (4.10.0-5.1+etch2) package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1540": "
\n

Debian Security Advisory

\n

DSA-1540-1 lighttpd -- denial of service

\n
\n
Date Reported:
\n
07 Apr 2008
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1531.
\n
More information:
\n
\n

It was discovered that lighttpd, a fast webserver with minimal memory\nfootprint, didn't correctly handle SSL errors. This could allow\na remote attacker to disconnect all active SSL connections.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.4.13-4etch7.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1541": "
\n

Debian Security Advisory

\n

DSA-1541-1 openldap2.3 -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Apr 2008
\n
Affected Packages:
\n
\nopenldap2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 440632, Bug 448644, Bug 465875.
In Mitre's CVE dictionary: CVE-2007-5707, CVE-2007-5708, CVE-2007-6698, CVE-2008-0658.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in OpenLDAP, a\nfree implementation of the Lightweight Directory Access Protocol. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-5707\n

    Thomas Sesselmann discovered that slapd could be crashed by a\n malformed modify requests.

    • \n
  • CVE-2007-5708\n

    Toby Blade discovered that incorrect memory handling in slapo-pcache\n could lead to denial of service through crafted search requests.

    • \n
  • CVE-2007-6698\n

    It was discovered that a programming error in the interface to the\n BDB storage backend could lead to denial of service through\n crafted modify requests.

    • \n
  • CVE-2008-0658\n

    It was discovered that a programming error in the interface to the\n BDB storage backend could lead to denial of service through\n crafted modrdn requests.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.3.30-5+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.7-6.1.

\n

We recommend that you upgrade your openldap2.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1542": "
\n

Debian Security Advisory

\n

DSA-1542-1 libcairo -- integer overflow

\n
\n
Date Reported:
\n
09 Apr 2008
\n
Affected Packages:
\n
\nlibcairo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5503.
\n
More information:
\n
\n

Peter Valchev (Google Security) discovered a series of integer\noverflow weaknesses in Cairo, a vector graphics rendering library used\nby many other applications. If an application uses cairo to render a\nmaliciously crafted PNG image, the vulnerability allows the execution\nof arbitrary code.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.4-4.1+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.10-1.1.

\n

We recommend that you upgrade your libcairo packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo_1.2.4-4.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo_1.2.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo_1.2.4-4.1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-doc_1.2.4-4.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-dev_1.2.4-4.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2_1.2.4-4.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2_1.2.4-4.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo-directfb2-udeb_1.2.4-4.1+etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/libc/libcairo/libcairo2-dev_1.2.4-4.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1543": "
\n

Debian Security Advisory

\n

DSA-1543-1 vlc -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Apr 2008
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6681, CVE-2007-6682, CVE-2007-6683, CVE-2008-0295, CVE-2008-0296, CVE-2008-0073, CVE-2008-0984, CVE-2008-1489.
\n
More information:
\n
\n

Luigi Auriemma, Alin Rad Pop, R\u00e9mi Denis-Courmont, Quovodis, Guido\nLandi, Felipe Manzano, Anibal Sacco and others discovered multiple\nvulnerabilities in vlc, an application for playback and streaming of\naudio and video. In the worst case, these weaknesses permit a remote,\nunauthenticated attacker to execute arbitrary code with the privileges\nof the user running vlc.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing eight problems:

\n
    \n
  • CVE-2007-6681\n

    A buffer overflow vulnerability in subtitle handling allows an\n attacker to execute arbitrary code through the opening of a\n maliciously crafted MicroDVD, SSA or Vplayer file.

    • \n
  • CVE-2007-6682\n

    A format string vulnerability in the HTTP-based remote control\n facility of the vlc application allows a remote, unauthenticated\n attacker to execute arbitrary code.

    • \n
  • CVE-2007-6683\n

    Insecure argument validation allows a remote attacker to overwrite\n arbitrary files writable by the user running vlc, if a maliciously\n crafted M3U playlist or MP3 audio file is opened.

    • \n
  • CVE-2008-0295, CVE-2008-0296\n

    Heap buffer overflows in RTSP stream and session description\n protocol (SDP) handling allow an attacker to execute arbitrary\n code if a maliciously crafted RTSP stream is played.

    • \n
  • CVE-2008-0073\n

    Insufficient integer bounds checking in SDP handling allows the\n execution of arbitrary code through a maliciously crafted SDP\n stream ID parameter in an RTSP stream.

    • \n
  • CVE-2008-0984\n

    Insufficient integrity checking in the MP4 demuxer allows a remote\n attacker to overwrite arbitrary memory and execute arbitrary code\n if a maliciously crafted MP4 file is opened.

    • \n
  • CVE-2008-1489\n

    An integer overflow vulnerability in MP4 handling allows a remote\n attacker to cause a heap buffer overflow, inducing a crash and\n possibly the execution of arbitrary code if a maliciously crafted\n MP4 file is opened.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.8.6-svn20061012.debian-5.1+etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.6.e-2.

\n

We recommend that you upgrade your vlc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5.1+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1544": "
\n

Debian Security Advisory

\n

DSA-1544-2 pdns-recursor -- design flaw

\n
\n
Date Reported:
\n
16 Jul 2008
\n
Affected Packages:
\n
\npdns-recursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1637, CVE-2008-3217.
\n
More information:
\n
\n

Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a\nweak random number generator to create DNS transaction IDs and UDP\nsource port numbers. As a result, cache poisoning attacks were\nsimplified. (CVE-2008-1637\nand CVE-2008-3217)

\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.1.4-1+etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.7-1.

\n

We recommend that you upgrade your pdns-recursor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.4-1+etch2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1545": "
\n

Debian Security Advisory

\n

DSA-1545-1 rsync -- integer overflow

\n
\n
Date Reported:
\n
10 Apr 2008
\n
Affected Packages:
\n
\nrsync\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1720.
\n
More information:
\n
\n

Sebastian Krahmer discovered that an integer overflow in rsync's code\nfor handling extended attributes may lead to arbitrary code execution.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.6.9-2etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.2-1.

\n

We recommend that you upgrade your rsync package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2.dsc
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1546": "
\n

Debian Security Advisory

\n

DSA-1546-1 gnumeric -- integer overflow

\n
\n
Date Reported:
\n
10 Apr 2008
\n
Affected Packages:
\n
\ngnumeric\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0668.
\n
More information:
\n
\n

Thilo Pfennig and Morten Welinder discovered several integer overflow\nweaknesses in Gnumeric, a GNOME spreadsheet application. These\nvulnerabilities could result in the execution of arbitrary code\nthrough the opening of a maliciously crafted Excel spreadsheet.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.6.3-5+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.1-1.

\n

We recommend that you upgrade your gnumeric packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-common_1.6.3-5.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-doc_1.6.3-5.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1547": "
\n

Debian Security Advisory

\n

DSA-1547-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2008
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320.
\n
More information:
\n
\n

Several security related problems have been discovered in\nOpenOffice.org, the free office suite. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-5745, CVE-2007-5747\n

    Several bugs have been discovered in the way OpenOffice.org parses\n Quattro Pro files that may lead to a overflow in the heap\n potentially leading to the execution of arbitrary code.

    • \n
  • CVE-2007-5746\n

    Specially crafted EMF files can trigger a buffer overflow in the\n heap that may lead to the execution of arbitrary code.

    • \n
  • CVE-2008-0320\n

    A bug has been discovered in the processing of OLE files that can\n cause a buffer overflow in the heap potentially leading to the\n execution of arbitrary code.

    • \n
\n

Recently reported problems in the ICU library are fixed in separate\nlibicu packages with DSA 1511 against which OpenOffice.org is linked.

\n

For the old stable distribution (sarge) these problems have been fixed in\nversion 1.1.3-9sarge9.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.0.4.dfsg.2-7etch5.

\n

For the testing (lenny) and unstable (sid) distributions these\nproblems have been fixed in version 2.4.0~ooh680m5-1.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 3.1 (sarge)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge9.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge9.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge9_all.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge9_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge9_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1548": "
\n

Debian Security Advisory

\n

DSA-1548-1 xpdf -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2008
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1693.
\n
More information:
\n
\n

Kees Cook discovered a vulnerability in xpdf, a set of tools for\ndisplay and conversion of Portable Document Format (PDF) files. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblem:

\n
    \n
  • CVE-2008-1693\n

    Xpdf's handling of embedded fonts lacks sufficient validation\n and type checking. If a maliciously crafted PDF file is opened,\n the vulnerability may allow the execution of arbitrary code with\n the privileges of the user running xpdf.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 3.01-9.1+etch4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.02-1.2.

\n

We recommend that you upgrade your xpdf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1549": "
\n

Debian Security Advisory

\n

DSA-1549-1 clamav -- buffer overflows

\n
\n
Date Reported:
\n
17 Apr 2008
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0314, CVE-2008-1100, CVE-2008-1833.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Clam anti-virus\ntoolkit. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-0314\n

    Damian Put discovered that a buffer overflow in the handler for\n PeSpin binaries may lead to the execution of arbitrary code.

    • \n
  • CVE-2008-1100\n

    Alin Rad Pop discovered that a buffer overflow in the handler for\n Upack PE binaries may lead to the execution of arbitrary code.

    \n
  • CVE-2008-1833\n

    Damian Put and Thomas Pollet discovered that a buffer overflow in\n the handler for WWPack-compressed PE binaries may lead to the\n execution of arbitrary code.

    • \n
\n

For the stable distribution (etch) these problems have been fixed\nin version 0.90.1dfsg-3etch11.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.92.1~dfsg2-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3etch11_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3etch11_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3etch11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3etch11_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1550": "
\n

Debian Security Advisory

\n

DSA-1550-1 suphp -- programming error

\n
\n
Date Reported:
\n
17 Apr 2008
\n
Affected Packages:
\n
\nsuphp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 475431.
In Mitre's CVE dictionary: CVE-2008-1614.
\n
More information:
\n
\n

It was discovered that suphp, an Apache module to run PHP scripts with\nowner permissions handles symlinks insecurely, which may lead to\nprivilege escalation by local users.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.6.2-1+etch0.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your suphp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp_0.6.2-1+etch0.diff.gz
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp_0.6.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp_0.6.2-1+etch0.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_arm.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_arm.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_i386.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_i386.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_mips.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_mips.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/suphp/suphp-common_0.6.2-1+etch0_s390.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache-mod-suphp_0.6.2-1+etch0_s390.deb
\n
http://security.debian.org/pool/updates/main/s/suphp/libapache2-mod-suphp_0.6.2-1+etch0_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1551": "
\n

Debian Security Advisory

\n

DSA-1551-1 python2.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Apr 2008
\n
Affected Packages:
\n
\npython2.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2007-2052\n

    Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.

    • \n
  • CVE-2007-4965\n

    It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.

    • \n
  • CVE-2008-1721\n

    Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.

    • \n
  • CVE-2008-1887\n

    Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.5-2.

\n

We recommend that you upgrade your python2.4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1552": "
\n

Debian Security Advisory

\n

DSA-1552-1 mplayer -- missing input sanitising

\n
\n
Date Reported:
\n
19 Apr 2008
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1558.
\n
More information:
\n
\n

It was discovered that the MPlayer movie player performs insufficient\ninput sanitising on SDP session data, leading to potential execution\nof arbitrary code through a malformed multimedia stream.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0~rc1-12etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0~rc2-10.

\n

We recommend that you upgrade your mplayer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1553": "
\n

Debian Security Advisory

\n

DSA-1553-1 ikiwiki -- cross-site request forgery

\n
\n
Date Reported:
\n
20 Apr 2008
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 475445.
In Mitre's CVE dictionary: CVE-2008-0165.
\n
More information:
\n
\n

It has been discovered that ikiwiki, a Wiki implementation, does not\nguard password and content changes against cross-site request forgery\n(CSRF) attacks.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.33.5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.42.

\n

We recommend that you upgrade your ikiwiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.5.tar.gz
\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_1.33.5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1554": "
\n

Debian Security Advisory

\n

DSA-1554-2 roundup -- insufficient input sanitising

\n
\n
Date Reported:
\n
22 Apr 2008
\n
Affected Packages:
\n
\nroundup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 472643.
In Mitre's CVE dictionary: CVE-2008-1474.
\n
More information:
\n
\n

Roundup, an issue tracking system, fails to properly escape HTML input,\nallowing an attacker to inject client-side code (typically JavaScript)\ninto a document that may be viewed in the victim's browser.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.2.1-5+etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.3-3.1.

\n

We recommend that you upgrade your roundup packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2.dsc
\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-5+etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1555": "
\n

Debian Security Advisory

\n

DSA-1555-1 iceweasel -- programming error

\n
\n
Date Reported:
\n
23 Apr 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1380.
\n
More information:
\n
\n

It was discovered that crashes in the Javascript engine of Iceweasel,\nan unbranded version of the Firefox browser, could potentially lead to\nthe execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.0.0.14-0etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0.14-1.

\n

We recommend that you upgrade your iceweasel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.14-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.14-0etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.14-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.14-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.14-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1556": "
\n

Debian Security Advisory

\n

DSA-1556-2 perl -- heap buffer overflow

\n
\n
Date Reported:
\n
24 Apr 2008
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 454792.
In Mitre's CVE dictionary: CVE-2008-1927.
\n
More information:
\n
\n

It has been discovered that the Perl interpreter may encounter a buffer\noverflow condition when compiling certain regular expressions containing\nUnicode characters. This also happens if the offending characters are\ncontained in a variable reference protected by the \\Q...\\E quoting\nconstruct. When encountering this condition, the Perl interpreter\ntypically crashes, but arbitrary code execution cannot be ruled out.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.8.8-7etch3.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1557": "
\n

Debian Security Advisory

\n

DSA-1557-1 phpmyadmin -- insufficient input sanitising

\n
\n
Date Reported:
\n
24 Apr 2008
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, CVE-2008-1924, CVE-2008-1567, CVE-2008-1149.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin,\nan application to administrate MySQL over the WWW. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-1924\n

    Attackers with CREATE table permissions were allowed to read\n arbitrary files readable by the webserver via a crafted\n HTTP POST request.

    • \n
  • CVE-2008-1567\n

    The PHP session data file stored the username and password of\n a logged in user, which in some setups can be read by a local\n user.

    • \n
  • CVE-2008-1149\n

    Cross site scripting and SQL injection were possible by attackers\n that had permission to create cookies in the same cookie domain\n as phpMyAdmin runs in.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 4:2.9.1.1-7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:2.11.5.2-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1558": "
\n

Debian Security Advisory

\n

DSA-1558-1 xulrunner -- programming error

\n
\n
Date Reported:
\n
24 Apr 2008
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1380.
\n
More information:
\n
\n

It was discovered that crashes in the Javascript engine of xulrunner,\nthe Gecko engine library, could potentially lead to the execution of\narbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.8.0.15~pre080323b-0etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.1.14-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080323b-0etch2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080323b-0etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080323b-0etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1559": "
\n

Debian Security Advisory

\n

DSA-1559-1 phpgedview -- insufficient input sanitising

\n
\n
Date Reported:
\n
27 Apr 2008
\n
Affected Packages:
\n
\nphpgedview\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 443901.
In Mitre's CVE dictionary: CVE-2007-5051.
\n
More information:
\n
\n

It was discovered that phpGedView, an application to provide online access\nto genealogical data, performed insufficient input sanitising on some\nparameters, making it vulnerable to cross site scripting.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.0.2.dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in version\n4.1.e+4.1.1-2.

\n

We recommend that you upgrade your phpgedview package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-themes_4.0.2.dfsg-3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-places_4.0.2.dfsg-3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-3_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-languages_4.0.2.dfsg-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1560": "
\n

Debian Security Advisory

\n

DSA-1560-1 kronolith2 -- insufficient input sanitising

\n
\n
Date Reported:
\n
28 Apr 2008
\n
Affected Packages:
\n
\nkronolith2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 478121.
In Mitre's CVE dictionary: CVE-2008-1974.
\n
More information:
\n
\n

\"The-0utl4w\" discovered that the Kronolith, calendar component for\nthe Horde Framework, didn't properly sanitise URL input, leading to\na cross-site scripting vulnerability in the add event screen.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.1.4-1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.8-1.

\n

We recommend that you upgrade your kronolith2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kronolith2/kronolith2_2.1.4-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/k/kronolith2/kronolith2_2.1.4-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kronolith2/kronolith2_2.1.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kronolith2/kronolith2_2.1.4-1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1561": "
\n

Debian Security Advisory

\n

DSA-1561-1 ldm -- programming error

\n
\n
Date Reported:
\n
28 Apr 2008
\n
Affected Packages:
\n
\nldm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 469462.
In Mitre's CVE dictionary: CVE-2008-1293.
\n
More information:
\n
\n

Christian Herzog discovered that within the Linux Terminal Server Project,\nit was possible to connect to X on any LTSP client from any host on the\nnetwork, making client windows and keystrokes visible to that host.

\n

NOTE: most ldm installs are likely to be in a chroot environment exported\nover NFS, and will not be upgraded merely by upgrading the server itself.\nFor example, on the i386 architecture, to upgrade ldm will likely require:

\n
    chroot /opt/ltsp/i386 apt-get update\n    chroot /opt/ltsp/i386 apt-get dist-upgrade
\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.99debian11+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:0.1~bzr20080308-1.

\n

We recommend that you upgrade your ldm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp_0.99debian11+etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp_0.99debian11+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-server-standalone_0.99debian11+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client-builder_0.99debian11+etch1_all.udeb
\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-server_0.99debian11+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/ltsp/ldm_0.99debian11+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/ltsp/ltsp-client_0.99debian11+etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1562": "
\n

Debian Security Advisory

\n

DSA-1562-1 iceape -- programming error

\n
\n
Date Reported:
\n
28 Apr 2008
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1380.
\n
More information:
\n
\n

It was discovered that crashes in the JavaScript engine of Iceape,\nan unbranded version of the Seamonkey internet suite could\npotentially lead to the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0.13~pre080323b-0etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.9-2.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080323b-0etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080323b-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080323b-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080323b-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080323b-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080323b-0etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080323b-0etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1563": "
\n

Debian Security Advisory

\n

DSA-1563-1 asterisk -- programming error

\n
\n
Date Reported:
\n
30 Apr 2008
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1897.
\n
More information:
\n
\n

Joel R. Voss discovered that the IAX2 module of Asterisk, a free\nsoftware PBX and telephony toolkit performs insufficient validation of\nIAX2 protocol messages, which may lead to denial of service.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.2.13~dfsg-2etch4.

\n

For the unstable distribution (sid), this problem has been fixed\nin version 1.4.19.1~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.2.13~dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-vmail_1.2.13~dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.2.13~dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.2.13~dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.2.13~dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.2.13~dfsg-2etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1564": "
\n

Debian Security Advisory

\n

DSA-1564-1 wordpress -- multiple vulnerabilities

\n
\n
Date Reported:
\n
01 May 2008
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3639, CVE-2007-4153, CVE-2007-4154, CVE-2007-0540.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in WordPress,\na weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-3639\n

    Insufficient input sanitising allowed for remote attackers to\n redirect visitors to external websites.

    • \n
  • CVE-2007-4153\n

    Multiple cross-site scripting vulnerabilities allowed remote\n authenticated administrators to inject arbitrary web script or HTML.

    • \n
  • CVE-2007-4154\n

    SQL injection vulnerability allowed allowed remote authenticated\n administrators to execute arbitrary SQL commands.

    • \n
  • CVE-2007-0540\n

    WordPress allows remote attackers to cause a denial of service\n (bandwidth or thread consumption) via pingback service calls with\n a source URI that corresponds to a file with a binary content type,\n which is downloaded even though it cannot contain usable pingback data.

    • \n
  • [no CVE name yet]\n

    Insufficient input sanitising caused an attacker with a normal user\n account to access the administrative interface.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n2.0.10-1etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.3-1.

\n

We recommend that you upgrade your wordpress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1565": "
\n

Debian Security Advisory

\n

DSA-1565-1 linux-2.6 -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Linux kernel\nthat may lead to a denial of service or the execution of arbitrary\ncode. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-6694\n

    Cyrill Gorcunov reported a NULL pointer dereference in code specific\n to the CHRP PowerPC platforms. Local users could exploit this issue\n to achieve a Denial of Service (DoS).

    • \n
  • CVE-2008-0007\n

    Nick Piggin of SuSE discovered a number of issues in subsystems which\n register a fault handler for memory mapped areas. This issue can be\n exploited by local users to achieve a Denial of Service (DoS) and possibly\n execute arbitrary code.

    • \n
  • CVE-2008-1294\n

    David Peer discovered that users could escape administrator imposed cpu\n time limitations (RLIMIT_CPU) by setting a limit of 0.

    • \n
  • CVE-2008-1375\n

    Alexander Viro discovered a race condition in the directory notification\n subsystem that allows local users to cause a Denial of Service (oops)\n and possibly result in an escalation of privileges.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n2.6.18.dfsg.1-18etch3.

\n

The unstable (sid) and testing distributions will be fixed soon.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1566": "
\n

Debian Security Advisory

\n

DSA-1566-1 cpio -- programming error

\n
\n
Date Reported:
\n
02 May 2008
\n
Affected Packages:
\n
\ncpio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-4476.
\n
More information:
\n
\n

Dmitry Levin discovered a vulnerability in path handling code used by\nthe cpio archive utility. The weakness could enable a denial of\nservice (crash) or potentially the execution of arbitrary code if a\nvulnerable version of cpio is used to extract or to list the contents\nof a maliciously crafted archive.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6-18.1+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.9-5.

\n

We recommend that you upgrade your cpio packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1567": "
\n

Debian Security Advisory

\n

DSA-1567-1 blender -- buffer overrun

\n
\n
Date Reported:
\n
05 May 2008
\n
Affected Packages:
\n
\nblender\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1102.
\n
More information:
\n
\n

Stefan Cornelius discovered a vulnerability in the Radiance High\nDynamic Range (HDR) image parser in Blender, a 3D modelling\napplication. The weakness could enable a stack-based buffer overflow\nand the execution of arbitrary code if a maliciously-crafted HDR file\nis opened, or if a directory containing such a file is browsed via\nBlender's image-open dialog.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.42a-7.1+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.45-5.

\n

We recommend that you upgrade your blender packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/blender/blender_2.42a-7.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1568": "
\n

Debian Security Advisory

\n

DSA-1568-1 b2evolution -- insufficient input sanitising

\n
\n
Date Reported:
\n
05 May 2008
\n
Affected Packages:
\n
\nb2evolution\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 410568.
In Mitre's CVE dictionary: CVE-2007-0175.
\n
More information:
\n
\n

\"unsticky\" discovered that b2evolution, a blog engine, performs insufficient\ninput sanitising, allowing for cross site scripting.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.9.2-3+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.2-4.

\n

We recommend that you upgrade your b2evolution package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/b2evolution/b2evolution_0.9.2-3+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1569": "
\n

Debian Security Advisory

\n

DSA-1569-2 cacti -- insufficient input sanitising

\n
\n
Date Reported:
\n
05 May 2008
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0783, CVE-2008-0785.
\n
More information:
\n
\n

It was discovered that Cacti, a systems and services monitoring frontend,\nperformed insufficient input sanitising, leading to cross site scripting\nand SQL injection being possible.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.8.6i-3.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7b-1.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1570": "
\n

Debian Security Advisory

\n

DSA-1570-1 kazehakase -- various

\n
\n
Date Reported:
\n
06 May 2008
\n
Affected Packages:
\n
\nkazehakase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 464756.
In Mitre's CVE dictionary: CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768.
\n
More information:
\n
\n

Andrews Salomon reported that kazehakase, a GTK+-based web browser that\nallows pluggable rendering engines, contained an embedded copy of the\nPCRE library in its source tree which was compiled in and used in preference\nto the system-wide version of this library.

\n

The PCRE library has been updated to fix the security issues reported\nagainst it in previous Debian Security Advisories. This update ensures that\nkazehakase uses that supported library, and not its own embedded and\ninsecure version.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.4.2-1etch1.

\n

We recommend that you upgrade your kazehakase package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1571": "
\n

Debian Security Advisory

\n

DSA-1571-1 openssl -- predictable random number generator

\n
\n
Date Reported:
\n
13 May 2008
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0166.
\n
More information:
\n
\n

Luciano Bello discovered that the random number generator in Debian's\nopenssl package is predictable. This is caused by an incorrect\nDebian-specific change to the openssl package (CVE-2008-0166). As a\nresult, cryptographic key material may be guessable.

\n

This is a Debian-specific vulnerability which does not affect other\noperating systems which are not based on Debian. However, other systems\ncan be indirectly affected if weak keys are imported into them.

\n

It is strongly recommended that all cryptographic key material which has\nbeen generated by OpenSSL versions starting with 0.9.8c-1 on Debian\nsystems is recreated from scratch. Furthermore, all DSA keys ever used\non affected Debian systems for signing or authentication purposes should\nbe considered compromised; the Digital Signature Algorithm relies on a\nsecret random value used during signature generation.

\n

The first vulnerable version, 0.9.8c-1, was uploaded to the unstable\ndistribution on 2006-09-17, and has since that date propagated to the testing and\ncurrent stable (etch) distributions. The old stable distribution\n(sarge) is not affected.

\n

Affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key\nmaterial for use in X.509 certificates and session keys used in SSL/TLS\nconnections. Keys generated with GnuPG or GNUTLS are not affected,\nthough.

\n

A detector for known weak key material will be published at:

\n

http://security.debian.org/project/extra/dowkd/dowkd.pl.gz\n(OpenPGP signature)

\n

Instructions how to implement key rollover for various packages will be\npublished at:

\n

https://www.debian.org/security/key-rollover/

\n

This web site will be continuously updated to reflect new and updated\ninstructions on key rollovers for packages using SSL certificates.\nPopular packages not affected will also be listed.

\n

In addition to this critical change, two other vulnerabilities have been\nfixed in the openssl package which were originally scheduled for release\nwith the next etch point release: OpenSSL's DTLS (Datagram TLS,\nbasically SSL over UDP) implementation did not actually implement the\nDTLS specification, but a potentially much weaker protocol, and\ncontained a vulnerability permitting arbitrary code execution\n(CVE-2007-4995). A side channel attack in the integer multiplication\nroutines is also addressed (CVE-2007-3108).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.9.8c-4etch3.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 0.9.8g-9.

\n

We recommend that you upgrade your openssl package and subsequently\nregenerate any cryptographic material, as outlined above.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch3_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1572": "
\n

Debian Security Advisory

\n

DSA-1572-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 May 2008
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 479723.
In Mitre's CVE dictionary: CVE-2007-3806, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-3806\n

    The glob function allows context-dependent attackers to cause\n a denial of service and possibly execute arbitrary code via\n an invalid value of the flags parameter.

    • \n
  • CVE-2008-1384\n

    Integer overflow allows context-dependent attackers to cause\n a denial of service and possibly have other impact via a\n printf format parameter with a large width specifier.

    • \n
  • CVE-2008-2050\n

    Stack-based buffer overflow in the FastCGI SAPI.

    • \n
  • CVE-2008-2051\n

    The escapeshellcmd API function could be attacked via\n incomplete multibyte chars.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.2.0-8+etch11.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.2.6-1.

\n

We recommend that you upgrade your php5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch11.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch11.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch11_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1573": "
\n

Debian Security Advisory

\n

DSA-1573-1 rdesktop -- several vulnerabilities

\n
\n
Date Reported:
\n
11 May 2008
\n
Affected Packages:
\n
\nrdesktop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 480133, Bug 480134, Bug 480135.
In Mitre's CVE dictionary: CVE-2008-1801, CVE-2008-1802, CVE-2008-1803.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in rdesktop, a\nRemote Desktop Protocol client. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2008-1801\n

    Remote exploitation of an integer underflow vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.

    • \n
  • CVE-2008-1802\n

    Remote exploitation of a BSS overflow vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.

    • \n
  • CVE-2008-1803\n

    Remote exploitation of an integer signedness vulnerability allows\n attackers to execute arbitrary code with the privileges of the\n logged-in user.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.5.0-1etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.5.0-4+cvs20071006.

\n

We recommend that you upgrade your rdesktop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rdesktop/rdesktop_1.5.0-1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1574": "
\n

Debian Security Advisory

\n

DSA-1574-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
12 May 2008
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove mail\nclient, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-1233\n

    moz_bug_r_a4 discovered that variants of CVE-2007-3738 and\n CVE-2007-5338 allow the execution of arbitrary code through\n XPCNativeWrapper.

    • \n
  • CVE-2008-1234\n

    moz_bug_r_a4 discovered that insecure handling of event\n handlers could lead to cross-site scripting.

    • \n
  • CVE-2008-1235\n

    Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered\n that incorrect principal handling could lead to cross-site\n scripting and the execution of arbitrary code.

    • \n
  • CVE-2008-1236\n

    Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats\n Palmgren discovered crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-1237\n

    georgi, tgirmann and Igor Bukanov discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_i386.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080417a-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1575": "
\n

Debian Security Advisory

\n

DSA-1575-1 linux-2.6 -- denial of service

\n
\n
Date Reported:
\n
12 May 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1669.
\n
More information:
\n
\n

A vulnerability has been discovered in the Linux kernel that may lead\nto a denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problem:

\n
    \n
  • CVE-2008-1669\n

    Alexander Viro discovered a race condition in the fcntl code that\n may permit local users on multi-processor systems to execute parallel\n code paths that are otherwise prohibited and gain re-ordered access\n to the descriptor table.

    • \n
\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.18.dfsg.1-18etch4.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.6.25-2.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch4.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch4.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-18etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-18etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1576": "
\n

Debian Security Advisory

\n

DSA-1576-1 openssh -- predictable random number generator

\n
\n
Date Reported:
\n
14 May 2008
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0166.
\n
More information:
\n
\n

The recently announced vulnerability in Debian's openssl package\n(DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result,\nall user and host keys generated using broken versions of the openssl\npackage must be considered untrustworthy, even after the openssl update\nhas been applied.

\n

1. Install the security updates

\n

This update contains a dependency on the openssl update and will\n automatically install a corrected version of the libssl0.9.8 package,\n and a new package openssh-blacklist.

\n

Once the update is applied, weak user keys will be automatically\n rejected where possible (though they cannot be detected in all\n cases). If you are using such keys for user authentication, they\n will immediately stop working and will need to be replaced (see\n step 3).

\n

OpenSSH host keys can be automatically regenerated when the OpenSSH\n security update is applied. The update will prompt for confirmation\n before taking this step.

\n

2. Update OpenSSH known_hosts files

\n

The regeneration of host keys will cause a warning to be displayed when\n connecting to the system using SSH until the host key is updated in the\n known_hosts file. The warning will look like this:

\n
\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\nIt is also possible that the RSA host key has just been changed.\n
\n

In this case, the host key has simply been changed, and you should update\n the relevant known_hosts file as indicated in the error message.\n It is recommended that you use a trustworthy channel to exchange the\n server key. It is found in the file /etc/ssh/ssh_host_rsa_key.pub on\n the server; it's fingerprint can be printed using the command:

\n

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

\n

In addition to user-specific known_hosts files, there may be a\n system-wide known hosts file /etc/ssh/ssh_known_hosts. This is file is\n used both by the ssh client and by sshd for the hosts.equiv\n functionality. This file needs to be updated as well.

\n

3. Check all OpenSSH user keys

\n

The safest course of action is to regenerate all OpenSSH user keys,\n except where it can be established to a high degree of certainty that the\n key was generated on an unaffected system.

\n

Check whether your key is affected by running the ssh-vulnkey tool, included\n in the security update. By default, ssh-vulnkey will check the standard\n location for user keys (~/.ssh/id_rsa, ~/.ssh/id_dsa and ~/.ssh/identity),\n your authorized_keys file (~/.ssh/authorized_keys and\n ~/.ssh/authorized_keys2), and the system's host keys\n (/etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key).

\n

To check all your own keys, assuming they are in the standard\n locations (~/.ssh/id_rsa, ~/.ssh/id_dsa, or ~/.ssh/identity):

\n

ssh-vulnkey

\n

To check all keys on your system:

\n

sudo ssh-vulnkey -a

\n

To check a key in a non-standard location:

\n

ssh-vulnkey /path/to/key

\n

If ssh-vulnkey says \"Unknown (no blacklist information)\", then it has no\n information about whether that key is affected. In this case, you\n can examine the modification time (mtime) of the file using \"ls -l\".\n Keys generated before September 2006 are not affected. Keep in mind\n that, although unlikely, backup procedures may have changed the file\n date back in time (or the system clock may have been incorrectly\n set).\n If in doubt, generate a new key and remove the old one from any\n servers.

\n

4. Regenerate any affected user keys

\n

OpenSSH keys used for user authentication must be manually regenerated,\n including those which may have since been transferred to a different system\n after being generated.

\n

New keys can be generated using ssh-keygen, e.g.:

\n
\n   $ ssh-keygen\n   Generating public/private rsa key pair.\n   Enter file in which to save the key (/home/user/.ssh/id_rsa):\n   Enter passphrase (empty for no passphrase):\n   Enter same passphrase again:\n   Your identification has been saved in /home/user/.ssh/id_rsa.\n   Your public key has been saved in /home/user/.ssh/id_rsa.pub.\n   The key fingerprint is:\n   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 user@host\n
\n

5. Update authorized_keys files (if necessary)

\n

Once the user keys have been regenerated, the relevant public keys\n must be propagated to any authorized_keys files (and authorized_keys2\n files, if applicable) on remote systems. Be sure to delete the lines\n containing old keys from those files.

\n

In addition to countermeasures to mitigate the randomness vulnerability,\nthis OpenSSH update fixes several other vulnerabilities:

\n

CVE-2008-1483:\n Timo Juhani Lindfors discovered that, when using X11 forwarding, the\n SSH client selects an X11 forwarding port without ensuring that it\n can be bound on all address families. If the system is configured\n with IPv6 (even if it does not have working IPv6 connectivity), this\n could allow a local attacker on the remote server to hijack X11\n forwarding.

\n

CVE-2007-4752:\n Jan Pechanec discovered that ssh falls back to creating a trusted X11\n cookie if creating an untrusted cookie fails, potentially exposing\n the local display to a malicious remote server when using X11\n forwarding.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 4.3p2-9etch1. Currently, only a subset of all supported\narchitectures have been built; further updates will be provided when\nthey become available.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 4.7p1-9.

\n

We recommend that you upgrade your openssh packages and take the\nmeasures indicated above.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1.dsc
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssh-blacklist/openssh-blacklist_0.1.1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_powerpc.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch1_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1577": "
\n

Debian Security Advisory

\n

DSA-1577-1 gforge -- insecure temporary files

\n
\n
Date Reported:
\n
14 May 2008
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0167.
\n
More information:
\n
\n

Stephen Gran and Mark Hymers discovered that some scripts run by GForge,\na collaborative development tool, open files in write mode in a potentially\ninsecure manner. This may be exploited to overwrite arbitrary files on the\nlocal system.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.5.14-22etch8.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch8_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch8_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1578": "
\n

Debian Security Advisory

\n

DSA-1578-1 php4 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 May 2008
\n
Affected Packages:
\n
\nphp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-3799, CVE-2007-3806, CVE-2007-3998, CVE-2007-4657, CVE-2008-2051.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP version 4, a\nserver-side, HTML-embedded scripting language. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-3799\n

    The session_start function allows remote attackers to insert\n arbitrary attributes into the session cookie via special characters\n in a cookie that is obtained from various parameters.

    • \n
  • CVE-2007-3806\n

    A denial of service was possible through a malicious script abusing\n the glob() function.

    • \n
  • CVE-2007-3998\n

    Certain maliciously constructed input to the wordwrap() function could\n lead to a denial of service attack.

    • \n
  • CVE-2007-4657\n

    Large len values of the stspn() or strcspn() functions could allow an\n attacker to trigger integer overflows to expose memory or cause denial\n of service.

    • \n
  • CVE-2008-2051\n

    The escapeshellcmd API function could be attacked via incomplete\n multibyte chars.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 6:4.4.4-8+etch6.

\n

The php4 packages are no longer present the unstable distribution (sid).

\n

We recommend that you upgrade your php4 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch6.dsc
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch6_all.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1579": "
\n

Debian Security Advisory

\n

DSA-1579-1 netpbm-free -- insufficient input sanitizing

\n
\n
Date Reported:
\n
18 May 2008
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0554.
\n
More information:
\n
\n

A vulnerability was discovered in the GIF reader implementation in\nnetpbm-free, a suite of image manipulation utilities. Insufficient\ninput data validation could allow a maliciously-crafted GIF file\nto overrun a stack buffer, potentially permitting the execution of\narbitrary code.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2:10.0-11.1+etch1.

\n

For the unstable distribution (sid), these problems were fixed in\nversion 2:10.0-11.1.

\n

We recommend that you upgrade your netpbm packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-11.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-11.1+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-11.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-11.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-11.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-11.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-11.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1580": "
\n

Debian Security Advisory

\n

DSA-1580-1 phpgedview -- programming error

\n
\n
Date Reported:
\n
20 May 2008
\n
Affected Packages:
\n
\nphpgedview\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2064.
\n
More information:
\n
\n

It was discovered that phpGedView, an application to provide online access\nto genealogical data, allowed remote attackers to gain administrator\nprivileges due to a programming error.

\n

Note: this problem was a fundamental design flaw in the interface (API) to\nconnect phpGedView with external programs like content management systems.\nResolving this problem was only possible by completely reworking the API,\nwhich is not considered appropriate for a security update. Since these are\nperipheral functions probably not used by the large majority of package\nusers, it was decided to remove these interfaces. If you require that\ninterface nonetheless, you are advised to use a version of phpGedView\nbackported from Debian Lenny, which has a completely redesigned API.

\n

For the stable distribution (etch), this problem has been fixed in version\n4.0.2.dfsg-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.1.e+4.1.5-1.

\n

We recommend that you upgrade your phpgedview package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview_4.0.2.dfsg-4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-languages_4.0.2.dfsg-4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-places_4.0.2.dfsg-4_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgedview/phpgedview-themes_4.0.2.dfsg-4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1581": "
\n

Debian Security Advisory

\n

DSA-1581-1 gnutls13 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 May 2008
\n
Affected Packages:
\n
\ngnutls13\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1948, CVE-2008-1949, CVE-2008-1950.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in GNUTLS, an\nimplementation of the SSL/TLS protocol suite.

\n

NOTE: The libgnutls13 package, which provides the GNUTLS library, does\nnot contain logic to automatically restart potentially affected\nservices. You must restart affected services manually (mainly Exim,\nusing /etc/init.d/exim4 restart) after applying the update, to make\nthe changes fully effective. Alternatively, you can reboot the system.

\n

The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-1948\n

    A pre-authentication heap overflow involving oversized session\n resumption data may lead to arbitrary code execution.

    • \n
  • CVE-2008-1949\n

    Repeated client hellos may result in a pre-authentication denial of\n service condition due to a null pointer dereference.

    • \n
  • CVE-2008-1950\n

    Decoding cipher padding with an invalid record length may cause GNUTLS\n to read memory beyond the end of the received record, leading to a\n pre-authentication denial of service condition.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.4.4-3+etch1. (Builds for the arm architecture are currently\nnot available and will be released later.)

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your GNUTLS packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1582": "
\n

Debian Security Advisory

\n

DSA-1582-1 peercast -- buffer overflow

\n
\n
Date Reported:
\n
20 May 2008
\n
Affected Packages:
\n
\npeercast\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 478573.
In Mitre's CVE dictionary: CVE-2008-2040.
\n
More information:
\n
\n

Nico Golde discovered that PeerCast, a P2P audio and video streaming\nserver, is vulnerable to a buffer overflow in the HTTP Basic\nAuthentication code, allowing a remote attacker to crash PeerCast or\nexecute arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.1217.toots.20060314-1etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.1218+svn20080104-1.1.

\n

We recommend that you upgrade your peercast package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-handlers_0.1217.toots.20060314-1etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/peercast/peercast-servent_0.1217.toots.20060314-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0_0.1217.toots.20060314-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/libpeercast0-dev_0.1217.toots.20060314-1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/peercast/peercast_0.1217.toots.20060314-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1583": "
\n

Debian Security Advisory

\n

DSA-1583-1 gnome-peercast -- buffer overflow

\n
\n
Date Reported:
\n
20 May 2008
\n
Affected Packages:
\n
\ngnome-peercast\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 466539.
In Mitre's CVE dictionary: CVE-2007-6454, CVE-2008-2040.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in GNOME PeerCast,\nthe GNOME interface to PeerCast, a P2P audio and video streaming\nserver. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-6454\n

    Luigi Auriemma discovered that PeerCast is vulnerable to a heap\n overflow in the HTTP server code, which allows remote attackers to\n cause a denial of service and possibly execute arbitrary code via a\n long SOURCE request.

    • \n
  • CVE-2008-2040\n

    Nico Golde discovered that PeerCast, a P2P audio and video streaming\n server, is vulnerable to a buffer overflow in the HTTP Basic\n Authentication code, allowing a remote attacker to crash PeerCast or\n execute arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.5.4-1.1etch0.

\n

gnome-peercast has been removed from the unstable distribution (sid).

\n

We recommend that you upgrade your gnome-peercast package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.dsc
\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnome-peercast/gnome-peercast_0.5.4-1.1etch0_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1584": "
\n

Debian Security Advisory

\n

DSA-1584-1 libfishsound -- buffer overflow

\n
\n
Date Reported:
\n
21 May 2008
\n
Affected Packages:
\n
\nlibfishsound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 475152.
In Mitre's CVE dictionary: CVE-2008-1686.
\n
More information:
\n
\n

It was discovered that libfishsound, a simple programming interface that\nwraps Xiph.Org audio codecs, didn't correctly handle negative values in\na particular header field. This could allow malicious files to execute\narbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.7.0-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.7.0-2.2.

\n

We recommend that you upgrade your libfishsound package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1585": "
\n

Debian Security Advisory

\n

DSA-1585-1 speex -- integer overflow

\n
\n
Date Reported:
\n
21 May 2008
\n
Affected Packages:
\n
\nspeex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1686.
\n
More information:
\n
\n

It was discovered that speex, the Speex codec command line tools, did\nnot correctly deal with negative offsets in a particular\nheader field. This could allow a malicious file to execute arbitrary\ncode.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.1.12-3etch1.

\n

We recommend that you upgrade your speex package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/speex/speex-doc_1.1.12-3etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/speex/libspeex-dev_1.1.12-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/speex/libspeex1_1.1.12-3etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/speex/speex_1.1.12-3etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1586": "
\n

Debian Security Advisory

\n

DSA-1586-1 xine-lib -- multiple vulnerabilities

\n
\n
Date Reported:
\n
22 May 2008
\n
Affected Packages:
\n
\nxine-lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1482, CVE-2008-1686, CVE-2008-1878.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in xine-lib, a library\nwhich supplies most of the application functionality of the xine\nmultimedia player. The Common Vulnerabilities and Exposures project\nidentifies the following three problems:

\n
    \n
  • CVE-2008-1482\n

    Integer overflow vulnerabilities exist in xine's FLV, QuickTime,\n RealMedia, MVE and CAK demuxers, as well as the EBML parser used\n by the Matroska demuxer. These weaknesses allow an attacker to\n overflow heap buffers and potentially execute arbitrary code by\n supplying a maliciously crafted file of those types.

    • \n
  • CVE-2008-1686\n

    Insufficient input validation in the Speex implementation used\n by this version of xine enables an invalid array access and the\n execution of arbitrary code by supplying a maliciously crafted\n Speex file.

    • \n
  • CVE-2008-1878\n

    Inadequate bounds checking in the NES Sound Format (NSF) demuxer\n enables a stack buffer overflow and the execution of arbitrary\n code through a maliciously crafted NSF file.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.1.2+dfsg-7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.12-2.

\n

We recommend that you upgrade your xine-lib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xine-lib/xine-lib_1.1.2+dfsg-7.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1_1.1.2+dfsg-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine-dev_1.1.2+dfsg-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xine-lib/libxine1-dbg_1.1.2+dfsg-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1587": "
\n

Debian Security Advisory

\n

DSA-1587-1 mtr -- buffer overflow

\n
\n
Date Reported:
\n
26 May 2008
\n
Affected Packages:
\n
\nmtr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2357.
\n
More information:
\n
\n

Adam Zabrocki discovered that under certain circumstances mtr, a full\nscreen ncurses and X11 traceroute tool, could be tricked into executing\narbitrary code via overly long reverse DNS records.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.71-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.73-1.

\n

We recommend that you upgrade your mtr package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mtr/mtr_0.71-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mtr/mtr-tiny_0.71-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1588": "
\n

Debian Security Advisory

\n

DSA-1588-1 linux-2.6 -- denial of service

\n
\n
Date Reported:
\n
27 May 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6712, CVE-2008-1615, CVE-2008-2136, CVE-2008-2137.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2007-6712\n

    Johannes Bauer discovered an integer overflow condition in the hrtimer\n subsystem on 64-bit systems. This can be exploited by local users to\n trigger a denial of service (DoS) by causing the kernel to execute an\n infinite loop.

    • \n
  • CVE-2008-1615\n

    Jan Kratochvil reported a local denial of service condition that\n permits local users on systems running the amd64 flavor kernel\n to cause a system crash.

    • \n
  • CVE-2008-2136\n

    Paul Harks discovered a memory leak in the Simple Internet Transition\n (SIT) code used for IPv6 over IPv4 tunnels. This can be exploited\n by remote users to cause a denial of service condition.

    • \n
  • CVE-2008-2137\n

    David Miller and Jan Lieskovsky discovered issues with the virtual\n address range checking of mmaped regions on the sparc architecture\n that may be exploited by local users to cause a denial of service.

    • \n
\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.18.dfsg.1-18etch5.

\n

Builds for linux-2.6/s390 and fai-kernels/powerpc were not yet available at\nthe time of this advisory. This advisory will be updated as these builds\nbecome available.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-18etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1589": "
\n

Debian Security Advisory

\n

DSA-1589-1 libxslt -- buffer overflow

\n
\n
Date Reported:
\n
28 May 2008
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 482664.
In Mitre's CVE dictionary: CVE-2008-1767.
\n
More information:
\n
\n

It was discovered that libxslt, an XSLT processing runtime library,\ncould be coerced into executing arbitrary code via a buffer overflow\nwhen an XSL style sheet file with a long XSLT \"transformation match\"\ncondition triggered a large number of steps.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.1.19-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.24-1.

\n

We recommend that you upgrade your libxslt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1590": "
\n

Debian Security Advisory

\n

DSA-1590-1 samba -- buffer overflow

\n
\n
Date Reported:
\n
30 May 2008
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 483410.
In Mitre's CVE dictionary: CVE-2008-1105.
\n
More information:
\n
\n

Alin Rad Pop discovered that Samba contained a buffer overflow condition\nwhen processing certain responses received while acting as a client,\nleading to arbitrary code execution (CVE-2008-1105).

\n

For the stable distribution (etch), this problem has been fixed in version\n3.0.24-6etch10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.30-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch10_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1591": "
\n

Debian Security Advisory

\n

DSA-1591-1 libvorbis -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jun 2008
\n
Affected Packages:
\n
\nlibvorbis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 482518.
In Mitre's CVE dictionary: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423.
\n
More information:
\n
\n

Several local (remote) vulnerabilities have been discovered in libvorbis,\na library for the Vorbis general-purpose compressed audio codec. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-1419\n

    libvorbis does not properly handle a zero value which allows remote\n attackers to cause a denial of service (crash or infinite loop) or\n trigger an integer overflow.

    • \n
  • CVE-2008-1420\n

    Integer overflow in libvorbis allows remote attackers to execute\n arbitrary code via a crafted OGG file, which triggers a heap overflow.

    • \n
  • CVE-2008-1423\n

    Integer overflow in libvorbis allows remote attackers to cause a denial\n of service (crash) or execute arbitrary code via a crafted OGG file\n which triggers a heap overflow.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n1.1.2.dfsg-1.4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.dfsg-3.1.

\n

We recommend that you upgrade your libvorbis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.dsc
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1592": "
\n

Debian Security Advisory

\n

DSA-1592-1 linux-2.6 -- heap overflow

\n
\n
Date Reported:
\n
09 Jun 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1673, CVE-2008-2358.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service or arbitrary code execution. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-1673\n

    Wei Wang from McAfee reported a potential heap overflow in the\n ASN.1 decode code that is used by the SNMP NAT and CIFS\n subsystem. Exploitation of this issue may lead to arbitrary code\n execution. This issue is not believed to be exploitable with the\n pre-built kernel images provided by Debian, but it might be an\n issue for custom images built from the Debian-provided source\n package.

    • \n
  • CVE-2008-2358\n

    Brandon Edwards of McAfee Avert labs discovered an issue in the\n DCCP subsystem. Due to missing feature length checks it is possible\n to cause an overflow that may result in remote arbitrary code\n execution.

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.6.18.dfsg.1-18etch6.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-18etch6.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-18etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-18etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-18etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-18etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-18etch6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-18etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-18etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-18etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-18etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-18etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-18etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-18etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-18etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-18etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-18etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-18etch6_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-18etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-18etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-18etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-18etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1593": "
\n

Debian Security Advisory

\n

DSA-1593-1 tomcat5.5 -- missing input sanitising

\n
\n
Date Reported:
\n
09 Jun 2008
\n
Affected Packages:
\n
\ntomcat5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1947.
\n
More information:
\n
\n

It was discovered that the Host Manager web application performed\ninsufficient input sanitising, which could lead to cross-site scripting.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.5.20-2etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.5.26-3.

\n

We recommend that you upgrade your tomcat5.5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-admin_5.5.20-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/libtomcat5.5-java_5.5.20-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5-webapps_5.5.20-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/t/tomcat5.5/tomcat5.5_5.5.20-2etch3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1594": "
\n

Debian Security Advisory

\n

DSA-1594-1 imlib2 -- buffer overflows

\n
\n
Date Reported:
\n
11 Jun 2008
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2426.
\n
More information:
\n
\n

Stefan Cornelius discovered two buffer overflows in Imlib's - a powerful\nimage loading and rendering library - image loaders for PNM and XPM\nimages, which may result in the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.3.0.0debian1-4+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.0-1.1.

\n

We recommend that you upgrade your imlib2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1595": "
\n

Debian Security Advisory

\n

DSA-1595-1 xorg-server -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Jun 2008
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the X Window system.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-1377\n

    Lack of validation of the parameters of the\n SProcSecurityGenerateAuthorization and SProcRecordCreateContext\n functions makes it possible for a specially crafted request to trigger\n the swapping of bytes outside the parameter of these requests, causing\n memory corruption.

    • \n
  • CVE-2008-1379\n

    An integer overflow in the validation of the parameters of the\n ShmPutImage() request makes it possible to trigger the copy of\n arbitrary server memory to a pixmap that can subsequently be read by\n the client, to read arbitrary parts of the X server memory space.

    • \n
  • CVE-2008-2360\n

    An integer overflow may occur in the computation of the size of the\n glyph to be allocated by the AllocateGlyph() function which will cause\n less memory to be allocated than expected, leading to later heap\n overflow.

    • \n
  • CVE-2008-2361\n

    An integer overflow may occur in the computation of the size of the\n glyph to be allocated by the ProcRenderCreateCursor() function which\n will cause less memory to be allocated than expected, leading later\n to dereferencing un-mapped memory, causing a crash of the X server.

    • \n
  • CVE-2008-2362\n

    Integer overflows can also occur in the code validating the parameters\n for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient\n and SProcRenderCreateConicalGradient functions, leading to memory\n corruption by swapping bytes outside of the intended request\n parameters.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n2:1.1.1-21etch5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.4.1~git20080517-2.

\n

We recommend that you upgrade your xorg-server package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xorg-server_1.1.1-21etch5.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-dev_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xvfb_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xnest_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xephyr_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx-tools_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xdmx_1.1.1-21etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xorg-server/xserver-xorg-core_1.1.1-21etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1596": "
\n

Debian Security Advisory

\n

DSA-1596-1 typo3 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Jun 2008
\n
Affected Packages:
\n
\ntypo3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 485814.
In Mitre's CVE dictionary: CVE-2008-2717, CVE-2008-2718.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 content\nmanagement framework.

\n

Because of a not sufficiently secure default value of the TYPO3\nconfiguration variable fileDenyPattern, authenticated backend users\ncould upload files that allowed to execute arbitrary code as the\nwebserver user.

\n

User input processed by fe_adminlib.inc is not being properly filtered\nto prevent Cross Site Scripting (XSS) attacks, which is exposed when\nspecific plugins are in use.

\n

For the stable distribution (etch), these problems have been fixed in version\n4.0.2+debian-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.7-1.

\n

We recommend that you upgrade your typo3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-5.dsc
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-5_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1597": "
\n

Debian Security Advisory

\n

DSA-1597-2 mt-daapd -- multiple vulnerabilities

\n
\n
Date Reported:
\n
12 Jun 2008
\n
Affected Packages:
\n
\nmt-daapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 459961, Bug 476241.
In Mitre's CVE dictionary: CVE-2007-5824, CVE-2007-5825, CVE-2008-1771.
\n
More information:
\n
\n

Three vulnerabilities have been discovered in the mt-daapd DAAP audio\nserver (also known as the Firefly Media Server). The Common\nVulnerabilities and Exposures project identifies the following three\nproblems:

\n
    \n
  • CVE-2007-5824\n

    Insufficient validation and bounds checking of the Authorization:\n HTTP header enables a heap buffer overflow, potentially enabling\n the execution of arbitrary code.

    • \n
  • CVE-2007-5825\n

    Format string vulnerabilities in debug logging within the\n authentication of XML-RPC requests could enable the execution of\n arbitrary code.

    • \n
  • CVE-2008-1771\n

    An integer overflow weakness in the handling of HTTP POST\n variables could allow a heap buffer overflow and potentially\n arbitrary code execution.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.2.4+r1376-1.1+etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.9~r1696-1.4.

\n

We recommend that you upgrade your mt-daapd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mt-daapd/mt-daapd_0.2.4+r1376-1.1+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1598": "
\n

Debian Security Advisory

\n

DSA-1598-1 libtk-img -- buffer overflow

\n
\n
Date Reported:
\n
19 Jun 2008
\n
Affected Packages:
\n
\nlibtk-img\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0553.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the GIF image parsing code\nof Tk, a cross-platform graphical toolkit, could lead to denial of\nservice and potentially the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n1:1.3-15etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.3-release-7.

\n

We recommend that you upgrade your libtk-img package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.dsc
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1599": "
\n

Debian Security Advisory

\n

DSA-1599-1 dbus -- programming error

\n
\n
Date Reported:
\n
26 Jun 2008
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0595.
\n
More information:
\n
\n

Havoc Pennington discovered that DBus, a simple interprocess messaging\nsystem, performs insufficient validation of security policies, which\nmight allow local privilege escalation.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0.2-1+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.20-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1600": "
\n

Debian Security Advisory

\n

DSA-1600-1 sympa -- dos

\n
\n
Date Reported:
\n
01 Jul 2008
\n
Affected Packages:
\n
\nsympa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 475163.
In Mitre's CVE dictionary: CVE-2008-1648.
\n
More information:
\n
\n

It was discovered that sympa, a modern mailing list manager, would\ncrash when processing certain types of malformed messages.

\n

For the stable distribution (etch), this problem has been fixed in version\n5.2.3-1.2+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.4-4.

\n

We recommend that you upgrade your sympa package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1601": "
\n

Debian Security Advisory

\n

DSA-1601-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Jul 2008
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 437085, Bug 464170.
In Mitre's CVE dictionary: CVE-2007-1599, CVE-2008-0664.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Wordpress,\nthe weblog manager. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-1599\n

    WordPress allows remote attackers to redirect authenticated users\n to other websites and potentially obtain sensitive information.

    • \n
  • CVE-2008-0664\n

    The XML-RPC implementation, when registration is enabled, allows\n remote attackers to edit posts of other blog users.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.3.3-1.

\n

We recommend that you upgrade your wordpress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.dsc
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1602": "
\n

Debian Security Advisory

\n

DSA-1602-1 pcre3 -- buffer overflow

\n
\n
Date Reported:
\n
05 Jul 2008
\n
Affected Packages:
\n
\npcre3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2371.
\n
More information:
\n
\n

Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular\nExpression library, may encounter a heap overflow condition when\ncompiling certain regular expressions involving in-pattern options and\nbranches, potentially leading to arbitrary code execution.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 6.7+7.4-4.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your pcre3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.dsc
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4-4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcre3_6.7+7.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3_6.7+7.4-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/pcregrep_6.7+7.4-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcre3-dev_6.7+7.4-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcre3/libpcrecpp0_6.7+7.4-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1603": "
\n

Debian Security Advisory

\n

DSA-1603-1 bind9 -- DNS cache poisoning

\n
\n
Date Reported:
\n
08 Jul 2008
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1447.
CERT's vulnerabilities, advisories and incident notes: VU#800113.
\n
More information:
\n
\n

Dan Kaminsky discovered that properties inherent to the DNS protocol\nlead to practical DNS cache poisoning attacks. Among other things,\nsuccessful attacks can lead to misdirected web traffic and email\nrerouting.

\n

This update changes Debian's BIND 9 packages to implement the\nrecommended countermeasure: UDP query source port randomization. This\nchange increases the size of the space from which an attacker has to\nguess values in a backwards-compatible fashion and makes successful\nattacks significantly more difficult.

\n

Note that this security update changes BIND network behavior in a\nfundamental way, and the following steps are recommended to ensure a\nsmooth upgrade.

\n

1. Make sure that your network configuration is compatible with source\nport randomization. If you guard your resolver with a stateless packet\nfilter, you may need to make sure that no non-DNS services listen on\nthe 1024--65535 UDP port range and open it at the packet filter. For\ninstance, packet filters based on etch's Linux 2.6.18 kernel only\nsupport stateless filtering of IPv6 packets, and therefore pose this\nadditional difficulty. (If you use IPv4 with iptables and ESTABLISHED\nrules, networking changes are likely not required.)

\n

2. Install the BIND 9 upgrade, using \"apt-get update\" followed by\n\"apt-get install bind9\". Verify that the named process has been\nrestarted and answers recursive queries. (If all queries result in\ntimeouts, this indicates that networking changes are necessary; see the\nfirst step.)

\n

3. Verify that source port randomization is active. Check that the\n/var/log/daemon.log file does not contain messages of the following\nform

\n
named[6106]: /etc/bind/named.conf.options:28: using specific query-source port suppresses port randomization and can be insecure.
\n

right after the \"listening on IPv6 interface\" and \"listening on IPv4\ninterface\" messages logged by BIND upon startup. If these messages are\npresent, you should remove the indicated lines from the configuration,\nor replace the port numbers contained within them with \"*\" sign (e.g.,\nreplace \"port 53\" with \"port *\").

\n

For additional certainty, use tcpdump or some other network monitoring\ntool to check for varying UDP source ports. If there is a NAT device\nin front of your resolver, make sure that it does not defeat the\neffect of source port randomization.

\n

4. If you cannot activate source port randomization, consider\nconfiguring BIND 9 to forward queries to a resolver which can, possibly\nover a VPN such as OpenVPN to create the necessary trusted network link.\n(Use BIND's forward-only mode in this case.)

\n

Other caching resolvers distributed by Debian (PowerDNS, MaraDNS,\nUnbound) already employ source port randomization, and no updated\npackages are needed. BIND 9.5 up to and including version\n1:9.5.0.dfsg-4 only implements a weak form of source port\nrandomization and needs to be updated as well. For information on\nBIND 8, see DSA-1604-1, and for the status of\nthe libc stub resolver, see DSA-1605-1.

\n

The updated bind9 packages contain changes originally scheduled for\nthe next stable point release, including the changed IP address of\nL.ROOT-SERVERS.NET (Debian bug #449148).

\n

For the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bind9 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1604": "
\n

Debian Security Advisory

\n

DSA-1604-1 bind -- DNS cache poisoning

\n
\n
Date Reported:
\n
08 Jul 2008
\n
Affected Packages:
\n
\nbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1447.
CERT's vulnerabilities, advisories and incident notes: VU#800113.
\n
More information:
\n
\n

Dan Kaminsky discovered that properties inherent to the DNS protocol\nlead to practical DNS cache poisoning attacks. Among other things,\nsuccessful attacks can lead to misdirected web traffic and email\nrerouting.

\n

The BIND 8 legacy code base could not be updated to include the\nrecommended countermeasure (source port randomization, see\nDSA-1603-1\nfor details). There are two ways to deal with this situation:

\n

1. Upgrade to BIND 9 (or another implementation with source port\nrandomization). The documentation included with BIND 9 contains a\nmigration guide.

\n

2. Configure the BIND 8 resolver to forward queries to a BIND 9\nresolver. Provided that the network between both resolvers is trusted,\nthis protects the BIND 8 resolver from cache poisoning attacks (to the\nsame degree that the BIND 9 resolver is protected).

\n

This problem does not apply to BIND 8 when used exclusively as an\nauthoritative DNS server. It is theoretically possible to safely use\nBIND 8 in this way, but updating to BIND 9 is strongly recommended.\nBIND 8 (that is, the bind package) will be removed from the etch\ndistribution in a future point release.

\n
\n
\n
\n
", "1605": "
\n

Debian Security Advisory

\n

DSA-1605-1 glibc -- DNS cache poisoning

\n
\n
Date Reported:
\n
08 Jul 2008
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1447.
CERT's vulnerabilities, advisories and incident notes: VU#800113.
\n
More information:
\n
\n

Dan Kaminsky discovered that properties inherent to the DNS protocol\nlead to practical DNS spoofing and cache poisoning attacks. Among\nother things, successful attacks can lead to misdirected web traffic\nand email rerouting.

\n

At this time, it is not possible to implement the recommended\ncountermeasures in the GNU libc stub resolver. The following\nworkarounds are available:

\n

1. Install a local BIND 9 resolver on the host, possibly in\nforward-only mode. BIND 9 will then use source port randomization\nwhen sending queries over the network. (Other caching resolvers can\nbe used instead.)

\n

2. Rely on IP address spoofing protection if available. Successful\nattacks must spoof the address of one of the resolvers, which may not\nbe possible if the network is guarded properly against IP spoofing\nattacks (both from internal and external sources).

\n

This DSA will be updated when patches for hardening the stub resolver\nare available.

\n
\n
\n
\n
", "1606": "
\n

Debian Security Advisory

\n

DSA-1606-1 poppler -- programming error

\n
\n
Date Reported:
\n
09 Jul 2008
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 476842.
\n
More information:
\n
\n

It was discovered that poppler, a PDF rendering library, did not\nproperly handle embedded fonts in PDF files, allowing attackers to\nexecute arbitrary code via a crafted font object.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.4.5-5.1etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.0-1.

\n

We recommend that you upgrade your poppler package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1607": "
\n

Debian Security Advisory

\n

DSA-1607-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Jul 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-2798\n

    Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.

    • \n
  • CVE-2008-2799\n

    Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-2800\n

    \"moz_bug_r_a4\" discovered several cross-site scripting vulnerabilities.

    • \n
  • CVE-2008-2801\n

    Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context of signed JAR archives.

    • \n
  • CVE-2008-2802\n

    \"moz_bug_r_a4\" discovered that XUL documents can escalate\n privileges by accessing the pre-compiled \"fastload\" file.

    • \n
  • CVE-2008-2803\n

    \"moz_bug_r_a4\" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.

    • \n
  • CVE-2008-2805\n

    Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure.

    • \n
  • CVE-2008-2807\n

    Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.

    • \n
  • CVE-2008-2808\n

    Masahiro Yamada discovered that file URLS in directory listings\n were insufficiently escaped.

    • \n
  • CVE-2008-2809\n

    John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings secure connections.

    • \n
  • CVE-2008-2811\n

    Greg McManus discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.15-0etch1.

\n

Iceweasel from the unstable distribution (sid) links dynamically\nagainst the xulrunner library.

\n

We recommend that you upgrade your iceweasel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.15-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.15-0etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.15-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.15-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.15-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1608": "
\n

Debian Security Advisory

\n

DSA-1608-1 mysql-dfsg-5.0 -- authorization bypass

\n
\n
Date Reported:
\n
13 Jul 2008
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 480292.
In Mitre's CVE dictionary: CVE-2008-2079.
\n
More information:
\n
\n

Sergei Golubchik discovered that MySQL, a widely-deployed database\nserver, did not properly validate optional data or index directory\npaths given in a CREATE TABLE statement, nor would it (under proper\nconditions) prevent two databases from using the same paths for data\nor index files. This permits an authenticated user with authorization\nto create tables in one database to read, write or delete data from\ntables subsequently created in other databases, regardless of other\nGRANT authorizations. The Common Vulnerabilities and Exposures\nproject identifies this weakness as CVE-2008-2079.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch6. Note that the fix applied will have the\nconsequence of disallowing the selection of data or index paths\nunder the database root, which on a Debian system is /var/lib/mysql;\ndatabase administrators needing to control the placement of these\nfiles under that location must do so through other means.

\n

We recommend that you upgrade your mysql-dfsg-5.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1609": "
\n

Debian Security Advisory

\n

DSA-1609-1 lighttpd -- various

\n
\n
Date Reported:
\n
15 Jul 2008
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 434888, Bug 466663.
In Mitre's CVE dictionary: CVE-2008-0983, CVE-2007-3948.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in lighttpd,\na fast webserver with minimal memory footprint.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-0983\n

    lighttpd 1.4.18, and possibly other versions before 1.5.0, does not\n properly calculate the size of a file descriptor array, which allows\n remote attackers to cause a denial of service (crash) via a large number\n of connections, which triggers an out-of-bounds access.

    • \n
  • CVE-2007-3948\n

    connections.c in lighttpd before 1.4.16 might accept more connections\n than the configured maximum, which allows remote attackers to cause a\n denial of service (failed assertion) via a large number of connection\n attempts.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.4.13-4etch9.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-2.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1610": "
\n

Debian Security Advisory

\n

DSA-1610-1 gaim -- integer overflow

\n
\n
Date Reported:
\n
15 Jul 2008
\n
Affected Packages:
\n
\ngaim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2927.
\n
More information:
\n
\n

It was discovered that gaim, an multi-protocol instant messaging client,\nwas vulnerable to several integer overflows in its MSN protocol handlers.\nThese could allow a remote attacker to execute arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in version\n1:2.0.0+beta5-10etch1.

\n

For the unstable distribution (sid), this package is not present.

\n

We recommend that you upgrade your gaim package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-data_2.0.0+beta5-10etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dbg_2.0.0+beta5-10etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim_2.0.0+beta5-10etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_2.0.0+beta5-10etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1611": "
\n

Debian Security Advisory

\n

DSA-1611-1 afuse -- privilege escalation

\n
\n
Date Reported:
\n
16 Jul 2008
\n
Affected Packages:
\n
\nafuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 490921.
In Mitre's CVE dictionary: CVE-2008-2232.
\n
More information:
\n
\n

Anders Kaseorg discovered that afuse, an automounting file system\nin user-space, did not properly escape meta characters in paths.\nThis allowed a local attacker with read access to the filesystem to\nexecute commands as the owner of the filesystem.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.1.1-1+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2-3.

\n

We recommend that you upgrade your afuse (0.1.1-1+etch1) package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/afuse/afuse_0.1.1-1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1612": "
\n

Debian Security Advisory

\n

DSA-1612-1 ruby1.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jul 2008
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2376.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-2662\n

    Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2663\n

    Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2664\n

    Drew Yao discovered that a programming error in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2725\n

    Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
  • CVE-2008-2726\n

    Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
  • CVE-2008-2376\n

    It was discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.22-2.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1613": "
\n

Debian Security Advisory

\n

DSA-1613-1 libgd2 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
22 Jul 2008
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 443456.
In Mitre's CVE dictionary: CVE-2007-3476, CVE-2007-3477, CVE-2007-3996, CVE-2007-2445.
\n
More information:
\n
\n

Multiple vulnerabilities have been identified in libgd2, a library\nfor programmatic graphics creation and manipulation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-2445\n

    Grayscale PNG files containing invalid tRNS chunk CRC values\n could cause a denial of service (crash), if a maliciously\n crafted image is loaded into an application using libgd.

    • \n
  • CVE-2007-3476\n

    An array indexing error in libgd's GIF handling could induce a\n denial of service (crash with heap corruption) if exceptionally\n large color index values are supplied in a maliciously crafted\n GIF image file.

    • \n
  • CVE-2007-3477\n

    The imagearc() and imagefilledarc() routines in libgd allow\n an attacker in control of the parameters used to specify\n the degrees of arc for those drawing functions to perform\n a denial of service attack (excessive CPU consumption).

    • \n
  • CVE-2007-3996\n

    Multiple integer overflows exist in libgd's image resizing and\n creation routines; these weaknesses allow an attacker in control\n of the parameters passed to those routines to induce a crash or\n execute arbitrary code with the privileges of the user running\n an application or interpreter linked against libgd2.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.33-5.2etch1.

\n

For the unstable distribution (sid), these\nproblems have been fixed in version 2.0.35.dfsg-1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1614": "
\n

Debian Security Advisory

\n

DSA-1614-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2785, CVE-2008-2933.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel\nweb browser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-2785\n

    It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.

    • \n
  • CVE-2008-2933\n

    Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceweasel can lead to Chrome privilege escalation.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.16-0etch1. Updated packages for ia64, arm and mips are\nnot yet available and will be released as soon as they have been built.

\n

For the unstable distribution (sid), these problems have been fixed in\nxulrunner 1.9.0.1-1 and iceweasel 3.0.1-1.

\n

We recommend that you upgrade your iceweasel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.16-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.16-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_i386.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.16-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.16-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.16-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1615": "
\n

Debian Security Advisory

\n

DSA-1615-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2008
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-2785\n

    It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.

    • \n
  • CVE-2008-2798\n

    Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.

    • \n
  • CVE-2008-2799\n

    Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-2800\n

    moz_bug_r_a4 discovered several cross-site scripting vulnerabilities.

    • \n
  • CVE-2008-2801\n

    Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context of signed JAR archives.

    • \n
  • CVE-2008-2802\n

    moz_bug_r_a4 discovered that XUL documents can escalate\n privileges by accessing the pre-compiled fastload file.

    • \n
  • CVE-2008-2803\n

    moz_bug_r_a4 discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.

    • \n
  • CVE-2008-2805\n

    Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure.

    • \n
  • CVE-2008-2807\n

    Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.

    • \n
  • CVE-2008-2808\n

    Masahiro Yamada discovered that file URLs in directory listings\n were insufficiently escaped.

    • \n
  • CVE-2008-2809\n

    John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofing of secure connections.

    • \n
  • CVE-2008-2811\n

    Greg McManus discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.

    • \n
  • CVE-2008-2933\n

    Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceweasel can lead to Chrome privilege escalation.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080614d-0etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.1-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614d-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614d-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1616": "
\n

Debian Security Advisory

\n

DSA-1616-2 clamav -- denial of service

\n
\n
Date Reported:
\n
26 Jul 2008
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 490925.
In Mitre's CVE dictionary: CVE-2008-2713, CVE-2008-3215.
\n
More information:
\n
\n

Damian Put discovered a vulnerability in the ClamAV anti-virus\ntoolkit's parsing of Petite-packed Win32 executables. The weakness\nleads to an invalid memory access, and could enable an attacker to\ncrash clamav by supplying a maliciously crafted Petite-compressed\nbinary for scanning. In some configurations, such as when clamav\nis used in combination with mail servers, this could cause a system\nto fail open, facilitating a follow-on viral attack.

\n

A previous version of this advisory referenced packages that were\nbuilt incorrectly and omitted the intended correction. This\nissue was fixed in packages referenced by the -2 revision of the\nadvisory.

\n

The Common Vulnerabilities and Exposures project identifies this\nweakness as CVE-2008-2713\nand CVE-2008-3215.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.90.1dfsg-3.1+etch14.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.93.1.dfsg-1.1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-3.1+etch14_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-3.1+etch14_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-3.1+etch14_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-3.1+etch14_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-3.1+etch14_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1617": "
\n

Debian Security Advisory

\n

DSA-1617-1 refpolicy -- incompatible policy

\n
\n
Date Reported:
\n
25 Jul 2008
\n
Affected Packages:
\n
\nrefpolicy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 490271.
In Mitre's CVE dictionary: CVE-2008-1447.
\n
More information:
\n
\n

\nIn DSA-1603-1, Debian released an update to the BIND 9 domain name\nserver, which introduced UDP source port randomization to mitigate\nthe threat of DNS cache poisoning attacks (identified by the Common\nVulnerabilities and Exposures project as CVE-2008-1447).\nThe fix, while correct, was incompatible with the version of SELinux Reference\nPolicy shipped with Debian Etch, which did not permit a process running in the\nnamed_t domain to bind sockets to UDP ports other than the standard 'domain'\nport (53).\nThe incompatibility affects both the 'targeted' and 'strict' policy packages\nsupplied by this version of refpolicy.\n

\n

\nThis update to the refpolicy packages grants the ability to bind to\narbitrary UDP ports to named_t processes.\nWhen installed, the updated packages will attempt to update the bind policy\nmodule on systems where it had been previously loaded and where the previous\nversion of refpolicy was 0.0.20061018-5 or below.\n

\n

\nBecause the Debian refpolicy packages are not yet designed with policy module\nupgradeability in mind, and because SELinux-enabled Debian systems often have\nsome degree of site-specific policy customization, it is difficult to assure\nthat the new bind policy can be successfully upgraded.\nTo this end, the package upgrade will not abort if the bind policy update\nfails.\nThe new policy module can be found at\n/usr/share/selinux/refpolicy-targeted/bind.pp after installation.\nAdministrators wishing to use the bind service policy can reconcile any policy\nincompatibilities and install the upgrade manually thereafter.\nA more detailed discussion of the corrective procedure may be found on\nhttps://wiki.debian.org/SELinux/Issues/BindPortRandomization.

\n

\nFor the stable distribution (etch), this problem has been fixed in\nversion 0.0.20061018-5.1+etch1.\n

\n

\nThe unstable distribution (sid) is not affected, as subsequent refpolicy\nreleases have incorporated an analogous change.\n

\n

\nWe recommend that you upgrade your refpolicy packages.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/refpolicy/refpolicy_0.0.20061018-5.1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-strict_0.0.20061018-5.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-doc_0.0.20061018-5.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-targeted_0.0.20061018-5.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-src_0.0.20061018-5.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/refpolicy/selinux-policy-refpolicy-dev_0.0.20061018-5.1+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1618": "
\n

Debian Security Advisory

\n

DSA-1618-1 ruby1.9 -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jul 2008
\n
Affected Packages:
\n
\nruby1.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-2376.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-2662\n

    Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2663\n

    Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2664\n

    Drew Yao discovered that a programming error in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.

    • \n
  • CVE-2008-2725\n

    Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
  • CVE-2008-2726\n

    Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
  • CVE-2008-2376\n

    It was discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.9.0+20060609-1etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.2-2.

\n

We recommend that you upgrade your ruby1.9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch2_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1619": "
\n

Debian Security Advisory

\n

DSA-1619-1 python-dns -- DNS response spoofing

\n
\n
Date Reported:
\n
27 Jul 2008
\n
Affected Packages:
\n
\npython-dns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 490217.
In Mitre's CVE dictionary: CVE-2008-1447, CVE-2008-4099.
\n
More information:
\n
\n

Multiple weaknesses have been identified in PyDNS, a DNS client\nimplementation for the Python language. Dan Kaminsky identified a\npractical vector of DNS response spoofing and cache poisoning,\nexploiting the limited entropy in a DNS transaction ID and lack of\nUDP source port randomization in many DNS implementations. Scott\nKitterman noted that python-dns is vulnerable to this predictability,\nas it randomizes neither its transaction ID nor its source port.\nTaken together, this lack of entropy leaves applications using\npython-dns to perform DNS queries highly susceptible to response\nforgery.

\n

The Common Vulnerabilities and Exposures project identifies this\nclass of weakness as CVE-2008-1447\nand this specific instance in PyDNS as CVE-2008-4099.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.3.0-5.2+etch1.

\n

We recommend that you upgrade your python-dns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python-dns/python-dns_2.3.0-5.2+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1620": "
\n

Debian Security Advisory

\n

DSA-1620-1 python2.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jul 2008
\n
Affected Packages:
\n
\npython2.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2052, CVE-2007-4965, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2007-2052\n

    Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.

    • \n
  • CVE-2007-4965\n

    It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.

    • \n
  • CVE-2008-1721\n

    Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.

    • \n
  • CVE-2008-1887\n

    Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.

\n

We recommend that you upgrade your python2.5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1621": "
\n

Debian Security Advisory

\n

DSA-1621-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jul 2008
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird client. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:\n

\n
    \n
  • CVE-2008-0304\n

    \n It was discovered that a buffer overflow in MIME decoding can lead\n to the execution of arbitrary code.\n

    • \n
  • CVE-2008-2785\n

    \n It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.\n

    • \n
  • CVE-2008-2798\n

    \n Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.\n

    • \n
  • CVE-2008-2799\n

    \n Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary code.\n

    • \n
  • CVE-2008-2802\n

    \n \"moz_bug_r_a4\" discovered that XUL documents can escalate\n privileges by accessing the pre-compiled \"fastload\" file.\n

    • \n
  • CVE-2008-2803\n

    \n \"moz_bug_r_a4\" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceweasel itself is not affected, but\n some addons are.\n

    • \n
  • CVE-2008-2807\n

    \n Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n

    • \n
  • CVE-2008-2809\n

    \n John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings secure connections.\n

    • \n
  • CVE-2008-2811\n

    \n Greg McManus discovered discovered a crash in the block reflow\n code, which might allow the execution of arbitrary code.\n

    • \n
\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1.\nPackages for s390 are not yet available and will be provided later.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.0.16-1.\n

\n

\nWe recommend that you upgrade your icedove package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1622": "
\n

Debian Security Advisory

\n

DSA-1622-1 newsx -- buffer overflow

\n
\n
Date Reported:
\n
31 Jul 2008
\n
Affected Packages:
\n
\nnewsx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 492742.
In Mitre's CVE dictionary: CVE-2008-3252.
\n
More information:
\n
\n

It was discovered that newsx, an NNTP news exchange utility, was affected\nby a buffer overflow allowing remote attackers to execute arbitrary code\nvia a news article containing a large number of lines starting with a period.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.6-2etch1.

\n

For the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 1.6-3.

\n

We recommend that you upgrade your newsx package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/newsx/newsx_1.6-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1623": "
\n

Debian Security Advisory

\n

DSA-1623-1 dnsmasq -- DNS cache poisoning

\n
\n
Date Reported:
\n
31 Jul 2008
\n
Affected Packages:
\n
\ndnsmasq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1447.
\n
More information:
\n
\n

Dan Kaminsky discovered that properties inherent to the DNS protocol\nlead to practical DNS cache poisoning attacks. Among other things,\nsuccessful attacks can lead to misdirected web traffic and email\nrerouting.

\n

This update changes Debian's dnsmasq packages to implement the\nrecommended countermeasure: UDP query source port randomization. This\nchange increases the size of the space from which an attacker has to\nguess values in a backwards-compatible fashion and makes successful\nattacks significantly more difficult.

\n

This update also switches the random number generator to Dan\nBernstein's SURF.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.35-1+etch4. Packages for alpha will be provided later.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.43-1.

\n

We recommend that you upgrade your dnsmasq package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.dsc
\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.35-1+etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1624": "
\n

Debian Security Advisory

\n

DSA-1624-1 libxslt -- buffer overflows

\n
\n
Date Reported:
\n
31 Jul 2008
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2935.
\n
More information:
\n
\n

Chris Evans discovered that a buffer overflow in the RC4 functions of\nlibexslt may lead to the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.1.19-3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libxslt packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt_1.1.19-3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dev_1.1.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1.1_1.1.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/xsltproc_1.1.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/python-libxslt1_1.1.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxslt/libxslt1-dbg_1.1.19-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1625": "
\n

Debian Security Advisory

\n

DSA-1625-1 cupsys -- buffer overflows

\n
\n
Date Reported:
\n
01 Aug 2008
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 476305.
In Mitre's CVE dictionary: CVE-2008-0053, CVE-2008-1373, CVE-2008-1722.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Common Unix\nPrinting System (CUPS). The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-0053\n

    Buffer overflows in the HP-GL input filter allowed to possibly run\n arbitrary code through crafted HP-GL files.

    • \n
  • CVE-2008-1373\n

    Buffer overflow in the GIF filter allowed to possibly run arbitrary\n code through crafted GIF files.

    • \n
  • CVE-2008-1722\n

    Integer overflows in the PNG filter allowed to possibly run arbitrary\n code through crafted PNG files.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch4 of package cupsys.

\n

For the testing (lenny) and unstable distribution (sid), these problems\nhave been fixed in version 1.3.7-2 of package cups.

\n

We recommend that you upgrade your cupsys package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch4_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch4_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1626": "
\n

Debian Security Advisory

\n

DSA-1626-1 httrack -- buffer overflow

\n
\n
Date Reported:
\n
01 Aug 2008
\n
Affected Packages:
\n
\nhttrack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 30425.
In Mitre's CVE dictionary: CVE-2008-3429.
\n
More information:
\n
\n

Joan Calvet discovered that httrack, a utility to create local copies of\nwebsites, is vulnerable to a buffer overflow potentially allowing to\nexecute arbitrary code when passed excessively long URLs.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 3.40.4-3.1+etch1.

\n

For the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 3.42.3-1.

\n

We recommend that you upgrade your httrack package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack-doc_3.40.4-3.1+etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/httrack/proxytrack_3.40.4-3.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack1_3.40.4-3.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/webhttrack_3.40.4-3.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/libhttrack-dev_3.40.4-3.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/h/httrack/httrack_3.40.4-3.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1627": "
\n

Debian Security Advisory

\n

DSA-1627-2 opensc -- programming error

\n
\n
Date Reported:
\n
04 Aug 2008
\n
Affected Packages:
\n
\nopensc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2235.
\n
More information:
\n
\n

Chaskiel M Grundman discovered that opensc, a library and utilities to\nhandle smart cards, would initialise smart cards with the Siemens CardOS M4\ncard operating system without proper access rights. This allowed everyone\nto change the card's PIN.

\n

With this bug anyone can change a user PIN without having the PIN or PUK\nor the superusers PIN or PUK. However it can not be used to figure out the\nPIN. If the PIN on your card is still the same you always had, there's a\nreasonable chance that this vulnerability has not been exploited.

\n

This vulnerability affects only smart cards and USB crypto tokens based on\nSiemens CardOS M4, and within that group only those that were initialised\nwith OpenSC. Users of other smart cards and USB crypto tokens, or cards\nthat have been initialised with some software other than OpenSC, are not\naffected.

\n

After upgrading the package, running\npkcs15-tool\u00a0-T\nwill show you whether the card is fine or vulnerable. If the card is\nvulnerable, you need to update the security setting using:\npkcs15-tool\u00a0-T\u00a0-U.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.11.1-2etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.11.4-5.

\n

We recommend that you upgrade your opensc package and check\nyour card(s) with the command described above.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.1-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.1-2etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1628": "
\n

Debian Security Advisory

\n

DSA-1628-1 pdns -- DNS response spoofing

\n
\n
Date Reported:
\n
10 Aug 2008
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3337.
\n
More information:
\n
\n

Brian Dowling discovered that the PowerDNS authoritative name server\ndoes not respond to DNS queries which contain certain characters,\nincreasing the risk of successful DNS spoofing (CVE-2008-3337). This\nupdate changes PowerDNS to respond with SERVFAIL responses instead.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.9.20-8+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9.21.1-1.

\n

We recommend that you upgrade your pdns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1629": "
\n

Debian Security Advisory

\n

DSA-1629-2 postfix -- programming error

\n
\n
Date Reported:
\n
19 Aug 2008
\n
Affected Packages:
\n
\npostfix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2936.
\n
More information:
\n
\n

Sebastian Krahmer discovered that Postfix, a mail transfer agent,\nincorrectly checks the ownership of a mailbox. In some configurations,\nthis allows for appending data to arbitrary files as root.

\n

Note that only specific configurations are vulnerable; the default\nDebian installation is not affected. Only a configuration meeting\nthe following requirements is vulnerable:

\n
    \n
  • The mail delivery style is mailbox, with the Postfix built-in\n local(8) or virtual(8) delivery agents.
    • \n
  • The mail spool directory (/var/spool/mail) is user-writeable.
    • \n
  • The user can create hardlinks pointing to root-owned symlinks\n located in other directories.
    • \n
\n

For a detailed treating of the issue, please refer to the upstream\nauthor's announcement.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.3.8-2+etch1.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 2.5.2-2lenny1.

\n

For the unstable distribution (sid), this problem has been fixed\nin version 2.5.4-1.

\n

We recommend that you upgrade your postfix package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-dev_2.3.8-2+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-doc_2.3.8-2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pgsql_2.3.8-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-pcre_2.3.8-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-mysql_2.3.8-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-cdb_2.3.8-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix_2.3.8-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postfix/postfix-ldap_2.3.8-2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1630": "
\n

Debian Security Advisory

\n

DSA-1630-1 linux-2.6 -- denial of service/information leak

\n
\n
Date Reported:
\n
21 Aug 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6282, CVE-2008-0598, CVE-2008-2729, CVE-2008-2812, CVE-2008-2826, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service or arbitrary code execution. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-6282\n

    Dirk Nehring discovered a vulnerability in the IPsec code that allows\n remote users to cause a denial of service by sending a specially crafted\n ESP packet.

    • \n
  • CVE-2008-0598\n

    Tavis Ormandy discovered a vulnerability that allows local users to access\n uninitialized kernel memory, possibly leaking sensitive data. This issue\n is specific to the amd64-flavour kernel images.

    • \n
  • CVE-2008-2729\n

    Andi Kleen discovered an issue where uninitialized kernel memory\n was being leaked to userspace during an exception. This issue may allow\n local users to gain access to sensitive data. Only the amd64-flavour\n Debian kernel images are affected.

    • \n
  • CVE-2008-2812\n

    Alan Cox discovered an issue in multiple tty drivers that allows\n local users to trigger a denial of service (NULL pointer dereference)\n and possibly obtain elevated privileges.

    • \n
  • CVE-2008-2826\n

    Gabriel Campana discovered an integer overflow in the sctp code that\n can be exploited by local users to cause a denial of service.

    • \n
  • CVE-2008-2931\n

    Miklos Szeredi reported a missing privilege check in the do_change_type()\n function. This allows local, unprivileged users to change the properties\n of mount points.

    • \n
  • CVE-2008-3272\n

    Tobias Klein reported a locally exploitable data leak in the\n snd_seq_oss_synth_make_info() function. This may allow local users\n to gain access to sensitive information.

    • \n
  • CVE-2008-3275\n

    Zoltan Sogor discovered a coding error in the VFS that allows local users\n to exploit a kernel memory leak resulting in a denial of service.

    • \n
\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-22etch2.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-22etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-22etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-22etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-22etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-22etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-22etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-22etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-22etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-22etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-22etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-22etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-22etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1631": "
\n

Debian Security Advisory

\n

DSA-1631-2 libxml2 -- denial of service

\n
\n
Date Reported:
\n
22 Aug 2008
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3281.
\n
More information:
\n
\n

Andreas Solberg discovered that libxml2, the GNOME XML library,\ncould be forced to recursively evaluate entities, until available\nCPU and memory resources were exhausted.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.27.dfsg-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.32.dfsg-3.

\n

We recommend that you upgrade your libxml2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1632": "
\n

Debian Security Advisory

\n

DSA-1632-1 tiff -- buffer underflow

\n
\n
Date Reported:
\n
26 Aug 2008
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2327.
\n
More information:
\n
\n

Drew Yao discovered that libTIFF, a library for handling the Tagged Image\nFile Format, is vulnerable to a programming error allowing malformed\ntiff files to lead to a crash or execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 3.8.2-7+etch1.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 3.8.2-10+lenny1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your tiff package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1633": "
\n

Debian Security Advisory

\n

DSA-1633-1 slash -- SQL Injection, Cross-Site Scripting

\n
\n
Date Reported:
\n
01 Sep 2008
\n
Affected Packages:
\n
\nslash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 484499.
In Mitre's CVE dictionary: CVE-2008-2231, CVE-2008-2553.
\n
More information:
\n
\n

It has been discovered that Slash, the Slashdot Like Automated\nStorytelling Homepage suffers from two vulnerabilities related to\ninsufficient input sanitation, leading to execution of SQL commands\n(CVE-2008-2231) and cross-site scripting (CVE-2008-2553).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.2.6-8etch1.

\n

In the unstable distribution (sid), the slash package is currently\nuninstallable and will be removed soon.

\n

We recommend that you upgrade your slash package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/slash/slash_2.2.6-8etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1634": "
\n

Debian Security Advisory

\n

DSA-1634-1 wordnet -- stack and heap overflows

\n
\n
Date Reported:
\n
01 Sep 2008
\n
Affected Packages:
\n
\nwordnet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 481186.
In Mitre's CVE dictionary: CVE-2008-2149, CVE-2008-3908.
\n
More information:
\n
\n

Rob Holland discovered several programming errors in WordNet, an\nelectronic lexical database of the English language. These flaws could\nallow arbitrary code execution when used with untrusted input, for\nexample when WordNet is in use as a back end for a web application.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1:2.1-4+etch1.

\n

For the testing distribution (lenny), these problems have been fixed in\nversion 1:3.0-11+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:3.0-12.

\n

We recommend that you upgrade your wordnet package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-sense-index_2.1-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-base_2.1-4+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet_2.1-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wordnet/wordnet-dev_2.1-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1635": "
\n

Debian Security Advisory

\n

DSA-1635-1 freetype -- multiple vulnerabilities

\n
\n
Date Reported:
\n
10 Sep 2008
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1806, CVE-2008-1807, CVE-2008-1808.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in freetype,\na FreeType 2 font engine, which could allow the execution of arbitrary\ncode.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-1806\n

    An integer overflow allows context-dependent attackers to execute\n arbitrary code via a crafted set of values within the Private\n dictionary table in a Printer Font Binary (PFB) file.

    • \n
  • CVE-2008-1807\n

    The handling of an invalid number of axes field in the PFB file could\n trigger the freeing of arbitrary memory locations, leading to\n memory corruption.

    • \n
  • CVE-2008-1808\n

    Multiple off-by-one errors allowed the execution of arbitrary code\n via malformed tables in PFB files, or invalid SHC instructions in\n TTF files.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n2.2.1-5+etch3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.3.6-1.

\n

We recommend that you upgrade your freetype package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_ia64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_mips.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1636": "
\n

Debian Security Advisory

\n

DSA-1636-1 linux-2.6.24 -- denial of service/information leak

\n
\n
Date Reported:
\n
11 Sep 2008
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3272, CVE-2008-3275, CVE-2008-3276, CVE-2008-3526, CVE-2008-3534, CVE-2008-3535, CVE-2008-3792, CVE-2008-3915.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may\nlead to a denial of service or leak sensitive data. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-3272\n

    Tobias Klein reported a locally exploitable data leak in the\n snd_seq_oss_synth_make_info() function. This may allow local users\n to gain access to sensitive information.

    • \n
  • CVE-2008-3275\n

    Zoltan Sogor discovered a coding error in the VFS that allows local users\n to exploit a kernel memory leak resulting in a denial of service.

    • \n
  • CVE-2008-3276\n

    Eugene Teo reported an integer overflow in the DCCP subsystem that\n may allow remote attackers to cause a denial of service in the form\n of a kernel panic.

    • \n
  • CVE-2008-3526\n

    Eugene Teo reported a missing bounds check in the SCTP subsystem.\n By exploiting an integer overflow in the SCTP_AUTH_KEY handling code,\n remote attackers may be able to cause a denial of service in the form\n of a kernel panic.

    • \n
  • CVE-2008-3534\n

    Kel Modderman reported an issue in the tmpfs filesystem that allows\n local users to crash a system by triggering a kernel BUG() assertion.

    • \n
  • CVE-2008-3535\n

    Alexey Dobriyan discovered an off-by-one-error in the iov_iter_advance\n function which can be exploited by local users to crash a system,\n resulting in a denial of service.

    • \n
  • CVE-2008-3792\n

    Vlad Yasevich reported several NULL pointer reference conditions in\n the SCTP subsystem that can be triggered by entering sctp-auth codepaths\n when the AUTH feature is inactive. This may allow attackers to cause\n a denial of service condition via a system panic.

    • \n
  • CVE-2008-3915\n

    Johann Dahm and David Richter reported an issue in the nfsd subsystem\n that may allow remote attackers to cause a denial of service via a\n buffer overflow.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.5.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.5.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.5_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.5_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.5_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.5_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.5_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.5_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1637": "
\n

Debian Security Advisory

\n

DSA-1637-1 git-core -- buffer overflow

\n
\n
Date Reported:
\n
15 Sep 2008
\n
Affected Packages:
\n
\ngit-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 494097.
In Mitre's CVE dictionary: CVE-2008-3546.
\n
More information:
\n
\n

Multiple vulnerabilities have been identified in git-core, the core of\nthe git distributed revision control system. Improper path length\nlimitations in git's diff and grep functions, in combination with\nmaliciously crafted repositories or changes, could enable a stack\nbuffer overflow and potentially the execution of arbitrary code.

\n

The Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-3546.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.4.4-2.1+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.6.5-1.

\n

We recommend that you upgrade your git-core packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-2.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-2.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-2.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1638": "
\n

Debian Security Advisory

\n

DSA-1638-1 openssh -- denial of service

\n
\n
Date Reported:
\n
16 Sep 2008
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 498678.
In Mitre's CVE dictionary: CVE-2006-5051, CVE-2008-4109.
\n
More information:
\n
\n

It has been discovered that the signal handler implementing the login\ntimeout in Debian's version of the OpenSSH server uses functions which\nare not async-signal-safe, leading to a denial of service\nvulnerability (CVE-2008-4109).

\n

The problem was originally corrected in OpenSSH 4.4p1 (CVE-2006-5051),\nbut the patch backported to the version released with etch was\nincorrect.

\n

Systems affected by this issue suffer from lots of zombie sshd\nprocesses. Processes stuck with a \"[net]\" process title have also been\nobserved. Over time, a sufficient number of processes may accumulate\nsuch that further login attempts are impossible. Presence of these\nprocesses does not indicate active exploitation of this vulnerability.\nIt is possible to trigger this denial of service condition by accident.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 4.3p2-9etch3.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), this problem has been fixed in version 4.6p1-1.

\n

We recommend that you upgrade your openssh packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh_4.3p2-9etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-krb5_4.3p2-9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh_4.3p2-9etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client_4.3p2-9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server_4.3p2-9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-server-udeb_4.3p2-9etch3_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssh/ssh-askpass-gnome_4.3p2-9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssh/openssh-client-udeb_4.3p2-9etch3_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1639": "
\n

Debian Security Advisory

\n

DSA-1639-1 twiki -- command execution

\n
\n
Date Reported:
\n
19 Sep 2008
\n
Affected Packages:
\n
\ntwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 499534.
In Mitre's CVE dictionary: CVE-2008-3195.
\n
More information:
\n
\n

It was discovered that twiki, a web based collaboration platform,\ndidn't properly sanitize the image parameter in its configuration script.\nThis could allow remote users to execute arbitrary commands upon the\nsystem, or read any files which were readable by the webserver user.

\n

For the stable distribution (etch), this problem has been fixed in version\n1:4.0.5-9.1etch1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your twiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.dsc
\n
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1640": "
\n

Debian Security Advisory

\n

DSA-1640-1 python-django -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Sep 2008
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 497765, Bug 448838.
In Mitre's CVE dictionary: CVE-2008-3909, CVE-2007-5712.
\n
More information:
\n
\n

Simon Willison discovered that in Django, a Python web framework, the\nfeature to retain HTTP POST data during user reauthentication allowed\na remote attacker to perform unauthorized modification of data through\ncross site request forgery. This is possible regardless of the Django\nplugin to prevent cross site request forgery being enabled. The Common\nVulnerabilities and Exposures project identifies this issue as\nCVE-2008-3909.

\n

In this update the affected feature is disabled; this is in accordance\nwith upstream's preferred solution for this situation.

\n

This update takes the opportunity to also include a relatively minor\ndenial of service attack in the internationalisation framework, known\nas CVE-2007-5712.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.95.1-1etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0-1.

\n

We recommend that you upgrade your python-django package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_0.95.1-1etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1641": "
\n

Debian Security Advisory

\n

DSA-1641-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Sep 2008
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3197, CVE-2008-3456, CVE-2008-3457, CVE-2008-4096.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a\ntool to administrate MySQL databases over the web. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-4096\n

    Remote authenticated users could execute arbitrary code on the\n host running phpMyAdmin through manipulation of a script parameter.

    • \n
  • CVE-2008-3457\n

    Cross site scripting through the setup script was possible in\n rare circumstances.

    • \n
  • CVE-2008-3456\n

    Protection has been added against remote websites loading phpMyAdmin\n into a frameset.

    • \n
  • CVE-2008-3197\n

    Cross site request forgery allowed remote attackers to create a new\n database, but not perform any other action on it.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 4:2.9.1.1-8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:2.11.8.1-2.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-8_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1642": "
\n

Debian Security Advisory

\n

DSA-1642-1 horde3 -- cross site scripting

\n
\n
Date Reported:
\n
20 Sep 2008
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3823.
\n
More information:
\n
\n

Will Drewry discovered that Horde allows remote attackers to send\nan email with a crafted MIME attachment filename attribute to perform\ncross site scripting.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 3.1.3-4etch4.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 3.2.1+debian0-2+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your horde3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1643": "
\n

Debian Security Advisory

\n

DSA-1643-1 feta -- insecure temp file handling

\n
\n
Date Reported:
\n
05 Oct 2008
\n
Affected Packages:
\n
\nfeta\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 496397.
In Mitre's CVE dictionary: CVE-2008-4440.
\n
More information:
\n
\n

Dmitry E. Oboukhov discovered that the \"to-upgrade\" plugin of Feta,\na simpler interface to APT, dpkg, and other Debian package tools\ncreates temporary files insecurely, which may lead to local denial\nof service through symlink attacks.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.15+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.16+nmu1.

\n

We recommend that you upgrade your feta package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/feta/feta_1.4.15+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1644": "
\n

Debian Security Advisory

\n

DSA-1644-1 mplayer -- integer overflow

\n
\n
Date Reported:
\n
05 Oct 2008
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 500683.
In Mitre's CVE dictionary: CVE-2008-3827.
\n
More information:
\n
\n

Felipe Andres Manzano discovered that mplayer, a multimedia player, is\nvulnerable to several integer overflows in the Real video stream\ndemuxing code. These flaws could allow an attacker to cause a denial\nof service (a crash) or potentially execution of arbitrary code by\nsupplying a maliciously crafted video file.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.0~rc1-12etch5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0~rc2-18.

\n

We recommend that you upgrade your mplayer packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1645": "
\n

Debian Security Advisory

\n

DSA-1645-1 lighttpd -- various

\n
\n
Date Reported:
\n
06 Oct 2008
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4298, CVE-2008-4359, CVE-2008-4360.
\n
More information:
\n
\n

Several local/remote vulnerabilities have been discovered in lighttpd,\na fast webserver with minimal memory footprint.

\n

The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-4298\n

    A memory leak in the http_request_parse function could be used by\n remote attackers to cause lighttpd to consume memory, and cause a\n denial of service attack.

    • \n
  • CVE-2008-4359\n

    Inconsistant handling of URL patterns could lead to the disclosure\n of resources a server administrator did not anticipate when using\n rewritten URLs.

    • \n
  • CVE-2008-4360\n

    Upon filesystems which don't handle case-insensitive paths differently\n it might be possible that unanticipated resources could be made available\n by mod_userdir.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in version\n1.4.13-4etch11.

\n

For the unstable distribution (sid), these problems will be fixed shortly.

\n

We recommend that you upgrade your lighttpd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch11_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1646": "
\n

Debian Security Advisory

\n

DSA-1646-1 squid -- array bounds check

\n
\n
Date Reported:
\n
07 Oct 2008
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1612.
\n
More information:
\n
\n

A weakness has been discovered in squid, a caching proxy server. The\nflaw was introduced upstream in response to CVE-2007-6239, and\nannounced by Debian in DSA-1482-1. The flaw involves an\nover-aggressive bounds check on an array resize, and could be\nexploited by an authorized client to induce a denial of service\ncondition against squid.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.5-6etch2.

\n

We recommend that you upgrade your squid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1647": "
\n

Debian Security Advisory

\n

DSA-1647-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Oct 2008
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 499987, Bug 499988, Bug 499989.
In Mitre's CVE dictionary: CVE-2008-3658, CVE-2008-3659, CVE-2008-3660.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, a server-side,\nHTML-embedded scripting language. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2008-3658\n

    Buffer overflow in the imageloadfont function allows a denial\n of service or code execution through a crafted font file.

    • \n
  • CVE-2008-3659\n

    Buffer overflow in the memnstr function allows a denial of\n service or code execution via a crafted delimiter parameter\n to the explode function.

    • \n
  • CVE-2008-3660\n

    Denial of service is possible in the FastCGI module by a\n remote attacker by making a request with multiple dots\n before the extension.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.2.0-8+etch13.

\n

For the testing (lenny) and unstable distribution (sid), these problems\nhave been fixed in version 5.2.6-4.

\n

We recommend that you upgrade your php5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch13_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch13_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch13_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1648": "
\n

Debian Security Advisory

\n

DSA-1648-1 mon -- insecure temporary files

\n
\n
Date Reported:
\n
08 Oct 2008
\n
Affected Packages:
\n
\nmon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 496398.
In Mitre's CVE dictionary: CVE-2008-4477.
\n
More information:
\n
\n

Dmitry E. Oboukhov discovered that the test.alert script used in one of the\nalert functions in mon, a system to monitor hosts or services and alert\nabout problems, creates temporary files insecurely, which may lead to a local\ndenial of service through symlink attacks.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.99.2-9+etch2.

\n

For the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 0.99.2-13.

\n

We recommend that you upgrade your mon package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mon/mon_0.99.2-9+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1649": "
\n

Debian Security Advisory

\n

DSA-1649-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Oct 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0016\n

    Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.

    • \n
  • CVE-2008-3835\n

    moz_bug_r_a4 discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.

    • \n
  • CVE-2008-3836\n

    moz_bug_r_a4 discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.

    • \n
  • CVE-2008-3837\n

    Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.

    • \n
  • CVE-2008-4058\n

    moz_bug_r_a4 discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.

    • \n
  • CVE-2008-4059\n

    moz_bug_r_a4 discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.

    • \n
  • CVE-2008-4060\n

    Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege\n escalation vulnerability in XSLT handling.

    • \n
  • CVE-2008-4061\n

    Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-4062\n

    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.

    • \n
  • CVE-2008-4065\n

    Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.

    • \n
  • CVE-2008-4066\n

    Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.

    • \n
  • CVE-2008-4067\n

    Boris Zbarsky discovered that resource: URLs allow directory\n traversal when using URL-encoded slashes.

    • \n
  • CVE-2008-4068\n

    Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.

    • \n
  • CVE-2008-4069\n

    Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.17-0etch1. Packages for hppa will be provided later.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.0.3 of iceweasel and 1.9.0.3-1 of xulrunner.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.17-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.17-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.17-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.17-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1650": "
\n

Debian Security Advisory

\n

DSA-1650-1 openldap2.3 -- denial of service

\n
\n
Date Reported:
\n
12 Oct 2008
\n
Affected Packages:
\n
\nopenldap2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 488710.
In Mitre's CVE dictionary: CVE-2008-2952.
\n
More information:
\n
\n

Cameron Hotchkies discovered that the OpenLDAP server slapd, a free\nimplementation of the Lightweight Directory Access Protocol, could be\ncrashed by sending malformed ASN1 requests.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.3.30-5+etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.10-3 of the openldap package.

\n

We recommend that you upgrade your openldap2.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1651": "
\n

Debian Security Advisory

\n

DSA-1651-1 ruby1.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Oct 2008
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service and other\nsecurity problems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-3655\n

    Keita Yamaguchi discovered that several safe level restrictions\n are insufficiently enforced.

    • \n
  • CVE-2008-3656\n

    Christian Neukirchen discovered that the WebRick module uses\n inefficient algorithms for HTTP header splitting, resulting in\n denial of service through resource exhaustion.

    • \n
  • CVE-2008-3657\n

    It was discovered that the dl module doesn't perform taintness\n checks.

    • \n
  • CVE-2008-3790\n

    Luka Treiber and Mitja Kolsek discovered that recursively nested\n XML entities can lead to denial of service through resource\n exhaustion in rexml.

    • \n
  • CVE-2008-3905\n

    Tanaka Akira discovered that the resolv module uses sequential\n transaction IDs and a fixed source port for DNS queries, which\n makes it more vulnerable to DNS spoofing attacks.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch3. Packages for arm will be provided later.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.72-1.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1652": "
\n

Debian Security Advisory

\n

DSA-1652-1 ruby1.9 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Oct 2008
\n
Affected Packages:
\n
\nruby1.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service and other\nsecurity problems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-3655\n

    Keita Yamaguchi discovered that several safe level restrictions\n are insufficiently enforced.

    • \n
  • CVE-2008-3656\n

    Christian Neukirchen discovered that the WebRick module uses\n inefficient algorithms for HTTP header splitting, resulting in\n denial of service through resource exhaustion.

    • \n
  • CVE-2008-3657\n

    It was discovered that the dl module doesn't perform taintness\n checks.

    • \n
  • CVE-2008-3790\n

    Luka Treiber and Mitja Kolsek discovered that recursively nested\n XML entities can lead to denial of service through resource\n exhaustion in rexml.

    • \n
  • CVE-2008-3905\n

    Tanaka Akira discovered that the resolv module uses sequential\n transaction IDs and a fixed source port for DNS queries, which\n makes it more vulnerable to DNS spoofing attacks.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.9.0+20060609-1etch3. Packages for arm will be provided later.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.2-6.

\n

We recommend that you upgrade your ruby1.9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch3_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1653": "
\n

Debian Security Advisory

\n

DSA-1653-1 linux-2.6 -- denial of service/privilege escalation

\n
\n
Date Reported:
\n
13 Oct 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6716, CVE-2008-1514, CVE-2008-3276, CVE-2008-3525, CVE-2008-3833, CVE-2008-4210, CVE-2008-4302.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2007-6716\n

    Joe Jin reported a local denial of service vulnerability that\n allows system users to trigger an oops due to an improperly\n initialized data structure.

    • \n
  • CVE-2008-1514\n

    Jan Kratochvil reported a local denial of service vulnerability in\n the ptrace interface for the s390 architecture. Local users can\n trigger an invalid pointer dereference, leading to a system panic.

    • \n
  • CVE-2008-3276\n

    Eugene Teo reported an integer overflow in the DCCP subsystem that\n may allow remote attackers to cause a denial of service in the\n form of a kernel panic.

    • \n
  • CVE-2008-3525\n

    Eugene Teo reported a lack of capability checks in the kernel\n driver for Granch SBNI12 leased line adapters (sbni), allowing\n local users to perform privileged operations.

    • \n
  • CVE-2008-3833\n

    The S_ISUID/S_ISGID bits were not being cleared during an inode\n splice, which, under certain conditions, can be exploited by local\n users to obtain the privileges of a group for which they are not a\n member. Mark Fasheh reported this issue.

    • \n
  • CVE-2008-4210\n

    David Watson reported an issue in the open()/creat() system calls\n which, under certain conditions, can be exploited by local users\n to obtain the privileges of a group for which they are not a\n member.

    • \n
  • CVE-2008-4302\n

    A coding error in the splice subsystem allows local users to\n attempt to unlock a page structure that has not been locked,\n resulting in a system crash.

    • \n
\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-22etch3.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch3.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-22etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch3.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-22etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-22etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-22etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-22etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-22etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-22etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-22etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-22etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-22etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-22etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-22etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-22etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-22etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-22etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-22etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1654": "
\n

Debian Security Advisory

\n

DSA-1654-1 libxml2 -- buffer overflow

\n
\n
Date Reported:
\n
14 Oct 2008
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 498768.
In Mitre's CVE dictionary: CVE-2008-3529.
\n
More information:
\n
\n

It was discovered that libxml2, the GNOME XML library, didn't correctly\nhandle long entity names. This could allow the execution of arbitrary\ncode via a malicious XML file.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.6.27.dfsg-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.32.dfsg-4.

\n

We recommend that you upgrade your libxml2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1655": "
\n

Debian Security Advisory

\n

DSA-1655-1 linux-2.6.24 -- denial of service/information leak/privilege escalation

\n
\n
Date Reported:
\n
16 Oct 2008
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1514, CVE-2008-3525, CVE-2008-3831, CVE-2008-4113, CVE-2008-4445.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a leak of\nsensitive data. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-1514\n

    Jan Kratochvil reported a local denial of service vulnerability in\n the ptrace interface for the s390 architecture. Local users can\n trigger an invalid pointer dereference, leading to a system panic.

    • \n
  • CVE-2008-3525\n

    Eugene Teo reported a lack of capability checks in the kernel\n driver for Granch SBNI12 leased line adapters (sbni), allowing\n local users to perform privileged operations.

    • \n
  • CVE-2008-3831\n

    Olaf Kirch discovered an issue with the i915 driver that may allow\n local users to cause memory corruption by use of an ioctl with\n insufficient privilege restrictions.

    • \n
  • CVE-2008-4113/CVE-2008-4445\n

    Eugene Teo discovered two issues in the SCTP subsystem which allow\n local users to obtain access to sensitive memory when the\n SCTP-AUTH extension is enabled.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.6.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.6_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.6_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.6_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.6_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.6_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.6_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.6_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.6_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1656": "
\n

Debian Security Advisory

\n

DSA-1656-1 cupsys -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Oct 2008
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3639, CVE-2008-3640, CVE-2008-3641.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the Common UNIX\nPrinting System. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-3639\n

    It was discovered that insufficient bounds checking in the SGI\n image filter may lead to the execution of arbitrary code.

    • \n
  • CVE-2008-3640\n

    It was discovered that an integer overflow in the Postscript\n conversion tool texttops may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2008-3641\n

    It was discovered that insufficient bounds checking in the HPGL\n filter may lead to the execution of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.2.7-4etch5.

\n

For the unstable distribution (sid) and the upcoming stable distribution\n(lenny), these problems have been fixed in version 1.3.8-1lenny2 of\nthe source package cups.

\n

We recommend that you upgrade your cupsys package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1657": "
\n

Debian Security Advisory

\n

DSA-1657-1 qemu -- insecure temporary files

\n
\n
Date Reported:
\n
20 Oct 2008
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 496394.
In Mitre's CVE dictionary: CVE-2008-4553.
\n
More information:
\n
\n

Dmitry E. Oboukhov discovered that the qemu-make-debian-root script in qemu,\nfast processor emulator, creates temporary files insecurely, which may lead\nto a local denial of service through symlink attacks.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.8.2-4etch2.

\n

For the testing (lenny) and unstable distribution (sid), this problem has\nbeen fixed in version 0.9.1-6.

\n

We recommend that you upgrade your qemu package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.dsc
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1658": "
\n

Debian Security Advisory

\n

DSA-1658-1 dbus -- programming error

\n
\n
Date Reported:
\n
22 Oct 2008
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 501443.
In Mitre's CVE dictionary: CVE-2008-3834.
\n
More information:
\n
\n

Colin Walters discovered that the dbus_signature_validate function in\ndbus, a simple interprocess messaging system, is prone to a denial of\nservice attack.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.0.2-1+etch2.

\n

For the testing distribution (lenny) and unstable distribution (sid)\nthis problem will be fixed soon.

\n

We recommend that you upgrade your dbus package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.dsc
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1659": "
\n

Debian Security Advisory

\n

DSA-1659-1 libspf2 -- buffer overflow

\n
\n
Date Reported:
\n
23 Oct 2008
\n
Affected Packages:
\n
\nlibspf2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2469.
\n
More information:
\n
\n

Dan Kaminsky discovered that libspf2, an implementation of the Sender\nPolicy Framework (SPF) used by mail servers for mail filtering, handles\nmalformed TXT records incorrectly, leading to a buffer overflow\ncondition (CVE-2008-2469).

\n

Note that the SPF configuration template in Debian's Exim configuration\nrecommends to use libmail-spf-query-perl, which does not suffer from\nthis issue.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.2.5-4+etch1.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 1.2.5.dfsg-5+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libspf2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2_1.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2_1.2.5-4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2_1.2.5-4+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libspf2/spfquery_1.2.5-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-dev_1.2.5-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libspf2/libspf2-2_1.2.5-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1660": "
\n

Debian Security Advisory

\n

DSA-1660-1 clamav -- null pointer dereference, resource exhaustion

\n
\n
Date Reported:
\n
26 Oct 2008
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3912, CVE-2008-3913, CVE-2008-3914.
\n
More information:
\n
\n

Several denial-of-service vulnerabilities have been discovered in\nthe ClamAV anti-virus toolkit:

\n

Insufficient checking for out-of-memory conditions results in null\npointer dereferences (CVE-2008-3912).

\n

Incorrect error handling logic leads to memory leaks (CVE-2008-3913)\nand file descriptor leaks (CVE-2008-3914).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-4etch15.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 0.94.dfsg-1.

\n

We recommend that you upgrade your clamav package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch15_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch15_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch15_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch15_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1661": "
\n

Debian Security Advisory

\n

DSA-1661-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Oct 2008
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2237, CVE-2008-2238.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the OpenOffice.org\noffice suite:

\n
    \n
  • CVE-2008-2237\n

    The SureRun Security team discovered a bug in the WMF file parser\n that can be triggered by manipulated WMF files and can lead to\n heap overflows and arbitrary code execution.

    • \n
  • CVE-2008-2238\n

    An anonymous researcher working with the iDefense discovered a bug\n in the EMF file parser that can be triggered by manipulated EMF\n files and can lead to heap overflows and arbitrary code execution.

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.0.4.dfsg.2-7etch6.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 2.4.1-12.

\n

For the experimental distribution these problems have been fixed in\nversion 3.0.0~rc3-1.

\n

We recommend that you upgrade your OpenOffice.org package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch6_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1662": "
\n

Debian Security Advisory

\n

DSA-1662-1 mysql-dfsg-5.0 -- authorization bypass

\n
\n
Date Reported:
\n
06 Nov 2008
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 480292.
In Mitre's CVE dictionary: CVE-2008-4098.
\n
More information:
\n
\n

A symlink traversal vulnerability was discovered in MySQL, a\nrelational database server. The weakness could permit an attacker\nhaving both CREATE TABLE access to a database and the ability to\nexecute shell commands on the database server to bypass MySQL access\ncontrols, enabling them to write to tables in databases to which they\nwould not ordinarily have access.

\n

The Common Vulnerabilities and Exposures project identifies this\nvulnerability as CVE-2008-4098. Note that a closely aligned issue,\nidentified as CVE-2008-4097, was prevented by the update announced in\nDSA-1608-1. This new update supersedes that fix and mitigates both\npotential attack vectors.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch8.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1663": "
\n

Debian Security Advisory

\n

DSA-1663-1 net-snmp -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2008
\n
Affected Packages:
\n
\nnet-snmp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 485945, Bug 482333, Bug 504150.
In Mitre's CVE dictionary: CVE-2008-0960, CVE-2008-2292, CVE-2008-4309.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in NET SNMP, a suite of\nSimple Network Management Protocol applications. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0960\n

    Wes Hardaker reported that the SNMPv3 HMAC verification relies on\n the client to specify the HMAC length, which allows spoofing of\n authenticated SNMPv3 packets.

    • \n
  • CVE-2008-2292\n

    John Kortink reported a buffer overflow in the __snprint_value\n function in snmp_get causing a denial of service and potentially\n allowing the execution of arbitrary code via a large OCTETSTRING\n in an attribute value pair (AVP).

    • \n
  • CVE-2008-4309\n

    It was reported that an integer overflow in the\n netsnmp_create_subtree_cache function in agent/snmp_agent.c allows\n remote attackers to cause a denial of service attack via a crafted\n SNMP GETBULK request.

    • \n
\n

For the stable distribution (etch), these problems has been fixed in\nversion 5.2.3-7etch4.

\n

For the testing distribution (lenny) and unstable distribution (sid)\nthese problems have been fixed in version 5.4.1~dfsg-11.

\n

We recommend that you upgrade your net-snmp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3-7etch4.dsc
\n
http://security.debian.org/pool/updates/main/n/net-snmp/net-snmp_5.2.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-base_5.2.3-7etch4_all.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/tkmib_5.2.3-7etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmp_5.2.3-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9-dev_5.2.3-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp-perl_5.2.3-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/snmpd_5.2.3-7etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/net-snmp/libsnmp9_5.2.3-7etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1664": "
\n

Debian Security Advisory

\n

DSA-1664-1 ekg -- missing input sanitising

\n
\n
Date Reported:
\n
10 Nov 2008
\n
Affected Packages:
\n
\nekg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4776.
\n
More information:
\n
\n

It was discovered that ekg, a console Gadu Gadu client performs\ninsufficient input sanitising in the code to parse contact descriptions,\nwhich may result in denial of service.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1:1.7~rc2-1etch2.

\n

For the unstable distribution (sid) and the upcoming stable distribution\n(lenny), this problem has been fixed in version 1:1.8~rc1-2 of libgadu.

\n

We recommend that you upgrade your ekg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1665": "
\n

Debian Security Advisory

\n

DSA-1665-1 libcdaudio -- heap overflow

\n
\n
Date Reported:
\n
12 Nov 2008
\n
Affected Packages:
\n
\nlibcdaudio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5030.
\n
More information:
\n
\n

It was discovered that a heap overflow in the CDDB retrieval code of\nlibcdaudio, a library for controlling a CD-ROM when playing audio CDs,\nmay result in the execution of arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.99.12p2-2+etch1. A package for hppa will be provided later.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 0.99.12p2-7.

\n

We recommend that you upgrade your libcdaudio packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio_0.99.12p2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio-dev_0.99.12p2-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libc/libcdaudio/libcdaudio1_0.99.12p2-2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1666": "
\n

Debian Security Advisory

\n

DSA-1666-1 libxml2 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Nov 2008
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4225, CVE-2008-4226.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the GNOME XML library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-4225\n

    Drew Yao discovered that missing input sanitising in the\n xmlBufferResize() function may lead to an infinite loop,\n resulting in denial of service.

    • \n
  • CVE-2008-4226\n

    Drew Yao discovered that an integer overflow in the\n xmlSAX2Characters() function may lead to denial of service or\n the execution of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.27.dfsg-6.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in\nversion 2.6.32.dfsg-5.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1667": "
\n

Debian Security Advisory

\n

DSA-1667-1 python2.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Nov 2008
\n
Affected Packages:
\n
\npython2.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-2315\n

    David Remahl discovered several integer overflows in the\n stringobject, unicodeobject, bufferobject, longobject,\n tupleobject, stropmodule, gcmodule, and mmapmodule modules.

    • \n
  • CVE-2008-3142\n

    Justin Ferguson discovered that incorrect memory allocation in\n the unicode_resize() function can lead to buffer overflows.

    • \n
  • CVE-2008-3143\n

    Several integer overflows were discovered in various Python core\n modules.

    • \n
  • CVE-2008-3144\n

    Several integer overflows were discovered in the PyOS_vsnprintf()\n function.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch2.

\n

For the unstable distribution (sid) and the upcoming stable\ndistribution (lenny), these problems have been fixed in\nversion 2.4.5-5.

\n

We recommend that you upgrade your python2.4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1668": "
\n

Debian Security Advisory

\n

DSA-1668-1 hf -- programming error

\n
\n
Date Reported:
\n
22 Nov 2008
\n
Affected Packages:
\n
\nhf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 504182.
In Mitre's CVE dictionary: CVE-2008-2378.
\n
More information:
\n
\n

Steve Kemp discovered that hf, an amateur-radio protocol suite using\na soundcard as a modem, insecurely tried to execute an external command\nwhich could lead to the elevation of privileges for local users.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.7.3-4etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8-8.1.

\n

We recommend that you upgrade your hf package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1669": "
\n

Debian Security Advisory

\n

DSA-1669-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Nov 2008
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0016, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0016\n

    Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code.

    • \n
  • CVE-2008-3835\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could by bypassed.

    • \n
  • CVE-2008-3836\n

    \"moz_bug_r_a4\" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation.

    • \n
  • CVE-2008-3837\n

    Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop.

    • \n
  • CVE-2008-4058\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.

    • \n
  • CVE-2008-4059\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers.

    • \n
  • CVE-2008-4060\n

    Olli Pettay and \"moz_bug_r_a4\" discovered a Chrome privilege\n escalation vulnerability in XSLT handling.

    • \n
  • CVE-2008-4061\n

    Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2008-4062\n

    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code.

    • \n
  • CVE-2008-4065\n

    Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.

    • \n
  • CVE-2008-4066\n

    Gareth Heyes discovered that some Unicode surrogate characters are\n ignored by the HTML parser.

    • \n
  • CVE-2008-4067\n

    Boris Zbarsky discovered that resource: URls allow directory\n traversal when using URL-encoded slashes.

    • \n
  • CVE-2008-4068\n

    Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions.

    • \n
  • CVE-2008-4069\n

    Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory.

    • \n
  • CVE-2008-4582\n

    Liu Die Yu discovered an information leak through local shortcut\n files.

    • \n
  • CVE-2008-5012\n

    Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.

    • \n
  • CVE-2008-5013\n

    It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.

    • \n
  • CVE-2008-5014\n

    Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.

    • \n
  • CVE-2008-5017\n

    It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.

    • \n
  • CVE-2008-5018\n

    It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.

    • \n
  • CVE-2008-0017\n

    Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution.

    • \n
  • CVE-2008-5021\n

    It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.

    • \n
  • CVE-2008-5022\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.

    • \n
  • CVE-2008-5023\n

    Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.

    • \n
  • CVE-2008-5024\n

    Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided\nlater.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in version 1.9.0.4-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614h-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614h-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614h-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1670": "
\n

Debian Security Advisory

\n

DSA-1670-1 enscript -- buffer overflows

\n
\n
Date Reported:
\n
24 Nov 2008
\n
Affected Packages:
\n
\nenscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3863, CVE-2008-4306.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Enscript, a converter\nfrom ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-3863\n

    Ulf Harnhammer discovered that a buffer overflow may lead to\n the execution of arbitrary code.

    • \n
  • CVE-2008-4306\n

    Kees Cook and Tomas Hoger discovered that several buffer\n overflows may lead to the execution of arbitrary code.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.6.4-11.1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), these problems have been fixed in version 1.6.4-13.

\n

We recommend that you upgrade your enscript package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.4-11.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1671": "
\n

Debian Security Advisory

\n

DSA-1671-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Nov 2008
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel\nwebbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0017\n

    Justin Schuh discovered that a buffer overflow in the http-index-format\n parser could lead to arbitrary code execution.

    • \n
  • CVE-2008-4582\n

    Liu Die Yu discovered an information leak through local shortcut\n files.

    • \n
  • CVE-2008-5012\n

    Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions.

    • \n
  • CVE-2008-5013\n

    It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution.

    • \n
  • CVE-2008-5014\n

    Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution.

    • \n
  • CVE-2008-5017\n

    It was discovered that crashes in the layout engine could lead to\n arbitrary code execution.

    • \n
  • CVE-2008-5018\n

    It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution.

    • \n
  • CVE-2008-5021\n

    It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code.

    • \n
  • CVE-2008-5022\n

    moz_bug_r_a4 discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.

    • \n
  • CVE-2008-5023\n

    Collin Jackson discovered that the -moz-binding property bypasses\n security checks on codebase principals.

    • \n
  • CVE-2008-5024\n

    Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.0.0.18-0etch1.

\n

For the upcoming stable distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 3.0.4-1 of iceweasel\nand version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be\nprovided soon.

\n

We recommend that you upgrade your iceweasel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.18-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.18-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1672": "
\n

Debian Security Advisory

\n

DSA-1672-1 imlib2 -- buffer overflow

\n
\n
Date Reported:
\n
29 Nov 2008
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 505714.
In Mitre's CVE dictionary: CVE-2008-5187.
\n
More information:
\n
\n

Julien Danjou and Peter De Wachter discovered that a buffer overflow\nin the XPM loader of Imlib2, a powerful image loading and rendering\nlibrary, might lead to arbitrary code execution.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.3.0.0debian1-4+etch2.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 1.4.0-1.2.

\n

We recommend that you upgrade your imlib2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.3.0.0debian1-4+etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.3.0.0debian1-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.3.0.0debian1-4+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1673": "
\n

Debian Security Advisory

\n

DSA-1673-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Nov 2008
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3933, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in network traffic\nanalyzer Wireshark. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-3137\n

    The GSM SMS dissector is vulnerable to denial of service.

    • \n
  • CVE-2008-3138\n

    The PANA and KISMET dissectors are vulnerable to denial of service.

    • \n
  • CVE-2008-3141\n

    The RMI dissector could disclose system memory.

    • \n
  • CVE-2008-3145\n

    The packet reassembling module is vulnerable to denial of service.

    • \n
  • CVE-2008-3933\n

    The zlib uncompression module is vulnerable to denial of service.

    • \n
  • CVE-2008-4683\n

    The Bluetooth ACL dissector is vulnerable to denial of service.

    • \n
  • CVE-2008-4684\n

    The PRP and MATE dissectors are vulnerable to denial of service.

    • \n
  • CVE-2008-4685\n

    The Q931 dissector is vulnerable to denial of service.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.99.4-5.etch.3.

\n

For the upcoming stable distribution (lenny), these problems have been\nfixed in version 1.0.2-3+lenny2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1674": "
\n

Debian Security Advisory

\n

DSA-1674-1 jailer -- insecure temp file generation

\n
\n
Date Reported:
\n
30 Nov 2008
\n
Affected Packages:
\n
\njailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 410548.
In Mitre's CVE dictionary: CVE-2008-5139.
\n
More information:
\n
\n

Javier Fernandez-Sanguino Pena discovered that updatejail, a component\nof the chroot maintenance tool Jailer, creates a predictable temporary\nfile name, which may lead to local denial of service through a symlink\nattack.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.4-9+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 0.4-10.

\n

We recommend that you upgrade your jailer package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/j/jailer/jailer_0.4-9+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1675": "
\n

Debian Security Advisory

\n

DSA-1675-1 phpmyadmin -- insufficient input sanitising

\n
\n
Date Reported:
\n
30 Nov 2008
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4326.
\n
More information:
\n
\n

Masako Oono discovered that phpMyAdmin, a web-based administration\ninterface for MySQL, insufficiently sanitises input allowing a\nremote attacker to gather sensitive data through cross site scripting,\nprovided that the user uses the Internet Explorer web browser.

\n

This update also fixes a regression introduced in DSA 1641, that\nbroke changing of the language and encoding in the login screen.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 4:2.9.1.1-9.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:2.11.8.1-3.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1676": "
\n

Debian Security Advisory

\n

DSA-1676-1 flamethrower -- insecure temp file generation

\n
\n
Date Reported:
\n
01 Dec 2008
\n
Affected Packages:
\n
\nflamethrower\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 506350.
In Mitre's CVE dictionary: CVE-2008-5141.
\n
More information:
\n
\n

Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary\nfilenames, which may lead to a local denial of service through a symlink\nattack.

\n

For the stable distribution (etch), this problem has been fixed in version\n0.1.8-1+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.1.8-2.

\n

We recommend that you upgrade your flamethrower package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/flamethrower/flamethrower_0.1.8-1+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1677": "
\n

Debian Security Advisory

\n

DSA-1677-1 cupsys -- integer overflow

\n
\n
Date Reported:
\n
02 Dec 2008
\n
Affected Packages:
\n
\ncupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 507183.
In Mitre's CVE dictionary: CVE-2008-5286.
\n
More information:
\n
\n

An integer overflow has been discovered in the image validation code\nof cupsys, the Common UNIX Printing System. An attacker could trigger\nthis bug by supplying a malicious graphic that could lead to the\nexecution of arbitrary code.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.2.7-4etch6.

\n

For testing distribution (lenny) this issue will be fixed soon.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.3.8-1lenny4.

\n

We recommend that you upgrade your cupsys packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1678": "
\n

Debian Security Advisory

\n

DSA-1678-1 perl -- design flaws

\n
\n
Date Reported:
\n
03 Dec 2008
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 286905, Bug 286922.
In Mitre's CVE dictionary: CVE-2008-5302, CVE-2008-5303.
\n
More information:
\n
\n

Paul Szabo rediscovered a vulnerability in the File::Path::rmtree\nfunction of Perl. It was possible to exploit a race condition to create\nsetuid binaries in a directory tree or remove arbitrary files when a\nprocess is deleting this tree. This issue was originally known as\nCVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and\nDSA-620-1. Unfortunately, they were reintroduced later.

\n

For the stable distribution (etch), these problems have been fixed in\nversion 5.8.8-7etch5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.10.0-18 and will migrate to the testing distribution (lenny)\nshortly.

\n

We recommend that you upgrade your perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.dsc
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch5_all.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1679": "
\n

Debian Security Advisory

\n

DSA-1679-1 awstats -- cross-site scripting

\n
\n
Date Reported:
\n
03 Dec 2008
\n
Affected Packages:
\n
\nawstats\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 495432.
In Mitre's CVE dictionary: CVE-2008-3714.
\n
More information:
\n
\n

Morgan Todd discovered a cross-site scripting vulnerability in awstats,\na log file analyzer, involving the \"config\" request parameter (and\npossibly others; CVE-2008-3714).

\n

For the stable distribution (etch), this problem has been fixed in version\n6.5+dfsg-1+etch1.

\n

The unstable (sid) and testing (lenny) distribution will be fixed soon.

\n

We recommend that you upgrade your awstats package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/awstats/awstats_6.5+dfsg-1+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1680": "
\n

Debian Security Advisory

\n

DSA-1680-1 clamav -- buffer overflow, stack consumption

\n
\n
Date Reported:
\n
04 Dec 2008
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 505134, Bug 507624.
In Mitre's CVE dictionary: CVE-2008-5050, CVE-2008-5314.
\n
More information:
\n
\n

Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers\nfrom an off-by-one-error in its VBA project file processing, leading to\na heap-based buffer overflow and potentially arbitrary code execution\n(CVE-2008-5050).

\n

Ilja van Sprundel discovered that ClamAV contains a denial of service\ncondition in its JPEG file processing because it does not limit the\nrecursion depth when processing JPEG thumbnails (CVE-2008-5314).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.90.1dfsg-4etch16.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.94.dfsg.2-1.

\n

The testing distribution (lenny) will be fixed soon.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch16_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch16_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch16_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch16_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1681": "
\n

Debian Security Advisory

\n

DSA-1681-1 linux-2.6.24 -- denial of service/privilege escalation

\n
\n
Date Reported:
\n
04 Dec 2008
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3528, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5134, CVE-2008-5182, CVE-2008-5300.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-3528\n

    Eugene Teo reported a local DoS issue in the ext2 and ext3\n filesystems. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to output error messages in an\n infinite loop.

    • \n
  • CVE-2008-4554\n

    Milos Szeredi reported that the usage of splice() on files opened\n with O_APPEND allows users to write to the file at arbitrary\n offsets, enabling a bypass of possible assumed semantics of the\n O_APPEND flag.

    • \n
  • CVE-2008-4576\n

    Vlad Yasevich reported an issue in the SCTP subsystem that may\n allow remote users to cause a local DoS by triggering a kernel\n oops.

    • \n
  • CVE-2008-4618\n

    Wei Yongjun reported an issue in the SCTP subsystem that may allow\n remote users to cause a local DoS by triggering a kernel panic.

    • \n
  • CVE-2008-4933\n

    Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to overrun a buffer, resulting\n in a system oops or memory corruption.

    • \n
  • CVE-2008-4934\n

    Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that results in a kernel oops due to an unchecked\n return value.

    • \n
  • CVE-2008-5025\n

    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.\n Local users who have been granted the privileges necessary to\n mount a filesystem would be able to craft a filesystem with a\n corrupted catalog name length, resulting in a system oops or\n memory corruption.

    • \n
  • CVE-2008-5029\n

    Andrea Bittau reported a DoS issue in the unix socket subsystem\n that allows a local user to cause memory corruption, resulting in\n a kernel panic.

    • \n
  • CVE-2008-5134\n

    Johannes Berg reported a remote DoS issue in the libertas wireless\n driver, which can be triggered by a specially crafted beacon/probe\n response.

    • \n
  • CVE-2008-5182\n

    Al Viro reported race conditions in the inotify subsystem that may\n allow local users to acquire elevated privileges.

    • \n
  • CVE-2008-5300\n

    Dann Frazier reported a DoS condition that allows local users to\n cause the out of memory handler to kill off privileged processes\n or trigger soft lockups due to a starvation issue in the unix\n socket subsystem.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.7.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.7.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.7_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.7_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.7_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.7_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.7_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.7_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.7_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.7_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.7_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.7_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.7_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.7_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.7_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1682": "
\n

Debian Security Advisory

\n

DSA-1682-1 squirrelmail -- insufficient input sanitising

\n
\n
Date Reported:
\n
07 Dec 2008
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2379.
\n
More information:
\n
\n

Ivan Markovic discovered that SquirrelMail, a webmail application, did not\nsufficiently sanitise incoming HTML email, allowing an attacker to perform\ncross site scripting through sending a malicious HTML email.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.9a-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.15-4.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1683": "
\n

Debian Security Advisory

\n

DSA-1683-1 streamripper -- buffer overflow

\n
\n
Date Reported:
\n
08 Dec 2008
\n
Affected Packages:
\n
\nstreamripper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 506377.
In Mitre's CVE dictionary: CVE-2007-4337, CVE-2008-4829.
\n
More information:
\n
\n

\nMultiple buffer overflows involving HTTP header and playlist parsing\nhave been discovered in streamripper (CVE-2007-4337, CVE-2008-4829).\n

\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.61.27-1+etch1.\n

\n

\nFor the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 1.63.5-2.\n

\n

\nWe recommend that you upgrade your streamripper package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/streamripper/streamripper_1.61.27-1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1684": "
\n

Debian Security Advisory

\n

DSA-1684-1 lcms -- multiple vulnerabilities

\n
\n
Date Reported:
\n
10 Dec 2008
\n
Affected Packages:
\n
\nlcms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5316, CVE-2008-5317.
\n
More information:
\n
\n

Two vulnerabilities have been found in lcms, a library and set of\ncommandline utilities for image color management. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-5316\n

    Inadequate enforcement of fixed-length buffer limits allows an\n attacker to overflow a buffer on the stack, potentially enabling\n the execution of arbitrary code when a maliciously-crafted\n image is opened.

    • \n
  • CVS-2008-5317\n

    An integer sign error in reading image gamma data could allow an\n attacker to cause an under-sized buffer to be allocated for\n subsequent image data, with unknown consequences potentially\n including the execution of arbitrary code if a maliciously-crafted\n image is opened.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.15-1.1+etch1.

\n

For the upcoming stable distribution (lenny), and the unstable\ndistribution (sid), these problems are fixed in version 1.17.dfsg-1.

\n

We recommend that you upgrade your lcms packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1685": "
\n

Debian Security Advisory

\n

DSA-1685-1 uw-imap -- buffer overflows, null pointer dereference

\n
\n
Date Reported:
\n
12 Dec 2008
\n
Affected Packages:
\n
\nuw-imap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5005, CVE-2008-5006.
\n
More information:
\n
\n

Two vulnerabilities have been found in uw-imap, an IMAP\nimplementation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n

It was discovered that several buffer overflows can be triggered via a\nlong folder extension argument to the tmail or dmail program. This\ncould lead to arbitrary code execution (CVE-2008-5005).

\n

It was discovered that a NULL pointer dereference could be triggered by\na malicious response to the QUIT command leading to a denial of service\n(CVE-2008-5006).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 2002edebian1-13.1+etch1.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), these problems have been fixed in version 2007d~dfsg-1.

\n

We recommend that you upgrade your uw-imap packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-13.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imap_2002edebian1-13.1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd-ssl_2002edebian1-13.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd-ssl_2002edebian1-13.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-mailutils_2002edebian1-13.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/ipopd_2002edebian1-13.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client-dev_2002edebian1-13.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/mlock_2002edebian1-13.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/libc-client2002edebian_2002edebian1-13.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/uw-imap/uw-imapd_2002edebian1-13.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1686": "
\n

Debian Security Advisory

\n

DSA-1686-1 no-ip -- buffer overflow

\n
\n
Date Reported:
\n
14 Dec 2008
\n
Affected Packages:
\n
\nno-ip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 506179.
In Mitre's CVE dictionary: CVE-2008-5297.
\n
More information:
\n
\n

A buffer overflow has been discovered in the HTTP parser of the No-IP.com\nDynamic DNS update client, which may result in the execution of arbitrary\ncode.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.1.1-4+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable distribution\n(sid), this problem has been fixed in version 2.1.7-11.

\n

We recommend that you upgrade your no-ip package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/no-ip/no-ip_2.1.1-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1687": "
\n

Debian Security Advisory

\n

DSA-1687-1 linux-2.6 -- denial of service/privilege escalation

\n
\n
Date Reported:
\n
15 Dec 2008
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-3527, CVE-2008-3528, CVE-2008-4554, CVE-2008-4576, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-3527\n

    Tavis Ormandy reported a local DoS and potential privilege\n escalation in the Virtual Dynamic Shared Objects (vDSO)\n implementation.

    • \n
  • CVE-2008-3528\n

    Eugene Teo reported a local DoS issue in the ext2 and ext3\n filesystems. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to output error messages in an\n infinite loop.

    • \n
  • CVE-2008-4554\n

    Milos Szeredi reported that the usage of splice() on files opened\n with O_APPEND allows users to write to the file at arbitrary\n offsets, enabling a bypass of possible assumed semantics of the\n O_APPEND flag.

    • \n
  • CVE-2008-4576\n

    Vlad Yasevich reported an issue in the SCTP subsystem that may\n allow remote users to cause a local DoS by triggering a kernel\n oops.

    • \n
  • CVE-2008-4933\n

    Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that causes the kernel to overrun a buffer, resulting\n in a system oops or memory corruption.

    • \n
  • CVE-2008-4934\n

    Eric Sesterhenn reported a local DoS issue in the hfsplus\n filesystem. Local users who have been granted the privileges\n necessary to mount a filesystem would be able to craft a corrupted\n filesystem that results in a kernel oops due to an unchecked\n return value.

    • \n
  • CVE-2008-5025\n

    Eric Sesterhenn reported a local DoS issue in the hfs filesystem.\n Local users who have been granted the privileges necessary to\n mount a filesystem would be able to craft a filesystem with a\n corrupted catalog name length, resulting in a system oops or\n memory corruption.

    • \n
  • CVE-2008-5029\n

    Andrea Bittau reported a DoS issue in the unix socket subsystem\n that allows a local user to cause memory corruption, resulting in\n a kernel panic.

    • \n
  • CVE-2008-5079\n

    Hugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc_listen function\n twice on the same socket and reading /proc/net/atm/*vc.

    • \n
  • CVE-2008-5182\n

    Al Viro reported race conditions in the inotify subsystem that may\n allow local users to acquire elevated privileges.

    • \n
  • CVE-2008-5300\n

    Dann Frazier reported a DoS condition that allows local users to\n cause the out of memory handler to kill off privileged processes\n or trigger soft lockups due to a starvation issue in the unix\n socket subsystem.

    • \n
\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-23etch1.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-23etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-23etch1.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-23etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-23etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-23etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-23etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-23etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-23etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-23etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-23etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-23etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-23etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-23etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-23etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-23etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-23etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-23etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-23etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-23etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-23etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-23etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-23etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-23etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-23etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1688": "
\n

Debian Security Advisory

\n

DSA-1688-1 courier-authlib -- SQL injection

\n
\n
Date Reported:
\n
20 Dec 2008
\n
Affected Packages:
\n
\ncourier-authlib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2380, CVE-2008-2667.
\n
More information:
\n
\n

Two SQL injection vulnerabilities have been found in courier-authlib,\nthe courier authentification library. The MySQL database interface used\ninsufficient escaping mechanisms when constructing SQL statements,\nleading to SQL injection vulnerabilities if certain charsets are used\n(CVE-2008-2380). A similar issue affects the PostgreSQL database\ninterface (CVE-2008-2667).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.58-4+etch2.

\n

For the testing distribution (lenny) and the unstable distribution\n(sid), these problems have been fixed in version 0.61.0-1+lenny1.

\n

We recommend that you upgrade your courier-authlib packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authdaemon_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-mysql_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-dev_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-ldap_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-userdb_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-postgresql_0.58-4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/courier-authlib/courier-authlib-pipe_0.58-4+etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1689": "
\n

Debian Security Advisory

\n

DSA-1689-1 proftpd-dfsg -- missing input validation

\n
\n
Date Reported:
\n
21 Dec 2008
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 502674.
In the Bugtraq database (at SecurityFocus): BugTraq ID 31289.
In Mitre's CVE dictionary: CVE-2008-4242.
\n
More information:
\n
\n

Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is\nvulnerable to cross-site request forgery (CSRF) attacks and executes\narbitrary FTP commands via a long ftp:// URI that leverages an\nexisting session from the FTP client implementation in a web browser.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 1.3.0-19etch2 and in version 1.3.1-15~bpo40+1 for backports.

\n

For the testing (lenny) and unstable (sid) distributions this problem\nhas been fixed in version 1.3.1-15.

\n

We recommend that you upgrade your proftpd-dfsg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.0-19etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-ldap_1.3.0-19etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mysql_1.3.0-19etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-pgsql_1.3.0-19etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1690": "
\n

Debian Security Advisory

\n

DSA-1690-1 avahi -- assert errors

\n
\n
Date Reported:
\n
22 Dec 2008
\n
Affected Packages:
\n
\navahi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 508700.
In Mitre's CVE dictionary: CVE-2007-3372, CVE-2008-5081.
\n
More information:
\n
\n

Two denial of service conditions were discovered in avahi, a Multicast\nDNS implementation.

\n

Huge Dias discovered that the avahi daemon aborts with an assert error\nif it encounters a UDP packet with source port 0 (CVE-2008-5081).

\n

It was discovered that the avahi daemon aborts with an assert error if\nit receives an empty TXT record over D-Bus (CVE-2007-3372).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 0.6.16-3etch2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.6.23-3.

\n

We recommend that you upgrade your avahi packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16-3etch2.dsc
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.16-3etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-discover_0.6.16-3etch2_all.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/python-avahi_0.6.16-3etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core4_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.16-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.16-3etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1691": "
\n

Debian Security Advisory

\n

DSA-1691-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Dec 2008
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 432264, Bug 471158, Bug 489533, Bug 492492, Bug 504235, Bug 504345, Bug 508593.
In Mitre's CVE dictionary: CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Moodle, an online\ncourse management system. The following issues are addressed in this\nupdate, ranging from cross site scripting to remote code execution.

\n

Various cross site scripting issues in the Moodle codebase\n(CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432,\nMSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806,\nMDL-10276).

\n

Various cross site request forgery issues in the Moodle codebase\n(CVE-2008-3325, MSA-08-0023).

\n

Privilege escalation bugs in the Moodle codebase (MSA-08-0001, MDL-7755).

\n

SQL injection issue in the hotpot module (MSA-08-0010).

\n

An embedded copy of Smarty had several vulnerabilities\n(CVE-2008-4811, CVE-2008-4810).\nAn embedded copy of Snoopy was vulnerable to cross site scripting\n(CVE-2008-4796).\nAn embedded copy of Kses was vulnerable to cross site scripting\n(CVE-2008-1502).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.6.3-2+etch1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.2.dfsg-2.

\n

We recommend that you upgrade your moodle (1.6.3-2+etch1) package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1692": "
\n

Debian Security Advisory

\n

DSA-1692-1 php-xajax -- insufficient input sanitising

\n
\n
Date Reported:
\n
27 Dec 2008
\n
Affected Packages:
\n
\nphp-xajax\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-2739.
\n
More information:
\n
\n

\nIt was discovered that php-xajax, a library to develop Ajax\napplications, did not sufficiently sanitise URLs, which allows attackers\nto perform cross-site scripting attacks by using malicious URLs.\n

\n

\nFor the stable distribution (etch) this problem has been fixed in\nversion 0.2.4-2+etch1.\n

\n

\nFor the testing (lenny) and unstable (sid) distributions this problem\nhas been fixed in version 0.2.5-1.\n

\n

\nWe recommend that you upgrade your php-xajax package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php-xajax/php-xajax_0.2.4-2+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1693": "
\n

Debian Security Advisory

\n

DSA-1693-2 phppgadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Dec 2008
\n
Affected Packages:
\n
\nphppgadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 427151, Bug 449103, Bug 508026.
In Mitre's CVE dictionary: CVE-2007-2865, CVE-2007-5728, CVE-2008-5587.
\n
More information:
\n
\n

\nSeveral remote vulnerabilities have been discovered in phpPgAdmin, a tool\nto administrate PostgreSQL database over the web. The Common\nVulnerabilities and Exposures project identifies the following problems:\n

\n
    \n
  • CVE-2007-2865\n

    \n Cross-site scripting vulnerability allows remote attackers to inject\n arbitrary web script or HTML via the server parameter.\n

    • \n
  • CVE-2007-5728\n

    \n Cross-site scripting vulnerability allows remote attackers to inject\n arbitrary web script or HTML via PHP_SELF.\n

    • \n
  • CVE-2008-5587\n

    \n Directory traversal vulnerability allows remote attackers to read\n arbitrary files via _language parameter.\n

    • \n
\n

\nFor the stable distribution (etch), these problems have been fixed in\nversion 4.0.1-3.1etch2.\n

\n

\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.1-1.1.\n

\n

\nWe recommend that you upgrade your phppgadmin package.\n

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phppgadmin/phppgadmin_4.0.1-3.1etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1694": "
\n

Debian Security Advisory

\n

DSA-1694-1 xterm -- design flaw

\n
\n
Date Reported:
\n
02 Jan 2009
\n
Affected Packages:
\n
\nxterm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 510030.
In Mitre's CVE dictionary: CVE-2008-2383.
\n
More information:
\n
\n

Paul Szabo discovered that xterm, a terminal emulator for the X Window\nSystem, places arbitrary characters into the input buffer when\ndisplaying certain crafted escape sequences (CVE-2008-2383).

\n

As an additional precaution, this security update also disables font\nchanging, user-defined keys, and X property changes through escape\nsequences.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 222-1etch3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your xterm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.dsc
\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xterm/xterm_222-1etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1695": "
\n

Debian Security Advisory

\n

DSA-1695-1 ruby1.8, ruby1.9 -- memory leak

\n
\n
Date Reported:
\n
02 Jan 2009
\n
Affected Packages:
\n
\nruby1.8, ruby1.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 494401.
In Mitre's CVE dictionary: CVE-2008-3443.
\n
More information:
\n
\n

The regular expression engine of Ruby, a scripting language, contains a\nmemory leak which can be triggered remotely under certain circumstances,\nleading to a denial of service condition (CVE-2008-3443).

\n

In addition, this security update addresses a regression in the REXML\nXML parser of the ruby1.8 package; the regression was introduced in\nDSA-1651-1.

\n

For the stable distribution (etch), this problem has been fixed in version\n1.8.5-4etch4 of the ruby1.8 package, and version 1.9.0+20060609-1etch4\nof the ruby1.9 package.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.7.72-1 of the ruby1.8 package. The ruby1.9 package will be\nfixed soon.

\n

We recommend that you upgrade your Ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch4_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1696": "
\n

Debian Security Advisory

\n

DSA-1696-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jan 2009
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-4582, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-0016\n

    Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the execution\n of arbitrary code. (MFSA 2008-37)

    • \n
  • CVE-2008-1380\n

    It was discovered that crashes in the Javascript engine could\n potentially lead to the execution of arbitrary code. (MFSA 2008-20)

    • \n
  • CVE-2008-3835\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)

    • \n
  • CVE-2008-4058\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

    • \n
  • CVE-2008-4059\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

    • \n
  • CVE-2008-4060\n

    Olli Pettay and \"moz_bug_r_a4\" discovered a Chrome privilege\n escalation vulnerability in XSLT handling. (MFSA 2008-41)

    • \n
  • CVE-2008-4061\n

    Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code. (MFSA 2008-42)

    • \n
  • CVE-2008-4062\n

    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code. (MFSA 2008-42)

    • \n
  • CVE-2008-4065\n

    Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n (MFSA 2008-43)

    • \n
  • CVE-2008-4067\n

    It was discovered that a directory traversal allows attackers to\n read arbitrary files via a certain character. (MFSA 2008-44)

    • \n
  • CVE-2008-4068\n

    It was discovered that a directory traversal allows attackers to\n bypass security restrictions and obtain sensitive information.\n (MFSA 2008-44)

    • \n
  • CVE-2008-4070\n

    It was discovered that a buffer overflow could be triggered via a\n long header in a news article, which could lead to arbitrary code\n execution. (MFSA 2008-46)

    • \n
  • CVE-2008-4582\n

    Liu Die Yu and Boris Zbarsky discovered an information leak through\n local shortcut files. (MFSA 2008-47, MFSA 2008-59)

    • \n
  • CVE-2008-5012\n

    Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions. (MFSA 2008-48)

    • \n
  • CVE-2008-5014\n

    Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution. (MFSA 2008-50)

    • \n
  • CVE-2008-5017\n

    It was discovered that crashes in the layout engine could lead to\n arbitrary code execution. (MFSA 2008-52)

    • \n
  • CVE-2008-5018\n

    It was discovered that crashes in the Javascript engine could lead to\n arbitrary code execution. (MFSA 2008-52)

    • \n
  • CVE-2008-5021\n

    It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code. (MFSA 2008-55)

    • \n
  • CVE-2008-5022\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n (MFSA 2008-56)

    • \n
  • CVE-2008-5024\n

    Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents. (MFSA 2008-58)

    • \n
  • CVE-2008-5500\n

    Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)

    • \n
  • CVE-2008-5503\n

    Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)

    • \n
  • CVE-2008-5506\n

    Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)

    • \n
  • CVE-2008-5507\n

    Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)

    • \n
  • CVE-2008-5508\n

    Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)

    • \n
  • CVE-2008-5511\n

    It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)

    • \n
  • CVE-2008-5512\n

    It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for\ns390 will be provided later.

\n

For the upcoming stable distribution (lenny) these problems will be\nfixed soon.

\n

For the unstable (sid) distribution these problems have been fixed in\nversion 2.0.0.19-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/mozilla-thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/thunderbird-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-typeaheadfind_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-inspector_1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1697": "
\n

Debian Security Advisory

\n

DSA-1697-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jan 2009
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-0017, CVE-2008-5021, CVE-2008-5024, CVE-2008-5022, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Iceape an\nunbranded version of the Seamonkey internet suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-0016\n

    Justin Schuh, Tom Cross and Peter Williams discovered a buffer\n overflow in the parser for UTF-8 URLs, which may lead to the\n execution of arbitrary code. (MFSA 2008-37)

    • \n
  • CVE-2008-0304\n

    It was discovered that a buffer overflow in MIME decoding can lead\n to the execution of arbitrary code. (MFSA 2008-26)

    • \n
  • CVE-2008-2785\n

    It was discovered that missing boundary checks on a reference\n counter for CSS objects can lead to the execution of arbitrary code.\n (MFSA 2008-34)

    • \n
  • CVE-2008-2798\n

    Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code. (MFSA 2008-21)

    • \n
  • CVE-2008-2799\n

    Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in\n the Javascript engine, which might allow the execution of arbitrary\n code. (MFSA 2008-21)

    • \n
  • CVE-2008-2800\n

    \"moz_bug_r_a4\" discovered several cross-site scripting vulnerabilities.\n (MFSA 2008-22)

    • \n
  • CVE-2008-2801\n

    Collin Jackson and Adam Barth discovered that Javascript code\n could be executed in the context or signed JAR archives. (MFSA 2008-23)

    • \n
  • CVE-2008-2802\n

    \"moz_bug_r_a4\" discovered that XUL documements can escalate\n privileges by accessing the pre-compiled \"fastload\" file.\n (MFSA 2008-24)

    • \n
  • CVE-2008-2803\n

    \"moz_bug_r_a4\" discovered that missing input sanitising in the\n mozIJSSubScriptLoader.loadSubScript() function could lead to the\n execution of arbitrary code. Iceape itself is not affected, but\n some addons are. (MFSA 2008-25)

    • \n
  • CVE-2008-2805\n

    Claudio Santambrogio discovered that missing access validation in\n DOM parsing allows malicious web sites to force the browser to\n upload local files to the server, which could lead to information\n disclosure. (MFSA 2008-27)

    • \n
  • CVE-2008-2807\n

    Daniel Glazman discovered that a programming error in the code for\n parsing .properties files could lead to memory content being\n exposed to addons, which could lead to information disclosure.\n (MFSA 2008-29)

    • \n
  • CVE-2008-2808\n

    Masahiro Yamada discovered that file URLs in directory listings\n were insufficiently escaped. (MFSA 2008-30)

    • \n
  • CVE-2008-2809\n

    John G. Myers, Frank Benkstein and Nils Toedtmann discovered that\n alternate names on self-signed certificates were handled\n insufficiently, which could lead to spoofings of secure connections.\n (MFSA 2008-31)

    • \n
  • CVE-2008-2810\n

    It was discovered that URL shortcut files could be used to bypass the\n same-origin restrictions. This issue does not affect current Iceape,\n but might occur with additional extensions installed. (MFSA 2008-32)

    • \n
  • CVE-2008-2811\n

    Greg McManus discovered a crash in the block reflow code, which might\n allow the execution of arbitrary code. (MFSA 2008-33)

    • \n
  • CVE-2008-2933\n

    Billy Rios discovered that passing an URL containing a pipe symbol\n to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35)

    • \n
  • CVE-2008-3835\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38)

    • \n
  • CVE-2008-3836\n

    \"moz_bug_r_a4\" discovered that several vulnerabilities in\n feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39)

    • \n
  • CVE-2008-3837\n

    Paul Nickerson discovered that an attacker could move windows\n during a mouse click, resulting in unwanted action triggered by\n drag-and-drop. (MFSA 2008-40)

    • \n
  • CVE-2008-4058\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

    • \n
  • CVE-2008-4059\n

    \"moz_bug_r_a4\" discovered a vulnerability which can result in\n Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41)

    • \n
  • CVE-2008-4060\n

    Olli Pettay and \"moz_bug_r_a4\" discovered a Chrome privilege\n escalation vulnerability in XSLT handling. (MFSA 2008-41)

    • \n
  • CVE-2008-4061\n

    Jesse Ruderman discovered a crash in the layout engine, which might\n allow the execution of arbitrary code. (MFSA 2008-42)

    • \n
  • CVE-2008-4062\n

    Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour\n discovered crashes in the Javascript engine, which might allow the\n execution of arbitrary code. (MFSA 2008-42)

    • \n
  • CVE-2008-4065\n

    Dave Reed discovered that some Unicode byte order marks are\n stripped from Javascript code before execution, which can result in\n code being executed, which were otherwise part of a quoted string.\n (MFSA 2008-43)

    • \n
  • CVE-2008-4067\n

    Boris Zbarsky discovered that resource: URLs allow directory\n traversal when using URL-encoded slashes. (MFSA 2008-44)

    • \n
  • CVE-2008-4068\n

    Georgi Guninski discovered that resource: URLs could bypass local\n access restrictions. (MFSA 2008-44)

    • \n
  • CVE-2008-4069\n

    Billy Hoffman discovered that the XBM decoder could reveal\n uninitialised memory. (MFSA 2008-45)

    • \n
  • CVE-2008-4070\n

    It was discovered that a buffer overflow could be triggered via a\n long header in a news article, which could lead to arbitrary code\n execution. (MFSA 2008-46)

    • \n
  • CVE-2008-5012\n

    Georgi Guninski, Michal Zalewski and Chris Evan discovered that\n the canvas element could be used to bypass same-origin\n restrictions. (MFSA 2008-48)

    • \n
  • CVE-2008-5013\n

    It was discovered that insufficient checks in the Flash plugin glue\n code could lead to arbitrary code execution. (MFSA 2008-49)

    • \n
  • CVE-2008-5014\n

    Jesse Ruderman discovered that a programming error in the\n window.__proto__.__proto__ object could lead to arbitrary code\n execution. (MFSA 2008-50)

    • \n
  • CVE-2008-5017\n

    It was discovered that crashes in the layout engine could lead to\n arbitrary code execution. (MFSA 2008-52)

    • \n
  • CVE-2008-0017\n

    Justin Schuh discovered that a buffer overflow in http-index-format\n parser could lead to arbitrary code execution. (MFSA 2008-54)

    • \n
  • CVE-2008-5021\n

    It was discovered that a crash in the nsFrameManager might lead to\n the execution of arbitrary code. (MFSA 2008-55)

    • \n
  • CVE-2008-5022\n

    \"moz_bug_r_a4\" discovered that the same-origin check in\n nsXMLHttpRequest::NotifyEventListeners() could be bypassed.\n (MFSA 2008-56)

    • \n
  • CVE-2008-5024\n

    Chris Evans discovered that quote characters were improperly\n escaped in the default namespace of E4X documents. (MFSA 2008-58)

    • \n
  • CVE-2008-4582\n

    Liu Die Yu discovered an information leak through local shortcut\n files. (MFSA 2008-59)

    • \n
  • CVE-2008-5500\n

    Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)

    • \n
  • CVE-2008-5503\n

    Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)

    • \n
  • CVE-2008-5506\n

    Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)

    • \n
  • CVE-2008-5507\n

    Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)

    • \n
  • CVE-2008-5508\n

    Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)

    • \n
  • CVE-2008-5511\n

    It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)

    • \n
  • CVE-2008-5512\n

    It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.0.13~pre080614i-0etch1.

\n

For the upcoming stable distribution (lenny) these problems\nwill be fixed soon.

\n

For the unstable (sid) distribution these problems have been fixed in\nversion 1.1.14-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-mailnews_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-calendar_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-chatzilla_1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-psm_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dev_1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-browser_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dev_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-js-debugger_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape_1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-chatzilla_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/mozilla-dom-inspector_1.8+1.0.13~pre080614i-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-browser_1.0.13~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dom-inspector_1.0.13~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-gnome-support_1.0.13~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-calendar_1.0.13~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-mailnews_1.0.13~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceape/iceape-dbg_1.0.13~pre080614i-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1698": "
\n

Debian Security Advisory

\n

DSA-1698-1 gforge -- insufficient input sanitising

\n
\n
Date Reported:
\n
09 Jan 2009
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-2381.
\n
More information:
\n
\n

It was discovered that GForge, a collaborative development tool,\ninsufficiently sanitises some input allowing a remote attacker to\nperform SQL injection.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 4.5.14-22etch10.

\n

For the testing (lenny) and unstable distribution (sid), this problem\nhas been fixed in version 4.7~rc2-7.

\n

We recommend that you upgrade your gforge package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch10_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1699": "
\n

Debian Security Advisory

\n

DSA-1699-1 zaptel -- array index error

\n
\n
Date Reported:
\n
11 Jan 2009
\n
Affected Packages:
\n
\nzaptel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 507459, Bug 510583.
In Mitre's CVE dictionary: CVE-2008-5396, CVE-2008-5744.
\n
More information:
\n
\n

An array index error in zaptel, a set of drivers for telephony hardware,\ncould allow users to crash the system or escalate their privileges by\noverwriting kernel memory (CVE-2008-5396).

\n

For the stable distribution (etch), this problem has been fixed in version\n1.2.11.dfsg-1+etch1.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), this problem has been fixed in version 1.4.11~dfsg-3.

\n

We recommend that you upgrade your zaptel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel-source_1.2.11.dfsg-1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone1_1.2.11.dfsg-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/libtonezone-dev_1.2.11.dfsg-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/z/zaptel/zaptel_1.2.11.dfsg-1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1700": "
\n

Debian Security Advisory

\n

DSA-1700-1 lasso -- incorrect API usage

\n
\n
Date Reported:
\n
11 Jan 2009
\n
Affected Packages:
\n
\nlasso\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511262.
In Mitre's CVE dictionary: CVE-2009-0050.
\n
More information:
\n
\n

It was discovered that Lasso, a library for Liberty Alliance and SAML\nprotocols performs incorrect validation of the return value of OpenSSL's\nDSA_verify() function.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.6.5-3+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 2.2.1-2.

\n

We recommend that you upgrade your lasso package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lasso/lasso_0.6.5-3+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lasso/php4-lasso_0.6.5-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3_0.6.5-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso-java_0.6.5-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/liblasso3-dev_0.6.5-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lasso/python-lasso_0.6.5-3+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1701": "
\n

Debian Security Advisory

\n

DSA-1701-1 openssl, openssl097 -- interpretation conflict

\n
\n
Date Reported:
\n
12 Jan 2009
\n
Affected Packages:
\n
\nopenssl, openssl097\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511196.
In Mitre's CVE dictionary: CVE-2008-5077.
\n
More information:
\n
\n

It was discovered that OpenSSL does not properly verify DSA signatures\non X.509 certificates due to an API misuse, potentially leading to the\nacceptance of incorrect X.509 certificates as genuine (CVE-2008-5077).

\n

For the stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch4 of the openssl package, and version\n0.9.7k-3.1etch2 of the openssl097 package.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-15.

\n

The testing distribution (lenny) will be fixed soon.

\n

We recommend that you upgrade your OpenSSL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1702": "
\n

Debian Security Advisory

\n

DSA-1702-1 ntp -- interpretation conflict

\n
\n
Date Reported:
\n
12 Jan 2009
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511227.
In Mitre's CVE dictionary: CVE-2009-0021.
\n
More information:
\n
\n

It has been discovered that NTP, an implementation of the Network Time\nProtocol, does not properly check the result of an OpenSSL function\nfor verifying cryptographic signatures, which may ultimately lead to\nthe acceptance of unauthenticated time information. (Note that\ncryptographic authentication of time servers is often not enabled in\nthe first place.)

\n

For the stable distribution (etch), this problem has been fixed in\nversion 4.2.2.p4+dfsg-2etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.2.4p4+dfsg-8.

\n

The testing distribution (lenny) will be fixed soon.

\n

We recommend that you upgrade your ntp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1.dsc
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch1_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1703": "
\n

Debian Security Advisory

\n

DSA-1703-1 bind9 -- interpretation conflict

\n
\n
Date Reported:
\n
12 Jan 2009
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0025.
\n
More information:
\n
\n

It was discovered that BIND, an implementation of the DNS protocol\nsuite, does not properly check the result of an OpenSSL function which\nis used to verify DSA cryptographic signatures. As a result,\nincorrect DNS resource records in zones protected by DNSSEC could be\naccepted as genuine.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch4.

\n

For the unstable distribution (sid) and the testing distribution\n(lenny), this problem will be fixed soon.

\n

We recommend that you upgrade your BIND packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1704": "
\n

Debian Security Advisory

\n

DSA-1704-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jan 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2008-5500\n

    Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)

    • \n
  • CVE-2008-5503\n

    Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)

    • \n
  • CVE-2008-5506\n

    Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)

    • \n
  • CVE-2008-5507\n

    Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)

    • \n
  • CVE-2008-5508\n

    Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)

    • \n
  • CVE-2008-5511\n

    It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)

    • \n
  • CVE-2008-5512\n

    It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.8.0.15~pre080614i-0etch1.

\n

For the testing distribution (lenny) and the unstable distribution (sid)\nthese problems have been fixed in version 1.9.0.5-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-dev_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-common_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul-dev_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs1_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-dev_1.8.0.15~pre080614i-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libsmjs-dev_1.8.0.15~pre080614i-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-gnome-support_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-tools_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnss3-0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs0d_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libnspr4-0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libxul0d-dbg_1.8.0.15~pre080614i-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1705": "
\n

Debian Security Advisory

\n

DSA-1705-1 netatalk -- missing input sanitising

\n
\n
Date Reported:
\n
15 Jan 2009
\n
Affected Packages:
\n
\nnetatalk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 510585.
In Mitre's CVE dictionary: CVE-2008-5718.
\n
More information:
\n
\n

It was discovered that netatalk, an implementation of the AppleTalk\nsuite, is affected by a command injection vulnerability when processing\nPostScript streams via papd. This could lead to the execution of\narbitrary code. Please note that this only affects installations that are\nconfigured to use a pipe command in combination with wildcard symbols\nsubstituted with values of the printed job.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 2.0.3-4+etch1.

\n

For the upcoming stable distribution (lenny) this problem has been fixed\nin version 2.0.3-11+lenny1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.0.4~beta2-1.

\n

We recommend that you upgrade your netatalk package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netatalk/netatalk_2.0.3-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1706": "
\n

Debian Security Advisory

\n

DSA-1706-1 amarok -- integer overflows

\n
\n
Date Reported:
\n
15 Jan 2009
\n
Affected Packages:
\n
\namarok\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Tobias Klein discovered that integer overflows in the code the Amarok\nmedia player uses to parse Audible files may lead to the execution of\narbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-4etch1. Updated packages for sparc and arm will be\nprovided later.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version 1.4.10-2.

\n

We recommend that you upgrade your amarok packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-engines_1.4.4-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok-xine_1.4.4-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/amarok/amarok_1.4.4-4etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1707": "
\n

Debian Security Advisory

\n

DSA-1707-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jan 2009
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5500, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2008-5500\n

    Jesse Ruderman discovered that the layout engine is vulnerable to\n DoS attacks that might trigger memory corruption and an integer\n overflow. (MFSA 2008-60)

    • \n
  • CVE-2008-5503\n

    Boris Zbarsky discovered that an information disclosure attack could\n be performed via XBL bindings. (MFSA 2008-61)

    • \n
  • CVE-2008-5504\n

    It was discovered that attackers could run arbitrary JavaScript with\n chrome privileges via vectors related to the feed preview.\n (MFSA 2008-62)

    • \n
  • CVE-2008-5506\n

    Marius Schilder discovered that it is possible to obtain sensible\n data via a XMLHttpRequest. (MFSA 2008-64)

    • \n
  • CVE-2008-5507\n

    Chris Evans discovered that it is possible to obtain sensible data\n via a JavaScript URL. (MFSA 2008-65)

    • \n
  • CVE-2008-5508\n

    Chip Salzenberg discovered possible phishing attacks via URLs with\n leading whitespaces or control characters. (MFSA 2008-66)

    • \n
  • CVE-2008-5510\n

    Kojima Hajime and Jun Muto discovered that escaped null characters\n were ignored by the CSS parser and could lead to the bypass of\n protection mechanisms (MFSA 2008-67)

    • \n
  • CVE-2008-5511\n

    It was discovered that it is possible to perform cross-site scripting\n attacks via an XBL binding to an \"unloaded document.\" (MFSA 2008-68)

    • \n
  • CVE-2008-5512\n

    It was discovered that it is possible to run arbitrary JavaScript\n with chrome privileges via unknown vectors. (MFSA 2008-68)

    • \n
  • CVE-2008-5513\n

    moz_bug_r_a4 discovered that the session-restore feature does not\n properly sanitise input leading to arbitrary injections. This issue\n could be used to perform an XSS attack or run arbitrary JavaScript\n with chrome privileges. (MFSA 2008-69)

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 2.0.0.19-0etch1.

\n

For the testing distribution (lenny) and the unstable distribution (sid)\nthese problems have been fixed in version 3.0.5-1. Please note iceweasel\nin Lenny links dynamically against xulrunner.

\n

We recommend that you upgrade your iceweasel package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dom-inspector_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-gnome-support_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox-dom-inspector_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/firefox_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-gnome-support_2.0.0.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/mozilla-firefox-dom-inspector_2.0.0.19-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_2.0.0.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_2.0.0.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_2.0.0.19-0etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1708": "
\n

Debian Security Advisory

\n

DSA-1708-1 git-core -- shell command injection

\n
\n
Date Reported:
\n
19 Jan 2009
\n
Affected Packages:
\n
\ngit-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 512330.
In Mitre's CVE dictionary: CVE-2008-5516, CVE-2008-5517, CVE-2008-5916.
\n
More information:
\n
\n

It was discovered that gitweb, the web interface for the Git version\ncontrol system, contained several vulnerabilities:

\n

Remote attackers could use crafted requests to execute shell commands on\nthe web server, using the snapshot generation and pickaxe search\nfunctionality (CVE-2008-5916).

\n

Local users with write access to the configuration of a Git repository\nserved by gitweb could cause gitweb to execute arbitrary shell commands\nwith the permission of the web server (CVE-2008-5516, CVE-2008-5517).

\n

For the stable distribution (etch), these problems have been fixed in\nversion 1.4.4.4-4+etch1.

\n

For the unstable distribution (sid) and testing distribution (lenny),\nthe remote shell command injection issue (CVE-2008-5516) has been fixed\nin version 1.5.6-1. The other issue will be fixed soon.

\n

We recommend that you upgrade your Git packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1709": "
\n

Debian Security Advisory

\n

DSA-1709-1 shadow -- race condition

\n
\n
Date Reported:
\n
21 Jan 2009
\n
Affected Packages:
\n
\nshadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 505271.
In Mitre's CVE dictionary: CVE-2008-5394.
\n
More information:
\n
\n

Paul Szabo discovered that login, the system login tool, did not\ncorrectly handle symlinks while setting up tty permissions. If a local\nattacker were able to gain control of the system utmp file, they could\ncause login to change the ownership and permissions on arbitrary files,\nleading to a root privilege escalation.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 4.0.18.1-7+etch1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.1.1-6.

\n

We recommend that you upgrade your shadow package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shadow/shadow_4.0.18.1-7+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shadow/login_4.0.18.1-7+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shadow/passwd_4.0.18.1-7+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1710": "
\n

Debian Security Advisory

\n

DSA-1710-1 ganglia-monitor-core -- buffer overflow

\n
\n
Date Reported:
\n
25 Jan 2009
\n
Affected Packages:
\n
\nganglia-monitor-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0241.
\n
More information:
\n
\n

Spike Spiegel discovered a stack-based buffer overflow in gmetad, the\nmeta-daemon for the ganglia cluster monitoring toolkit, which could be\ntriggered via a request with long path names and might enable\narbitrary code execution.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.5.7-3.1etch1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.5.7-5.

\n

For the testing distribution (lenny), this problem will be fixed soon.

\n

We recommend that you upgrade your ganglia-monitor-core packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor-core_2.5.7-3.1etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/ganglia-monitor_2.5.7-3.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1-dev_2.5.7-3.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/gmetad_2.5.7-3.1etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ganglia-monitor-core/libganglia1_2.5.7-3.1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1711": "
\n

Debian Security Advisory

\n

DSA-1711-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jan 2009
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 512608.
In the Bugtraq database (at SecurityFocus): BugTraq ID 33376.
In Mitre's CVE dictionary: CVE-2009-0255, CVE-2009-0256, CVE-2009-0257, CVE-2009-0258.
\n
More information:
\n
\n

Several remotely exploitable vulnerabilities have been discovered in the\nTYPO3 web content management framework. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-0255\n

    Chris John Riley discovered that the TYPO3-wide used encryption key is\n generated with an insufficiently random seed resulting in low entropy\n which makes it easier for attackers to crack this key.

    • \n
  • CVE-2009-0256\n

    Marcus Krause discovered that TYPO3 is not invalidating a supplied session\n on authentication which allows an attacker to take over a victims\n session via a session fixation attack.

    • \n
  • CVE-2009-0257\n

    Multiple cross-site scripting vulnerabilities allow remote attackers to\n inject arbitrary web script or HTML via various arguments and user supplied\n strings used in the indexed search system extension, adodb extension test\n scripts or the workspace module.

    • \n
  • CVE-2009-0258\n

    Mads Olesen discovered a remote command injection vulnerability in\n the indexed search system extension which allows attackers to\n execute arbitrary code via a crafted file name which is passed\n unescaped to various system tools that extract file content for\n the indexing.

    • \n
\n

Because of CVE-2009-0255, please make sure that besides installing\nthis update, you also create a new encryption key after the\ninstallation.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 4.0.2+debian-7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.2.5-1.

\n

We recommend that you upgrade your TYPO3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-7.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-7_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1712": "
\n

Debian Security Advisory

\n

DSA-1712-1 rt2400 -- integer overflow

\n
\n
Date Reported:
\n
28 Jan 2009
\n
Affected Packages:
\n
\nrt2400\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0282.
\n
More information:
\n
\n

It was discovered that an integer overflow in the \"Probe Request\" packet\nparser of the Ralinktech wireless drivers might lead to remote denial of\nservice or the execution of arbitrary code.

\n

Please note that you need to rebuild your driver from the source\npackage in order to set this update into effect. Detailed\ninstructions can be found in /usr/share/doc/rt2400-source/README.Debian

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.2.2+cvs20060620-4+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version\n1.2.2+cvs20080623-3.

\n

We recommend that you upgrade your rt2400 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400-source_1.2.2+cvs20060620-4+etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rt2400/rt2400_1.2.2+cvs20060620-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1713": "
\n

Debian Security Advisory

\n

DSA-1713-1 rt2500 -- integer overflow

\n
\n
Date Reported:
\n
28 Jan 2009
\n
Affected Packages:
\n
\nrt2500\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0282.
\n
More information:
\n
\n

It was discovered that an integer overflow in the \"Probe Request\"\npacket parser of the Ralinktech wireless drivers might lead to\nremote denial of service or the execution of arbitrary code.

\n

Please note that you need to rebuild your driver from the source\npackage in order to set this update into effect. Detailed\ninstructions can be found in /usr/share/doc/rt2500-source/README.Debian

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.1.0+cvs20060620-3+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version\n1:1.1.0-b4+cvs20080623-3.

\n

We recommend that you upgrade your rt2500 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500-source_1.1.0+cvs20060620-3+etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/rt2500/rt2500_1.1.0+cvs20060620-3+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1714": "
\n

Debian Security Advisory

\n

DSA-1714-1 rt2570 -- integer overflow

\n
\n
Date Reported:
\n
28 Jan 2009
\n
Affected Packages:
\n
\nrt2570\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0282.
\n
More information:
\n
\n

It was discovered that an integer overflow in the \"Probe Request\" packet\nparser of the Ralinktech wireless drivers might lead to remote denial of\nservice or the execution of arbitrary code.

\n

Please note that you need to rebuild your driver from the source\npackage in order to set this update into effect. Detailed\ninstructions can be found in /usr/share/doc/rt2570-source/README.Debian

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.1.0+cvs20060620-3+etch1.

\n

For the upcoming stable distribution (lenny) and the unstable\ndistribution (sid), this problem has been fixed in version\n1.1.0+cvs20080623-2.

\n

We recommend that you upgrade your rt2570 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620-3+etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rt2570/rt2570_1.1.0+cvs20060620.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/rt2570/rt2570-source_1.1.0+cvs20060620-3+etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1715": "
\n

Debian Security Advisory

\n

DSA-1715-1 moin -- insufficient input sanitising

\n
\n
Date Reported:
\n
29 Jan 2009
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 513158.
In Mitre's CVE dictionary: CVE-2009-0260, CVE-2009-0312.
\n
More information:
\n
\n

It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260).\nAnother cross-site scripting vulnerability was discovered in the\nantispam feature (CVE-2009-0312).

\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.5.3-1.2etch2.

\n

For the testing (lenny) distribution these problems have been fixed in\nversion 1.7.1-3+lenny1.

\n

For the unstable (sid) distribution these problems have been fixed in\nversion 1.8.1-1.1.

\n

We recommend that you upgrade your moin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.5.3-1.2etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb
\n
http://security.debian.org/pool/updates/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1716": "
\n

Debian Security Advisory

\n

DSA-1716-1 vnc4 -- integer overflow

\n
\n
Date Reported:
\n
31 Jan 2009
\n
Affected Packages:
\n
\nvnc4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 513531.
In Mitre's CVE dictionary: CVE-2008-4770.
\n
More information:
\n
\n

It was discovered that xvnc4viewer, a virtual network computing client\nsoftware for X, is prone to an integer overflow via a malicious\nencoding value that could lead to arbitrary code execution.

\n

For the stable distribution (etch) this problem has been fixed in\nversion 4.1.1+X4.3.0-21+etch1.

\n

For the unstable (sid) distribution this problem has been fixed in\nversion 4.1.1+X4.3.0-31.

\n

For the testing (lenny) distribution this problem will be fixed soon.

\n

We recommend that you upgrade your vnc4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4_4.1.1+X4.3.0-21+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vnc4/xvnc4viewer_4.1.1+X4.3.0-21+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4server_4.1.1+X4.3.0-21+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vnc4/vnc4-common_4.1.1+X4.3.0-21+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1717": "
\n

Debian Security Advisory

\n

DSA-1717-1 devil -- buffer overflow

\n
\n
Date Reported:
\n
05 Feb 2009
\n
Affected Packages:
\n
\ndevil\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511844, Bug 512122.
In Mitre's CVE dictionary: CVE-2008-5262.
\n
More information:
\n
\n

Stefan Cornelius discovered a buffer overflow in devil, a cross-platform\nimage loading and manipulation toolkit, which could be triggered via a\ncrafted Radiance RGBE file. This could potentially lead to the execution\nof arbitrary code.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.6.7-5+etch1.

\n

For the testing distribution (lenny), this problem has been fixed in\nversion 1.6.8-rc2-3+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.5-4.

\n

We recommend that you upgrade your devil package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.dsc
\n
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7-5+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/devil/devil_1.6.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/devil/libdevil1c2_1.6.7-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/devil/libdevil-dev_1.6.7-5+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1718": "
\n

Debian Security Advisory

\n

DSA-1718-1 boinc -- incorrect API usage

\n
\n
Date Reported:
\n
08 Feb 2009
\n
Affected Packages:
\n
\nboinc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511521.
In Mitre's CVE dictionary: CVE-2009-0126.
\n
More information:
\n
\n

It was discovered that the core client for the BOINC distributed\ncomputing infrastructure performs incorrect validation of the return\nvalues of OpenSSL's RSA functions.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 5.4.11-4+etch1.

\n

For the upcoming stable distribution (lenny), this problem has been\nfixed in version 6.2.14-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.2.14-3.

\n

We recommend that you upgrade your boinc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11-4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc_5.4.11-4+etch1.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-dev_5.4.11-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-client_5.4.11-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/boinc/boinc-manager_5.4.11-4+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1719": "
\n

Debian Security Advisory

\n

DSA-1719-1 gnutls13 -- design flaw

\n
\n
Date Reported:
\n
10 Feb 2009
\n
Affected Packages:
\n
\ngnutls13\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 505360.
In Mitre's CVE dictionary: CVE-2008-4989.
\n
More information:
\n
\n

Martin von Gagern discovered that GNUTLS, an implementation of the\nTLS/SSL protocol, handles verification of X.509 certificate chains\nincorrectly if a self-signed certificate is configured as a trusted\ncertificate. This could cause clients to accept forged server\ncertificates as genuine. (CVE-2008-4989)

\n

In addition, this update tightens the checks for X.509v1 certificates\nwhich causes GNUTLS to reject certain certificate chains it accepted\nbefore. (In certificate chain processing, GNUTLS does not recognize\nX.509v1 certificates as valid unless explicitly requested by the\napplication.)

\n

For the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-3 of the gnutls26 package.

\n

We recommend that you upgrade your gnutls13 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1720": "
\n

Debian Security Advisory

\n

DSA-1720-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2009
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 514713.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework.

\n

Marcus Krause and Michael Stucki from the TYPO3 security team\ndiscovered that the jumpUrl mechanism discloses secret hashes enabling\na remote attacker to bypass access control by submitting the correct\nvalue as a URL parameter and thus being able to read the content of\narbitrary files.

\n

Jelmer de Hen and Dmitry Dulepov discovered multiple cross-site\nscripting vulnerabilities in the backend user interface allowing\nremote attackers to inject arbitrary web script or HTML.

\n

As it is very likely that your encryption key has been exposed we\nstrongly recommend to change your encryption key via the install tool\nafter installing the update.

\n

For the stable distribution (etch) these problems have been fixed in\nversion 4.0.2+debian-8.

\n

For the testing distribution (lenny) these problems have been fixed in\nversion 4.2.5-1+lenny1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.2.6-1.

\n

We recommend that you upgrade your typo3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.dsc
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-8.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-8_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-8_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1721": "
\n

Debian Security Advisory

\n

DSA-1721-1 libpam-krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Feb 2009
\n
Affected Packages:
\n
\nlibpam-krb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0360, CVE-2009-0361.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in the PAM module\nfor MIT Kerberos. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-0360\n

    Russ Allbery discovered that the Kerberos PAM module parsed\n configuration settings from environment variables when run from a\n setuid context. This could lead to local privilege escalation if\n an attacker points a setuid program using PAM authentication to a\n Kerberos setup under her control.

    • \n
  • CVE-2009-0361\n

    Derek Chan discovered that the Kerberos PAM module allows\n reinitialisation of user credentials when run from a setuid\n context, resulting in potential local denial of service by\n overwriting the credential cache file or to privilege escalation.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6-1etch1.

\n

For the upcoming stable distribution (lenny), these problems have been\nfixed in version 3.11-4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your libpam-krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpam-krb5/libpam-krb5_2.6-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1722": "
\n

Debian Security Advisory

\n

DSA-1722-1 libpam-heimdal -- programming error

\n
\n
Date Reported:
\n
11 Feb 2009
\n
Affected Packages:
\n
\nlibpam-heimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0361.
\n
More information:
\n
\n

Derek Chan discovered that the PAM module for the Heimdal Kerberos\nimplementation allows reinitialisation of user credentials when run\nfrom a setuid context, resulting in potential local denial of service\nby overwriting the credential cache file or to local privilege\nescalation.

\n

For the stable distribution (etch), this problem has been fixed in\nversion 2.5-1etch1.

\n

For the upcoming stable distribution (lenny), this problem has been\nfixed in version 3.10-2.1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libpam-heimdal package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpam-heimdal/libpam-heimdal_2.5-1etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1723": "
\n

Debian Security Advisory

\n

DSA-1723-1 phpmyadmin -- insufficient input sanitising

\n
\n
Date Reported:
\n
11 Feb 2009
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5621.
\n
More information:
\n
\n

Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL\nover the web, performs insufficient input sanitising allowing a user\nassisted remote attacker to execute code on the webserver.

\n

For the stable distribution (etch), this problem has been fixed in version\n2.9.1.1-10.

\n

For the testing distribution (lenny) and unstable distribution (sid), this\nproblem has been fixed in version 2.11.8.1-5.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-10_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1724": "
\n

Debian Security Advisory

\n

DSA-1724-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Feb 2009
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 514284.
In Mitre's CVE dictionary: CVE-2009-0500, CVE-2009-0502, CVE-2008-5153.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0500\n

    It was discovered that the information stored in the log tables\n was not properly sanitized, which could allow attackers to inject\n arbitrary web code.

    • \n
  • CVE-2009-0502\n

    It was discovered that certain input via the \"Login as\" function\n was not properly sanitised leading to the injection of arbitrary\n web script.

    • \n
  • CVE-2008-5153\n

    Dmitry E. Oboukhov discovered that the SpellCheker plugin creates\n temporary files insecurely, allowing a denial of service attack.\n Since the plugin was unused, it is removed in this update.

    • \n
\n

For the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.

\n

For the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.

\n

For the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.

\n

We recommend that you upgrade your moodle package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1725": "
\n

Debian Security Advisory

\n

DSA-1725-1 websvn -- programming error

\n
\n
Date Reported:
\n
15 Feb 2009
\n
Affected Packages:
\n
\nwebsvn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 512191.
In Mitre's CVE dictionary: CVE-2009-0240.
\n
More information:
\n
\n

Bas van Schaik discovered that WebSVN, a tool to view Subversion\nrepositories over the web, did not properly restrict access to private\nrepositories, allowing a remote attacker to read significant parts of\ntheir content.

\n

The old stable distribution (etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0-4+lenny1.

\n

For the unstable distribution (sid), this problem has also been fixed in\nversion 2.0-4+lenny1.

\n

We recommend that you upgrade your websvn package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/websvn/websvn_2.0-4+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1726": "
\n

Debian Security Advisory

\n

DSA-1726-1 python-crypto -- buffer overflow

\n
\n
Date Reported:
\n
25 Feb 2009
\n
Affected Packages:
\n
\npython-crypto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0544.
\n
More information:
\n
\n

Mike Wiacek discovered that a buffer overflow in the ARC2 implementation\nof Python Crypto, a collection of cryptographic algorithms and protocols\nfor Python allows denial of service and potentially the execution of\narbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1+dfsg1-2.3+lenny0.

\n

Due to a technical limitation in the Debian archive management scripts\nthe update for the old stable distribution (etch) cannot be released\nsynchronously. It will be fixed in version 2.0.1+dfsg1-1.2+etch0 soon.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your python-crypto package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto_2.0.1+dfsg1-2.3+lenny0_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python-crypto/python-crypto-dbg_2.0.1+dfsg1-2.3+lenny0_sparc.de
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1727": "
\n

Debian Security Advisory

\n

DSA-1727-1 proftpd-dfsg -- SQL injection vulnerabilites

\n
\n
Date Reported:
\n
26 Feb 2009
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0542, CVE-2009-0543.
\n
More information:
\n
\n

Two SQL injection vulnerabilities have been found in proftpd, a\nvirtual-hosting FTP daemon. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0542\n

    Shino discovered that proftpd is prone to an SQL injection\n vulnerability via the use of certain characters in the username.

    • \n
  • CVE-2009-0543\n

    TJ Saunders discovered that proftpd is prone to an SQL injection\n vulnerability due to insufficient escaping mechanisms, when\n multybite character encodings are used.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.3.1-17lenny1.

\n

For the oldstable distribution (etch), these problems will be fixed\nsoon.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.2-1.

\n

We recommend that you upgrade your proftpd-dfsg package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1728": "
\n

Debian Security Advisory

\n

DSA-1728-1 dkim-milter -- improper assertion

\n
\n
Date Reported:
\n
27 Feb 2009
\n
Affected Packages:
\n
\ndkim-milter\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that dkim-milter, an implementation of the DomainKeys\nIdentified Mail protocol, may crash during DKIM verification if it\nencounters a specially-crafted or revoked public key record in DNS.

\n

The old stable distribution (etch) does not contain dkim-milter packages.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.0.dfsg-1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.0.dfsg-2.

\n

We recommend that you upgrade your dkim-milter packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-milter_2.6.0.dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dkim-milter/dkim-filter_2.6.0.dfsg-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim2_2.6.0.dfsg-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dkim-milter/libsmdkim-dev_2.6.0.dfsg-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1729": "
\n

Debian Security Advisory

\n

DSA-1729-1 gst-plugins-bad0.10 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Mar 2009
\n
Affected Packages:
\n
\ngst-plugins-bad0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0386, CVE-2009-0387, CVE-2009-0397.
\n
More information:
\n
\n

Several vulnerabilities have been found in gst-plugins-bad0.10, a\ncollection of various GStreamer plugins. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-0386\n

    Tobias Klein discovered a buffer overflow in the quicktime stream\n\tdemuxer (qtdemux), which could potentially lead to the execution of\n\tarbitrary code via crafted .mov files.

    • \n
  • CVE-2009-0387\n

    Tobias Klein discovered an array index error in the quicktime stream\n\tdemuxer (qtdemux), which could potentially lead to the execution of\n\tarbitrary code via crafted .mov files.

    • \n
  • CVE-2009-0397\n

    Tobias Klein discovered a buffer overflow in the quicktime stream\n\tdemuxer (qtdemux) similar to the issue reported in CVE-2009-0386, which\n\tcould also lead to the execution of arbitrary code via crafted .mov\n\tfiles.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 0.10.3-3.1+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.10.8-4.1~lenny1 of gst-plugins-good0.10, since the affected\nplugin has been moved there. The fix was already included in the lenny\nrelease.

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 0.10.8-4.1 of\ngst-plugins-good0.10.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1730": "
\n

Debian Security Advisory

\n

DSA-1730-1 proftpd-dfsg -- SQL injection vulnerabilites

\n
\n
Date Reported:
\n
02 Mar 2009
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0542, CVE-2009-0543.
\n
More information:
\n
\n

The security update for proftpd-dfsg in DSA-1727-1 caused a regression\nwith the postgresql backend. This update corrects the flaw. Also it was\ndiscovered that the oldstable distribution (etch) is not affected by the\nsecurity issues. For reference the original advisory follows.

\n

Two SQL injection vulnerabilities have been found in proftpd, a\nvirtual-hosting FTP daemon. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0542\n

    Shino discovered that proftpd is prone to an SQL injection vulnerability\n\tvia the use of certain characters in the username.

    • \n
  • CVE-2009-0543\n

    TJ Saunders discovered that proftpd is prone to an SQL injection\n\tvulnerability due to insufficient escaping mechanisms, when multybite\n\tcharacter encodings are used.

    • \n
\n

The oldstable distribution (etch) is not affected by these problems.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.3.1-17lenny2.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.2-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1731": "
\n

Debian Security Advisory

\n

DSA-1731-1 ndiswrapper -- buffer overflow

\n
\n
Date Reported:
\n
02 Mar 2009
\n
Affected Packages:
\n
\nndiswrapper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 504696.
In Mitre's CVE dictionary: CVE-2008-4395.
\n
More information:
\n
\n

Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows\nvia specially crafted wireless network traffic, due to incorrectly\nhandling long ESSIDs. This could lead to the execution of arbitrary\ncode.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.28-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.53-2, which was already included in the lenny release.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.53-2.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper_1.28-1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-common_1.28-1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-source_1.28-1+etch1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ndiswrapper/ndiswrapper-utils-1.9_1.28-1+etch1_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1732": "
\n

Debian Security Advisory

\n

DSA-1732-1 squid3 -- denial of service

\n
\n
Date Reported:
\n
03 Mar 2009
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0478.
\n
More information:
\n
\n

Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered an assertion\nerror in squid3, a full featured Web Proxy cache, which could lead to\na denial of service attack.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.0.PRE5-5+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3, which was already included in the lenny release.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 3.0.STABLE8-3.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.PRE5-5+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1733": "
\n

Debian Security Advisory

\n

DSA-1733-1 vim -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Mar 2009
\n
Affected Packages:
\n
\nvim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 486502, Bug 506919.
In Mitre's CVE dictionary: CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-3076, CVE-2008-4101.
\n
More information:
\n
\n

Several vulnerabilities have been found in vim, an enhanced vi editor.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-2712\n

    Jan Minar discovered that vim did not properly sanitise inputs\n before invoking the execute or system functions inside vim\n scripts. This could lead to the execution of arbitrary code.

    • \n
  • CVE-2008-3074\n

    Jan Minar discovered that the tar plugin of vim did not properly\n sanitise the filenames in the tar archive or the name of the\n archive file itself, making it prone to arbitrary code execution.

    • \n
  • CVE-2008-3075\n

    Jan Minar discovered that the zip plugin of vim did not properly\n sanitise the filenames in the zip archive or the name of the\n archive file itself, making it prone to arbitrary code execution.

    • \n
  • CVE-2008-3076\n

    Jan Minar discovered that the netrw plugin of vim did not properly\n sanitise the filenames or directory names it is given. This could\n lead to the execution of arbitrary code.

    • \n
  • CVE-2008-4101\n

    Ben Schmidt discovered that vim did not properly escape characters\n when performing keyword or tag lookups. This could lead to the\n execution of arbitrary code.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1:7.0-122+1etch5.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:7.1.314-3+lenny1, which was already included in the lenny\nrelease.

\n

For the testing distribution (squeeze), these problems have been fixed\nin version 1:7.1.314-3+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:7.2.010-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vim/vim-gui-common_7.0-122+1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-runtime_7.0-122+1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-doc_7.0-122+1etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vim/vim-tcl_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-tiny_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-lesstif_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-ruby_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-perl_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gtk_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-gnome_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim_7.0-122+1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vim/vim-full_7.0-122+1etch5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1734": "
\n

Debian Security Advisory

\n

DSA-1734-1 opensc -- programming error

\n
\n
Date Reported:
\n
05 Mar 2009
\n
Affected Packages:
\n
\nopensc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0368.
\n
More information:
\n
\n

b.badrignans discovered that OpenSC, a set of smart card utilities,\ncould stores private data on a smart card without proper access\nrestrictions.

\n

Only blank cards initialised with OpenSC are affected by this problem.\nThis update only improves creating new private data objects, but cards\nalready initialised with such private data objects need to be\nmodified to repair the access control conditions on such cards.\nInstructions for a variety of situations can be found at the OpenSC\nweb site: http://www.opensc-project.org/security.html

\n

The oldstable distribution (etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.11.4-5+lenny1.

\n

For the unstable distribution (sid), this problem wil be fixed soon.

\n

We recommend that you upgrade your opensc package and recreate any\nprivate data objects stored on your smart cards.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1735": "
\n

Debian Security Advisory

\n

DSA-1735-1 znc -- missing input sanitization

\n
\n
Date Reported:
\n
10 Mar 2009
\n
Affected Packages:
\n
\nznc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 516950.
In Mitre's CVE dictionary: CVE-2009-0759.
\n
More information:
\n
\n

It was discovered that znc, an IRC proxy/bouncer, does not properly\nsanitize input contained in configuration change requests to the\nwebadmin interface. This allows authenticated users to elevate their\nprivileges and indirectly execute arbitrary commands (CVE-2009-0759).

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.045-3+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.058-2+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.066-1.

\n

We recommend that you upgrade your znc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2.dsc
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1736": "
\n

Debian Security Advisory

\n

DSA-1736-1 mahara -- insufficient input sanitising

\n
\n
Date Reported:
\n
10 Mar 2009
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0660.
\n
More information:
\n
\n

It was discovered that mahara, an electronic portfolio, weblog, and\nresume builder, is prone to cross-site scripting attacks, which allows\nthe injection of arbitrary Java or HTML code.

\n

The oldstable distribution (etch) does not contain mahara.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your mahara package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1737": "
\n

Debian Security Advisory

\n

DSA-1737-1 wesnoth -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2009
\n
Affected Packages:
\n
\nwesnoth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0366, CVE-2009-0367.
\n
More information:
\n
\n

Several security issues have been discovered in wesnoth, a fantasy\nturn-based strategy game. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0366\n

    Daniel Franke discovered that the wesnoth server is prone to a denial of\nservice attack when receiving special crafted compressed data.

    • \n
  • CVE-2009-0367\n

    Daniel Franke discovered that the sandbox implementation for the python\nAIs can be used to execute arbitrary python code on wesnoth clients. In\norder to prevent this issue, the python support has been disabled. A\ncompatibility patch was included, so that the affected campagne is still\nworking properly.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.4.4-2+lenny1.

\n

For the oldstable distribution (etch), these problems have been fixed\nin version 1.2-5.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.4.7-4.

\n

We recommend that you upgrade your wesnoth packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5.dsc
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.2-5_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.2-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.2-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.2-5_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ttb_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-utbs_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-aoi_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-ei_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-trow_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-music_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sof_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-thot_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-did_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-data_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tsg_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-sotbe_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-httt_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-l_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-tools_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-all_1.4.4-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-nr_1.4.4-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-editor_1.4.4-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-server_1.4.4-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth_1.4.4-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wesnoth/wesnoth-dbg_1.4.4-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1738": "
\n

Debian Security Advisory

\n

DSA-1738-1 curl -- arbitrary file access

\n
\n
Date Reported:
\n
11 Mar 2009
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 518423.
In the Bugtraq database (at SecurityFocus): BugTraq ID 33962.
In Mitre's CVE dictionary: CVE-2009-0037.
\n
More information:
\n
\n

David Kierznowski discovered that libcurl, a multi-protocol file transfer\nlibrary, when configured to follow URL redirects automatically, does not\nquestion the new target location. As libcurl also supports file:// and\nscp:// URLs - depending on the setup - an untrusted server could use that\nto expose local files, overwrite local files or even execute arbitrary\ncode via a malicious URL redirect.

\n

This update introduces a new option called CURLOPT_REDIR_PROTOCOLS which by\ndefault does not include the scp and file protocol handlers.

\n

For the oldstable distribution (etch) this problem has been fixed in\nversion 7.15.5-1etch2.

\n

For the stable distribution (lenny) this problem has been fixed in\nversion 7.18.2-8lenny2.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 7.18.2-8.1.

\n

We recommend that you upgrade your curl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1739": "
\n

Debian Security Advisory

\n

DSA-1739-1 mldonkey -- path traversal

\n
\n
Date Reported:
\n
13 Mar 2009
\n
Affected Packages:
\n
\nmldonkey\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 516829.
In Mitre's CVE dictionary: CVE-2009-0753.
\n
More information:
\n
\n

It has been discovered that mldonkey, a client for several P2P\nnetworks, allows attackers to download arbitrary files using crafted\nrequests to the HTTP console.

\n

The old stable distribution (etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.9.5-2+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your mldonkey packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey_2.9.5-2+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-server_2.9.5-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mldonkey/mldonkey-gui_2.9.5-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1740": "
\n

Debian Security Advisory

\n

DSA-1740-1 yaws -- denial of service

\n
\n
Date Reported:
\n
14 Mar 2009
\n
Affected Packages:
\n
\nyaws\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0751.
\n
More information:
\n
\n

It was discovered that yaws, a high performance HTTP 1.1 webserver, is\nprone to a denial of service attack via a request with a large HTTP\nheader.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.77-3+lenny1.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.65-4etch1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.80-1.

\n

We recommend that you upgrade your yaws package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.65-4etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws-wiki_1.77-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws-chat_1.77-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws-mail_1.77-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/y/yaws/yaws-yapp_1.77-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/y/yaws/yaws_1.77-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1741": "
\n

Debian Security Advisory

\n

DSA-1741-1 psi -- integer overflow

\n
\n
Date Reported:
\n
14 Mar 2009
\n
Affected Packages:
\n
\npsi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 518468.
In Mitre's CVE dictionary: CVE-2008-6393.
\n
More information:
\n
\n

Jesus Olmos Gonzalez discovered that an integer overflow in the PSI\nJabber client may lead to remote denial of service.

\n

The old stable distribution (etch) is not affected.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.11-9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.12.1-1.

\n

We recommend that you upgrade your psi package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9.dsc
\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/psi/psi_0.11-9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1742": "
\n

Debian Security Advisory

\n

DSA-1742-1 libsndfile -- integer overflow

\n
\n
Date Reported:
\n
16 Mar 2009
\n
Affected Packages:
\n
\nlibsndfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Bugtraq database (at SecurityFocus): BugTraq ID 33963.
In Mitre's CVE dictionary: CVE-2009-0186.
\n
More information:
\n
\n

Alan Rad Pop discovered that libsndfile, a library to read and write\nsampled audio data, is prone to an integer overflow. This causes a\nheap-based buffer overflow when processing crafted CAF description\nchunks possibly leading to arbitrary code execution.

\n

For the oldstable distribution (etch) this problem has been fixed in\nversion 1.0.16-2+etch1.

\n

For the stable distribution (lenny) this problem has been fixed in\nversion 1.0.17-4+lenny1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.0.19-1.

\n

We recommend that you upgrade your libsndfile packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch1.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny1.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1743": "
\n

Debian Security Advisory

\n

DSA-1743-1 libtk-img -- buffer overflows

\n
\n
Date Reported:
\n
17 Mar 2009
\n
Affected Packages:
\n
\nlibtk-img\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 519072.
In Mitre's CVE dictionary: CVE-2007-5137, CVE-2007-5378.
\n
More information:
\n
\n

Two buffer overflows have been found in the GIF image parsing code of\nTk, a cross-platform graphical toolkit, which could lead to the execution\nof arbitrary code. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2007-5137\n

    It was discovered that libtk-img is prone to a buffer overflow via\nspecially crafted multi-frame interlaced GIF files.

    • \n
  • CVE-2007-5378\n

    It was discovered that libtk-img is prone to a buffer overflow via\nspecially crafted GIF files with certain subimage sizes.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.3-release-7+lenny1.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.3-15etch3.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.3-release-8.

\n

We recommend that you upgrade your libtk-img packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-15etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-doc_1.3-release-7+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img-dev_1.3-release-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtk-img/libtk-img_1.3-release-7+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1744": "
\n

Debian Security Advisory

\n

DSA-1744-1 weechat -- missing input sanitization

\n
\n
Date Reported:
\n
18 Mar 2009
\n
Affected Packages:
\n
\nweechat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 519940.
In the Bugtraq database (at SecurityFocus): BugTraq ID 34148.
In Mitre's CVE dictionary: CVE-2009-0661.
\n
More information:
\n
\n

Sebastien Helleu discovered that an error in the handling of color codes\nin the weechat IRC client could cause an out-of-bounds read of an internal\ncolor array. This can be used by an attacker to crash user clients\nvia a crafted PRIVMSG command.

\n

The weechat version in the oldstable distribution (etch) is not affected\nby this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.2.6-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.6.1-1.

\n

We recommend that you upgrade your weechat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb
\n
:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1745": "
\n

Debian Security Advisory

\n

DSA-1745-1 lcms -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Mar 2009
\n
Affected Packages:
\n
\nlcms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0581, CVE-2009-0723, CVE-2009-0733.
\n
More information:
\n
\n

Several security issues have been discovered in lcms, a color management\nlibrary. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0581\n

    Chris Evans discovered that lcms is affected by a memory leak, which\ncould result in a denial of service via specially crafted image files.

    • \n
  • CVE-2009-0723\n

    Chris Evans discovered that lcms is prone to several integer overflows\nvia specially crafted image files, which could lead to the execution of\narbitrary code.

    • \n
  • CVE-2009-0733\n

    Chris Evans discovered the lack of upper-bounds check on sizes leading\nto a buffer overflow, which could be used to execute arbitrary code.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.17.dfsg-1+lenny1.

\n

For the oldstable distribution (etch), these problems have been fixed\nin version 1.15-1.1+etch2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your lcms packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.15-1.1+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.15-1.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.15-1.1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.15-1.1+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lcms/lcms_1.17.dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1-dev_1.17.dfsg-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms1_1.17.dfsg-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/python-liblcms_1.17.dfsg-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lcms/liblcms-utils_1.17.dfsg-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1746": "
\n

Debian Security Advisory

\n

DSA-1746-1 ghostscript -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Mar 2009
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0583, CVE-2009-0584.
\n
More information:
\n
\n

Two security issues have been discovered in ghostscript, the GPL\nGhostscript PostScript/PDF interpreter. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-0583\n

    Jan Lieskovsky discovered multiple integer overflows in the ICC library,\nwhich allow the execution of arbitrary code via crafted ICC profiles in\nPostScript files with embedded images.

    • \n
  • CVE-2009-0584\n

    Jan Lieskovsky discovered insufficient upper-bounds checks on certain\nvariable sizes in the ICC library, which allow the execution of\narbitrary code via crafted ICC profiles in PostScript files with\nembedded images.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 8.62.dfsg.1-3.2lenny1.

\n

For the oldstable distribution (etch), these problems have been fixed\nin version 8.54.dfsg.1-5etch2. Please note that the package in oldstable\nis called gs-gpl.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your ghostscript/gs-gpl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1747": "
\n

Debian Security Advisory

\n

DSA-1747-1 glib2.0 -- integer overflow

\n
\n
Date Reported:
\n
20 Mar 2009
\n
Affected Packages:
\n
\nglib2.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 520046.
In Mitre's CVE dictionary: CVE-2008-4316.
\n
More information:
\n
\n

Diego Petten\u00f2 discovered that glib2.0, the GLib library of C routines,\nhandles large strings insecurely via its Base64 encoding functions. This\ncould possible lead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.16.6-1+lenny1.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.12.4-2+etch1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.20.0-1.

\n

We recommend that you upgrade your glib2.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.12.4-2+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-data_2.12.4-2+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-doc_2.12.4-2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.12.4-2+etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.12.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.12.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.12.4-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.16.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.16.6-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/glib2.0/glib2.0_2.16.6-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-data_2.16.6-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-doc_2.16.6-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_arm.udeb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_armel.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-dev_2.16.6-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0-dbg_2.16.6-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libgio-fam_2.16.6-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-udeb_2.16.6-1+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glib2.0/libglib2.0-0_2.16.6-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1748": "
\n

Debian Security Advisory

\n

DSA-1748-1 libsoup -- integer overflow

\n
\n
Date Reported:
\n
20 Mar 2009
\n
Affected Packages:
\n
\nlibsoup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 520039.
In Mitre's CVE dictionary: CVE-2009-0585.
\n
More information:
\n
\n

It was discovered that libsoup, an HTTP library implementation in C,\nhandles large strings insecurely via its Base64 encoding functions. This\ncould possibly lead to the execution of arbitrary code.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.98-2+etch1.

\n

The stable distribution (lenny) is not affected by this issue.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\nare not affected by this issue.

\n

We recommend that you upgrade your libsoup packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.98-2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1749": "
\n

Debian Security Advisory

\n

DSA-1749-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak

\n
\n
Date Reported:
\n
20 Mar 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0029, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0676, CVE-2009-0675, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-0029\n

    Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.

    • \n
  • CVE-2009-0031\n

    Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.

    • \n
  • CVE-2009-0065\n

    Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users.

    • \n
  • CVE-2009-0269\n

    Duane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).

    • \n
  • CVE-2009-0322\n

    Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.

    • \n
  • CVE-2009-0676\n

    Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.

    • \n
  • CVE-2009-0675\n

    Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.

    • \n
  • CVE-2009-0745\n

    Peter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.

    • \n
  • CVE-2009-0746\n

    Sami Liedes reported an issue in the ext4 filesystem that allows\n local users to cause a denial of service (kernel oops) when\n accessing a specially crafted corrupt filesystem.

    • \n
  • CVE-2009-0747\n

    David Maciejak reported an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops) when\n mounting a specially crafted corrupt filesystem.

    • \n
  • CVE-2009-0748\n

    David Maciejak reported an additional issue in the ext4 filesystem\n that allows local users to cause a denial of service (kernel oops)\n when mounting a specially crafted corrupt filesystem.

    • \n
\n

For the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-13lenny2.

\n

We recommend that you upgrade your linux-2.6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-13lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-13lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-1_2.6.26-13lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-13lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-13lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-13lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-13lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-13lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-alpha-smp_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-alpha-smp_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-alpha-generic_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-alpha-legacy_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-alpha_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-alpha-generic_2.6.26-13lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-alpha-legacy_2.6.26-13lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-xen-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-openvz-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-openvz_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-xen-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-1-xen-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-1-xen-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-xen_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-amd64_2.6.26-13lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-openvz-amd64_2.6.26-13lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-footbridge_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-orion5x_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-orion5x_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-ixp4xx_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-iop32x_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-arm_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-ixp4xx_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-iop32x_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-footbridge_2.6.26-13lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-orion5x_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-ixp4xx_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-versatile_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-iop32x_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-ixp4xx_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-armel_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-iop32x_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-orion5x_2.6.26-13lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-versatile_2.6.26-13lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-parisc64_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-parisc-smp_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-hppa_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-parisc64-smp_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-parisc64_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-parisc_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-parisc-smp_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-parisc_2.6.26-13lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-parisc64-smp_2.6.26-13lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-686-bigmem_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-openvz-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-686-bigmem_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-amd64_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-686-bigmem_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-xen-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-1-xen-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-xen_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-686-bigmem_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-1-xen-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-xen-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-openvz_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-amd64_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-i386_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-486_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-486_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-openvz-686_2.6.26-13lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-itanium_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-mckinley_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-mckinley_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-itanium_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-mckinley_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-ia64_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-itanium_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-itanium_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-mckinley_2.6.26-13lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-4kc-malta_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sb1-bcm91250a_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-r5k-ip32_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-mips_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sb1a-bcm91480b_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-r4k-ip22_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-5kc-malta_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-r4k-ip22_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sb1-bcm91250a_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sb1a-bcm91480b_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-r5k-ip32_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-4kc-malta_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-5kc-malta_2.6.26-13lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-5kc-malta_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sb1a-bcm91480b_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-mipsel_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-r5k-cobalt_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sb1a-bcm91480b_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-r5k-cobalt_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sb1-bcm91250a_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-5kc-malta_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sb1-bcm91250a_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-4kc-malta_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-4kc-malta_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-powerpc_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-powerpc64_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-powerpc-smp_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-powerpc_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-powerpc64_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-powerpc_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-powerpc_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-powerpc64_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-powerpc64_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-powerpc_2.6.26-13lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-powerpc-smp_2.6.26-13lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-s390x_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-s390x_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-s390_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-s390_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-s390x_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-s390_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-s390-tape_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-s390x_2.6.26-13lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-vserver-sparc64_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common-vserver_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all-sparc_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sparc64-smp_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sparc64-smp_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-sparc64_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-vserver-sparc64_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-1-sparc64_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-all_2.6.26-13lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-1-common_2.6.26-13lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1750": "
\n

Debian Security Advisory

\n

DSA-1750-1 libpng -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Mar 2009
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 446308, Bug 476669, Bug 516256, Bug 512665.
In Mitre's CVE dictionary: CVE-2007-2445, CVE-2007-5269, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2009-0040.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-2445\n

    The png_handle_tRNS function allows attackers to cause a denial of service\n (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value.

    • \n
  • CVE-2007-5269\n

    Certain chunk handlers allow attackers to cause a denial of service (crash)\n via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which\n trigger out-of-bounds read operations.

    • \n
  • CVE-2008-1382\n

    libpng allows context-dependent attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a PNG file with zero\n length \"unknown\" chunks, which trigger an access of uninitialized\n memory.

    • \n
  • CVE-2008-5907\n

    The png_check_keyword might allow context-dependent attackers to set the\n value of an arbitrary memory location to zero via vectors involving\n creation of crafted PNG files with keywords.

    • \n
  • CVE-2008-6218\n

    A memory leak in the png_handle_tEXt function allows context-dependent\n attackers to cause a denial of service (memory exhaustion) via a crafted\n PNG file.

    • \n
  • CVE-2009-0040\n

    libpng allows context-dependent attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted PNG\n file that triggers a free of an uninitialized pointer in (1) the\n png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit\n gamma tables.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.2.15~beta5-1+etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny2. (Only CVE-2008-5907, CVE-2008-5907 and\nCVE-2009-0040 affect the stable distribution.)

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.35-1.

\n

We recommend that you upgrade your libpng packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.15~beta5-1+etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.15~beta5-1+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_arm.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_i386.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.15~beta5-1+etch2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.15~beta5-1+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.15~beta5-1+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_armel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1751": "
\n

Debian Security Advisory

\n

DSA-1751-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Mar 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0771\n

    Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes\n in the layout engine, which might allow the execution of arbitrary\n code.

    • \n
  • CVE-2009-0772\n

    Jesse Ruderman discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2009-0773\n

    Gary Kwong, and Timothee Groleau discovered crashes in the\n Javascript engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2009-0774\n

    Gary Kwong discovered crashes in the Javascript engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2009-0775\n

    It was discovered that incorrect memory management in the DOM\n element handling may lead to the execution of arbitrary code.

    • \n
  • CVE-2009-0776\n

    Georgi Guninski discovered a violation of the same-origin policy\n through RDFXMLDataSource and cross-domain redirects.

    • \n
\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.7-0lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.7-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1752": "
\n

Debian Security Advisory

\n

DSA-1752-1 webcit -- format string vulnerability

\n
\n
Date Reported:
\n
23 Mar 2009
\n
Affected Packages:
\n
\nwebcit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0364.
\n
More information:
\n
\n

Wilfried Goesgens discovered that WebCit, the web-based user interface\nfor the Citadel groupware system, contains a format string\nvulnerability in the mini_calendar component, possibly allowing\narbitrary code execution (CVE-2009-0364).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 7.37-dfsg-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.38b-dfsg-2.

\n

We recommend that you upgrade your webcit packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1753": "
\n

Debian Security Advisory

\n

DSA-1753-1 iceweasel -- end-of-life announcement for Iceweasel in oldstable

\n
\n
Date Reported:
\n
24 Mar 2009
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

As indicated in the Etch release notes, security support for the\nIceweasel version in the oldstable distribution (Etch) needed to be\nstopped before the end of the regular security maintenance life cycle.

\n

You are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

On a side note, please note that the Debian stable/Lenny version of\nIceweasel - the unbranded version of the Firefox browser - links\ndynamically against the Xulrunner library. As such, most of the\nvulnerabilities found in Firefox need only be fixed in the Xulrunner\npackage and don't require updates to the Iceweasel package any longer.

\n
\n
\n
\n
", "1754": "
\n

Debian Security Advisory

\n

DSA-1754-1 roundup -- insufficient access checks

\n
\n
Date Reported:
\n
09 Apr 2009
\n
Affected Packages:
\n
\nroundup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 518768.
\n
More information:
\n
\n

It was discovered that roundup, an issue tracker with a command-line,\nweb and email interface, allows users to edit resources in\nunauthorized ways, including granting themselves admin rights.

\n

This update introduces stricter access checks, actually enforcing the\nconfigured permissions and roles. This means that the configuration\nmay need updating. In addition, user registration via the web\ninterface has been disabled; use the program \"roundup-admin\" from the\ncommand line instead.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.2.1-10+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.4-4+lenny1.

\n

We recommend that you upgrade your roundup package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-10+etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-10+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.2.1-10+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.4.4-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.4.4-4+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/roundup/roundup_1.4.4-4+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1755": "
\n

Debian Security Advisory

\n

DSA-1755-1 systemtap -- race condition

\n
\n
Date Reported:
\n
25 Mar 2009
\n
Affected Packages:
\n
\nsystemtap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0784.
\n
More information:
\n
\n

Erik Sjoelund discovered that a race condition in the stap tool shipped\nby Systemtap, an instrumentation system for Linux 2.6, allows local\nprivilege escalation for members of the stapusr group.

\n

The old stable distribution (etch) isn't affected.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.0.20080705-1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.0.20090314-2.

\n

We recommend that you upgrade your systemtap package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/systemtap/systemtap_0.0.20080705-1+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1756": "
\n

Debian Security Advisory

\n

DSA-1756-1 xulrunner -- multiple vulnerabilities

\n
\n
Date Reported:
\n
29 Mar 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1169, CVE-2009-1044.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-1169\n

    Security researcher Guido Landi discovered that a XSL stylesheet could\n be used to crash the browser during a XSL transformation. An attacker\n could potentially use this crash to run arbitrary code on a victim's\n computer.

    • \n
  • CVE-2009-1044\n

    Security researcher Nils reported via TippingPoint's Zero Day Initiative\n that the XUL tree method _moveToEdgeShift was in some cases triggering\n garbage collection routines on objects which were still in use. In such\n cases, the browser would crash when attempting to access a previously\n destroyed object and this crash could be used by an attacker to run\n arbitrary code on a victim's computer.

    • \n
\n

Note that after installing these updates, you will need to restart any\npackages using xulrunner, typically iceweasel or epiphany.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the stable distribution (lenny), these problems have been fixed in version\n1.9.0.7-0lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.8-1

\n

We recommend that you upgrade your xulrunner package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.7-0lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.7-0lenny2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.7-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.7-0lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1757": "
\n

Debian Security Advisory

\n

DSA-1757-1 auth2db -- SQL injection

\n
\n
Date Reported:
\n
30 Mar 2009
\n
Affected Packages:
\n
\nauth2db\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 521823.
\n
More information:
\n
\n

It was discovered that auth2db, an IDS logger, log viewer and alert\ngenerator, is prone to an SQL injection vulnerability, when used with\nmultibyte character encodings.

\n

The oldstable distribution (etch) doesn't contain auth2db.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.2.5-2+dfsg-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.5-2+dfsg-1.1.

\n

We recommend that you upgrade your auth2db packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db_0.2.5-2+dfsg-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-filters_0.2.5-2+dfsg-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-common_0.2.5-2+dfsg-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/auth2db/auth2db-frontend_0.2.5-2+dfsg-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1758": "
\n

Debian Security Advisory

\n

DSA-1758-1 nss-ldapd -- insecure config file creation

\n
\n
Date Reported:
\n
30 Mar 2009
\n
Affected Packages:
\n
\nnss-ldapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 520476.
In Mitre's CVE dictionary: CVE-2009-1073.
\n
More information:
\n
\n

Leigh James discovered that nss-ldapd, an NSS module for using\nLDAP as a naming service, by default creates the configuration file\n/etc/nss-ldapd.conf world-readable which could leak the configured\nLDAP password if one is used for connecting to the LDAP server.

\n

The old stable distribution (etch) doesn't contain nss-ldapd.

\n

For the stable distribution (lenny) this problem has been fixed in\nversion 0.6.7.1.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 0.6.8.

\n

We recommend that you upgrade your nss-ldapd package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.dsc
\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1759": "
\n

Debian Security Advisory

\n

DSA-1759-1 strongswan -- denial of service

\n
\n
Date Reported:
\n
30 Mar 2009
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0790.
\n
More information:
\n
\n

Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an\nIPSec implementation for linux, is prone to a denial of service attack\nvia a malicious packet.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.8.0+dfsg-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.2.4-5+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1760": "
\n

Debian Security Advisory

\n

DSA-1760-1 openswan -- denial of service

\n
\n
Date Reported:
\n
30 Mar 2009
\n
Affected Packages:
\n
\nopenswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 496374.
In Mitre's CVE dictionary: CVE-2008-4190, CVE-2009-0790.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in openswan, an IPSec\nimplementation for linux. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-4190\n

    Dmitry E. Oboukhov discovered that the livetest tool is using temporary\nfiles insecurely, which could lead to a denial of service attack.

    • \n
  • CVE-2009-0790\n

    Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone\nto a denial of service attack via a malicious packet.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.4.6+dfsg.2-1.1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.12+dfsg-1.3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your openswan packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1761": "
\n

Debian Security Advisory

\n

DSA-1761-1 moodle -- missing input sanitization

\n
\n
Date Reported:
\n
03 Apr 2009
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 522116.
In Mitre's CVE dictionary: CVE-2009-1171.
\n
More information:
\n
\n

Christian J. Eibl discovered that the TeX filter of Moodle, a web-based\ncourse management system, doesn't check user input for certain TeX commands\nwhich allows an attacker to include and display the content of arbitrary system\nfiles.

\n

Note that this doesn't affect installations that only use the mimetex\nenvironment.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.6.3-2+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.8.2.dfsg-3+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2.dfsg-5.

\n

We recommend that you upgrade your moodle packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.dsc
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch3_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1762": "
\n

Debian Security Advisory

\n

DSA-1762-1 icu -- insufficient input sanitising

\n
\n
Date Reported:
\n
02 Apr 2009
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-1036.
\n
More information:
\n
\n

It was discovered that icu, the internal components for Unicode, did\nnot properly sanitise invalid encoded data, which could lead to crosssite scripting attacks.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.6-2etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.1-1.

\n

We recommend that you upgrade your icu packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1763": "
\n

Debian Security Advisory

\n

DSA-1763-1 openssl -- programming error

\n
\n
Date Reported:
\n
06 Apr 2009
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0590.
\n
More information:
\n
\n

It was discovered that insufficient length validations in the ASN.1\nhandling of the OpenSSL crypto library may lead to denial of service\nwhen processing a manipulated certificate.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch5 of the openssl package and in version\n0.9.7k-3.1etch3 of the openssl097 package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8g-16.

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch5_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch5_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1764": "
\n

Debian Security Advisory

\n

DSA-1764-1 tunapie -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Apr 2009
\n
Affected Packages:
\n
\ntunapie\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1253, CVE-2009-1254.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Tunapie, a GUI frontend\nto video and radio streams. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1253\n

    Kees Cook discovered that insecure handling of temporary files may\n lead to local denial of service through symlink attacks.

    • \n
  • CVE-2009-1254\n

    Mike Coleman discovered that insufficient escaping of stream\n URLs may lead to the execution of arbitrary commands if a user\n is tricked into opening a malformed stream URL.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.3.1-1+etch2. Due to a technical problem, this update cannot\nbe released synchronously with the stable (lenny) version, but will\nappear soon.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.1.8-2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your tunapie package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.dsc
\n
http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tunapie/tunapie_2.1.8-2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1765": "
\n

Debian Security Advisory

\n

DSA-1765-1 horde3 -- Multiple vulnerabilities

\n
\n
Date Reported:
\n
08 Apr 2009
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 513265, Bug 512592, Bug 492578.
In Mitre's CVE dictionary: CVE-2009-0932, CVE-2008-3330, CVE-2008-5917.
\n
More information:
\n
\n

Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0932\n

    Gunnar Wrobel discovered a directory traversal vulnerability, which\nallows attackers to include and execute arbitrary local files via the\ndriver parameter in Horde_Image.

    • \n
  • CVE-2008-3330\n

    It was discovered that an attacker could perform a cross-site scripting\nattack via the contact name, which allows attackers to inject arbitrary\nhtml code. This requires that the attacker has access to create\ncontacts.

    • \n
  • CVE-2008-5917\n

    It was discovered that the horde XSS filter is prone to a cross-site\nscripting attack, which allows attackers to inject arbitrary html code.\nThis is only exploitable when Internet Explorer is used.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch5.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2, which was already included in the lenny\nrelease.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.2.2+debian0-2.

\n

We recommend that you upgrade your horde3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1766": "
\n

Debian Security Advisory

\n

DSA-1766-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Apr 2009
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0844, CVE-2009-0845, CVE-2009-0847, CVE-2009-0846.
\n
More information:
\n
\n

Several vulnerabilities have been found in the MIT reference implementation\nof Kerberos V5, a system for authenticating users and services on a network.\nThe Common Vulnerabilities and Exposures project identified the following\nproblems:

\n
    \n
  • CVE-2009-0844\n

    The Apple Product Security team discovered that the SPNEGO GSS-API mechanism\nsuffers of a missing bounds check when reading a network input buffer which\nresults in an invalid read crashing the application or possibly leaking\ninformation.

    • \n
  • CVE-2009-0845\n

    Under certain conditions the SPNEGO GSS-API mechanism references a null pointer\nwhich crashes the application using the library.

    • \n
  • CVE-2009-0847\n

    An incorrect length check inside the ASN.1 decoder of the MIT krb5\nimplementation allows an unauthenticated remote attacker to crash of the kinit\nor KDC program.

    • \n
  • CVE-2009-0846\n

    Under certain conditions the the ASN.1 decoder of the MIT krb5 implementation\nfrees an uninitialized pointer which could lead to denial of service and\npossibly arbitrary code execution.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.4.4-7etch7.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-13.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch7.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch7_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny1.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1767": "
\n

Debian Security Advisory

\n

DSA-1767-1 multipath-tools -- insecure file permissions

\n
\n
Date Reported:
\n
09 Apr 2009
\n
Affected Packages:
\n
\nmultipath-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 522813.
In Mitre's CVE dictionary: CVE-2009-0115.
\n
More information:
\n
\n

It was discovered that multipathd of multipath-tools, a tool-chain to manage\ndisk multipath device maps, uses insecure permissions on its unix domain\ncontrol socket which enables local attackers to issue commands to multipathd\nprevent access to storage devices or corrupt file system data.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.7-1.1etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.4.8-14+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.8-15.

\n

We recommend that you upgrade your multipath-tools packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.dsc
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.7-1.1etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools-boot_0.4.8-14+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-udeb_0.4.8-14+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/kpartx_0.4.8-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/multipath-tools/multipath-tools_0.4.8-14+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1768": "
\n

Debian Security Advisory

\n

DSA-1768-1 openafs -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Apr 2009
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1250, CVE-2009-1251.
\n
More information:
\n
\n

Two vulnerabilities were discovered in the client part of OpenAFS, a\ndistributed file system.

\n
    \n
  • CVE-2009-1251\n

    An attacker with control of a file server or the ability to forge RX\npackets may be able to execute arbitrary code in kernel mode on an\nOpenAFS client, due to a vulnerability in XDR array decoding.

    • \n
  • CVE-2009-1250\n

    An attacker with control of a file server or the ability to forge RX\npackets may crash OpenAFS clients because of wrongly handled error\nreturn codes in the kernel module.

    • \n
\n

Note that in order to apply this security update, you must rebuild the\nOpenAFS kernel module. Be sure to also upgrade openafs-modules-source,\nbuild a new kernel module for your system following the instructions in\n/usr/share/doc/openafs-client/README.modules.gz, and then either stop\nand restart openafs-client or reboot the system to reload the kernel\nmodule.

\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.4.2-6etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.4.7.dfsg1-6+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.10+dfsg1-1.

\n

We recommend that you upgrade your openafs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch2.dsc
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.2-6etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-doc_1.4.2-6etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.4.2-6etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.2-6etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.2-6etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.7.dfsg1-6+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.7.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs_1.4.7.dfsg1-6+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.4.7.dfsg1-6+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-doc_1.4.7.dfsg1-6+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbg_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-krb5_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.4.7.dfsg1-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1769": "
\n

Debian Security Advisory

\n

DSA-1769-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Apr 2009
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2006-2426, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101.
\n
More information:
\n
\n

Several vulnerabilities have been identified in OpenJDK, an\nimplementation of the Java SE platform.

\n
    \n
  • CVE-2006-2426\n

    Creation of large, temporary fonts could use up available disk space,\n leading to a denial of service condition.

    \n
    • \n
  • CVE-2009-0581 / CVE-2009-0723 / CVE-2009-0733 / CVE-2009-0793\n

    Several vulnerabilities existed in the embedded LittleCMS library,\n exploitable through crafted images: a memory leak, resulting in a\n denial of service condition (CVE-2009-0581), heap-based buffer\n overflows, potentially allowing arbitrary code execution\n (CVE-2009-0723, CVE-2009-0733), and a null-pointer dereference,\n leading to denial of service (CVE-2009-0793).

    • \n
  • CVE-2009-1093\n

    The LDAP server implementation (in com.sun.jdni.ldap) did not properly\n close sockets if an error was encountered, leading to a\n denial-of-service condition.

    • \n
  • CVE-2009-1094\n

    The LDAP client implementation (in com.sun.jdni.ldap) allowed\n malicious LDAP servers to execute arbitrary code on the client.

    • \n
  • CVE-2009-1101\n

    The HTTP server implementation (sun.net.httpserver) contained an\n unspecified denial of service vulnerability.

    • \n
  • CVE-2009-1095 / CVE-2009-1096 / CVE-2009-1097 / CVE-2009-1098\n

    Several issues in Java Web Start have been addressed. The Debian packages\n currently do not support Java Web Start, so these issues are not\n directly exploitable, but the relevant code has been updated\n nevertheless.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 9.1+lenny2.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11-9.1+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6_6b11-9.1+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-doc_6b11-9.1+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-lib_6b11-9.1+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-source_6b11-9.1+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-demo_6b11-9.1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-dbg_6b11-9.1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre-headless_6b11-9.1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jre_6b11-9.1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openjdk-6/openjdk-6-jdk_6b11-9.1+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1770": "
\n

Debian Security Advisory

\n

DSA-1770-1 imp4 -- Insufficient input sanitising

\n
\n
Date Reported:
\n
13 Apr 2009
\n
Affected Packages:
\n
\nimp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 500114, Bug 500553, Bug 513266.
In Mitre's CVE dictionary: CVE-2008-4182, CVE-2009-0930.
\n
More information:
\n
\n

Several vulnerabilities have been found in imp4, a webmail component for\nthe horde framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-4182\n

    It was discovered that imp4 suffers from a cross-site scripting (XSS)\nattack via the user field in an IMAP session, which allows attackers to\ninject arbitrary HTML code.

    • \n
  • CVE-2009-0930\n

    It was discovered that imp4 is prone to several cross-site scripting\n(XSS) attacks via several vectors in the mail code allowing attackers\nto inject arbitrary HTML code.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 4.1.3-4etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2-4, which was already included in the lenny release.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 4.2-4.

\n

We recommend that you upgrade your imp4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imp4/imp4_4.1.3-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/i/imp4/imp4_4.1.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imp4/imp4_4.1.3-4etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/imp4/imp4_4.1.3-4etch1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1771": "
\n

Debian Security Advisory

\n

DSA-1771-1 clamav -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Apr 2009
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-6680, CVE-2009-1270.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the ClamAV anti-virus\ntoolkit:

\n
    \n
  • CVE-2008-6680\n

    Attackers can cause a denial of service (crash) via a crafted EXE\n file that triggers a divide-by-zero error.

    • \n
  • CVE-2009-1270\n

    Attackers can cause a denial of service (infinite loop) via a\n crafted tar file that causes (1) clamd and (2) clamscan to hang.

    • \n

  • (no CVE Id yet)

    \n

    Attackers can cause a denial of service (crash) via a crafted EXE\n file that crashes the UPack unpacker.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 0.90.1dfsg-4etch19.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.94.dfsg.2-1lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.95.1+dfsg-1.

\n

We recommend that you upgrade your clamav packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.90.1dfsg-4etch19_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.90.1dfsg-4etch19_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.90.1dfsg-4etch19_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav2_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.90.1dfsg-4etch19_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.90.1dfsg-4etch19_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2.dsc
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-docs_0.94.dfsg.2-1lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-testfiles_0.94.dfsg.2-1lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-base_0.94.dfsg.2-1lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav5_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-dbg_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-milter_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-daemon_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/clamav-freshclam_0.94.dfsg.2-1lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/clamav/libclamav-dev_0.94.dfsg.2-1lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1772": "
\n

Debian Security Advisory

\n

DSA-1772-1 udev -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Apr 2009
\n
Affected Packages:
\n
\nudev\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1185, CVE-2009-1186.
\n
More information:
\n
\n

Sebastian Kramer discovered two vulnerabilities in udev, the /dev and\nhotplug management daemon.

\n
    \n
  • CVE-2009-1185\n

    udev does not check the origin of NETLINK messages, allowing local\n users to gain root privileges.

    • \n
  • CVE-2009-1186\n

    udev suffers from a buffer overflow condition in path encoding,\n potentially allowing arbitrary code execution.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 0.105-4etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.125-7+lenny1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your udev package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.105-4etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.105-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.105-4etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.105-4etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/udev/udev_0.125-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id0_0.125-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/libvolume-id-dev_0.125-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/udev/udev-udeb_0.125-7+lenny1_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1773": "
\n

Debian Security Advisory

\n

DSA-1773-1 cups -- integer overflow

\n
\n
Date Reported:
\n
17 Apr 2009
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0163.
\n
More information:
\n
\n

It was discovered that the imagetops filter in cups, the Common UNIX\nPrinting System, is prone to an integer overflow when reading malicious\nTIFF images.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4etch7.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1lenny5.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cups packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4etch7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4etch7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4etch7_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5.dsc
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1lenny5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1774": "
\n

Debian Security Advisory

\n

DSA-1774-1 ejabberd -- insufficient input sanitising

\n
\n
Date Reported:
\n
17 Apr 2009
\n
Affected Packages:
\n
\nejabberd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0934.
\n
More information:
\n
\n

It was discovered that ejabberd, a distributed, fault-tolerant\nJabber/XMPP server, does not sufficiently sanitise MUC logs, allowing\nremote attackers to perform cross-site scripting (XSS) attacks.

\n

The oldstable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-6+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.5-1.

\n

We recommend that you upgrade your ejabberd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1775": "
\n

Debian Security Advisory

\n

DSA-1775-1 php-json-ext -- denial of service

\n
\n
Date Reported:
\n
20 Apr 2009
\n
Affected Packages:
\n
\nphp-json-ext\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1271.
\n
More information:
\n
\n

It was discovered that php-json-ext, a JSON serialiser for PHP, is\nprone to a denial of service attack, when receiving a malformed string\nvia the json_decode function.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.1-3.2+etch1.

\n

The stable distribution (lenny) does not contain a separate php-json-ext\npackage, but includes it in the php5 packages, which will be fixed soon.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\ndo not contain a separate php-json-ext package, but include it in the\nphp5 packages.

\n

We recommend that you upgrade your php-json-ext packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php-json-ext_1.2.1-3.2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php-json-ext_1.2.1-3.2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php-json-ext_1.2.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php4-json_1.2.1-3.2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php-json-ext/php5-json_1.2.1-3.2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1776": "
\n

Debian Security Advisory

\n

DSA-1776-1 slurm-llnl -- programming error

\n
\n
Date Reported:
\n
21 Apr 2009
\n
Affected Packages:
\n
\nslurm-llnl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 524980.
\n
More information:
\n
\n

It was discovered that the Simple Linux Utility for Resource Management\n(SLURM), a cluster job management and scheduling system, did not drop\nthe supplemental groups. These groups may be system groups with elevated\nprivileges, which may allow a valid SLURM user to gain elevated privileges.

\n

The old stable distribution (etch) does not contain a slurm-llnl package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.6-1lenny3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.15-1.

\n

We recommend that you upgrade your slurm-llnl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-doc_1.3.6-1lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-sview_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13-dev_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins-dev_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libslurm13_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-slurmdbd_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/libpmi0-dev_1.3.6-1lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/slurm-llnl/slurm-llnl-basic-plugins_1.3.6-1lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1777": "
\n

Debian Security Advisory

\n

DSA-1777-1 git-core -- file permission error

\n
\n
Date Reported:
\n
21 Apr 2009
\n
Affected Packages:
\n
\ngit-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 516669.
\n
More information:
\n
\n

Peter Palfrader discovered that in the Git revision control system,\non some architectures files under /usr/share/git-core/templates/ were\nowned by a non-root user. This allows a user with that uid on the local\nsystem to write to these files and possibly escalate their privileges.

\n

This issue only affects the DEC Alpha and MIPS (big and little endian)\narchitectures.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4.4-4+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.6.5-3+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2.1-1.

\n

We recommend that you upgrade your git-core package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2.dsc
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1778": "
\n

Debian Security Advisory

\n

DSA-1778-1 mahara -- insufficient input sanitization

\n
\n
Date Reported:
\n
22 Apr 2009
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0664.
\n
More information:
\n
\n

It was discovered that mahara, an electronic portfolio, weblog, and\nresume builder, is prone to cross-site scripting (XSS) attacks because\nof missing input sanitization of the introduction text field in user\nprofiles and any text field in a user view.

\n

The oldstable distribution (etch) does not contain mahara.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.3-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1779": "
\n

Debian Security Advisory

\n

DSA-1779-1 apt -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2009
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 523213, Bug 433091.
In Mitre's CVE dictionary: CVE-2009-1300, CVE-2009-1358.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in APT, the well-known dpkg\nfrontend. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-1300\n

    In time zones where daylight savings time occurs at midnight,\n the apt cron.daily script fails, stopping new security updates\n from being applied automatically.

    • \n
  • CVE-2009-1358\n

    A repository that has been signed with an expired or revoked\n OpenPGP key would still be considered valid by APT.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 0.6.46.4-0.1+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.7.20.2+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.7.21.

\n

We recommend that you upgrade your apt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.6.46.4-0.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.6.46.4-0.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.6.46.4-0.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.6.46.4-0.1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.6.46.4-0.1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apt/apt-doc_0.7.20.2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-doc_0.7.20.2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apt/apt_0.7.20.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-utils_0.7.20.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/libapt-pkg-dev_0.7.20.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apt/apt-transport-https_0.7.20.2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1780": "
\n

Debian Security Advisory

\n

DSA-1780-1 libdbd-pg-perl -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Apr 2009
\n
Affected Packages:
\n
\nlibdbd-pg-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0663, CVE-2009-1341.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in libdbd-pg-perl, the DBI\ndriver module for PostgreSQL database access (DBD::Pg).

\n
    \n
  • CVE-2009-0663\n

    A heap-based buffer overflow may allow attackers to execute arbitrary\n code through applications which read rows from the database using the\n pg_getline and getline functions. (More common retrieval methods,\n such as selectall_arrayref and fetchrow_array, are not affected.)

    • \n
  • CVE-2009-1341\n

    A memory leak in the routine which unquotes BYTEA values returned from\n the database allows attackers to cause a denial of service.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.49-2+etch1.

\n

For the stable distribution (lenny) and the unstable distribution (sid),\nthese problems have been fixed in version 2.1.3-1 before the release of\nlenny.

\n

We recommend that you upgrade your libdbd-pg-perl package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1781": "
\n

Debian Security Advisory

\n

DSA-1781-1 ffmpeg-debian -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Apr 2009
\n
Affected Packages:
\n
\nffmpeg-debian\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 524799, Bug 489965.
In Mitre's CVE dictionary: CVE-2009-0385, CVE-2008-3162.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0385\n

    It was discovered that watching a malformed 4X movie file could lead to\nthe execution of arbitrary code.

    • \n
  • CVE-2008-3162\n

    It was discovered that using a crafted STR file can lead to the\nexecution of arbitrary code.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed\nin version 0.cvs20060823-8+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-17+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.svn20080206-16.

\n

We recommend that you upgrade your ffmpeg-debian packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-17+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-17+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-doc_0.svn20080206-17+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-17+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-17+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1782": "
\n

Debian Security Advisory

\n

DSA-1782-1 mplayer -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Apr 2009
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 508803.
In Mitre's CVE dictionary: CVE-2009-0385, CVE-2008-4866, CVE-2008-5616.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mplayer, a movie player\nfor Unix-like systems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-0385\n

    It was discovered that watching a malformed 4X movie file could lead to\nthe execution of arbitrary code.

    • \n
  • CVE-2008-4866\n

    It was discovered that multiple buffer overflows could lead to the\nexecution of arbitrary code.

    • \n
  • CVE-2008-5616\n

    It was discovered that watching a malformed TwinVQ file could lead to\nthe execution of arbitrary code.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed\nin version 1.0~rc1-12etch7.

\n

For the stable distribution (lenny), mplayer links against\nffmpeg-debian.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), mplayer links against ffmpeg-debian.

\n

We recommend that you upgrade your mplayer packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7.dsc
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc1-12etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc1-12etch7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1783": "
\n

Debian Security Advisory

\n

DSA-1783-1 mysql-dfsg-5.0 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
29 Apr 2009
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 498362.
In Mitre's CVE dictionary: CVE-2008-3963, CVE-2008-4456.
\n
More information:
\n
\n

Multiple vulnerabilities have been identified affecting MySQL, a\nrelational database server, and its associated interactive client\napplication. The Common Vulnerabilities and Exposures project\nidentifies the following two problems:

\n
    \n
  • CVE-2008-3963\n

    Kay Roepke reported that the MySQL server would not properly handle\n an empty bit-string literal in an SQL statement, allowing an\n authenticated remote attacker to cause a denial of service (a crash)\n in mysqld. This issue affects the oldstable distribution (etch), but\n not the stable distribution (lenny).

    • \n
  • CVE-2008-4456\n

    Thomas Henlich reported that the MySQL commandline client application\n did not encode HTML special characters when run in HTML output mode\n (that is, \"mysql --html ...\"). This could potentially lead to\n cross-site scripting or unintended script privilege escalation if\n the resulting output is viewed in a browser or incorporated into\n a web site.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch10.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.0.51a-24+lenny1.

\n

We recommend that you upgrade your mysql-dfsg-5.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch10.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch10.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch10_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch10_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch10_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1784": "
\n

Debian Security Advisory

\n

DSA-1784-1 freetype -- integer overflows

\n
\n
Date Reported:
\n
30 Apr 2009
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0946.
\n
More information:
\n
\n

Tavis Ormandy discovered several integer overflows in FreeType, a library\nto process and access font files, resulting in heap- or stack-based\nbuffer overflows leading to application crashes or the execution\nof arbitrary code via a crafted font file.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.1-5+etch4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.9-4.1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_alpha.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mips.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_mips.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1785": "
\n

Debian Security Advisory

\n

DSA-1785-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2009
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1210, CVE-2009-1268, CVE-2009-1269.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1210\n

    A format string vulnerability was discovered in the PROFINET\n dissector.

    • \n
  • CVE-2009-1268\n

    The dissector for the Check Point High-Availability Protocol\n could be forced to crash.

    • \n
  • CVE-2009-1269\n

    Malformed Tektronix files could lead to a crash.

    • \n
\n

The old stable distribution (etch), is only affected by the\nCPHAP crash, which doesn't warrant an update on its own. The fix\nwill be queued up for an upcoming security update or a point release.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.7-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1786": "
\n

Debian Security Advisory

\n

DSA-1786-1 acpid -- denial of service

\n
\n
Date Reported:
\n
02 May 2009
\n
Affected Packages:
\n
\nacpid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0798.
\n
More information:
\n
\n

It was discovered that acpid, a daemon for delivering ACPI events, is\nprone to a denial of service attack by opening a large number of UNIX\nsockets, which are not closed properly.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.8-1lenny1.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-5etch1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.10-1.

\n

We recommend that you upgrade your acpid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch1_ia64.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny1_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1787": "
\n

Debian Security Advisory

\n

DSA-1787-1 linux-2.6.24 -- denial of service/privilege escalation/information leak

\n
\n
Date Reported:
\n
02 May 2009
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4307, CVE-2008-5079, CVE-2008-5395, CVE-2008-5700, CVE-2008-5701, CVE-2008-5702, CVE-2009-0028, CVE-2009-0029, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0834, CVE-2009-0859, CVE-2009-1046, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1337, CVE-2009-1338, CVE-2009-1439.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2008-4307\n

    Bryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do_setlk function.

    • \n
  • CVE-2008-5079\n

    Hugo Dias reported a DoS condition in the ATM subsystem that can\n be triggered by a local user by calling the svc_listen function\n twice on the same socket and reading /proc/net/atm/*vc.

    • \n
  • CVE-2008-5395\n

    Helge Deller discovered a denial of service condition that allows\n local users on PA-RISC systems to crash a system by attempting to\n unwind a stack containing userspace addresses.

    • \n
  • CVE-2008-5700\n

    Alan Cox discovered a lack of minimum timeouts on SG_IO requests,\n which allows local users of systems using ATA to cause a denial of\n service by forcing drives into PIO mode.

    • \n
  • CVE-2008-5701\n

    Vlad Malov reported an issue on 64-bit MIPS systems where a local\n user could cause a system crash by crafing a malicious binary\n which makes o32 syscalls with a number less than 4000.

    • \n
  • CVE-2008-5702\n

    Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\n call.

    • \n
  • CVE-2009-0028\n

    Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.

    • \n
  • CVE-2009-0029\n

    Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.

    • \n
  • CVE-2009-0031\n

    Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all of kernel memory.

    • \n
  • CVE-2009-0065\n

    Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.

    • \n
  • CVE-2009-0269\n

    Duane Griffin provided a fix for an issue in the eCryptfs\n subsystem which allows local users to cause a denial of service\n (fault or memory corruption).

    • \n
  • CVE-2009-0322\n

    Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.

    • \n
  • CVE-2009-0675\n

    Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.

    • \n
  • CVE-2009-0676\n

    Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.

    • \n
  • CVE-2009-0745\n

    Peter Kerwien discovered an issue in the ext4 filesystem that\n allows local users to cause a denial of service (kernel oops)\n during a resize operation.

    • \n
  • CVE-2009-0834\n

    Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.

    • \n
  • CVE-2009-0859\n

    Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.

    • \n
  • CVE-2009-1046\n

    Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.

    • \n
  • CVE-2009-1192\n

    Shaohua Li reported an issue in the AGP subsystem that may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.

    • \n
  • CVE-2009-1242\n

    Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.

    • \n
  • CVE-2009-1265\n

    Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.

    • \n
  • CVE-2009-1337\n

    Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.

    • \n
  • CVE-2009-1338\n

    Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.

    • \n
  • CVE-2009-1439\n

    Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch1.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1788": "
\n

Debian Security Advisory

\n

DSA-1788-1 quagga -- improper assertion

\n
\n
Date Reported:
\n
04 May 2009
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 526311.
\n
More information:
\n
\n

It was discovered that Quagga, an IP routing daemon, could no longer\nprocess the Internet routing table due to broken handling of multiple\n4-byte AS numbers in an AS path. If such a prefix is received, the\nBGP daemon crashes with an assert failure, leading to a denial of\nservice.

\n

The old stable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.99.10-1lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.99.11-2.

\n

We recommend that you upgrade your quagga package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_i386.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1789": "
\n

Debian Security Advisory

\n

DSA-1789-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 May 2009
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 507101, Bug 507857, Bug 508021, Bug 511493, Bug 523028, Bug 523049.
In Mitre's CVE dictionary: CVE-2008-2107, CVE-2008-2108, CVE-2008-5557, CVE-2008-5624, CVE-2008-5658, CVE-2008-5814, CVE-2009-0754, CVE-2009-1271.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the PHP\u00a05\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems.

\n

The following four vulnerabilities have already been fixed in the stable\n(lenny) version of php5 prior to the release of lenny. This update now\naddresses them for etch (oldstable) as well:

\n
    \n
  • CVE-2008-2107 / CVE-2008-2108\n

    The GENERATE_SEED macro has several problems that make predicting\n generated random numbers easier, facilitating attacks against measures\n that use rand() or mt_rand() as part of a protection.

    • \n
  • CVE-2008-5557\n

    A buffer overflow in the mbstring extension allows attackers to execute\n arbitrary code via a crafted string containing an HTML entity.

    • \n
  • CVE-2008-5624\n

    The page_uid and page_gid variables are not correctly set, allowing\n use of some functionality intended to be restricted to root.

    • \n
  • CVE-2008-5658\n

    Directory traversal vulnerability in the ZipArchive::extractTo function\n allows attackers to write arbitrary files via a ZIP file with a file\n whose name contains .. (dot dot) sequences.

    • \n
\n

This update also addresses the following three vulnerabilities for both\noldstable (etch) and stable (lenny):

\n
    \n
  • CVE-2008-5814\n

    Cross-site scripting (XSS) vulnerability, when display_errors is enabled,\n allows remote attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2009-0754\n

    When running on Apache, PHP allows local users to modify behavior of\n other sites hosted on the same web server by modifying the\n mbstring.func_overload setting within .htaccess, which causes this\n setting to be applied to other virtual hosts on the same server.

    • \n
  • CVE-2009-1271\n

    The JSON_parser function allows a denial of service (segmentation fault)\n via a malformed string to the json_decode API function.

    • \n
\n

Furthermore, two updates originally scheduled for the next point update for\noldstable are included in the etch package:

\n
    \n

  • Let PHP use the system timezone database instead of the embedded\n timezone database which is out of date.

    • \n

  • From the source tarball, the unused 'dbase' module has been removed\n which contained licensing problems.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 5.2.0+dfsg-8+etch15.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.2.9.dfsg.1-1.

\n

We recommend that you upgrade your php5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch15_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0+dfsg-8+etch15_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1790": "
\n

Debian Security Advisory

\n

DSA-1790-1 xpdf -- multiple vulnerabilities

\n
\n
Date Reported:
\n
05 May 2009
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 524809.
In Mitre's CVE dictionary: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183.
\n
More information:
\n
\n

Several vulnerabilities have been identified in xpdf, a suite of tools\nfor viewing and converting Portable Document Format (PDF) files.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-0146\n

    Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\n earlier, CUPS 1.3.9 and earlier, and other products allow remote\n attackers to cause a denial of service (crash) via a crafted PDF file,\n related to (1) JBIG2SymbolDict::setBitmap and (2)\n JBIG2Stream::readSymbolDictSeg.

    • \n
  • CVE-2009-0147\n

    Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and\n earlier, CUPS 1.3.9 and earlier, and other products allow remote\n attackers to cause a denial of service (crash) via a crafted PDF file,\n related to (1) JBIG2Stream::readSymbolDictSeg, (2)\n JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.

    • \n
  • CVE-2009-0165\n

    Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as\n used in Poppler and other products, when running on Mac OS X, has\n unspecified impact, related to \"g*allocn.\"

    • \n
  • CVE-2009-0166\n

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and\n earlier, and other products allows remote attackers to cause a denial\n of service (crash) via a crafted PDF file that triggers a free of\n uninitialized memory.

    • \n
  • CVE-2009-0799\n

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,\n Poppler before 0.10.6, and other products allows remote attackers to\n cause a denial of service (crash) via a crafted PDF file that triggers\n an out-of-bounds read.

    • \n
  • CVE-2009-0800\n

    Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2\n and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other\n products allow remote attackers to execute arbitrary code via a crafted\n PDF file.

    • \n
  • CVE-2009-1179\n

    Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS\n 1.3.9 and earlier, Poppler before 0.10.6, and other products allows\n remote attackers to execute arbitrary code via a crafted PDF file.

    • \n
  • CVE-2009-1180\n

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,\n Poppler before 0.10.6, and other products allows remote attackers to\n execute arbitrary code via a crafted PDF file that triggers a free of\n invalid data.

    • \n
  • CVE-2009-1181\n

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,\n Poppler before 0.10.6, and other products allows remote attackers to\n cause a denial of service (crash) via a crafted PDF file that triggers a\n NULL pointer dereference.

    • \n
  • CVE-2009-1182\n

    Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and\n earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other\n products allow remote attackers to execute arbitrary code via a crafted\n PDF file.

    • \n
  • CVE-2009-1183\n

    The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and\n earlier, Poppler before 0.10.6, and other products allows remote\n attackers to cause a denial of service (infinite loop and hang) via a\n crafted PDF file.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in version\n3.01-9.1+etch6.

\n

For the stable distribution (lenny), these problems have been fixed in version\n3.02-1.4+lenny1.

\n

For the unstable distribution (sid), these problems will be fixed in a\nforthcoming version.

\n

We recommend that you upgrade your xpdf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch6_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch6_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1791": "
\n

Debian Security Advisory

\n

DSA-1791-1 moin -- insufficient input sanitising

\n
\n
Date Reported:
\n
06 May 2009
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 526594.
In Mitre's CVE dictionary: CVE-2009-1482.
\n
More information:
\n
\n

It was discovered that the AttachFile action in moin, a python clone of\nWikiWiki, is prone to cross-site scripting attacks when renaming\nattachements or performing other sub-actions.

\n

The oldstable distribution (etch) is not vulnerable.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny2.

\n

For the testing (squeeze) distribution and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your moin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1792": "
\n

Debian Security Advisory

\n

DSA-1792-1 drupal6 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
06 May 2009
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 526378.
In Mitre's CVE dictionary: CVE-2009-1575, CVE-2009-1576.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in drupal, a web content\nmanagement system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1575\n

    pod.Edge discovered a cross-site scripting vulnerability due that can be\n triggered when some browsers interpret UTF-8 strings as UTF-7 if they\n appear before the generated HTML document defines its Content-Type.\n This allows a malicious user to execute arbitrary javascript in the\n context of the web site if they're allowed to post content.

    • \n
  • CVE-2009-1576\n

    Moritz Naumann discovered an information disclosure vulnerability. If\n a user is tricked into visiting the site via a specially crafted URL\n and then submits a form (such as the search box) from that page, the\n information in their form submission may be directed to a third-party\n site determined by the URL and thus disclosed to the third party. The\n third party site may then execute a cross-site request forgery attack\n against the submitted form.

    • \n
\n

The old stable distribution (etch) does not contain drupal and is not\naffected.

\n

For the stable distribution (lenny), these problems have been fixed in version\n6.6-3lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6.11-1

\n

We recommend that you upgrade your drupal6 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1793": "
\n

Debian Security Advisory

\n

DSA-1793-1 kdegraphics -- multiple vulnerabilities

\n
\n
Date Reported:
\n
06 May 2009
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 524810.
In Mitre's CVE dictionary: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183.
\n
More information:
\n
\n

kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the\nxpdf program and thus suffers from similar flaws to those described in\nDSA-1790.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-0146\n

    Multiple buffer overflows in the JBIG2 decoder in kpdf allow\n remote attackers to cause a denial of service (crash) via a\n crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and\n (2) JBIG2Stream::readSymbolDictSeg.

    • \n
  • CVE-2009-0147\n

    Multiple integer overflows in the JBIG2 decoder in kpdf allow\n remote attackers to cause a denial of service (crash) via a\n crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,\n (2) JBIG2Stream::readSymbolDictSeg, and (3)\n JBIG2Stream::readGenericBitmap.

    • \n
  • CVE-2009-0165\n

    Integer overflow in the JBIG2 decoder in kpdf has unspecified\n impact related to \"g*allocn.\"

    • \n
  • CVE-2009-0166\n

    The JBIG2 decoder in kpdf allows remote attackers to cause a\n denial of service (crash) via a crafted PDF file that triggers a\n free of uninitialized memory.

    • \n
  • CVE-2009-0799\n

    The JBIG2 decoder in kpdf allows remote attackers to cause a\n denial of service (crash) via a crafted PDF file that triggers an\n out-of-bounds read.

    • \n
  • CVE-2009-0800\n

    Multiple \"input validation flaws\" in the JBIG2 decoder in kpdf\n allow remote attackers to execute arbitrary code via a crafted PDF\n file.

    • \n
  • CVE-2009-1179\n

    Integer overflow in the JBIG2 decoder in kpdf allows remote\n attackers to execute arbitrary code via a crafted PDF file.

    • \n
  • CVE-2009-1180\n

    The JBIG2 decoder in kpdf allows remote attackers to execute\n arbitrary code via a crafted PDF file that triggers a free of\n invalid data.

    • \n
  • CVE-2009-1181\n

    The JBIG2 decoder in kpdf allows remote attackers to cause a\n denial of service (crash) via a crafted PDF file that triggers a\n NULL pointer dereference.

    • \n
  • CVE-2009-1182\n

    Multiple buffer overflows in the JBIG2 MMR decoder in kpdf allow\n remote attackers to execute arbitrary code via a crafted PDF file.

    • \n
  • CVE-2009-1183\n

    The JBIG2 MMR decoder in kpdf allows remote attackers to cause a\n denial of service (infinite loop and hang) via a crafted PDF file.

    • \n
\n

The old stable distribution (etch), these problems have been fixed in version\n3.5.5-3etch3.

\n

For the stable distribution (lenny), these problems have been fixed in version\n3.5.9-3+lenny1.

\n

For the unstable distribution (sid), these problems will be fixed\nsoon.

\n

We recommend that you upgrade your kdegraphics packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1794": "
\n

Debian Security Advisory

\n

DSA-1794-1 linux-2.6 -- denial of service/privilege escalation/information leak

\n
\n
Date Reported:
\n
06 May 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-4307, CVE-2008-5395, CVE-2008-5701, CVE-2008-5702, CVE-2008-5713, CVE-2009-0028, CVE-2009-0029, CVE-2009-0031, CVE-2009-0065, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0834, CVE-2009-0859, CVE-2009-1192, CVE-2009-1265, CVE-2009-1336, CVE-2009-1337, CVE-2009-1439.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation, or information\nleak. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-4307\n

    Bryn M. Reeves reported a denial of service in the NFS filesystem.\n Local users can trigger a kernel BUG() due to a race condition in\n the do_setlk function.

    • \n
  • CVE-2008-5395\n

    Helge Deller discovered a denial of service condition that allows\n local users on PA-RISC to crash the system by attempting to unwind\n a stack containing userspace addresses.

    • \n
  • CVE-2008-5701\n

    Vlad Malov reported an issue on 64-bit MIPS where a local user\n could cause a system crash by crafting a malicious binary which\n makes o32 syscalls with a number less than 4000.

    • \n
  • CVE-2008-5702\n

    Zvonimir Rakamaric reported an off-by-one error in the ib700wdt\n watchdog driver which allows local users to cause a buffer\n underflow by making a specially crafted WDIOC_SETTIMEOUT ioctl\n call.

    • \n
  • CVE-2008-5713\n

    Flavio Leitner discovered that a local user can cause a denial of\n service by generating large amounts of traffic on a large SMP\n system, resulting in soft lockups.

    • \n
  • CVE-2009-0028\n

    Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.

    • \n
  • CVE-2009-0029\n

    Christian Borntraeger discovered an issue effecting the alpha,\n mips, powerpc, s390 and sparc64 architectures that allows local\n users to cause a denial of service or potentially gain elevated\n privileges.

    • \n
  • CVE-2009-0031\n

    Vegard Nossum discovered a memory leak in the keyctl subsystem\n that allows local users to cause a denial of service by consuming\n all available kernel memory.

    • \n
  • CVE-2009-0065\n

    Wei Yongjun discovered a memory overflow in the SCTP\n implementation that can be triggered by remote users, permitting\n remote code execution.

    • \n
  • CVE-2009-0322\n

    Pavel Roskin provided a fix for an issue in the dell_rbu driver\n that allows a local user to cause a denial of service (oops) by\n reading 0 bytes from a sysfs entry.

    • \n
  • CVE-2009-0675\n

    Roel Kluin discovered inverted logic in the skfddi driver that\n permits local, unprivileged users to reset the driver statistics.

    • \n
  • CVE-2009-0676\n

    Clement LECIGNE discovered a bug in the sock_getsockopt function\n that may result in leaking sensitive kernel memory.

    • \n
  • CVE-2009-0834\n

    Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.

    • \n
  • CVE-2009-0859\n

    Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.

    • \n
  • CVE-2009-1192\n

    Shaohua Li reported an issue in the AGP subsystem that may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.

    • \n
  • CVE-2009-1265\n

    Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.

    • \n
  • CVE-2009-1336\n

    Trond Myklebust reported an issue in the encode_lookup() function\n in the nfs server subsystem that allows local users to cause a\n denial of service (oops in encode_lookup()) by use of a long\n filename.

    • \n
  • CVE-2009-1337\n

    Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.

    • \n
  • CVE-2009-1439\n

    Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch2.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.dsc
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1795": "
\n

Debian Security Advisory

\n

DSA-1795-1 ldns -- buffer overflow

\n
\n
Date Reported:
\n
07 May 2009
\n
Affected Packages:
\n
\nldns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1086.
\n
More information:
\n
\n

Stefan Kaltenbrunner discovered that ldns, a library and set of utilities\nto facilitate DNS programming, did not correctly implement a buffer\nboundary check in its RR DNS record parser. This weakness could enable\noverflow of a heap buffer if a maliciously-crafted record is parsed,\npotentially allowing the execution of arbitrary code. The scope of\ncompromise will vary with the context in which ldns is used, and could\npresent either a local or remote attack vector.

\n

The old stable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1+lenny1.

\n

For the unstable distribution (sid), this problem was fixed in\nversion 1.5.1-1.

\n

We recommend that you upgrade your ldns packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/ldns/ldns_1.4.0-1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/ldns/libldns1_1.4.0-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/libldns-dev_1.4.0-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/ldns/ldnsutils_1.4.0-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1796": "
\n

Debian Security Advisory

\n

DSA-1796-1 libwmf -- pointer use-after-free

\n
\n
Date Reported:
\n
07 May 2009
\n
Affected Packages:
\n
\nlibwmf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 526434.
In Mitre's CVE dictionary: CVE-2009-1364.
\n
More information:
\n
\n

Tavis Ormandy discovered that the embedded GD library copy in libwmf,\na library to parse windows metafiles (WMF), makes use of a pointer\nafter it was already freed. An attacker using a crafted WMF file can\ncause a denial of service or possibly the execute arbitrary code via\napplications using this library.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.2.8.4-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.2.8.4-6+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.8.4-6.1.

\n

We recommend that you upgrade your libwmf packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf_0.2.8.4-6+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-doc_0.2.8.4-6+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf0.2-7_0.2.8.4-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-dev_0.2.8.4-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libw/libwmf/libwmf-bin_0.2.8.4-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1797": "
\n

Debian Security Advisory

\n

DSA-1797-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
09 May 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1311.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0652\n

    Moxie Marlinspike discovered that Unicode box drawing characters inside of\n internationalised domain names could be used for phishing attacks.

    • \n
  • CVE-2009-1302\n

    Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman\n and Gary Kwong reported crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2009-1303\n

    Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman\n and Gary Kwong reported crashes in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2009-1304\n

    Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2009-1305\n

    Igor Bukanov and Bob Clary discovered crashes in the Javascript engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2009-1306\n

    Daniel Veditz discovered that the Content-Disposition: header is ignored\n within the jar: URI scheme.

    • \n
  • CVE-2009-1307\n

    Gregory Fleischer discovered that the same-origin policy for Flash files\n is inproperly enforced for files loaded through the view-source scheme,\n which may result in bypass of cross-domain policy restrictions.

    • \n
  • CVE-2009-1308\n

    Cefn Hoile discovered that sites, which allow the embedding of third-party\n stylesheets are vulnerable to cross-site scripting attacks through XBL\n bindings.

    • \n
  • CVE-2009-1309\n

    \"moz_bug_r_a4\" discovered bypasses of the same-origin policy in the\n XMLHttpRequest Javascript API and the XPCNativeWrapper.

    • \n
  • CVE-2009-1311\n

    Paolo Amadini discovered that incorrect handling of POST data when\n saving a web site with an embedded frame may lead to information disclosure.

    • \n
  • CVE-2009-1312\n

    It was discovered that Iceweasel allows Refresh: headers to redirect\n to Javascript URIs, resulting in cross-site scripting.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.9-0lenny2.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.9-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9-0lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.9-0lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.9-0lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.9-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.9-0lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1798": "
\n

Debian Security Advisory

\n

DSA-1798-1 pango1.0 -- integer overflow

\n
\n
Date Reported:
\n
10 May 2009
\n
Affected Packages:
\n
\npango1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 527474.
In Mitre's CVE dictionary: CVE-2009-1194.
\n
More information:
\n
\n

Will Drewry discovered that pango, a system for layout and rendering of\ninternationalized text, is prone to an integer overflow via long\nglyphstrings. This could cause the execution of arbitrary code when\ndisplaying crafted data through an application using the pango library.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.14.8-5+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.20.5-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.24-1.

\n

We recommend that you upgrade your pango1.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.14.8-5+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.14.8-5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.14.8-5+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_mips.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.14.8-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.14.8-5+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.14.8-5+etch1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.14.8-5+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-3+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-3+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1799": "
\n

Debian Security Advisory

\n

DSA-1799-1 qemu -- several vulnerabilities

\n
\n
Date Reported:
\n
11 May 2009
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-0928, CVE-2008-4539, CVE-2008-1945.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the QEMU processor\nemulator. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-0928\n

    Ian Jackson discovered that range checks of file operations on\n emulated disk devices were insufficiently enforced.

    • \n
  • CVE-2008-1945\n

    It was discovered that an error in the format auto detection of\n removable media could lead to the disclosure of files in the\n host system.

    • \n
  • CVE-2008-4539\n

    A buffer overflow has been found in the emulation of the Cirrus\n graphics adaptor.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 0.8.2-4etch3.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.9.1-10lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.9.1+svn20081101-1.

\n

We recommend that you upgrade your qemu packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch3.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch3_i386.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.9.1-10lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1800": "
\n

Debian Security Advisory

\n

DSA-1800-1 linux-2.6 -- denial of service/privilege escalation/sensitive memory leak

\n
\n
Date Reported:
\n
15 May 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0028, CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1046, CVE-2009-1072, CVE-2009-1184, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1337, CVE-2009-1338, CVE-2009-1439.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, privilege escalation or a sensitive\nmemory leak. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-0028\n

    Chris Evans discovered a situation in which a child process can\n send an arbitrary signal to its parent.

    • \n
  • CVE-2009-0834\n

    Roland McGrath discovered an issue on amd64 kernels that allows\n local users to circumvent system call audit configurations which\n filter based on the syscall numbers or argument details.

    • \n
  • CVE-2009-0835\n

    Roland McGrath discovered an issue on amd64 kernels with\n CONFIG_SECCOMP enabled. By making a specially crafted syscall,\n local users can bypass access restrictions.

    • \n
  • CVE-2009-0859\n

    Jiri Olsa discovered that a local user can cause a denial of\n service (system hang) using a SHM_INFO shmctl call on kernels\n compiled with CONFIG_SHMEM disabled. This issue does not affect\n prebuilt Debian kernels.

    • \n
  • CVE-2009-1046\n

    Mikulas Patocka reported an issue in the console subsystem that\n allows a local user to cause memory corruption by selecting a\n small number of 3-byte UTF-8 characters.

    • \n
  • CVE-2009-1072\n

    Igor Zhbanov reported that nfsd was not properly dropping\n CAP_MKNOD, allowing users to create device nodes on file systems\n exported with root_squash.

    • \n
  • CVE-2009-1184\n

    Dan Carpenter reported a coding issue in the selinux subsystem\n that allows local users to bypass certain networking checks when\n running with compat_net=1.

    • \n
  • CVE-2009-1192\n

    Shaohua Li reported an issue in the AGP subsystem they may allow\n local users to read sensitive kernel memory due to a leak of\n uninitialized memory.

    • \n
  • CVE-2009-1242\n

    Benjamin Gilbert reported a local denial of service vulnerability\n in the KVM VMX implementation that allows local users to trigger\n an oops.

    • \n
  • CVE-2009-1265\n

    Thomas Pollet reported an overflow in the af_rose implementation\n that allows remote attackers to retrieve uninitialized kernel\n memory that may contain sensitive data.

    • \n
  • CVE-2009-1337\n

    Oleg Nesterov discovered an issue in the exit_notify function that\n allows local users to send an arbitrary signal to a process by\n running a program that modifies the exit_signal field and then\n uses an exec system call to launch a setuid application.

    • \n
  • CVE-2009-1338\n

    Daniel Hokka Zakrisson discovered that a kill(-1) is permitted to\n reach processes outside of the current process namespace.

    • \n
  • CVE-2009-1439\n

    Pavan Naregundi reported an issue in the CIFS filesystem code that\n allows remote users to overwrite memory via a long\n nativeFileSystem field in a Tree Connect response during mount.

    • \n
\n

For the oldstable distribution (etch), these problems, where applicable,\nwill be fixed in future updates to linux-2.6 and linux-2.6.24.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny2.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-15lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-15lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-15lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-15lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-15lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-15lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-15lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-15lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-15lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-15lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-15lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-15lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-15lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-15lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-15lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-15lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-15lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1801": "
\n

Debian Security Advisory

\n

DSA-1801-1 ntp -- buffer overflows

\n
\n
Date Reported:
\n
19 May 2009
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 525373.
In Mitre's CVE dictionary: CVE-2009-0159, CVE-2009-1252.
CERT's vulnerabilities, advisories and incident notes: VU#853097.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in NTP, the Network\nTime Protocol reference implementation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-0159\n

    A buffer overflow in ntpq allow a remote NTP server to create a\n denial of service attack or to execute arbitrary code via a crafted\n response.

    • \n
  • CVE-2009-1252\n

    A buffer overflow in ntpd allows a remote attacker to create a\n denial of service attack or to execute arbitrary code when the\n autokey functionality is enabled.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 4.2.2.p4+dfsg-2etch3.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.4p4+dfsg-8lenny2.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your ntp package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch3_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1802": "
\n

Debian Security Advisory

\n

DSA-1802-2 squirrelmail -- several vulnerabilities

\n
\n
Date Reported:
\n
21 May 2009
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 528528.
In Mitre's CVE dictionary: CVE-2009-1578, CVE-2009-1579, CVE-2009-1580, CVE-2009-1581, CVE-2009-1381.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in SquirrelMail,\na webmail application. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-1578\n

    Cross site scripting was possible through a number of pages which\n allowed an attacker to steal sensitive session data.

    • \n
  • CVE-2009-1579,\nCVE-2009-1381\n

    Code injection was possible when SquirrelMail was configured to\n use the map_yp_alias function to authenticate users. This is not\n the default.

    • \n
  • CVE-2009-1580\n

    It was possible to hijack an active user session by planting a\n specially crafted cookie into the user's browser.

    • \n
  • CVE-2009-1581\n

    Specially crafted HTML emails could use the CSS positioning feature\n to place email content over the SquirrelMail user interface, allowing\n for phishing.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 1.4.9a-5.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.19-1.

\n

We recommend that you upgrade your squirrelmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5.dsc
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.9a-5_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1803": "
\n

Debian Security Advisory

\n

DSA-1803-1 nsd, nsd3 -- buffer overflow

\n
\n
Date Reported:
\n
20 May 2009
\n
Affected Packages:
\n
\nnsd, nsd3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 529418, Bug 529420.
In Mitre's CVE dictionary: CVE-2009-1755.
CERT's vulnerabilities, advisories and incident notes: VU#710316.
\n
More information:
\n
\n

Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative\nname service daemon, allowed to crash the server by sending a crafted packet,\ncreating a denial of service.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 2.3.6-1+etch1 of the nsd package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.3.7-1.1+lenny1 of the nsd package and version 3.0.7-3.lenny2\nof the nsd3 package.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.7-3 for nsd; nsd3 will be fixed soon.

\n

We recommend that you upgrade your nsd or nsd3 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.6-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nsd/nsd_2.3.7-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nsd3/nsd3_3.0.7-3.lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1804": "
\n

Debian Security Advisory

\n

DSA-1804-1 ipsec-tools -- null pointer dereference, memory leaks

\n
\n
Date Reported:
\n
20 May 2009
\n
Affected Packages:
\n
\nipsec-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 527634, Bug 528933.
In Mitre's CVE dictionary: CVE-2009-1574, CVE-2009-1632.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in racoon, the Internet Key\nExchange daemon of ipsec-tools. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1574\n

    Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets\nthat contain no payload. This results in the daemon crashing which can be used\nfor denial of service attacks.

    • \n
  • CVE-2009-1632\n

    Various memory leaks in the X.509 certificate authentication handling and the\nNAT-Traversal keepalive implementation can result in memory exhaustion and\nthus denial of service.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.6.6-3.1etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.7.1-1.3+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.7.1-1.5.

\n

We recommend that you upgrade your ipsec-tools packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1805": "
\n

Debian Security Advisory

\n

DSA-1805-1 pidgin -- several vulnerabilities

\n
\n
Date Reported:
\n
22 May 2009
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1373, CVE-2009-1375, CVE-2009-1376.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Pidgin, a graphical\nmulti-protocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-1373\n

    A buffer overflow in the Jabber file transfer code may lead to\n denial of service or the execution of arbitrary code.

    • \n
  • CVE-2009-1375\n

    Memory corruption in an internal library may lead to denial of\n service.

    • \n
  • CVE-2009-1376\n

    The patch provided for the security issue tracked as CVE-2008-2927\n - integer overflows in the MSN protocol handler - was found to be\n incomplete.

    • \n
\n

The old stable distribution (etch) is affected under the source package\nname gaim. However, due to build problems the updated packages couldn't\nbe released along with the stable version. It will be released once the\nbuild problem is resolved.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.5.6-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.dsc
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1806": "
\n

Debian Security Advisory

\n

DSA-1806-1 cscope -- buffer overflows

\n
\n
Date Reported:
\n
24 May 2009
\n
Affected Packages:
\n
\ncscope\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 528510.
In Mitre's CVE dictionary: CVE-2009-0148.
\n
More information:
\n
\n

Matt Murphy discovered that cscope, a source code browsing tool, does not\nverify the length of file names sourced in include statements, which may\npotentially lead to the execution of arbitrary code through specially\ncrafted source code files.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 15.6-6+lenny1.

\n

Due to a technical limitation in the Debian archive management scripts\nthe update for the old stable distribution (etch) cannot be released\nsynchronously. It will be fixed in version 15.6-2+etch1 soon.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cscope package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cscope/cscope_15.6-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1807": "
\n

Debian Security Advisory

\n

DSA-1807-1 cyrus-sasl2, cyrus-sasl2-heimdal -- buffer overflow

\n
\n
Date Reported:
\n
01 Jun 2009
\n
Affected Packages:
\n
\ncyrus-sasl2, cyrus-sasl2-heimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 528749.
In Mitre's CVE dictionary: CVE-2009-0688.
CERT's vulnerabilities, advisories and incident notes: VU#238019.
\n
More information:
\n
\n

James Ralston discovered that the sasl_encode64() function of cyrus-sasl2,\na free library implementing the Simple Authentication and Security Layer,\nsuffers from a missing null termination in certain situations. This causes\nseveral buffer overflows in situations where cyrus-sasl2 itself requires\nthe string to be null terminated which can lead to denial of service or\narbitrary code execution.

\n

Important notice (Quoting from US-CERT):\nWhile this patch will fix currently vulnerable code, it can cause\nnon-vulnerable existing code to break. Here's a function prototype from\ninclude/saslutil.h to clarify my explanation:

\n
/* base64 encode\n* in -- input data\n* inlen -- input data length\n* out -- output buffer (will be NUL terminated)\n* outmax -- max size of output buffer\n* result:\n* outlen -- gets actual length of output buffer (optional)\n*\n* Returns SASL_OK on success, SASL_BUFOVER if result won't fit\n*/\nLIBSASL_API int sasl_encode64(const char *in, unsigned inlen,\nchar *out, unsigned outmax,\nunsigned *outlen);
\n

Assume a scenario where calling code has been written in such a way that it\ncalculates the exact size required for base64 encoding in advance, then\nallocates a buffer of that exact size, passing a pointer to the buffer into\nsasl_encode64() as *out. As long as this code does not anticipate that the\nbuffer is NUL-terminated (does not call any string-handling functions like\nstrlen(), for example) the code will work and it will not be vulnerable.

\n

Once this patch is applied, that same code will break because sasl_encode64()\nwill begin to return SASL_BUFOVER.

\n

For the oldstable distribution (etch), this problem has been fixed\nin version 2.1.22.dfsg1-8+etch1 of cyrus-sasl2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.1.22.dfsg1-23+lenny1 of cyrus-sasl2 and cyrus-sasl2-heimdal.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.23.dfsg1-1 of cyrus-sasl2 and cyrus-sasl2-heimdal.

\n

We recommend that you upgrade your cyrus-sasl2/cyrus-sasl2-heimdal packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1-23+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1-23+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1-23+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2_2.1.22.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal_2.1.22.dfsg1-23+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-doc_2.1.22.dfsg1-23+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/sasl2-bin_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-2_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-sql_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-gssapi-mit_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-dev_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-ldap_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/libsasl2-modules-gssapi-heimdal_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2-heimdal/cyrus-sasl2-heimdal-dbg_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/cyrus-sasl2-dbg_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-sasl2/libsasl2-modules-otp_2.1.22.dfsg1-23+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1808": "
\n

Debian Security Advisory

\n

DSA-1808-1 drupal6 -- insufficient input sanitising

\n
\n
Date Reported:
\n
01 Jun 2009
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 529190, Bug 531386.
\n
More information:
\n
\n

Markus Petrux discovered a cross-site scripting vulnerability in the\ntaxonomy module of drupal6, a fully-featured content management\nframework. It is also possible that certain browsers using the UTF-7\nencoding are vulnerable to a different cross-site scripting\nvulnerability.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 6.6-3lenny2.

\n

The oldstable distribution (etch) does not contain drupal6.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 6.11-1.1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny2.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1809": "
\n

Debian Security Advisory

\n

DSA-1809-1 linux-2.6 -- denial of service, privilege escalation

\n
\n
Date Reported:
\n
01 Jun 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1630, CVE-2009-1633, CVE-2009-1758.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1630\n

    Frank Filz discovered that local users may be able to execute\n files without execute permission when accessed via an nfs4 mount.

    • \n
  • CVE-2009-1633\n

    Jeff Layton and Suresh Jayaraman fixed several buffer overflows in\n the CIFS filesystem which allow remote servers to cause memory\n corruption.

    • \n
  • CVE-2009-1758\n

    Jan Beulich discovered an issue in Xen where local guest users may\n cause a denial of service (oops).

    • \n
\n

This update also fixes a regression introduced by the fix for\nCVE-2009-1184\nin 2.6.26-15lenny3. This prevents a boot time panic on systems with SELinux\nenabled.

\n

For the oldstable distribution (etch), these problems, where\napplicable, will be fixed in future updates to linux-2.6 and\nlinux-2.6.24.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-15lenny3.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny3.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-15lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-15lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-15lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-15lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-15lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-15lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-15lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-15lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-15lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-15lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-15lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.26-1um-2+15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-15lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-15lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-15lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-15lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-15lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-15lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-15lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-15lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1810": "
\n

Debian Security Advisory

\n

DSA-1810-1 libapache-mod-jk -- information disclosure

\n
\n
Date Reported:
\n
02 Jun 2009
\n
Affected Packages:
\n
\nlibapache-mod-jk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 523054.
In Mitre's CVE dictionary: CVE-2008-5519.
\n
More information:
\n
\n

An information disclosure flaw was found in mod_jk, the Tomcat Connector\nmodule for Apache. If a buggy client included the \"Content-Length\" header\nwithout providing request body data, or if a client sent repeated\nrequests very quickly, one client could obtain a response intended for\nanother client.

\n

The oldstable distribution (etch), this problem has been fixed in\nversion 1:1.2.18-3etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:1.2.26-2+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1:1.2.26-2.1.

\n

We recommend that you upgrade your libapache-mod-jk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.18-3etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.18-3etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.18-3etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk_1.2.26-2+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache-mod-jk-doc_1.2.26-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/liba/libapache-mod-jk/libapache2-mod-jk_1.2.26-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1811": "
\n

Debian Security Advisory

\n

DSA-1811-1 cups, cupsys -- null ptr dereference

\n
\n
Date Reported:
\n
02 Jun 2009
\n
Affected Packages:
\n
\ncups, cupsys\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0949.
\n
More information:
\n
\n

Anibal Sacco discovered that cups, a general printing system for UNIX\nsystems, suffers from null pointer dereference because of its handling\nof two consecutive IPP packets with certain tag attributes that are\ntreated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers\nto perform denial of service attacks by crashing the cups daemon.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch8 of cupsys.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny6 of cups.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cups/cupsys packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8.dsc
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch8_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1812": "
\n

Debian Security Advisory

\n

DSA-1812-1 apr-util -- denial of service

\n
\n
Date Reported:
\n
04 Jun 2009
\n
Affected Packages:
\n
\napr-util\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0023.
\n
More information:
\n
\n

Apr-util, the Apache Portable Runtime Utility library, is used by\nApache 2.x, Subversion, and other applications. Two denial of service\nvulnerabilities have been found in apr-util:

\n
    \n

  • \"kcope\" discovered a flaw in the handling of internal XML entities in\nthe apr_xml_* interface that can be exploited to use all available\nmemory. This denial of service can be triggered remotely in the Apache\nmod_dav and mod_dav_svn modules. (No CVE id yet)

    • \n
  • CVE-2009-0023\n

    Matthew Palmer discovered an underflow flaw in the\napr_strmatch_precompile function that can be exploited to cause a\ndaemon crash. The vulnerability can be triggered (1) remotely in\nmod_dav_svn for Apache if the \"SVNMasterURI\" directive is in use, (2)\nremotely in mod_apreq2 for Apache or other applications using\nlibapreq2, or (3) locally in Apache by a crafted \".htaccess\" file.\n

    • \n
\n

Other exploit paths in other applications using apr-util may exist.

\n

If you use Apache, or if you use svnserve in standalone mode, you need\nto restart the services after you upgraded the libaprutil1 package.

\n

The oldstable distribution (etch), these problems have been fixed in\nversion 1.2.7+dfsg-2+etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.12+dfsg-8+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your apr-util packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1813": "
\n

Debian Security Advisory

\n

DSA-1813-1 evolution-data-server -- Several vulnerabilities

\n
\n
Date Reported:
\n
08 Jun 2009
\n
Affected Packages:
\n
\nevolution-data-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 508479.
In Mitre's CVE dictionary: CVE-2009-0587, CVE-2009-0547, CVE-2009-0582.
\n
More information:
\n
\n

Several vulnerabilities have been found in evolution-data-server, the\ndatabase backend server for the evolution groupware suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-0587\n

    It was discovered that evolution-data-server is prone to integer\noverflows triggered by large base64 strings.

    • \n
  • CVE-2009-0547\n

    Joachim Breitner discovered that S/MIME signatures are not verified\nproperly, which can lead to spoofing attacks.

    • \n
  • CVE-2009-0582\n

    It was discovered that NTLM authentication challenge packets are not\nvalidated properly when using the NTLM authentication method, which\ncould lead to an information disclosure or a denial of service.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.6.3-5etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.22.3-1.1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.26.1.1-1.

\n

We recommend that you upgrade your evolution-data-server packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_1.6.3-5etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-6_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-8_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-10_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-5_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-6_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-1_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-5_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-7_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_1.6.3-5etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_1.6.3-5etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-common_2.22.3-1.1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-3_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata1.2-1_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libcamel1.2-11_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libexchange-storage1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-6_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-book1.2-2_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libgdata-google1.2-1_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserver1.2-9_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libecal1.2-7_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libebook1.2-9_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedataserverui1.2-8_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libedata-cal1.2-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dev_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/evolution-data-server-dbg_2.22.3-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/evolution-data-server/libegroupwise1.2-13_2.22.3-1.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1814": "
\n

Debian Security Advisory

\n

DSA-1814-1 libsndfile -- heap-based buffer overflow

\n
\n
Date Reported:
\n
13 Jun 2009
\n
Affected Packages:
\n
\nlibsndfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 528650.
In Mitre's CVE dictionary: CVE-2009-1788, CVE-2009-1791.
\n
More information:
\n
\n

Two vulnerabilities have been found in libsndfile, a library to read\nand write sampled audio data. The Common Vulnerabilities and Exposures\nproject identified the following problems:

\n
    \n
  • CVE-2009-1788\n

    Tobias Klein discovered that the VOC parsing routines suffer of a heap-based\nbuffer overflow which can be triggered by an attacker via a crafted VOC\nheader.

    • \n
  • CVE-2009-1791\n

    The vendor discovered that the AIFF parsing routines suffer of a heap-based\nbuffer overflow similar to CVE-2009-1788 which can be triggered by an attacker\nvia a crafted AIFF header.

    • \n
\n

In both cases the overflowing data is not completely attacker controlled but\nstill leads to application crashes or under some circumstances might still\nlead to arbitrary code execution.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.16-2+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.17-4+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.20-1.

\n

We recommend that you upgrade your libsndfile packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch2.dsc
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.16.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.16-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.16-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.16-2+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17-4+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libs/libsndfile/sndfile-programs_1.0.17-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1-dev_1.0.17-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libs/libsndfile/libsndfile1_1.0.17-4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1815": "
\n

Debian Security Advisory

\n

DSA-1815-1 libtorrent-rasterbar -- programming error

\n
\n
Date Reported:
\n
14 Jun 2009
\n
Affected Packages:
\n
\nlibtorrent-rasterbar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1760.
\n
More information:
\n
\n

It was discovered that the Rasterbar Bittorrent library performed\ninsufficient validation of path names specified in torrent files, which\ncould lead to denial of service by overwriting files.

\n

The old stable distribution (etch) doesn't include libtorrent-rasterbar.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.13.1-2+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.14.4-1.

\n

We recommend that you upgrade your libtorrent-rasterbar package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.13.1-2+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-doc_0.13.1-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dbg_0.13.1-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar0_0.13.1-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtorrent-rasterbar/libtorrent-rasterbar-dev_0.13.1-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1816": "
\n

Debian Security Advisory

\n

DSA-1816-1 apache2 -- insufficient security check

\n
\n
Date Reported:
\n
16 Jun 2009
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1195.
\n
More information:
\n
\n

It was discovered that the Apache web server did not properly handle\nthe \"Options=\" parameter to the AllowOverride directive:

\n
    \n

  • In the stable distribution (lenny), local users could (via .htaccess)\nenable script execution in Server Side Includes even in configurations\nwhere the AllowOverride directive contained only\nOptions=IncludesNoEXEC.

    • \n

  • In the oldstable distribution (etch), local users could (via\n.htaccess) enable script execution in Server Side Includes and CGI\nscript execution in configurations where the AllowOverride directive\ncontained any \"Options=\" value.

    • \n
\n

The oldstable distribution (etch), this problem has been fixed in\nversion 2.2.3-4+etch8.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.9-10+lenny3.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed in version 2.2.11-6.

\n

This advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages (except for the\ns390 architecture where updated packages will follow shortly).

\n

We recommend that you upgrade your apache2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch8.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch8.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch8_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch8_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch8_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch8_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1817": "
\n

Debian Security Advisory

\n

DSA-1817-1 ctorrent -- stack-based buffer overflow

\n
\n
Date Reported:
\n
17 Jun 2009
\n
Affected Packages:
\n
\nctorrent\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 530255.
In Mitre's CVE dictionary: CVE-2009-1759.
\n
More information:
\n
\n

Michael Brooks discovered that ctorrent, a text-mode bittorrent client,\ndoes not verify the length of file paths in torrent files. An attacker\ncan exploit this via a crafted torrent that contains a long file path to\nexecute arbitrary code with the rights of the user opening the file.

\n

The oldstable distribution (etch) does not contain ctorrent.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.4-dnh3.2-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4-dnh3.2-1.1.

\n

We recommend that you upgrade your ctorrent packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/ctorrent/ctorrent_1.3.4-dnh3.2-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1818": "
\n

Debian Security Advisory

\n

DSA-1818-1 gforge -- insufficient input sanitising

\n
\n
Date Reported:
\n
18 Jun 2009
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Laurent Almeras and Guillaume Smet have discovered a possible SQL\ninjection vulnerability and cross-site scripting vulnerabilities in\ngforge, a collaborative development tool. Due to insufficient input\nsanitising, it was possible to inject arbitrary SQL statements and use\nseveral parameters to conduct cross-site scripting attacks.

\n

For the stable distribution (lenny), these problem have been fixed in\nversion 4.7~rc2-7lenny1.

\n

The oldstable distribution (etch), these problems have been fixed in\nversion 4.5.14-22etch11.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.7.3-2.

\n

We recommend that you upgrade your gforge packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch11.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch11.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch11_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch11_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-mediawiki_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmcvs_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmsvn_4.7~rc2-7lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache2_4.7~rc2-7lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1819": "
\n

Debian Security Advisory

\n

DSA-1819-1 vlc -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jun 2009
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 478140, Bug 477805, Bug 489004, Bug 496265, Bug 503118, Bug 504639, Bug 480724.
In Mitre's CVE dictionary: CVE-2008-1768, CVE-2008-1769, CVE-2008-1881, CVE-2008-2147, CVE-2008-2430, CVE-2008-3794, CVE-2008-4686, CVE-2008-5032.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in vlc, a multimedia player\nand streamer. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-1768\n

    Drew Yao discovered that multiple integer overflows in the MP4 demuxer,\nReal demuxer and Cinepak codec can lead to the execution of arbitrary\ncode.

    • \n
  • CVE-2008-1769\n

    Drew Yao discovered that the Cinepak codec is prone to a memory\ncorruption, which can be triggered by a crafted Cinepak file.

    • \n
  • CVE-2008-1881\n

    Luigi Auriemma discovered that it is possible to execute arbitrary code\nvia a long subtitle in an SSA file.

    • \n
  • CVE-2008-2147\n

    It was discovered that vlc is prone to a search path vulnerability,\nwhich allows local users to perform privilege escalations.

    • \n
  • CVE-2008-2430\n

    Alin Rad Pop discovered that it is possible to execute arbitrary code\nwhen opening a WAV file containing a large fmt chunk.

    • \n
  • CVE-2008-3794\n

    P\u0131nar Yanarda\u011f discovered that it is possible to execute arbitrary code\nwhen opening a crafted mmst link.

    • \n
  • CVE-2008-4686\n

    Tobias Klein discovered that it is possible to execute arbitrary code\nwhen opening a crafted .ty file.

    • \n
  • CVE-2008-5032\n

    Tobias Klein discovered that it is possible to execute arbitrary code\nwhen opening an invalid CUE image file with a crafted header.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed\nin version 0.8.6-svn20061012.debian-5.1+etch3.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.8.6.h-4+lenny2, which was already included in the lenny\nrelease.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.8.6.h-5.

\n

We recommend that you upgrade your vlc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5.1+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1820": "
\n

Debian Security Advisory

\n

DSA-1820-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jun 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-1392\n

    Several issues in the browser engine have been discovered, which can\nresult in the execution of arbitrary code. (MFSA 2009-24)

    • \n
  • CVE-2009-1832\n

    It is possible to execute arbitrary code via vectors involving \"double\nframe construction.\" (MFSA 2009-24)

    • \n
  • CVE-2009-1833\n

    Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript\nengine, which could lead to the execution of arbitrary code.\n(MFSA 2009-24)

    • \n
  • CVE-2009-1834\n

    Pavel Cvrcek discovered a potential issue leading to a spoofing attack\non the location bar related to certain invalid unicode characters.\n(MFSA 2009-25)

    • \n
  • CVE-2009-1835\n

    Gregory Fleischer discovered that it is possible to read arbitrary\ncookies via a crafted HTML document. (MFSA 2009-26)

    • \n
  • CVE-2009-1836\n

    Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential\nman-in-the-middle attack, when using a proxy due to insufficient checks\non a certain proxy response. (MFSA 2009-27)

    • \n
  • CVE-2009-1837\n

    Jakob Balle and Carsten Eiram reported a race condition in the\nNPObjWrapper_NewResolve function that can be used to execute arbitrary\ncode. (MFSA 2009-28)

    • \n
  • CVE-2009-1838\n

    moz_bug_r_a4 discovered that it is possible to execute arbitrary\nJavaScript with chrome privileges due to an error in the\ngarbage-collection implementation. (MFSA 2009-29)

    • \n
  • CVE-2009-1839\n

    Adam Barth and Collin Jackson reported a potential privilege escalation\nwhen loading a file::resource via the location bar. (MFSA 2009-30)

    • \n
  • CVE-2009-1840\n

    Wladimir Palant discovered that it is possible to bypass access\nrestrictions due to a lack of content policy check, when loading a\nscript file into a XUL document. (MFSA 2009-31)

    • \n
  • CVE-2009-1841\n

    moz_bug_r_a4 reported that it is possible for scripts from page content\nto run with elevated privileges and thus potentially executing arbitrary\ncode with the object's chrome privileges. (MFSA 2009-32)

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.11-0lenny1.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.11-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.11-0lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.11-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.11-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1821": "
\n

Debian Security Advisory

\n

DSA-1821-1 amule -- insufficient input sanitising

\n
\n
Date Reported:
\n
22 Jun 2009
\n
Affected Packages:
\n
\namule\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 525078.
In Mitre's CVE dictionary: CVE-2009-1440.
\n
More information:
\n
\n

Sam Hocevar discovered that amule, a client for the eD2k and Kad\nnetworks, does not properly sanitise the filename, when using the\npreview function. This could lead to the injection of arbitrary commands\npassed to the video player.

\n

The oldstable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.1-1+lenny2.

\n

For the testing distribution (squeeze) this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.5-1.1.

\n

We recommend that you upgrade your amule packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/amule/amule-common_2.2.1-1+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1822": "
\n

Debian Security Advisory

\n

DSA-1822-1 mahara -- insufficient input sanitization

\n
\n
Date Reported:
\n
23 Jun 2009
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that mahara, an electronic portfolio, weblog, and resume\nbuilder is prone to several cross-site scripting attacks, which allow an\nattacker to inject arbitrary HTML or script code and steal potential sensitive\ndata from other users.

\n

The oldstable distribution (etch) does not contain mahara.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny3.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.5-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1823": "
\n

Debian Security Advisory

\n

DSA-1823-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Jun 2009
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1886, CVE-2009-1888.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-1886\n

    The smbclient utility contains a formatstring vulnerability where\n commands dealing with file names treat user input as format strings\n to asprintf.

    • \n
  • CVE-2009-1888\n

    In the smbd daemon, if a user is trying to modify an access control\n list (ACL) and is denied permission, this deny may be overridden if\n the parameter \"dos filemode\" is set to \"yes\" in the smb.conf and the\n user already has write access to the file.

    • \n
\n

The old stable distribution (etch) is not affected by these problems.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.2.5-4lenny6.

\n

The unstable distribution (sid), which is only affected by CVE-2009-1888,\nwill be fixed soon.

\n

We recommend that you upgrade your samba package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1824": "
\n

Debian Security Advisory

\n

DSA-1824-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Jun 2009
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1150, CVE-2009-1151.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1150\n

    Cross site scripting vulnerability in the export page allow for an\n attacker that can place crafted cookies with the user to inject\n arbitrary web script or HTML.

    • \n
  • CVE-2009-1151\n

    Static code injection allows for a remote attacker to inject arbitrary\n code into phpMyAdmin via the setup.php script. This script is in Debian\n under normal circumstances protected via Apache authentication.\n However, because of a recent worm based on this exploit, we are patching\n it regardless, to also protect installations that somehow still expose\n the setup.php script.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 2.9.1.1-11.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.3.1-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-11.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-11.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-11_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1825": "
\n

Debian Security Advisory

\n

DSA-1825-1 nagios2, nagios3 -- insufficient input validation

\n
\n
Date Reported:
\n
03 Jul 2009
\n
Affected Packages:
\n
\nnagios2, nagios3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2288.
\n
More information:
\n
\n

It was discovered that the statuswml.cgi script of nagios, a monitoring\nand management system for hosts, services and networks, is prone to a\ncommand injection vulnerability. Input to the ping and traceroute parameters\nof the script is not properly validated which allows an attacker to execute\narbitrary shell commands by passing a crafted value to these parameters.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6-2+etch3 of nagios2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.0.6-4~lenny2 of nagios3.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 3.0.6-5 of nagios3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.6-5 of nagios3.

\n

We recommend that you upgrade your nagios2/nagios3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-doc_3.0.6-4~lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-common_3.0.6-4~lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3-dbg_3.0.6-4~lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios3/nagios3_3.0.6-4~lenny2_sparc.deb
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3.dsc
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1826": "
\n

Debian Security Advisory

\n

DSA-1826-1 eggdrop -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Jul 2009
\n
Affected Packages:
\n
\neggdrop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 427157, Bug 528778.
In Mitre's CVE dictionary: CVE-2007-2807, CVE-2009-1789.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in eggdrop, an advanced IRC\nrobot. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-2807\n

    It was discovered that eggdrop is vulnerable to a buffer overflow, which\ncould result in a remote user executing arbitrary code. The previous DSA\n(DSA-1448-1) did not fix the issue correctly.

    • \n
  • CVE-2009-1789\n

    It was discovered that eggdrop is vulnerable to a denial of service\nattack, that allows remote attackers to cause a crash via a crafted\nPRIVMSG.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.6.19-1.1+lenny1.

\n

For the old stable distribution (etch), these problems have been fixed in\nversion 1.6.18-1etch2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.19-1.2

\n

We recommend that you upgrade your eggdrop package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.18-1etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.19-1.1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.19-1.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1827": "
\n

Debian Security Advisory

\n

DSA-1827-1 ipplan -- insufficient input sanitising

\n
\n
Date Reported:
\n
06 Jul 2009
\n
Affected Packages:
\n
\nipplan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 530271.
In Mitre's CVE dictionary: CVE-2009-1732.
\n
More information:
\n
\n

It was discovered that ipplan, a web-based IP address manager and\ntracker, does not sufficiently escape certain input parameters, which\nallows remote attackers to conduct cross-site scripting attacks.

\n

The oldstable distribution (etch) does not contain ipplan.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.86a-7+lenny1.

\n

For the testing distribution (squeeze) this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.91a-1.1.

\n

We recommend that you upgrade your ipplan packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ipplan/ipplan_4.86a-7+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1828": "
\n

Debian Security Advisory

\n

DSA-1828-1 ocsinventory-agent -- insecure module search path

\n
\n
Date Reported:
\n
07 Jul 2009
\n
Affected Packages:
\n
\nocsinventory-agent\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 506416.
In Mitre's CVE dictionary: CVE-2009-0667.
\n
More information:
\n
\n

It was discovered that the ocsinventory-agent which is part of the\nocsinventory suite, a hardware and software configuration indexing service,\nis prone to an insecure perl module search path. As the agent is started\nvia cron and the current directory (/ in this case) is included in the\ndefault perl module path the agent scans every directory on the system\nfor its perl modules. This enables an attacker to execute arbitrary code\nvia a crafted ocsinventory-agent perl module placed on the system.

\n

The oldstable distribution (etch) does not contain ocsinventory-agent.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:0.0.9.2repack1-4lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1:0.0.9.2repack1-5

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.0.9.2repack1-5.

\n

We recommend that you upgrade your ocsinventory-agent packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.dsc
\n
http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/ocsinventory-agent/ocsinventory-agent_0.0.9.2repack1-4lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1829": "
\n

Debian Security Advisory

\n

DSA-1829-1 sork-passwd-h3 -- insufficient input sanitising

\n
\n
Date Reported:
\n
11 Jul 2009
\n
Affected Packages:
\n
\nsork-passwd-h3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 536554.
In Mitre's CVE dictionary: CVE-2009-2360.
\n
More information:
\n
\n

It was discovered that sork-passwd-h3, a Horde3 module for users to\nchange their password, is prone to a cross-site scripting attack via the\nbackend parameter.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.0-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.0-2+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1-1.1.

\n

We recommend that you upgrade your sork-passwd-h3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sork-passwd-h3/sork-passwd-h3_3.0-2+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1830": "
\n

Debian Security Advisory

\n

DSA-1830-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Jul 2009
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-0040\n

    The execution of arbitrary code might be possible via a crafted PNG file\nthat triggers a free of an uninitialized pointer in (1) the png_read_png\nfunction, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.\n(MFSA 2009-10)

    • \n
  • CVE-2009-0352\n

    It is possible to execute arbitrary code via vectors related to the\nlayout engine. (MFSA 2009-01)

    • \n
  • CVE-2009-0353\n

    It is possible to execute arbitrary code via vectors related to the\nJavaScript engine. (MFSA 2009-01)

    • \n
  • CVE-2009-0652\n

    Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing\nattack via Unicode box drawing characters in internationalized domain\nnames. (MFSA 2009-15)

    • \n
  • CVE-2009-0771\n

    Memory corruption and assertion failures have been discovered in the\nlayout engine, leading to the possible execution of arbitrary code.\n(MFSA 2009-07)

    • \n
  • CVE-2009-0772\n

    The layout engine allows the execution of arbitrary code in vectors\nrelated to nsCSSStyleSheet::GetOwnerNode, events, and garbage\ncollection. (MFSA 2009-07)

    • \n
  • CVE-2009-0773\n

    The JavaScript engine is prone to the execution of arbitrary code via\nseveral vectors. (MFSA 2009-07)

    • \n
  • CVE-2009-0774\n

    The layout engine allows the execution of arbitrary code via vectors\nrelated to gczeal. (MFSA 2009-07)

    • \n
  • CVE-2009-0776\n

    Georgi Guninski discovered that it is possible to obtain xml data via\nan issue related to the nsIRDFService. (MFSA 2009-09)

    • \n
  • CVE-2009-1302\n

    The browser engine is prone to a possible memory corruption via several\nvectors. (MFSA 2009-14)

    • \n
  • CVE-2009-1303\n

    The browser engine is prone to a possible memory corruption via the\nnsSVGElement::BindToTree function. (MFSA 2009-14)

    • \n
  • CVE-2009-1307\n

    Gregory Fleischer discovered that it is possible to bypass the Same\nOrigin Policy when opening a Flash file via the view-source: scheme.\n(MFSA 2009-17)

    • \n
  • CVE-2009-1832\n

    The possible arbitrary execution of code was discovered via vectors\ninvolving \"double frame construction.\" (MFSA 2009-24)

    • \n
  • CVE-2009-1392\n

    Several issues were discovered in the browser engine as used by icedove,\nwhich could lead to the possible execution of arbitrary code.\n(MFSA 2009-24)

    • \n
  • CVE-2009-1836\n

    Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential\nman-in-the-middle attack, when using a proxy due to insufficient checks\non a certain proxy response. (MFSA 2009-27)

    • \n
  • CVE-2009-1838\n

    moz_bug_r_a4 discovered that it is possible to execute arbitrary\nJavaScript with chrome privileges due to an error in the\ngarbage collection implementation. (MFSA 2009-29)

    • \n
  • CVE-2009-1841\n

    moz_bug_r_a4 reported that it is possible for scripts from page content\nto run with elevated privileges and thus potentially executing arbitrary\ncode with the object's chrome privileges. (MFSA 2009-32)

    • \n
  • No CVE id yet\n

    Bernd Jendrissek discovered a potentially exploitable crash when viewing\na multipart/alternative mail message with a text/enhanced part.\n(MFSA 2009-33)

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.22-0lenny1.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported mail client.

\n

For the testing (squeeze) distribution these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.0.22-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.22-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.22-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.22-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.22-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1831": "
\n

Debian Security Advisory

\n

DSA-1831-1 djbdns -- programming error

\n
\n
Date Reported:
\n
13 Jul 2009
\n
Affected Packages:
\n
\ndjbdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 518169.
In Mitre's CVE dictionary: CVE-2009-0858.
\n
More information:
\n
\n

Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain\nName System server, does not constrain offsets in the required manner,\nwhich allows remote attackers with control over a third-party subdomain\nserved by tinydns and axfrdns, to trigger DNS responses containing\narbitrary records via crafted zone data for this subdomain.

\n

The old stable distribution (etch) does not contain djbdns.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.05-4+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.05-5.

\n

We recommend that you upgrade your djbdns package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/djbdns/dnscache-run_1.05-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1832": "
\n

Debian Security Advisory

\n

DSA-1832-1 camlimages -- integer overflow

\n
\n
Date Reported:
\n
13 Jul 2009
\n
Affected Packages:
\n
\ncamlimages\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 535909.
In Mitre's CVE dictionary: CVE-2009-2295.
\n
More information:
\n
\n

Tielei Wang discovered that CamlImages, an open source image processing\nlibrary, suffers from several integer overflows which may lead to a\npotentially exploitable heap overflow and result in arbitrary code\nexecution.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 2.20-8+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.0-4+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.1-2.

\n

We recommend that you upgrade your camlimages package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch1.dsc
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1833": "
\n

Debian Security Advisory

\n

DSA-1833-1 dhcp3 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jul 2009
\n
Affected Packages:
\n
\ndhcp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0692, CVE-2009-1892.
CERT's vulnerabilities, advisories and incident notes: VU#410676.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in ISC's DHCP\nimplementation:

\n
    \n
  • CVE-2009-0692\n

    It was discovered that dhclient does not properly handle overlong\nsubnet mask options, leading to a stack-based buffer overflow and\npossible arbitrary code execution.

    • \n
  • CVE-2009-1892\n

    Christoph Biedl discovered that the DHCP server may terminate when\nreceiving certain well-formed DHCP requests, provided that the server\nconfiguration mixes host definitions using \"dhcp-client-identifier\"\nand \"hardware ethernet\". This vulnerability only affects the lenny\nversions of dhcp3-server and dhcp3-server-ldap.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 3.0.4-13+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.1.1-6+lenny2.

\n

For the unstable distribution (sid), these problems will be fixed\nsoon.

\n

We recommend that you upgrade your dhcp3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0.4-13+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0.4-13+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_arm.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_i386.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_mips.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0.4-13+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0.4-13+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0.4-13+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0.4-13+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0.4-13+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.0.4-13+etch2_sparc.udeb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp-client_3.1.1-6+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_armel.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1834": "
\n

Debian Security Advisory

\n

DSA-1834-1 apache2 -- denial of service

\n
\n
Date Reported:
\n
15 Jul 2009
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1890, CVE-2009-1891.
\n
More information:
\n
\n
    \n
  • CVE-2009-1890\n

    A denial of service flaw was found in the Apache mod_proxy module when\nit was used as a reverse proxy. A remote attacker could use this flaw\nto force a proxy process to consume large amounts of CPU time. This\nissue did not affect Debian 4.0 \"etch\".

    • \n
  • CVE-2009-1891\n

    A denial of service flaw was found in the Apache mod_deflate module.\nThis module continued to compress large files until compression was\ncomplete, even if the network connection that requested the content\nwas closed before compression completed. This would cause mod_deflate\nto consume large amounts of CPU if mod_deflate was enabled for a large\nfile. A similar flaw related to HEAD requests for compressed content\nwas also fixed.

    • \n
\n

The oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch9.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny4.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.11-7.

\n

This advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.

\n

Updated packages for the s390 and mipsel architectures are not\nincluded yet. They will be released as soon as they become available.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch9_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch9_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch9_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch9_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1835": "
\n

Debian Security Advisory

\n

DSA-1835-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jul 2009
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 534137.
In Mitre's CVE dictionary: CVE-2009-2285, CVE-2009-2347.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the library for the\nTag Image File Format (TIFF). The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-2285\n

    It was discovered that malformed TIFF images can lead to a crash\n in the decompression code, resulting in denial of service.

    • \n
  • CVE-2009-2347\n

    Andrea Barisani discovered several integer overflows, which\n can lead to the execution of arbitrary code if malformed\n images are passed to the rgb2ycbcr or tiff2rgba tools.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 3.8.2-7+etch3.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.8.2-11.2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your tiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.dsc
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1836": "
\n

Debian Security Advisory

\n

DSA-1836-1 fckeditor -- missing input sanitising

\n
\n
Date Reported:
\n
16 Jul 2009
\n
Affected Packages:
\n
\nfckeditor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2265.
\n
More information:
\n
\n

Vinny Guido discovered that multiple input sanitising vulnerabilities\nin Fckeditor, a rich text web editor component, may lead to the\nexecution of arbitrary code.

\n

The old stable distribution (etch) doesn't contain fckeditor.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:2.6.2-1lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.4.1-1.

\n

We recommend that you upgrade your fckeditor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fckeditor/fckeditor_2.6.2-1lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1837": "
\n

Debian Security Advisory

\n

DSA-1837-1 dbus -- programming error

\n
\n
Date Reported:
\n
18 Jul 2009
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 532720.
In Mitre's CVE dictionary: CVE-2009-1189.
\n
More information:
\n
\n

It was discovered that the dbus_signature_validate function in\ndbus, a simple interprocess messaging system, is prone to a denial of\nservice attack. This issue was caused by an incorrect fix for\nDSA-1658-1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.1-5+lenny1.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.2-1+etch3.

\n

Packages for ia64 and s390 will be released once they are available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.14-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.0.2-1+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-utils_1.0.2-1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.0.2-1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.0.2-1+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.0.2-1+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus_1.2.1-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/dbus-x11_1.2.1-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1838": "
\n

Debian Security Advisory

\n

DSA-1838-1 pulseaudio -- privilege escalation

\n
\n
Date Reported:
\n
18 Jul 2009
\n
Affected Packages:
\n
\npulseaudio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 537351.
In Mitre's CVE dictionary: CVE-2009-1894.
\n
More information:
\n
\n

Tavis Ormandy and Julien Tinnes discovered that the pulseaudio daemon\ndoes not drop privileges before re-executing itself, enabling local\nattackers to increase their privileges.

\n

The old stable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your pulseaudio packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1839": "
\n

Debian Security Advisory

\n

DSA-1839-1 gst-plugins-good0.10 -- integer overflow

\n
\n
Date Reported:
\n
19 Jul 2009
\n
Affected Packages:
\n
\ngst-plugins-good0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 531631, Bug 532352.
In Mitre's CVE dictionary: CVE-2009-1932.
\n
More information:
\n
\n

It has been discovered that gst-plugins-good0.10, the GStreamer plugins\nfrom the \"good\" set, are prone to an integer overflow, when processing\na large PNG file. This could lead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.10.8-4.1~lenny2.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.4-4+etch1.

\n

Packages for the s390 and hppa architectures will be released once they\nare available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.10.15-2.

\n

We recommend that you upgrade your gst-plugins-good0.10 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.4-4+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1840": "
\n

Debian Security Advisory

\n

DSA-1840-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jul 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-2462\n

    Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake\nKaplan discovered several issues in the browser engine that could\npotentially lead to the execution of arbitrary code. (MFSA 2009-34)

    • \n
  • CVE-2009-2463\n

    monarch2020 reported an integer overflow in a base64 decoding function.\n(MFSA 2009-34)

    • \n
  • CVE-2009-2464\n

    Christophe Charron reported a possibly exploitable crash occurring when\nmultiple RDF files were loaded in a XUL tree element. (MFSA 2009-34)

    • \n
  • CVE-2009-2465\n

    Yongqian Li reported that an unsafe memory condition could be created by\nspecially crafted document. (MFSA 2009-34)

    • \n
  • CVE-2009-2466\n

    Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book\ndiscovered several issues in the JavaScript engine that could possibly\nlead to the execution of arbitrary JavaScript. (MFSA 2009-34)

    • \n
  • CVE-2009-2467\n

    Attila Suszter discovered an issue related to a specially crafted Flash\nobject, which could be used to run arbitrary code. (MFSA 2009-35)

    • \n
  • CVE-2009-2469\n

    PenPal discovered that it is possible to execute arbitrary code via a\nspecially crafted SVG element. (MFSA 2009-37)

    • \n
  • CVE-2009-2471\n

    Blake Kaplan discovered a flaw in the JavaScript engine that might allow\nan attacker to execute arbitrary JavaScript with chrome privileges.\n(MFSA 2009-39)

    • \n
  • CVE-2009-2472\n

    moz_bug_r_a4 discovered an issue in the JavaScript engine that could be\nused to perform cross-site scripting attacks. (MFSA 2009-40)

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.12-0lenny1.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.12-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.12-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.12-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.12.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.12-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.12-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1841": "
\n

Debian Security Advisory

\n

DSA-1841-1 git-core -- denial of service

\n
\n
Date Reported:
\n
25 Jul 2009
\n
Affected Packages:
\n
\ngit-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 532935.
In Mitre's CVE dictionary: CVE-2009-2108.
\n
More information:
\n
\n

It was discovered that git-daemon which is part of git-core, a popular\ndistributed revision control system, is vulnerable to denial of service\nattacks caused by a programming mistake in handling requests containing\nextra unrecognized arguments which results in an infinite loop. While\nthis is no problem for the daemon itself as every request will spawn a\nnew git-daemon instance, this still results in a very high CPU consumption\nand might lead to denial of service conditions.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.4.4.4-4+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.6.5-3+lenny2.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1:1.6.3.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.6.3.3-1.

\n

We recommend that you upgrade your git-core packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.4.4.4-4+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.4.4.4-4+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.4.4.4-4+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1842": "
\n

Debian Security Advisory

\n

DSA-1842-1 openexr -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jul 2009
\n
Affected Packages:
\n
\nopenexr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1720, CVE-2009-1721, CVE-2009-1722.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the OpenEXR image\nlibrary, which can lead to the execution of arbitrary code. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-1720\n

    Drew Yao discovered integer overflows in the preview and\n compression code.

    • \n
  • CVE-2009-1721\n

    Drew Yao discovered that an uninitialised pointer could be freed\n in the decompression code.

    • \n
  • CVE-2009-1722\n

    A buffer overflow was discovered in the compression code.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.2.2-4.3+etch2.

\n

For the stable distribution (lenny), these problems have been fixed\nin version 1.6.1-3+lenny3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your openexr packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.dsc
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.2.2-4.3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr2c2a_1.2.2-4.3+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.2.2-4.3+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr-dev_1.6.1-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/libopenexr6_1.6.1-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openexr/openexr_1.6.1-3+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1843": "
\n

Debian Security Advisory

\n

DSA-1843-1 squid3 -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jul 2009
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 538989.
\n
More information:
\n
\n

It was discovered that squid3, a high-performance proxy caching server for\nweb clients, is prone to several denial of service attacks. Due to incorrect\nbounds checking and insufficient validation while processing response and\nrequest data an attacker is able to crash the squid daemon via crafted\nrequests or responses.

\n

The squid package in the oldstable distribution (etch) is not affected\nby this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.STABLE8-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1844": "
\n

Debian Security Advisory

\n

DSA-1844-1 linux-2.6.24 -- denial of service/privilege escalation

\n
\n
Date Reported:
\n
28 Jul 2009
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1633, CVE-2009-1895, CVE-2009-1914, CVE-2009-1961, CVE-2009-2406, CVE-2009-2407.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1385\n

    Neil Horman discovered a missing fix from the e1000 network driver.\n A remote user may cause a denial of service by way of a kernel panic\n triggered by specially crafted frame sizes.

    • \n
  • CVE-2009-1389\n

    Michael Tokarev discovered an issue in the r8169 network driver.\n Remote users on the same LAN may cause a denial of service by way\n of a kernel panic triggered by receiving a large size frame.

    • \n
  • CVE-2009-1630\n

    Frank Filz discovered that local users may be able to execute\n files without execute permission when accessed via an nfs4 mount.

    • \n
  • CVE-2009-1633\n

    Jeff Layton and Suresh Jayaraman fixed several buffer overflows in\n the CIFS filesystem which allow remote servers to cause memory\n corruption.

    • \n
  • CVE-2009-1895\n

    Julien Tinnes and Tavis Ormandy reported an issue in the Linux\n personality code. Local users can take advantage of a setuid\n binary that can either be made to dereference a NULL pointer or\n drop privileges and return control to the user. This allows a\n user to bypass mmap_min_addr restrictions which can be exploited\n to execute arbitrary code.

    • \n
  • CVE-2009-1914\n

    Mikulas Patocka discovered an issue in sparc64 kernels that allows\n local users to cause a denial of service (crash) by reading the\n /proc/iomem file.

    • \n
  • CVE-2009-1961\n

    Miklos Szeredi reported an issue in the ocfs2 filesystem. Local\n users can create a denial of service (filesystem deadlock) using\n a particular sequence of splice system calls.

    • \n
  • CVE-2009-2406\nCVE-2009-2407\n

    Ramon de Carvalho Valle discovered two issues with the eCryptfs\n layered filesystem using the fsfuzzer utility. A local user with\n permissions to perform an eCryptfs mount may modify the contents\n of a eCryptfs file, overflowing the stack and potentially gaining\n elevated privileges.

    • \n
\n

For the stable distribution (etch), these problems have been fixed in\nversion 2.6.24-6~etchnhalf.8etch2.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.8etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1845": "
\n

Debian Security Advisory

\n

DSA-1845-1 linux-2.6 -- denial of service, privilege escalation

\n
\n
Date Reported:
\n
28 Jul 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1895, CVE-2009-2287, CVE-2009-2406, CVE-2009-2407.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1895\n

    Julien Tinnes and Tavis Ormandy reported an issue in the Linux\n personality code. Local users can take advantage of a setuid\n binary that can either be made to dereference a NULL pointer or\n drop privileges and return control to the user. This allows a\n user to bypass mmap_min_addr restrictions which can be exploited\n to execute arbitrary code.

    • \n
  • CVE-2009-2287\n

    Matt T. Yourst discovered an issue in the kvm subsystem. Local\n users with permission to manipulate /dev/kvm can cause a denial\n of service (hang) by providing an invalid cr3 value to the\n KVM_SET_SREGS call.

    • \n
  • CVE-2009-2406\nCVE-2009-2407\n

    Ramon de Carvalho Valle discovered two issues with the eCryptfs\n layered filesystem using the fsfuzzer utility. A local user with\n permissions to perform an eCryptfs mount may modify the contents\n of a eCryptfs file, overflowing the stack and potentially gaining\n elevated privileges.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-17lenny1.

\n

For the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-17lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-17lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-17lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-17lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-17lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-17lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-17lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-17lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-17lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-17lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-17lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-17lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-17lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-17lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-17lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-17lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-17lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-17lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-17lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-17lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-17lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-17lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1846": "
\n

Debian Security Advisory

\n

DSA-1846-1 kvm -- denial of service

\n
\n
Date Reported:
\n
28 Jul 2009
\n
Affected Packages:
\n
\nkvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2287.
\n
More information:
\n
\n

Matt T. Yourst discovered an issue in the kvm subsystem. Local\nusers with permission to manipulate /dev/kvm can cause a denial\nof service (hang) by providing an invalid cr3 value to the\nKVM_SET_SREGS call.

\n

For the stable distribution (lenny), these problems have been fixed\nin version 72+dfsg-5~lenny2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your kvm packages, and rebuild any kernel\nmodules you have built from a kvm-source package version.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2.dsc
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny2_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny2_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1847": "
\n

Debian Security Advisory

\n

DSA-1847-1 bind9 -- improper assert

\n
\n
Date Reported:
\n
29 Jul 2009
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 538975.
In Mitre's CVE dictionary: CVE-2009-0696.
CERT's vulnerabilities, advisories and incident notes: VU#725188.
\n
More information:
\n
\n

It was discovered that the BIND DNS server terminates when processing a\nspecially crafted dynamic DNS update. This vulnerability affects all\nBIND servers which serve at least one DNS zone authoritatively, as a\nmaster, even if dynamic updates are not enabled. The default Debian\nconfiguration for resolvers includes several authoritative zones, too,\nso resolvers are also affected by this issue unless these zones have\nbeen removed.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch5.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 9.5.1.dfsg.P3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:9.6.1.dfsg.P1-1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch5_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch5_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1848": "
\n

Debian Security Advisory

\n

DSA-1848-1 znc -- directory traversal

\n
\n
Date Reported:
\n
02 Aug 2009
\n
Affected Packages:
\n
\nznc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 537977.
\n
More information:
\n
\n

It was discovered that znc, an IRC proxy, did not properly process\ncertain DCC requests, allowing attackers to upload arbitrary files.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.045-3+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.058-2+lenny3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.074-1.

\n

We recommend that you upgrade your znc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.dsc
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.045-3+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1849": "
\n

Debian Security Advisory

\n

DSA-1849-1 xml-security-c -- design flaw

\n
\n
Date Reported:
\n
02 Aug 2009
\n
Affected Packages:
\n
\nxml-security-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0217.
CERT's vulnerabilities, advisories and incident notes: VU#466161.
\n
More information:
\n
\n

It was discovered that the W3C XML Signature recommendation contains a\nprotocol-level vulnerability related to HMAC output truncation. This\nupdate implements the proposed workaround in the C++ version of the\nApache implementation of this standard, xml-security-c, by preventing\ntruncation to output strings shorter than 80 bits or half of the\noriginal HMAC output, whichever is greater.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.2.1-3+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.0-3+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.0-4.

\n

We recommend that you upgrade your xml-security-c packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-doc_1.2.1-3+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/xml-security-c_1.4.0-3+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c14_1.4.0-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xml-security-c/libxml-security-c-dev_1.4.0-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1850": "
\n

Debian Security Advisory

\n

DSA-1850-1 libmodplug -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2009
\n
Affected Packages:
\n
\nlibmodplug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 526657, Bug 527076, Bug 526084.
In Mitre's CVE dictionary: CVE-2009-1438, CVE-2009-1513.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libmodplug, the shared\nlibraries for mod music based on ModPlug. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-1438\n

    It was discovered that libmodplug is prone to an integer overflow when\nprocessing a MED file with a crafted song comment or song name.

    • \n
  • CVE-2009-1513\n

    It was discovered that libmodplug is prone to a buffer overflow in the\nPATinst function, when processing a long instrument name.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1:0.7-5.2+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:0.8.4-1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1:0.8.7-1.

\n

We recommend that you upgrade your libmodplug packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7-5.2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.7-5.2+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug-dev_0.7-5.2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.7-5.2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug_0.8.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug-dev_0.8.4-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmodplug/libmodplug0c2_0.8.4-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1851": "
\n

Debian Security Advisory

\n

DSA-1851-1 gst-plugins-bad0.10 -- integer overflow

\n
\n
Date Reported:
\n
06 Aug 2009
\n
Affected Packages:
\n
\ngst-plugins-bad0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 527075.
In Mitre's CVE dictionary: CVE-2009-1438.
\n
More information:
\n
\n

It was discovered that gst-plugins-bad0.10, the GStreamer plugins from\nthe \"bad\" set, is prone to an integer overflow when processing a MED\nfile with a crafted song comment or song name.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.10.3-3.1+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.10.7-2+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), gst-plugins-bad0.10 links against libmodplug.

\n

We recommend that you upgrade your gst-plugins-bad0.10 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.3-3.1+etch3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.3-3.1+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7-2+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gst-plugins-bad0.10_0.10.7.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-doc_0.10.7-2+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-sdl_0.10.7-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad_0.10.7-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gst-plugins-bad0.10/gstreamer0.10-plugins-bad-dbg_0.10.7-2+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1852": "
\n

Debian Security Advisory

\n

DSA-1852-1 fetchmail -- insufficient input validation

\n
\n
Date Reported:
\n
07 Aug 2009
\n
Affected Packages:
\n
\nfetchmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2666.
\n
More information:
\n
\n

It was discovered that fetchmail, a full-featured remote mail retrieval\nand forwarding utility, is vulnerable to the \"Null Prefix Attacks Against\nSSL/TLS Certificates\" recently published at the Blackhat conference.\nThis allows an attacker to perform undetected man-in-the-middle attacks\nvia a crafted ITU-T X.509 certificate with an injected null byte in the\nsubjectAltName or Common Name fields.

\n

Note, as a fetchmail user you should always use strict certificate\nvalidation through either these option combinations:\n sslcertck ssl sslproto ssl3 (for service on SSL-wrapped ports)\nor\n sslcertck sslproto tls1 (for STARTTLS-based services)

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 6.3.6-1etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 6.3.9~rc2-4+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.3.9~rc2-6.

\n

We recommend that you upgrade your fetchmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.9~rc2-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.9~rc2-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1853": "
\n

Debian Security Advisory

\n

DSA-1853-1 memcached -- heap-based buffer overflow

\n
\n
Date Reported:
\n
07 Aug 2009
\n
Affected Packages:
\n
\nmemcached\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2415.
\n
More information:
\n
\n

Ronald Volgers discovered that memcached, a high-performance memory object\ncaching system, is vulnerable to several heap-based buffer overflows due\nto integer conversions when parsing certain length attributes. An\nattacker can use this to execute arbitrary code on the system running\nmemcached (on etch with root privileges).

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.12-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.2-1+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution , this problem\nwill be fixed soon.

\n

We recommend that you upgrade your memcached packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.1.12-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/memcached/memcached_1.2.2-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1854": "
\n

Debian Security Advisory

\n

DSA-1854-1 apr, apr-util -- heap buffer overflow

\n
\n
Date Reported:
\n
08 Aug 2009
\n
Affected Packages:
\n
\napr, apr-util\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2412.
\n
More information:
\n
\n

Matt Lewis discovered that the memory management code in the Apache\nPortable Runtime (APR) library does not guard against a wrap-around\nduring size computations. This could cause the library to return a\nmemory area which smaller than requested, resulting a heap overflow\nand possibly arbitrary code execution.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of\nthe apr-util package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1\nof the apr-util package.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your APR packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc
\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1855": "
\n

Debian Security Advisory

\n

DSA-1855-1 subversion -- heap overflow

\n
\n
Date Reported:
\n
08 Aug 2009
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2411.
\n
More information:
\n
\n

Matt Lewis discovered that Subversion performs insufficient input\nvalidation of svndiff streams. Malicious servers could cause heap\noverflows in clients, and malicious clients with commit access could\ncause heap overflows in servers, possibly leading to arbitrary code\nexecution in both cases.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.4.2dfsg1-3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.4dfsg-1.

\n

We recommend that you upgrade your Subversion packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3.dsc
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-javahl_1.4.2dfsg1-3_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby_1.4.2dfsg1-3_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-doc_1.4.2dfsg1-3_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion-tools_1.4.2dfsg1-3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.4.2dfsg1-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.4.2dfsg1-3_powerpc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4.dsc
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion-tools_1.5.1dfsg1-4_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-doc_1.5.1dfsg1-4_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby_1.5.1dfsg1-4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_arm.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1856": "
\n

Debian Security Advisory

\n

DSA-1856-1 mantis -- information leak

\n
\n
Date Reported:
\n
08 Aug 2009
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 425010.
\n
More information:
\n
\n

It was discovered that the Debian Mantis package, a web based bug\ntracking system, installed the database credentials in a file with\nworld-readable permissions onto the local filesystem. This allows\nlocal users to acquire the credentials used to control the Mantis\ndatabase.

\n

This updated package corrects this problem for new installations and\nwill carefully try to update existing ones. Administrators can check\nthe permissions of the file /etc/mantis/config_db.php to see if they\nare safe for their environment.

\n

The old stable distribution (etch) does not contain a mantis package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.1.6+dfsg-2lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8+dfsg-2.

\n

We recommend that you upgrade your mantis package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_1.1.6+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_1.1.6+dfsg-2lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_1.1.6+dfsg-2lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mantis/mantis_1.1.6+dfsg-2lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1857": "
\n

Debian Security Advisory

\n

DSA-1857-1 camlimages -- integer overflow

\n
\n
Date Reported:
\n
10 Aug 2009
\n
Affected Packages:
\n
\ncamlimages\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 540146.
In Mitre's CVE dictionary: CVE-2009-2660.
\n
More information:
\n
\n

Tielei Wang discovered that CamlImages, an open source image processing\nlibrary, suffers from several integer overflows which may lead to a\npotentially exploitable heap overflow and result in arbitrary code\nexecution. This advisory addresses issues with the reading of JPEG and\nGIF Images, while DSA 1832-1\naddressed the issue with PNG images.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.20-8+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:2.2.0-4+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.0.1-3.

\n

We recommend that you upgrade your camlimages package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1858": "
\n

Debian Security Advisory

\n

DSA-1858-1 imagemagick -- multiple vulnerabilities

\n
\n
Date Reported:
\n
10 Aug 2009
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 418057, Bug 412945, Bug 444267, Bug 530838.
In Mitre's CVE dictionary: CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988, CVE-2008-1096, CVE-2008-1097, CVE-2009-1882.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the imagemagick image\nmanipulation programs which can lead to the execution of arbitrary code,\nexposure of sensitive information or cause DoS. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-1667\n

    Multiple integer overflows in XInitImage function in xwd.c for\n ImageMagick, allow user-assisted remote attackers to cause a denial of\n service (crash) or obtain sensitive information via crafted images with\n large or negative values that trigger a buffer overflow. It only affects\n the oldstable distribution (etch).

    • \n
  • CVE-2007-1797\n

    Multiple integer overflows allow remote attackers to execute arbitrary\n code via a crafted DCM image, or the colors or comments field in a\n crafted XWD image. It only affects the oldstable distribution (etch).

    • \n
  • CVE-2007-4985\n

    A crafted image file can trigger an infinite loop in the ReadDCMImage\n function or in the ReadXCFImage function. It only affects the oldstable\n distribution (etch).

    • \n
  • CVE-2007-4986\n

    Multiple integer overflows allow context-dependent attackers to execute\n arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,\n which triggers a heap-based buffer overflow. It only affects the\n oldstable distribution (etch).

    • \n
  • CVE-2007-4987\n

    Off-by-one error allows context-dependent attackers to execute arbitrary\n code via a crafted image file, which triggers the writing of a '\\0'\n character to an out-of-bounds address. It affects only the oldstable\n distribution (etch).

    • \n
  • CVE-2007-4988\n

    A sign extension error allows context-dependent attackers to execute\n arbitrary code via a crafted width value in an image file, which\n triggers an integer overflow and a heap-based buffer overflow. It\n affects only the oldstable distribution (etch).

    • \n
  • CVE-2008-1096\n

    The load_tile function in the XCF coder allows user-assisted remote\n attackers to cause a denial of service or possibly execute arbitrary\n code via a crafted .xcf file that triggers an out-of-bounds heap write.\n It affects only to oldstable (etch).

    • \n
  • CVE-2008-1097\n

    Heap-based buffer overflow in the PCX coder allows user-assisted remote\n attackers to cause a denial of service or possibly execute arbitrary\n code via a crafted .pcx file that triggers incorrect memory allocation\n for the scanline array, leading to memory corruption. It affects only to\n oldstable (etch).

    • \n
  • CVE-2009-1882\n

    Integer overflow allows remote attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a crafted TIFF file,\n which triggers a buffer overflow.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 7:6.2.4.5.dfsg1-0.15+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 7:6.3.7.9.dfsg2-1~lenny3.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n7:6.5.1.0-1.1.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9c2a_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.2.4.5.dfsg1-0.15+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.dsc
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++10_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/perlmagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick++9-dev_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/imagemagick_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imagemagick/libmagick10_6.3.7.9.dfsg2-1~lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1859": "
\n

Debian Security Advisory

\n

DSA-1859-1 libxml2 -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Aug 2009
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2416, CVE-2009-2414.
\n
More information:
\n
\n

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml2, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly arbitrary\ncode execution in the application using the library. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-2416\n

    An XML document with specially-crafted Notation or Enumeration attribute\ntypes in a DTD definition leads to the use of a pointers to memory areas\nwhich have already been freed.

    • \n
  • CVE-2009-2414\n

    Missing checks for the depth of ELEMENT DTD definitions when parsing\nchild content can lead to extensive stack-growth due to a function\nrecursion which can be triggered via a crafted XML document.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.27.dfsg-6+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-6+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-6+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1860": "
\n

Debian Security Advisory

\n

DSA-1860-1 ruby1.8, ruby1.9 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Aug 2009
\n
Affected Packages:
\n
\nruby1.8, ruby1.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0642, CVE-2009-1904.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Ruby. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-0642\n

    The return value from the OCSP_basic_verify function was not checked\n properly, allowing continued use of a revoked certificate.

    • \n
  • CVE-2009-1904\n

    An issue in parsing BigDecimal numbers can result in a\n denial-of-service condition (crash).

    • \n
\n

The following matrix identifies fixed versions:

\n
\n\n\n\n\n
\u00a0 ruby1.8 ruby1.9
oldstable (etch)1.8.5-4etch5 1.9.0+20060609-1etch5
stable (lenny) 1.8.7.72-3lenny11.9.0.2-9lenny1
unstable (sid) 1.8.7.173-1 (soon)
\n

We recommend that you upgrade your Ruby packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch5_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch5_s390.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1.dsc
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0.2-9lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0.2-9lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0.2-9lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0.2-9lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.7.72-3lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.7.72-3lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.7.72-3lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.7.72-3lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0.2-9lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.7.72-3lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0.2-9lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.7.72-3lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1861": "
\n

Debian Security Advisory

\n

DSA-1861-1 libxml -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Aug 2009
\n
Affected Packages:
\n
\nlibxml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2416, CVE-2009-2414.
\n
More information:
\n
\n

Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several\nvulnerabilities in libxml, a library for parsing and handling XML data\nfiles, which can lead to denial of service conditions or possibly arbitrary\ncode execution in the application using the library. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-2416\n

    An XML document with specially-crafted Notation or Enumeration attribute\ntypes in a DTD definition leads to the use of a pointers to memory areas\nwhich have already been freed.

    • \n
  • CVE-2009-2414\n

    Missing checks for the depth of ELEMENT DTD definitions when parsing\nchild content can lead to extensive stack-growth due to a function\nrecursion which can be triggered via a crafted XML document.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.8.17-14+etch1.

\n

The stable (lenny), testing (squeeze) and unstable (sid) distribution\ndo not contain libxml anymore but libxml2 for which DSA-1859-1 has been\nreleased.

\n

We recommend that you upgrade your libxml packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-14+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-14+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-14+etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1862": "
\n

Debian Security Advisory

\n

DSA-1862-1 linux-2.6 -- privilege escalation

\n
\n
Date Reported:
\n
14 Aug 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2692.
\n
More information:
\n
\n

A vulnerability has been discovered in the Linux kernel that may lead\nto privilege escalation. The Common Vulnerabilities and Exposures project\nidentifies the following problem:

\n
    \n
  • CVE-2009-2692\n

    Tavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.

    • \n
\n

For the oldstable distribution (etch), this problem will be fixed in\nupdates to linux-2.6 and linux-2.6.24.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-17lenny2.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-17lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-17lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-17lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-17lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-17lenny2_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-17lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-17lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-17lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-17lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-17lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-17lenny2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-17lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-17lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-17lenny2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1863": "
\n

Debian Security Advisory

\n

DSA-1863-1 zope2.10/zope2.9 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Aug 2009
\n
Affected Packages:
\n
\nzope2.10/zope2.9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0668, CVE-2009-0669.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the zope,\na feature-rich web application server written in python, that could\nlead to arbitrary code execution in the worst case. The Common\nVulnerabilities and Exposures project identified the following problems:

\n
    \n
  • CVE-2009-0668\n

    Due to a programming error an authorization method in the StorageServer\ncomponent of ZEO was not used as an internal method. This allows a\nmalicious client to bypass authentication when connecting to a ZEO server\nby simply calling this authorization method.

    • \n
  • CVE-2009-0668\n

    The ZEO server doesn't restrict the callables when unpickling data received\nfrom a malicious client which can be used by an attacker to execute\narbitrary python code on the server by sending certain exception pickles.\nThis also allows an attacker to import any importable module as ZEO is\nimporting the module containing a callable specified in a pickle to test\nfor a certain flag.

    • \n

  • The update also limits the number of new object ids a client can request\nto 100 as it would be possible to consume huge amounts of resources by\nrequesting a big batch of new object ids. No CVE id has been assigned to\nthis.

    • \n
\n

The oldstable distribution (etch), this problem has been fixed in\nversion 2.9.6-4etch2 of zope2.9.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.10.6-1+lenny1 of zope2.10.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.10.9-1 of zope2.10.

\n

We recommend that you upgrade your zope2.10/zope2.9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2.dsc
\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9-sandbox_2.9.6-4etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.9/zope2.9_2.9.6-4etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10-sandbox_2.10.6-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/zope2.10/zope2.10_2.10.6-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1864": "
\n

Debian Security Advisory

\n

DSA-1864-1 linux-2.6.24 -- privilege escalation

\n
\n
Date Reported:
\n
16 Aug 2009
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2692.
\n
More information:
\n
\n

A vulnerability has been discovered in the Linux kernel that may lead\nto privilege escalation. The Common Vulnerabilities and Exposures\nproject identifies the following problem:

\n
    \n
  • CVE-2009-2692\n

    Tavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.24-6~etchnhalf.8etch3.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.8etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.8etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.8etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.8etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.8etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.8etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.8etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.8etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1865": "
\n

Debian Security Advisory

\n

DSA-1865-1 linux-2.6 -- denial of service/privilege escalation

\n
\n
Date Reported:
\n
16 Aug 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1385, CVE-2009-1389, CVE-2009-1630, CVE-2009-1633, CVE-2009-2692.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1385\n

    Neil Horman discovered a missing fix from the e1000 network\n driver. A remote user may cause a denial of service by way of a\n kernel panic triggered by specially crafted frame sizes.

    • \n
  • CVE-2009-1389\n

    Michael Tokarev discovered an issue in the r8169 network driver.\n Remote users on the same LAN may cause a denial of service by way\n of a kernel panic triggered by receiving a large size frame.

    • \n
  • CVE-2009-1630\n

    Frank Filz discovered that local users may be able to execute\n files without execute permission when accessed via an nfs4 mount.

    • \n
  • CVE-2009-1633\n

    Jeff Layton and Suresh Jayaraman fixed several buffer overflows in\n the CIFS filesystem which allow remote servers to cause memory\n corruption.

    • \n
  • CVE-2009-2692\n

    Tavis Ormandy and Julien Tinnes discovered an issue with how the\n sendpage function is initialized in the proto_ops structure.\n Local users can exploit this vulnerability to gain elevated\n privileges.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch3.

\n

The following matrix lists additional packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch3
user-mode-linux 2.6.18-1um-2etch.24etch3
\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch3_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1866": "
\n

Debian Security Advisory

\n

DSA-1866-1 kdegraphics -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Aug 2009
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 534918, Bug 534951.
In Mitre's CVE dictionary: CVE-2009-0945, CVE-2009-1709.
\n
More information:
\n
\n

Two security issues have been discovered in kdegraphics, the graphics\napps from the official KDE release. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-0945\n

    It was discovered that the KSVG animation element implementation suffers\nfrom a null pointer dereference flaw, which could lead to the execution\nof arbitrary code.

    • \n
  • CVE-2009-1709\n

    It was discovered that the KSVG animation element implementation is\nprone to a use-after-free flaw, which could lead to the execution of\narbitrary code.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed\nin version 4:3.5.5-3etch4.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.9-3+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 4:4.0.

\n

We recommend that you upgrade your kdegraphics packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.5-3etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1867": "
\n

Debian Security Advisory

\n

DSA-1867-1 kdelibs -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Aug 2009
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 534952.
In Mitre's CVE dictionary: CVE-2009-1690, CVE-2009-1698, CVE-2009-1687.
\n
More information:
\n
\n

Several security issues have been discovered in kdelibs, core libraries\nfrom the official KDE release. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1690\n

    It was discovered that there is a use-after-free flaw in handling\ncertain DOM event handlers. This could lead to the execution of\narbitrary code, when visiting a malicious website.

    • \n
  • CVE-2009-1698\n

    It was discovered that there could be an uninitialised pointer when\nhandling a Cascading Style Sheets (CSS) attr function call. This could\nlead to the execution of arbitrary code, when visiting a malicious\nwebsite.

    • \n
  • CVE-2009-1687\n

    It was discovered that the JavaScript garbage collector does not handle\nallocation failures properly, which could lead to the execution of\narbitrary code when visiting a malicious website.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed\nin version 4:3.5.5a.dfsg.1-8etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.10.dfsg.1-0lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your kdelibs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_powerpc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1868": "
\n

Debian Security Advisory

\n

DSA-1868-1 kde4libs -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Aug 2009
\n
Affected Packages:
\n
\nkde4libs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 534949.
In Mitre's CVE dictionary: CVE-2009-1690, CVE-2009-1698, CVE-2009-1687.
\n
More information:
\n
\n

Several security issues have been discovered in kde4libs, core libraries\nfor all KDE 4 applications. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-1690\n

    It was discovered that there is a use-after-free flaw in handling\ncertain DOM event handlers. This could lead to the execution of\narbitrary code, when visiting a malicious website.

    • \n
  • CVE-2009-1698\n

    It was discovered that there could be an uninitialised pointer when\nhandling a Cascading Style Sheets (CSS) attr function call. This could\nlead to the execution of arbitrary code, when visiting a malicious\nwebsite.

    • \n
  • CVE-2009-1687\n

    It was discovered that the JavaScript garbage collector does not handle\nallocation failures properly, which could lead to the execution of\narbitrary code when visiting a malicious website.

    • \n
\n

The oldstable distribution (etch) does not contain kde4libs.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4:4.1.0-3+lenny1.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.3.0-1.

\n

We recommend that you upgrade your kde4libs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-data_4.1.0-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1869": "
\n

Debian Security Advisory

\n

DSA-1869-1 curl -- insufficient input validation

\n
\n
Date Reported:
\n
19 Aug 2009
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 541991.
In Mitre's CVE dictionary: CVE-2009-2417.
\n
More information:
\n
\n

It was discovered that curl, a client and library to get files from servers\nusing HTTP, HTTPS or FTP, is vulnerable to the \"Null Prefix Attacks Against\nSSL/TLS Certificates\" recently published at the Blackhat conference. This\nallows an attacker to perform undetected man-in-the-middle attacks via a\ncrafted ITU-T X.509 certificate with an injected null byte in the Common\nName field.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 7.15.5-1etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny3.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your curl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch3_s390.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny3_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1870": "
\n

Debian Security Advisory

\n

DSA-1870-1 pidgin -- insufficient input validation

\n
\n
Date Reported:
\n
19 Aug 2009
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2694.
\n
More information:
\n
\n

Federico Muttis discovered that libpurple, the shared library that adds\nsupport for various instant messaging networks to the pidgin IM client, is\nvulnerable to a heap-based buffer overflow. This issue exists because of\nan incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can\nexploit this by sending two consecutive SLP packets to a victim via MSN.

\n

The first packet is used to create an SLP message object with an offset of\nzero, the second packet then contains a crafted offset which hits the\nvulnerable code originally fixed in CVE-2008-2927 and CVE-2009-1376 and\nallows an attacker to execute arbitrary code.

\n

Note: Users with the \"Allow only the users below\" setting are not vulnerable\nto this attack. If you can't install the below updates you may want to\nset this via Tools->Privacy.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny3.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.9-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3.dsc
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny3_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1871": "
\n

Debian Security Advisory

\n

DSA-1871-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Aug 2009
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 531736, Bug 536724, Bug 504243, Bug 500115, Bug 504234, Bug 504771.
In Mitre's CVE dictionary: CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in wordpress, weblog\nmanager. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-6762\n

    It was discovered that wordpress is prone to an open redirect\nvulnerability which allows remote attackers to conduct phishing atacks.

    • \n
  • CVE-2008-6767\n

    It was discovered that remote attackers had the ability to trigger an\napplication upgrade, which could lead to a denial of service attack.

    • \n
  • CVE-2009-2334\n

    It was discovered that wordpress lacks authentication checks in the\nplugin configuration, which might leak sensitive information.

    • \n
  • CVE-2009-2854\n

    It was discovered that wordpress lacks authentication checks in various\nactions, thus allowing remote attackers to produce unauthorised edits or\nadditions.

    • \n
  • CVE-2009-2851\n

    It was discovered that the administrator interface is prone to a\ncross-site scripting attack.

    • \n
  • CVE-2009-2853\n

    It was discovered that remote attackers can gain privileges via certain\ndirect requests.

    • \n
  • CVE-2008-1502\n

    It was discovered that the _bad_protocol_once function in KSES, as used\nby wordpress, allows remote attackers to perform cross-site scripting\nattacks.

    • \n
  • CVE-2008-4106\n

    It was discovered that wordpress lacks certain checks around user\ninformation, which could be used by attackers to change the password of\na user.

    • \n
  • CVE-2008-4769\n

    It was discovered that the get_category_template function is prone to a\ndirectory traversal vulnerability, which could lead to the execution of\narbitrary code.

    • \n
  • CVE-2008-4796\n

    It was discovered that the _httpsrequest function in the embedded snoopy\nversion is prone to the execution of arbitrary commands via shell\nmetacharacters in https URLs.

    • \n
  • CVE-2008-5113\n

    It was discovered that wordpress relies on the REQUEST superglobal array\nin certain dangerous situations, which makes it easier to perform\nattacks via crafted cookies.

    \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.10-1etch4.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.5.1-11+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.8.3-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1872": "
\n

Debian Security Advisory

\n

DSA-1872-1 linux-2.6 -- denial of service/privilege escalation/information leak

\n
\n
Date Reported:
\n
24 Aug 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2698, CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to denial of service, privilege escalation or a leak of\nsensitive memory. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-2698\n

    Herbert Xu discovered an issue in the way UDP tracks corking\n status that could allow local users to cause a denial of service\n (system crash). Tavis Ormandy and Julien Tinnes discovered that\n this issue could also be used by local users to gain elevated\n privileges.

    • \n
  • CVE-2009-2846\n

    Michael Buesch noticed a typing issue in the eisa-eeprom driver\n for the hppa architecture. Local users could exploit this issue to\n gain access to restricted memory.

    • \n
  • CVE-2009-2847\n

    Ulrich Drepper noticed an issue in the do_sigalstack routine on\n 64-bit systems. This issue allows local users to gain access to\n potentially sensitive memory on the kernel stack.

    • \n
  • CVE-2009-2848\n

    Eric Dumazet discovered an issue in the execve path, where the\n clear_child_tid variable was not being properly cleared. Local\n users could exploit this issue to cause a denial of service\n (memory corruption).

    • \n
  • CVE-2009-2849\n

    Neil Brown discovered an issue in the sysfs interface to md\n devices. When md arrays are not active, local users can exploit\n this vulnerability to cause a denial of service (oops).

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-24etch4.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.24etch4
user-mode-linux 2.6.18-1um-2etch.24etch4
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-24etch4.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4.dsc
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-24etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-24etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-24etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-24etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-24etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-24etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-24etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-24etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-24etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/u/user-mode-linux/user-mode-linux_2.6.18-1um-2etch.24etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-24etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-24etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-24etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-24etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-24etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fai-kernels/fai-kernels_1.17+etch.24etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-24etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-24etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-24etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1873": "
\n

Debian Security Advisory

\n

DSA-1873-1 xulrunner -- programming error

\n
\n
Date Reported:
\n
26 Aug 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2654.
\n
More information:
\n
\n

Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid\nURLs could be used for spoofing the location bar and the SSL certificate\nstatus of a web page.

\n

Xulrunner is no longer supported for the old stable distribution (etch).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.9.0.13-0lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.0.13-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.13-0lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.13-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.13-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.13-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1874": "
\n

Debian Security Advisory

\n

DSA-1874-1 nss -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Aug 2009
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2404, CVE-2009-2408, CVE-2009-2409.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Network Security\nService libraries. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-2404\n

    Moxie Marlinspike discovered that a buffer overflow in the regular\n expression parser could lead to the execution of arbitrary code.

    • \n
  • CVE-2009-2408\n

    Dan Kaminsky discovered that NULL characters in certificate\n names could lead to man-in-the-middle attacks by tricking the user\n into accepting a rogue certificate.

    • \n
  • CVE-2009-2409\n

    Certificates with MD2 hash signatures are no longer accepted\n since they're no longer considered cryptograhically secure.

    • \n
\n

The old stable distribution (etch) doesn't contain nss.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.12.3.1-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1875": "
\n

Debian Security Advisory

\n

DSA-1875-1 ikiwiki -- missing input sanitising

\n
\n
Date Reported:
\n
31 Aug 2009
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2944.
\n
More information:
\n
\n

Josh Triplett discovered that the blacklist for potentially harmful TeX\ncode of the teximg module of the Ikiwiki wiki compiler was incomplete,\nresulting in information disclosure.

\n

The old stable distribution (etch) is not affected.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.53.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1415926.

\n

We recommend that you upgrade your ikiwiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.tar.gz
\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1876": "
\n

Debian Security Advisory

\n

DSA-1876-1 dnsmasq -- buffer overflow

\n
\n
Date Reported:
\n
01 Sep 2009
\n
Affected Packages:
\n
\ndnsmasq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2957, CVE-2009-2958.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TFTP\ncomponent of dnsmasq. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-2957\n

    A buffer overflow in TFTP processing may enable arbitrary code\n execution to attackers which are permitted to use the TFTP service.

    • \n
  • CVE-2009-2958\n

    Malicious TFTP clients may crash dnsmasq, leading to denial of\n service.

    • \n
\n

The old stable distribution is not affected by these problems.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.45-1+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.50-1.

\n

We recommend that you upgrade your dnsmasq packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq_2.45-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dnsmasq/dnsmasq-base_2.45-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1877": "
\n

Debian Security Advisory

\n

DSA-1877-1 mysql-dfsg-5.0 -- denial of service/execution of arbitrary code

\n
\n
Date Reported:
\n
02 Sep 2009
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 536726.
In Mitre's CVE dictionary: CVE-2009-2446.
\n
More information:
\n
\n

In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities\nin the dispatch_command() function in libmysqld/sql_parse.cc in mysqld\nallow remote authenticated users to cause a denial of service (daemon\ncrash) and potentially the execution of arbitrary code via format\nstring specifiers in a database name in a COM_CREATE_DB or\nCOM_DROP_DB request.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 5.0.51a-24+lenny2.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 5.0.32-7etch11.

\n

We recommend that you upgrade your mysql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch11.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch11_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch11_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch11_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1878": "
\n

Debian Security Advisory

\n

DSA-1878-1 devscripts -- missing input sanitation

\n
\n
Date Reported:
\n
02 Sep 2009
\n
Affected Packages:
\n
\ndevscripts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2946.
\n
More information:
\n
\n

Raphael Geissert discovered that uscan, a program to check for\navailability of new source code versions which is part of the\ndevscripts package, runs Perl code downloaded from potentially\nuntrusted sources to implement its URL and version mangling\nfunctionality. This update addresses this issue by reimplementing the\nrelevant Perl operators without relying on the Perl interpreter,\ntrying to preserve backwards compatibility as much as possible.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 2.9.26etch4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.10.35lenny6.

\n

For the unstable distribution (sid), this problem will be fixed in\nversion 2.10.54.

\n

We recommend that you upgrade your devscripts package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4.tar.gz
\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.9.26etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6.tar.gz
\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/devscripts/devscripts_2.10.35lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1879": "
\n

Debian Security Advisory

\n

DSA-1879-1 silc-client/silc-toolkit -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Sep 2009
\n
Affected Packages:
\n
\nsilc-client/silc-toolkit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-7159, CVE-2008-7160, CVE-2009-3051.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the software suite for the\nSILC protocol, a network protocol designed to provide end-to-end security\nfor conferencing services. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-7159\n

    An incorrect format string in sscanf() used in the ASN1 encoder to scan an\nOID value could overwrite a neighbouring variable on the stack as the\ndestination data type is smaller than the source type on 64-bit. On 64-bit\narchitectures this could result in unexpected application behaviour or even\ncode execution in some cases.

    • \n
  • CVE-2009-3051\n

    Various format string vulnerabilities when handling parsed SILC messages\nallow an attacker to execute arbitrary code with the rights of the victim\nrunning the SILC client via crafted nick names or channel names containing\nformat strings.

    • \n
  • CVE-2008-7160\n

    An incorrect format string in a sscanf() call used in the HTTP server\ncomponent of silcd could result in overwriting a neighbouring variable on\nthe stack as the destination data type is smaller than the source type on\n64-bit. An attacker could exploit this by using crafted Content-Length\nheader values resulting in unexpected application behaviour or even code\nexecution in some cases.

    • \n
\n

silc-server doesn't need an update as it uses the shared library provided\nby silc-toolkit. silc-client/silc-toolkit in the oldstable distribution\n(etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.1.7-2+lenny1 of silc-toolkit and in version 1.1.4-1+lenny1\nof silc-client.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.10-1 of silc-toolkit and version 1.1-2 of silc-client\n(using libsilc from silc-toolkit since this upload).

\n

We recommend that you upgrade your silc-toolkit/silc-client packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit_1.1.7-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit_1.1.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/silc-toolkit_1.1.7-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1.1.4-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1.1.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc-client_1.1.4-1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2_1.1.7-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/irssi-plugin-silc_1.1.4-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dev_1.1.7-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-client/silc_1.1.4-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/silc-toolkit/libsilc-1.1-2-dbg_1.1.7-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1880": "
\n

Debian Security Advisory

\n

DSA-1880-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Sep 2009
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0200, CVE-2009-0201, CVE-2009-2139.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the OpenOffice.org\noffice suite. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-0200\n

    Dyon Balding of Secunia Research has discovered a vulnerability,\n which can be exploited by opening a specially crafted Microsoft\n Word document.

    \n

    When reading a Microsoft Word document, a bug in the parser of\n sprmTDelete records can result in an integer underflow that may\n lead to heap-based buffer overflows.

    \n

    Successful exploitation may allow arbitrary code execution in the\n context of the OpenOffice.org process.

    • \n
  • CVE-2009-0201\n

    Dyon Balding of Secunia Research has discovered a vulnerability,\n which can be exploited by opening a specially crafted Microsoft\n Word document.

    \n

    When reading a Microsoft Word document, a bug in the parser of\n sprmTDelete records can result in heap-based buffer overflows.

    \n

    Successful exploitation may allow arbitrary code execution in the\n context of the OpenOffice.org process.

    • \n
  • CVE-2009-2139\n

    A vulnerability has been discovered in the parser of EMF files of\n OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially\n crafted document and lead to the execution of arbitrary commands\n the privileges of the user running OpenOffice.org/Go-oo.

    \n

    This vulnerability does not exist in the packages for oldstable,\n testing and unstable.

    • \n
\n

For the old stable distribution (etch) these problems have been fixed in\nversion 2.0.4.dfsg.2-7etch7.

\n

For the stable distribution (lenny) these problems have been fixed in\nversion 2.4.1+dfsg-1+lenny3 and higher.

\n

For the unstable (sid) and testing (squeeze) distribution these\nproblems have been fixed in version 3.1.1~ooo310m15-1.

\n

We recommend that you upgrade your Openoffice.org package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch7.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_arm.deb
\n
HPPA:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch6_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny3_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1881": "
\n

Debian Security Advisory

\n

DSA-1881-1 cyrus-imapd-2.2 -- buffer overflow

\n
\n
Date Reported:
\n
07 Sep 2009
\n
Affected Packages:
\n
\ncyrus-imapd-2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that the SIEVE component of cyrus-imapd, a highly scalable\nenterprise mail system, is vulnerable to a buffer overflow when processing\nSIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is\nable to pass a negative length to snprintf() calls resulting in large positive\nvalues due to integer conversion. This causes a buffer overflow which can be\nused to elevate privileges to the cyrus system user. An attacker who is able\nto install SIEVE scripts executed by the server is therefore able to read and\nmodify arbitrary email messages on the system.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.13-10+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.13-14+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your cyrus-imapd-2.2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-doc-2.2_2.2.13-10+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-admin-2.2_2.2.13-10+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-admin-2.2_2.2.13-14+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-doc-2.2_2.2.13-14+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1882": "
\n

Debian Security Advisory

\n

DSA-1882-1 xapian-omega -- missing input sanitization

\n
\n
Date Reported:
\n
09 Sep 2009
\n
Affected Packages:
\n
\nxapian-omega\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2947.
\n
More information:
\n
\n

It was discovered that xapian-omega, a CGI interface for searching xapian\ndatabases, is not properly escaping user supplied input when printing\nexceptions. An attacker can use this to conduct cross-site scripting\nattacks via crafted search queries resulting in an exception and steal\npotentially sensitive data from web applications running on the same domain\nor embedding the search engine into a website.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.9.9-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.7-3+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your xapian-omega packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_0.9.9-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xapian-omega/xapian-omega_1.0.7-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1883": "
\n

Debian Security Advisory

\n

DSA-1883-1 nagios2 -- missing input sanitising

\n
\n
Date Reported:
\n
10 Sep 2009
\n
Affected Packages:
\n
\nnagios2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 448371, Bug 482445, Bug 485439.
In Mitre's CVE dictionary: CVE-2007-5624, CVE-2007-5803, CVE-2008-1360.
\n
More information:
\n
\n

Several vulnerabilities have been found in nagios2, a host/service/network\nmonitoring and management system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n

Several cross-site scripting issues via several parameters were\ndiscovered in the CGI scripts, allowing attackers to inject arbitrary\nHTML code. In order to cover the different attack vectors, these issues\nhave been assigned CVE-2007-5624, CVE-2007-5803 and CVE-2008-1360.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.6-2+etch4.

\n

The stable distribution (lenny) does not include nagios2, and nagios3 is\nnot affected by these problems.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\ndo not contain nagios2, and nagios3 is not affected by these problems.

\n

We recommend that you upgrade your nagios2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-doc_2.6-2+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-common_2.6-2+etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2_2.6-2+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nagios2/nagios2-dbg_2.6-2+etch4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1884": "
\n

Debian Security Advisory

\n

DSA-1884-1 nginx -- buffer underflow

\n
\n
Date Reported:
\n
14 Sep 2009
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2629.
\n
More information:
\n
\n

Chris Ries discovered that nginx, a high-performance HTTP server, reverse\nproxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when\nprocessing certain HTTP requests. An attacker can use this to execute\narbitrary code with the rights of the worker process (www-data on Debian)\nor possibly perform denial of service attacks by repeatedly crashing\nworker processes via a specially crafted URL in an HTTP request.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.4.13-2+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.6.32-3+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.7.61-3.

\n

We recommend that you upgrade your nginx packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1885": "
\n

Debian Security Advisory

\n

DSA-1885-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Sep 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-3070\n

    Jesse Ruderman discovered crashes in the layout engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2009-3071\n

    Daniel Holbert, Jesse Ruderman, Olli Pettay and \"toshi\" discovered\n crashes in the layout engine, which might allow the execution of\n arbitrary code.

    • \n
  • CVE-2009-3072\n

    Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes\n in the layout engine, which might allow the execution of arbitrary\n code.

    • \n
  • CVE-2009-3074\n

    Jesse Ruderman discovered a crash in the Javascript engine, which\n might allow the execution of arbitrary code.

    • \n
  • CVE-2009-3075\n

    Carsten Book and \"Taral\" discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2009-3076\n

    Jesse Ruderman discovered that the user interface for installing/\n removing PCKS #11 securiy modules wasn't informative enough, which\n might allow social engineering attacks.

    • \n
  • CVE-2009-3077\n

    It was discovered that incorrect pointer handling in the XUL parser\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2009-3078\n

    Juan Pablo Lopez Yacubian discovered that incorrent rendering of\n some Unicode font characters could lead to spoofing attacks on\n the location bar.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.14-0lenny1.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.14-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 1.9.1.3-1.

\n

We recommend that you upgrade your xulrunner package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.14-0lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.14-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.14-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.14-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1886": "
\n

Debian Security Advisory

\n

DSA-1886-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Sep 2009
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1310, CVE-2009-3079.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Iceweasel web\nbrowser, an unbranded version of the Firefox browser. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-3079\n

    \"moz_bug_r_a4\" discovered that a programming error in the FeedWriter\n module could lead to the execution of Javascript code with elevated\n privileges.

    • \n
  • CVE-2009-1310\n

    Prateek Saxena discovered a cross-site scripting vulnerability in\n the MozSearch plugin interface.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.0.6-3.

\n

As indicated in the Etch release notes, security support for the\nMozilla products in the oldstable distribution needed to be stopped\nbefore the end of the regular Etch security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a still\nsupported browser.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.0.14-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 3.5.3-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3.dsc
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-gnome-support_3.0.6-3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_arm.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_armel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel-dbg_3.0.6-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/iceweasel/iceweasel_3.0.6-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1887": "
\n

Debian Security Advisory

\n

DSA-1887-1 rails -- missing input sanitising

\n
\n
Date Reported:
\n
15 Sep 2009
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 545063.
In Mitre's CVE dictionary: CVE-2009-3009.
\n
More information:
\n
\n

Brian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site scripting\nattacks via malformed strings in the form helper.

\n

For the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken due\nto programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.3-1.

\n

We recommend that you upgrade your rails packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.diff.gz
\n
http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.dsc
\n
http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1888": "
\n

Debian Security Advisory

\n

DSA-1888-1 openssl, openssl097 -- cryptographic weakness

\n
\n
Date Reported:
\n
15 Sep 2009
\n
Affected Packages:
\n
\nopenssl, openssl097\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2409.
\n
More information:
\n
\n

Certificates with MD2 hash signatures are no longer accepted by OpenSSL,\nsince they're no longer considered cryptographically secure.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny5.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for\nopenssl097.\nThe OpenSSL 0.9.8 update for oldstable (etch) also provides updated\npackages for multiple denial of service vulnerabilities in the\nDatagram Transport Layer Security implementation. These fixes were\nalready provided for Debian stable (Lenny) in a previous point\nupdate. The OpenSSL 0.9.7 package from oldstable (Etch) is not\naffected. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379,\nCVE-2009-1386 and CVE-2009-1387)

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8k-5.

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_sparc.udeb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_armel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_hppa.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny5_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1889": "
\n

Debian Security Advisory

\n

DSA-1889-1 icu -- programming error

\n
\n
Date Reported:
\n
16 Sep 2009
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0153.
\n
More information:
\n
\n

It was discovered that the ICU unicode library performed incorrect\nprocessing of invalid multibyte sequences, resulting in potential\nbypass of security mechanisms.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 3.6-2etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.0.1-1.

\n

We recommend that you upgrade your icu packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.dsc
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1890": "
\n

Debian Security Advisory

\n

DSA-1890-1 wxwindows2.4 wxwidgets2.6 wxwidgets2.8 -- integer overflow

\n
\n
Date Reported:
\n
19 Sep 2009
\n
Affected Packages:
\n
\nwxwindows2.4
wxwidgets2.6
wxwidgets2.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2369.
\n
More information:
\n
\n

Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets\nCross-platform C++ GUI toolkit, which allows the execution of arbitrary\ncode via a crafted JPEG file.

\n

For the oldstable distribution (etch), this problem has been fixed in version\n2.4.5.1.1+etch1 for wxwindows2.4 and version 2.6.3.2.1.5+etch1 for\nwxwidgets2.6.

\n

For the stable distribution (lenny), this problem has been fixed in version\n2.6.3.2.2-3+lenny1 for wxwidgets2.6 and version 2.8.7.1-1.1+lenny1 for\nwxwidgets2.8.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.8.7.1-2 for wxwidgets2.8 and will be fixed soon for\nwxwidgets2.6.

\n

We recommend that you upgrade your wxwidgets packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.1.5+etch1.dsc
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wxwindows2.4_2.4.5.1.1+etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wxwindows2.4_2.4.5.1.1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.1.5+etch1.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-i18n_2.6.3.2.1.5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxtools_2.6.3.2.1.5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-examples_2.6.3.2.1.5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-doc_2.6.3.2.1.5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-i18n_2.4.5.1.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxversion_2.6.3.2.1.5+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-doc_2.4.5.1.1+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-examples_2.4.5.1.1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-1_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1-contrib_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dev_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/python-wxgtk2.4_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-1_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-contrib-dev_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dbg_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxgtk2.4-dbg_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.1.5+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/wx2.4-headers_2.4.5.1.1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwindows2.4/libwxbase2.4-dev_2.4.5.1.1+etch1_powerpc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-1.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1-1.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wxwidgets2.8_2.8.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wxwidgets2.6_2.6.3.2.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-examples_2.6.3.2.2-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-i18n_2.8.7.1-1.1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxtools_2.6.3.2.2-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-doc_2.8.7.1-1.1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxversion_2.6.3.2.2-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-doc_2.6.3.2.2-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-i18n_2.6.3.2.2-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-examples_2.8.7.1-1.1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6-dbg_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/wx2.8-headers_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx-common_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dbg_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-dev_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-0_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dbg_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8-dbg_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/wx2.6-headers_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/python-wxgtk2.8_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-0_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-0_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dev_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dev_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxgtk2.8-dev_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxbase2.6-dbg_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/python-wxgtk2.6_2.6.3.2.2-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.8/libwxbase2.8-dbg_2.8.7.1-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wxwidgets2.6/libwxgtk2.6-0_2.6.3.2.2-3+lenny1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1891": "
\n

Debian Security Advisory

\n

DSA-1891-1 changetrack -- shell command execution

\n
\n
Date Reported:
\n
22 Sep 2009
\n
Affected Packages:
\n
\nchangetrack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 546791.
In Mitre's CVE dictionary: CVE-2009-3233.
\n
More information:
\n
\n

Marek Grzybowski discovered that changetrack, a program to monitor\nchanges to (configuration) files, is prone to shell command injection\nvia metacharacters in filenames. The behaviour of the program has been\nadjusted to reject all filenames with metacharacters.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 4.3-3+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.3-3+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5-2.

\n

We recommend that you upgrade your changetrack packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/changetrack/changetrack_4.3-3+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1892": "
\n

Debian Security Advisory

\n

DSA-1892-1 dovecot -- buffer overflow

\n
\n
Date Reported:
\n
23 Sep 2009
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 546656.
In Mitre's CVE dictionary: CVE-2009-2632, CVE-2009-3235.
\n
More information:
\n
\n

It was discovered that the SIEVE component of dovecot, a mail server\nthat supports mbox and maildir mailboxes, is vulnerable to a buffer\noverflow when processing SIEVE scripts. This can be used to elevate\nprivileges to the dovecot system user. An attacker who is able to\ninstall SIEVE scripts executed by the server is therefore able to read\nand modify arbitrary email messages on the system.

\n

For the oldstable distribution (etch), this problem has been fixed in version\n1.0.rc15-2etch5.

\n

For the stable distribution (lenny), this problem has been fixed in version\n1:1.0.15-2.3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1:1.2.1-1.

\n

We recommend that you upgrade your dovecot packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch5.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch5_s390.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.15-2.3+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-dev_1.0.15-2.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.15-2.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.15-2.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.15-2.3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1893": "
\n

Debian Security Advisory

\n

DSA-1893-1 cyrus-imapd-2.2 kolab-cyrus-imapd -- buffer overflow

\n
\n
Date Reported:
\n
23 Sep 2009
\n
Affected Packages:
\n
\ncyrus-imapd-2.2, kolab-cyrus-imapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 547712.
In Mitre's CVE dictionary: CVE-2009-2632, CVE-2009-3235.
\n
More information:
\n
\n

It was discovered that the SIEVE component of cyrus-imapd and\nkolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer\noverflow when processing SIEVE scripts.\nThis can be used to elevate privileges to the cyrus system user. An\nattacker who is able to install SIEVE scripts executed by the server is\ntherefore able to read and modify arbitrary email messages on the\nsystem. The update introduced by DSA\n1881-1 was incomplete and the issue has been given an additional CVE id due\nto its complexity.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.2.13-10+etch4 for cyrus-imapd-2.2 and version 2.2.13-2+etch2\nfor kolab-cyrus-imapd.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.13-14+lenny3 for cyrus-imapd-2.2, version 2.2.13-5+lenny2\nfor kolab-cyrus-imapd.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.13-15 for cyrus-imapd-2.2, and will be fixed soon for\nkolab-cyrus-imapd.

\n

We recommend that you upgrade your cyrus-imapd-2.2 and kolab-cyrus-imapd\npackages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4.dsc
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2.dsc
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-doc-2.2_2.2.13-10+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-admin-2.2_2.2.13-10+etch4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-admin_2.2.13-2+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-10+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-10+etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-admin-2.2_2.2.13-14+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-doc-2.2_2.2.13-14+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-admin_2.2.13-5+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-imapd_2.2.13-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-pop3d_2.2.13-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-pop3d-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-dev-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-common-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-murder-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/libcyrus-imap-perl22_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-clients-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-libcyrus-imap-perl_2.2.13-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-imapd-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cyrus-imapd-2.2/cyrus-nntpd-2.2_2.2.13-14+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-common_2.2.13-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kolab-cyrus-imapd/kolab-cyrus-clients_2.2.13-5+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1894": "
\n

Debian Security Advisory

\n

DSA-1894-1 newt -- buffer overflow

\n
\n
Date Reported:
\n
24 Sep 2009
\n
Affected Packages:
\n
\nnewt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2905.
\n
More information:
\n
\n

Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to\na buffer overflow in the content processing code, which can lead to the\nexecution of arbitrary code.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.52.2-10+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.52.2-11.3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your newt packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-10+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-10+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-10+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-10+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-10+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-10+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-10+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-11.3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/newt/newt_0.52.2-11.3+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/newt/whiptail_0.52.2-11.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-dev_0.52.2-11.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/python-newt_0.52.2-11.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/newt-tcl_0.52.2-11.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt0.52_0.52.2-11.3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/newt/libnewt-pic_0.52.2-11.3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1895": "
\n

Debian Security Advisory

\n

DSA-1895-1 xmltooling -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Sep 2009
\n
Affected Packages:
\n
\nxmltooling\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the xmltooling packages,\nas used by Shibboleth:

\n
    \n

  • Chris Ries discovered that decoding a crafted URL leads to a crash (and\npotentially, arbitrary code execution).

    • \n

  • Ian Young discovered that embedded NUL characters in certificate names\nwere not correctly handled, exposing configurations using PKIX trust\nvalidation to impersonation attacks.

    • \n

  • Incorrect processing of SAML metadata ignores key usage constraints.\nThis minor issue also needs a correction in the opensaml2 packages,\nwhich will be provided in an upcoming stable point release (and,\nbefore that, via stable-proposed-updates).

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0-2+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.2-1.

\n

We recommend that you upgrade your xmltooling packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xmltooling/xmltooling_1.0-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xmltooling/xmltooling_1.0-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xmltooling/xmltooling_1.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xmltooling/xmltooling-schemas_1.0-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-doc_1.0-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1896": "
\n

Debian Security Advisory

\n

DSA-1896-1 opensaml, shibboleth-sp -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Sep 2009
\n
Affected Packages:
\n
\nopensaml, shibboleth-sp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the opensaml and\nshibboleth-sp packages, as used by Shibboleth 1.x:

\n
    \n

  • Chris Ries discovered that decoding a crafted URL leads to a crash\n(and potentially, arbitrary code execution).

    • \n

  • Ian Young discovered that embedded NUL characters in certificate names\nwere not correctly handled, exposing configurations using PKIX trust\nvalidation to impersonation attacks.

    • \n

  • Incorrect processing of SAML metadata ignored key usage constraints.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 1.3f.dfsg1-2+etch1 of the shibboleth-sp packages, and\nversion 1.1a-2+etch1 of the opensaml packages.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.3.1.dfsg1-3+lenny1 of the shibboleth-sp packages, and\nversion 1.1.1-2+lenny1 of the opensaml packages.

\n

The unstable distribution (sid) does not contain Shibboleth 1.x\npackages.

\n

This update requires restarting the affected services (mainly Apache)\nto become effective.

\n

We recommend that you upgrade your Shibboleth 1.x packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1a-2+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml-schemas_1.1a-2+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1a-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1a-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1.1-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1.1-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml_1.1.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/opensaml/opensaml-schemas_1.1.1-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml-dev_1.1.1-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml/libsaml5_1.1.1-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1897": "
\n

Debian Security Advisory

\n

DSA-1897-1 horde3 -- insufficient input sanitization

\n
\n
Date Reported:
\n
28 Sep 2009
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3236.
\n
More information:
\n
\n

Stefan Esser discovered that Horde, a web application framework providing\nclasses for dealing with preferences, compression, browser detection,\nconnection tracking, MIME, and more, is insufficiently validating and\nescaping user provided input. The Horde_Form_Type_image form element\nallows to reuse a temporary filename on reuploads which are stored in a\nhidden HTML field and then trusted without prior validation. An attacker\ncan use this to overwrite arbitrary files on the system or to upload PHP\ncode and thus execute arbitrary code with the rights of the webserver.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.1.3-4etch6.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.2.2+debian0-2+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 3.3.5+debian0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.5+debian0-1.

\n

We recommend that you upgrade your horde3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch6.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch6_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1898": "
\n

Debian Security Advisory

\n

DSA-1898-1 openswan -- denial of service

\n
\n
Date Reported:
\n
02 Oct 2009
\n
Affected Packages:
\n
\nopenswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2185.
\n
More information:
\n
\n

It was discovered that the pluto daemon in openswan, an\nimplementation of IPSEC and IKE, could crash when processing a crafted\nX.509 certificate.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 2.4.6+dfsg.2-1.1+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.12+dfsg-1.3+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.22+dfsg-1.

\n

We recommend that you upgrade your openswan package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1899": "
\n

Debian Security Advisory

\n

DSA-1899-1 strongswan -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Oct 2009
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 531612, Bug 533837, Bug 540144.
In Mitre's CVE dictionary: CVE-2009-1957, CVE-2009-1958, CVE-2009-2185, CVE-2009-2661.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in strongswan, an\nimplementation of the IPSEC and IKE protocols. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1957\nCVE-2009-1958\n

    The charon daemon can crash when processing certain crafted IKEv2\npackets. (The old stable distribution (etch) was not affected by\nthese two problems because it lacks IKEv2 support.)

    • \n
  • CVE-2009-2185\nCVE-2009-2661\n

    The pluto daemon could crash when processing a crafted X.509\ncertificate.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 2.8.0+dfsg-1+etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.4-5+lenny3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.2-1.1.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1900": "
\n

Debian Security Advisory

\n

DSA-1900-1 postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Oct 2009
\n
Affected Packages:
\n
\npostgresql-7.4
postgresql-8.1
postgresql-8.3
postgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3229, CVE-2009-3230, CVE-2009-3231.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PostgreSQL, an SQL\ndatabase system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-3229\n

    Authenticated users can shut down the backend server by re-LOAD-ing\nlibraries in $libdir/plugins, if any libraries are present there.\n(The old stable distribution (etch) is not affected by this issue.)

    • \n
  • CVE-2009-3230\n

    Authenticated non-superusers can gain database superuser privileges if\nthey can create functions and tables due to incorrect execution of\nfunctions in functional indexes.

    • \n
  • CVE-2009-3231\n

    If PostgreSQL is configured with LDAP authentication, and the LDAP\nconfiguration allows anonymous binds, it is possible for a user to\nauthenticate themselves with an empty password. (The old stable\ndistribution (etch) is not affected by this issue.)

    • \n
\n

In addition, this update contains reliability improvements which do\nnot target security issues.

\n

For the old stable distribution (etch), these problems have been fixed\nin version 7.4.26-0etch1 of the postgresql-7.4 source package, and\nversion 8.1.18-0etch1 of the postgresql-8.1 source package.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 8.3.8-0lenny1 of the postgresql-8.3 source package.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8.3.8-1 of the postgresql-8.3 source package, and version\n8.4.1-1 of the postgresql-8.4 source package.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.26-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.18-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.26-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.26-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.18-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.18-0etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.8-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.8-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.8-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.8-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.8-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.8-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.8-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1901": "
\n

Debian Security Advisory

\n

DSA-1901-1 mediawiki1.7 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2009
\n
Affected Packages:
\n
\nmediawiki1.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 508868, Bug 508869, Bug 508870, Bug 514547.
In Mitre's CVE dictionary: CVE-2008-5249, CVE-2008-5250, CVE-2008-5252, CVE-2009-0737.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mediawiki1.7, a website engine\nfor collaborative work. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-5249\n

    David Remahl discovered that mediawiki1.7 is prone to a cross-site scripting attack.

    • \n
  • CVE-2008-5250\n

    David Remahl discovered that mediawiki1.7, when Internet Explorer is used and\nuploads are enabled, or an SVG scripting browser is used and SVG uploads are\nenabled, allows remote authenticated users to inject arbitrary web script or\nHTML by editing a wiki page.

    • \n
  • CVE-2008-5252\n

    David Remahl discovered that mediawiki1.7 is prone to a cross-site request\nforgery vulnerability in the Special:Import feature.

    • \n
  • CVE-2009-0737\n

    It was discovered that mediawiki1.7 is prone to a cross-site scripting attack in\nthe web-based installer.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in version\n1.7.1-9etch1 for mediawiki1.7, and mediawiki is not affected (it is a\nmetapackage for mediawiki1.7).

\n

The stable (lenny) distribution does not include mediawiki1.7, and these\nproblems have been fixed in version 1:1.12.0-2lenny3 for mediawiki which was\nalready included in the lenny release.

\n

The unstable (sid) and testing (squeeze) distributions do not\ninclude mediawiki1.7, and these problems have been fixed in version 1:1.14.0-1\nfor mediawiki.

\n

We recommend that you upgrade your mediawiki1.7 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7_1.7.1-9etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mediawiki1.7/mediawiki1.7-math_1.7.1-9etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1902": "
\n

Debian Security Advisory

\n

DSA-1902-1 elinks -- buffer overflow

\n
\n
Date Reported:
\n
05 Oct 2009
\n
Affected Packages:
\n
\nelinks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 380347.
In Mitre's CVE dictionary: CVE-2008-7224.
\n
More information:
\n
\n

Jakub Wilk discovered an off-by-one buffer overflow in the charset\nhandling of elinks, a feature-rich text-mode WWW browser, which might\nlead to the execution of arbitrary code if the user is tricked into\nopening a malformed HTML page.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.11.1-1.2etch2.

\n

The stable distribution (lenny) and the unstable distribution (sid)\nalready contain a patch for this problem.

\n

We recommend that you upgrade your elinks package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1903": "
\n

Debian Security Advisory

\n

DSA-1903-1 graphicsmagick -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Oct 2009
\n
Affected Packages:
\n
\ngraphicsmagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 414370, Bug 417862, Bug 444266, Bug 491439, Bug 530946.
In Mitre's CVE dictionary: CVE-2007-1667, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-3134, CVE-2008-6070, CVE-2008-6071, CVE-2008-6072, CVE-2008-6621, CVE-2009-1882.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in graphicsmagick, a\ncollection of image processing tool, which can lead to the execution\nof arbitrary code, exposure of sensitive information or cause DoS.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2007-1667\n

    Multiple integer overflows in XInitImage function in xwd.c for\n GraphicsMagick, allow user-assisted remote attackers to cause a\n denial of service (crash) or obtain sensitive information via\n crafted images with large or negative values that trigger a\n buffer overflow. It only affects the oldstable distribution (etch).

    • \n
  • CVE-2007-1797\n

    Multiple integer overflows allow remote attackers to execute arbitrary\n code via a crafted DCM image, or the colors or comments field in a\n crafted XWD image. It only affects the oldstable distribution (etch).

    • \n
  • CVE-2007-4985\n

    A crafted image file can trigger an infinite loop in the ReadDCMImage\n function or in the ReadXCFImage function. It only affects the oldstable\n distribution (etch).

    • \n
  • CVE-2007-4986\n

    Multiple integer overflows allow context-dependent attackers to execute\n arbitrary code via a crafted .dcm, .dib, .xbm, .xcf, or .xwd image file,\n which triggers a heap-based buffer overflow. It only affects the\n oldstable distribution (etch).

    • \n
  • CVE-2007-4988\n

    A sign extension error allows context-dependent attackers to execute\n arbitrary code via a crafted width value in an image file, which\n triggers an integer overflow and a heap-based buffer overflow. It\n affects only the oldstable distribution (etch).

    • \n
  • CVE-2008-1096\n

    The load_tile function in the XCF coder allows user-assisted remote\n attackers to cause a denial of service or possibly execute arbitrary\n code via a crafted .xcf file that triggers an out-of-bounds heap write.\n It affects only oldstable (etch).

    • \n
  • CVE-2008-3134\n

    Multiple vulnerabilities in GraphicsMagick before 1.2.4 allow remote\n attackers to cause a denial of service (crash, infinite loop, or\n memory consumption) via vectors in the AVI, AVS, DCM, EPT, FITS,\n MTV, PALM, RLA, and TGA decoder readers; and the\n GetImageCharacteristics function in magick/image.c, as reachable\n from a crafted PNG, JPEG, BMP, or TIFF file.

    • \n
  • CVE-2008-6070\n

    Multiple heap-based buffer underflows in the ReadPALMImage function in\n coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers\n to cause a denial of service (crash) or possibly execute arbitrary\n code via a crafted PALM image.

    • \n
  • CVE-2008-6071\n

    Heap-based buffer overflow in the DecodeImage function in\n coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before\n 1.2.3, allows remote attackers to cause a denial of service (crash)\n or possibly execute arbitrary code via a crafted PICT image.

    • \n
  • CVE-2008-6072\n

    Multiple vulnerabilities in GraphicsMagick allow remote attackers to\n cause a denial of service (crash) via vectors in XCF and CINEON images.

    • \n
  • CVE-2008-6621\n

    Vulnerability in GraphicsMagick allows remote attackers to cause a denial\n of service (crash) via vectors in DPX images.

    • \n
  • CVE-2009-1882\n

    Integer overflow allows remote attackers to cause a denial of service\n (crash) and possibly execute arbitrary code via a crafted TIFF file,\n which triggers a buffer overflow.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.1.7-13+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.1.11-3.2+lenny1.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1.3.5-5.1.

\n

We recommend that you upgrade your graphicsmagick packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.7-13+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.7-13+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.11-3.2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.11-3.2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick-dbg_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphics-magick-perl_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/graphicsmagick_1.1.11-3.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/graphicsmagick/libgraphicsmagick1_1.1.11-3.2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1904": "
\n

Debian Security Advisory

\n

DSA-1904-1 wget -- insufficient input validation

\n
\n
Date Reported:
\n
09 Oct 2009
\n
Affected Packages:
\n
\nwget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 549293.
In Mitre's CVE dictionary: CVE-2009-3490.
\n
More information:
\n
\n

Daniel Stenberg discovered that wget, a network utility to retrieve files from\nthe Web using HTTP(S) and FTP, is vulnerable to the \"Null Prefix Attacks Against\nSSL/TLS Certificates\" published at the Blackhat conference some time ago. This\nallows an attacker to perform undetected man-in-the-middle attacks via a crafted\nITU-T X.509 certificate with an injected null byte in the Common Name field.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.10.2-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.11.4-2+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.12-1.

\n

We recommend that you upgrade your wget packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.10.2-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1905": "
\n

Debian Security Advisory

\n

DSA-1905-1 python-django -- insufficient input validation

\n
\n
Date Reported:
\n
10 Oct 2009
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 550457.
\n
More information:
\n
\n

The forms library of python-django, a high-level Python web development\nframework, is using a badly chosen regular expression when validating\nemail addresses and URLs. An attacker can use this to perform denial\nof service attacks (100% CPU consumption) due to bad backtracking\nvia a specially crafted email address or URL which is validated by the\ndjango forms library.

\n

python-django in the oldstable distribution (etch), is not affected by\nthis problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.1-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_1.0.2-1+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_1.0.2-1+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python-django/python-django_1.0.2-1+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1906": "
\n

Debian Security Advisory

\n

DSA-1906-1 clamav -- End-of-life announcement for clamav in stable and oldstable

\n
\n
Date Reported:
\n
11 Oct 2009
\n
Affected Packages:
\n
\nclamav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Security support for clamav, an anti-virus utility for Unix, has been\ndiscontinued for the stable distribution (lenny) and the oldstable\ndistribution (etch). Clamav Upstream has stopped supporting the\nreleases in etch and lenny. Also, it is not easily possible to receive\nsignature updates for the virus scanner with our released versions\nanymore.

\n

We recommend that all clamav users consider switching to the\nversion in debian-volatile, which receives regular updates and security\nsupport on a best effort basis.

\n

For more information on debian-volatile, please visit\nhttps://www.debian.org/volatile/.

\n
\n
Fixed in:
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n
\n
\n
\n
", "1907": "
\n

Debian Security Advisory

\n

DSA-1907-1 kvm -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Oct 2009
\n
Affected Packages:
\n
\nkvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 509997, Bug 548975.
In Mitre's CVE dictionary: CVE-2008-5714, CVE-2009-3290.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in kvm, a full virtualization system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2008-5714\n

    Chris Webb discovered an off-by-one bug limiting KVM's VNC passwords to 7\ncharacters. This flaw might make it easier for remote attackers to guess the VNC\npassword, which is limited to seven characters where eight was intended.

    • \n
  • CVE-2009-3290\n

    It was discovered that the kvm_emulate_hypercall function in KVM does not\nprevent access to MMU hypercalls from ring 0, which allows local guest OS users\nto cause a denial of service (guest kernel crash) and read or write guest kernel\nmemory.

    • \n
\n

The oldstable distribution (etch) does not contain kvm.

\n

For the stable distribution (lenny), these problems have been fixed in version\n72+dfsg-5~lenny3.

\n

For the testing distribution (squeeze) these problems will be fixed soon.

\n

For the unstable distribution (sid) these problems have been fixed in version\n85+dfsg-4.1

\n

We recommend that you upgrade your kvm packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny3.dsc
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny3_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny3_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny3_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1908": "
\n

Debian Security Advisory

\n

DSA-1908-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Oct 2009
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2948, CVE-2009-2906, CVE-2009-2813.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in samba, an implementation of\nthe SMB/CIFS protocol for Unix systems, providing support for cross-platform\nfile and printer sharing with other operating systems and more. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-2948\n

    The mount.cifs utility is missing proper checks for file permissions when\nused in verbose mode. This allows local users to partly disclose the\ncontent of arbitrary files by specifying the file as credentials file and\nattempting to mount a samba share.

    • \n
  • CVE-2009-2906\n

    A reply to an oplock break notification which samba doesn't expect could\nlead to the service getting stuck in an infinite loop. An attacker\ncan use this to perform denial of service attacks via a specially crafted\nSMB request.

    • \n
  • CVE-2009-2813\n

    A lack of error handling in case no home directory was configured/specified\nfor the user could lead to file disclosure. In case the automated [homes]\nshare is enabled or an explicit share is created with that username, samba\nfails to enforce sharing restrictions which results in an attacker being\nable to access the file system from the root directory.

    • \n
\n

For the oldstable distribution (etch), this problem will be fixed soon.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2:3.2.5-4lenny7.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.4.2-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1909": "
\n

Debian Security Advisory

\n

DSA-1909-1 postgresql-ocaml -- missing escape function

\n
\n
Date Reported:
\n
14 Oct 2009
\n
Affected Packages:
\n
\npostgresql-ocaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2943.
\n
More information:
\n
\n

It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's\nlibpq, was missing a function to call PQescapeStringConn(). This is\nneeded, because PQescapeStringConn() honours the charset of the\nconnection and prevents insufficient escaping, when certain multibyte\ncharacter encodings are used. The added function is called\nescape_string_conn() and takes the established database connection as a\nfirst argument. The old escape_string() was kept for backwards\ncompatibility.

\n

Developers using these bindings are encouraged to adjust their code to\nuse the new function.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.4-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.7.0-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.12.1-1.

\n

We recommend that you upgrade your postgresql-ocaml packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.5.4-2+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.5.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.5.4-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/postgresql-ocaml_1.7.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml_1.7.0-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-ocaml/libpostgresql-ocaml-dev_1.7.0-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1910": "
\n

Debian Security Advisory

\n

DSA-1910-1 mysql-ocaml -- missing escape function

\n
\n
Date Reported:
\n
14 Oct 2009
\n
Affected Packages:
\n
\nmysql-ocaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2942.
\n
More information:
\n
\n

It was discovered that mysql-ocaml, OCaml bindings for MySql, was\nmissing a function to call mysql_real_escape_string(). This is needed,\nbecause mysql_real_escape_string() honours the charset of the connection\nand prevents insufficient escaping, when certain multibyte character\nencodings are used. The added function is called real_escape() and\ntakes the established database connection as a first argument. The old\nescape_string() was kept for backwards compatibility.

\n

Developers using these bindings are encouraged to adjust their code to\nuse the new function.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your mysql-ocaml packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-2+etch1.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_amd64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-2+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-2+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/mysql-ocaml_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml_1.0.4-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-ocaml/libmysql-ocaml-dev_1.0.4-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1911": "
\n

Debian Security Advisory

\n

DSA-1911-1 pygresql -- missing escape function

\n
\n
Date Reported:
\n
14 Oct 2009
\n
Affected Packages:
\n
\npygresql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2940.
\n
More information:
\n
\n

It was discovered that pygresql, a PostgreSQL module for Python, was\nmissing a function to call PQescapeStringConn(). This is needed, because\nPQescapeStringConn() honours the charset of the connection and prevents\ninsufficient escaping, when certain multibyte character encodings are\nused. The new function is called pg_escape_string(), which takes the\ndatabase connection as a first argument. The old function\nescape_string() has been preserved as well for backwards compatibility.

\n

Developers using these bindings are encouraged to adjust their code to\nuse the new function.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1:3.8.1-1etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:3.8.1-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1:4.0-1.

\n

We recommend that you upgrade your pygresql packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-1etch2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-1etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pygresql/pygresql_3.8.1-3+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql-dbg_3.8.1-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pygresql/python-pygresql_3.8.1-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1912": "
\n

Debian Security Advisory

\n

DSA-1912-1 camlimages -- integer overflow

\n
\n
Date Reported:
\n
16 Oct 2009
\n
Affected Packages:
\n
\ncamlimages\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3296, CVE-2009-2660.
\n
More information:
\n
\n

It was discovered that CamlImages, an open source image processing\nlibrary, suffers from several integer overflows, which may lead to a\npotentially exploitable heap overflow and result in arbitrary code\nexecution. This advisory addresses issues with the reading of TIFF\nfiles. It also expands the patch for CVE-2009-2660 to cover another\npotential overflow in the processing of JPEG images.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.20-8+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:2.2.0-4+lenny3.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your camlimages package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.dsc
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.20-8+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.20-8+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.20-8+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-doc_2.2.0-4+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml_2.2.0-4+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimages-ocaml-dev_2.2.0-4+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1913": "
\n

Debian Security Advisory

\n

DSA-1913-1 bugzilla -- SQL injection vulnerability

\n
\n
Date Reported:
\n
17 Oct 2009
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 547132.
In Mitre's CVE dictionary: CVE-2009-3165.
\n
More information:
\n
\n

Max Kanat-Alexander, Bradley Baetz, and Fr\u00e9d\u00e9ric Buclin discovered an SQL\ninjection vulnerability in the Bug.create WebService function in Bugzilla, a\nweb-based bug tracking system, which allows remote attackers to execute\narbitrary SQL commands.

\n

The oldstable distribution (etch) isn't affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in version\n3.0.4.1-2+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bugzilla packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_3.0.4.1-2+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla_3.0.4.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla3_3.0.4.1-2+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/b/bugzilla/bugzilla3-doc_3.0.4.1-2+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1914": "
\n

Debian Security Advisory

\n

DSA-1914-1 mapserver -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Oct 2009
\n
Affected Packages:
\n
\nmapserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0843, CVE-2009-0842, CVE-2009-0841, CVE-2009-0840, CVE-2009-0839, CVE-2009-2281.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mapserver, a CGI-based\nweb framework to publish spatial data and interactive mapping applications.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-0843\n

    Missing input validation on a user supplied map queryfile name can be\n used by an attacker to check for the existence of a specific file by\n using the queryfile GET parameter and checking for differences in error\n messages.

    • \n
  • CVE-2009-0842\n

    A lack of file type verification when parsing a map file can lead to\n partial disclosure of content from arbitrary files through parser error\n messages.

    • \n
  • CVE-2009-0841\n

    Due to missing input validation when saving map files under certain\n conditions it is possible to perform directory traversal attacks and\n to create arbitrary files.\n NOTE: Unless the attacker is able to create directories in the image\n path or there is already a readable directory this doesn't affect\n installations on Linux as the fopen() syscall will fail in case a sub\n path is not readable.

    • \n
  • CVE-2009-0839\n

    It was discovered that mapserver is vulnerable to a stack-based buffer\n overflow when processing certain GET parameters. An attacker can use\n this to execute arbitrary code on the server via crafted id parameters.

    • \n
  • CVE-2009-0840\n

    An integer overflow leading to a heap-based buffer overflow when\n processing the Content-Length header of an HTTP request can be used by an\n attacker to execute arbitrary code via crafted POST requests containing\n negative Content-Length values.

    • \n
  • CVE-2009-2281\n

    An integer overflow when processing HTTP requests can lead to a\n heap-based buffer overflow. An attacker can use this to execute arbitrary\n code either via crafted Content-Length values or large HTTP request. This\n is partly because of an incomplete fix for\n CVE-2009-0840.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 4.10.0-5.1+etch4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 5.0.3-3+lenny4.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 5.4.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.4.2-1.

\n

We recommend that you upgrade your mapserver packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.dsc
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_4.10.0-5.1+etch4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_4.10.0-5.1+etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_4.10.0-5.1+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php4-mapscript_4.10.0-5.1+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_4.10.0-5.1+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_4.10.0-5.1+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_4.10.0-5.1+etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_4.10.0-5.1+etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1915": "
\n

Debian Security Advisory

\n

DSA-1915-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
22 Oct 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2695, CVE-2009-2903, CVE-2009-2908, CVE-2009-2909, CVE-2009-2910, CVE-2009-3001, CVE-2009-3002, CVE-2009-3286, CVE-2009-3290, CVE-2009-3613.
\n
More information:
\n
\n

Notice: Debian 5.0.4, the next point release of Debian 'lenny',\nwill include a new default value for the mmap_min_addr tunable.\nThis change will add an additional safeguard against a class of security\nvulnerabilities known as \"NULL pointer dereference\" vulnerabilities, but\nit will need to be overridden when using certain applications.\nAdditional information about this change, including instructions for\nmaking this change locally in advance of 5.0.4 (recommended), can be\nfound at: https://wiki.debian.org/mmap_min_addr.

\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege escalation.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-2695\n

    Eric Paris provided several fixes to increase the protection\n provided by the mmap_min_addr tunable against NULL pointer\n dereference vulnerabilities.

    • \n
  • CVE-2009-2903\n

    Mark Smith discovered a memory leak in the appletalk\n implementation. When the appletalk and ipddp modules are loaded,\n but no ipddp\"N\" device is found, remote attackers can cause a\n denial of service by consuming large amounts of system memory.

    • \n
  • CVE-2009-2908\n

    Loic Minier discovered an issue in the eCryptfs filesystem. A\n local user can cause a denial of service (kernel oops) by causing\n a dentry value to go negative.

    • \n
  • CVE-2009-2909\n

    Arjan van de Ven discovered an issue in the AX.25 protocol\n implementation. A specially crafted call to setsockopt() can\n result in a denial of service (kernel oops).

    • \n
  • CVE-2009-2910\n

    Jan Beulich discovered the existence of a sensitive kernel memory\n leak. Systems running the 'amd64' kernel do not properly sanitize\n registers for 32-bit processes.

    • \n
  • CVE-2009-3001\n

    Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE\n 802.2 LLC implementation. This is not exploitable in the Debian\n lenny kernel as root privileges are required to exploit this\n issue.

    • \n
  • CVE-2009-3002\n

    Eric Dumazet fixed several sensitive memory leaks in the IrDA,\n X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area\n Network (CAN) implementations. Local users can exploit these\n issues to gain access to kernel memory.

    • \n
  • CVE-2009-3286\n

    Eric Paris discovered an issue with the NFSv4 server\n implementation. When an O_EXCL create fails, files may be left\n with corrupted permissions, possibly granting unintentional\n privileges to other local users.

    • \n
  • CVE-2009-3290\n

    Jan Kiszka noticed that the kvm_emulate_hypercall function in KVM\n does not prevent access to MMU hypercalls from ring 0, which\n allows local guest OS users to cause a denial of service (guest\n kernel crash) and read or write guest kernel memory.

    • \n
  • CVE-2009-3613\n

    Alistair Strachan reported an issue in the r8169 driver. Remote\n users can cause a denial of service (IOMMU space exhaustion and\n system crash) by transmitting a large amount of jumbo frames.

    • \n
\n

For the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-19lenny1.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+19lenny1
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-19lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-19lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-19lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-19lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-19lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1916": "
\n

Debian Security Advisory

\n

DSA-1916-1 kdelibs -- insufficient input validation

\n
\n
Date Reported:
\n
23 Oct 2009
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 546212.
In Mitre's CVE dictionary: CVE-2009-2702.
\n
More information:
\n
\n

Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from\nthe official KDE release, does not properly handle a '\\0' character in a domain\nname in the Subject Alternative Name field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a crafted\ncertificate issued by a legitimate Certification Authority.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 4:3.5.5a.dfsg.1-8etch3.

\n

Due to a bug in the archive system, the fix for the stable distribution\n(lenny), will be released as version 4:3.5.10.dfsg.1-0lenny3 once it is\navailable.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 4:3.5.10.dfsg.1-2.1.

\n

We recommend that you upgrade your kdelibs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1917": "
\n

Debian Security Advisory

\n

DSA-1917-1 mimetex -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Oct 2009
\n
Affected Packages:
\n
\nmimetex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 537254.
In Mitre's CVE dictionary: CVE-2009-1382, CVE-2009-2459.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mimetex, a lightweight\nalternative to MathML. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-1382\n

    Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow.\nAn attacker could execute arbitrary code via a TeX file with long picture,\ncircle, input tags.

    • \n
  • CVE-2009-2459\n

    Chris Evans discovered that mimeTeX contained certain directives that may be\nunsuitable for handling untrusted user input. A remote attacker can obtain\nsensitive information.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.50-1+etch1.

\n

Due to a bug in the archive system, the fix for the stable distribution\n(lenny) will be released as version 1.50-1+lenny1 once it is available.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems have been fixed in version 1.50-1.1.

\n

We recommend that you upgrade your mimetex packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mimetex/mimetex_1.50-1+etch1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1918": "
\n

Debian Security Advisory

\n

DSA-1918-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Oct 2009
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 552194.
In Mitre's CVE dictionary: CVE-2009-3696, CVE-2009-3697.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-3696\n

    Cross-site scripting (XSS) vulnerability allows remote attackers to\n inject arbitrary web script or HTML via a crafted MySQL table name.

    • \n
  • CVE-2009-3697\n

    SQL injection vulnerability in the PDF schema generator functionality\n allows remote attackers to execute arbitrary SQL commands. This issue\n does not apply to the version in Debian 4.0 Etch.

    • \n
\n

Additionally, extra fortification has been added for the web based setup.php\nscript. Although the shipped web server configuration should ensure that\nthis script is protected, in practice this turned out not always to be the\ncase. The config.inc.php file is not writable anymore by the webserver user.\nSee README.Debian for details on how to enable the setup.php\nscript if and when you need it.

\n

For the old stable distribution (etch), these problems have been fixed in\nversion 2.9.1.1-13.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.2.1-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.9.1.1-13_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1919": "
\n

Debian Security Advisory

\n

DSA-1919-1 smarty -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Oct 2009
\n
Affected Packages:
\n
\nsmarty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 504328, Bug 529810.
In Mitre's CVE dictionary: CVE-2008-4810, CVE-2009-1669.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Smarty, a PHP\ntemplating engine. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2008-4810\n

    The _expand_quoted_text function allows for certain restrictions in\n templates, like function calling and PHP execution, to be bypassed.

    • \n
  • CVE-2009-1669\n

    The smarty_function_math function allows context-dependent attackers\n to execute arbitrary commands via shell metacharacters in the equation\n attribute of the math function.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 2.6.14-1etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.20-1.2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your smarty package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2.dsc
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.14-1etch2_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2.dsc
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smarty/smarty_2.6.20-1.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1920": "
\n

Debian Security Advisory

\n

DSA-1920-1 nginx -- denial of service

\n
\n
Date Reported:
\n
26 Oct 2009
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 552035.
\n
More information:
\n
\n

A denial of service vulnerability has been found in nginx, a small and\nefficient web server.

\n

Jasson Bell discovered that a remote attacker could cause a denial of service\n(segmentation fault) by sending a crafted request.

\n

For the old stable distribution (etch), this problem has been fixed in version\n0.4.13-2+etch3.

\n

For the stable distribution (lenny), this problem has been fixed in version\n0.6.32-3+lenny3.

\n

For the testing (squeeze) and unstable (sid) distributions, this problem has\nbeen fixed in version 0.7.62-1.

\n

We recommend that you upgrade your nginx package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.dsc
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nginx/nginx_0.6.32-3+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1921": "
\n

Debian Security Advisory

\n

DSA-1921-1 expat -- denial of service

\n
\n
Date Reported:
\n
28 Oct 2009
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 551936.
In Mitre's CVE dictionary: CVE-2009-2625.
\n
More information:
\n
\n

Peter Valchev discovered an error in expat, an XML parsing C library,\nwhen parsing certain UTF-8 sequences, which can be exploited to crash an\napplication using the library.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.95.8-3.4+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-4+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your expat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_i386.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch1_sparc.udeb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_ia64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny1_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1922": "
\n

Debian Security Advisory

\n

DSA-1922-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Oct 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-3380\n

    Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel\n Banchero, David Keeler and Boris Zbarsky reported crashes in\n layout engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2009-3382\n

    Carsten Book reported a crash in the layout engine, which might\n allow the execution of arbitrary code.

    • \n
  • CVE-2009-3376\n

    Jesse Ruderman and Sid Stamm discovered spoofing vulnerability\n in the file download dialog.

    • \n
  • CVE-2009-3375\n

    Gregory Fleischer discovered a bypass of the same-origin policy\n using the document.getSelection() function.

    • \n
  • CVE-2009-3374\n

    \"moz_bug_r_a4\" discovered a privilege escalation to Chrome status\n in the XPCOM utility XPCVariant::VariantDataToJS.

    • \n
  • CVE-2009-3373\n

    \"regenrecht\" discovered a buffer overflow in the GIF parser, which\n might lead to the execution of arbitrary code.

    • \n
  • CVE-2009-3372\n

    Marco C. discovered that a programming error in the proxy auto\n configuration code might lead to denial of service or the\n execution of arbitrary code.

    • \n
  • CVE-2009-3274\n

    Jeremy Brown discovered that the filename of a downloaded file\n which is opened by the user is predictable, which might lead to\n tricking the user into a malicious file if the attacker has local\n access to the system.

    • \n
  • CVE-2009-3370\n

    Paul Stone discovered that history information from web forms\n could be stolen.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed\nin version 1.9.0.15-0lenny1.

\n

As indicated in the Etch\nrelease notes, security support for the Mozilla products in the oldstable\ndistribution needed to be stopped before the end of the regular Etch security\nmaintenance life cycle. You are strongly encouraged to upgrade to stable or\nswitch to a still supported browser.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.4-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.15.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.15-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.15-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.15-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1923": "
\n

Debian Security Advisory

\n

DSA-1923-1 libhtml-parser-perl -- denial of service

\n
\n
Date Reported:
\n
27 Oct 2009
\n
Affected Packages:
\n
\nlibhtml-parser-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 552531.
In Mitre's CVE dictionary: CVE-2009-3627.
\n
More information:
\n
\n

A denial of service vulnerability has been found in libhtml-parser-perl,\na collection of modules to parse HTML in text documents which is used by\nseveral other projects like e.g. SpamAssassin.

\n

Mark Martinec discovered that the decode_entities() function will get stuck\nin an infinite loop when parsing certain HTML entities with invalid UTF-8\ncharacters. An attacker can use this to perform denial of service attacks\nby submitting crafted HTML to an application using this functionality.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.55-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.56-1+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your libhtml-parser-perl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1924": "
\n

Debian Security Advisory

\n

DSA-1924-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Oct 2009
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3298, CVE-2009-3299.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in mahara, an electronic portfolio,\nweblog, and resume builder. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-3298\n

    Ruslan Kabalin discovered a issue with resetting passwords, which could\nlead to a privilege escalation of an institutional administrator\naccount.

    • \n
  • CVE-2009-3299\n

    Sven Vetsch discovered a cross-site scripting vulnerability via the\nresume fields.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.4-4+lenny4.

\n

The oldstable distribution (etch) does not contain mahara.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your mahara packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1925": "
\n

Debian Security Advisory

\n

DSA-1925-1 proftpd-dfsg -- insufficient input validation

\n
\n
Date Reported:
\n
31 Oct 2009
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3639.
\n
More information:
\n
\n

It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon,\ndoes not properly handle a '\\0' character in a domain name in the\nSubject Alternative Name field of an X.509 client certificate, when the\ndNSNameRequired TLS option is enabled.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny4.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.3.0-19etch3.

\n

Binaries for the amd64 architecture will be released once they are\navailable.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.2a-2.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.tar.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.0-19etch3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mysql_1.3.0-19etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-ldap_1.3.0-19etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-pgsql_1.3.0-19etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.0-19etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.0-19etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.dsc
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1-17lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-dfsg_1.3.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-doc_1.3.1-17lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd_1.3.1-17lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_alpha.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-pgsql_1.3.1-17lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-basic_1.3.1-17lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-mysql_1.3.1-17lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/proftpd-dfsg/proftpd-mod-ldap_1.3.1-17lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1926": "
\n

Debian Security Advisory

\n

DSA-1926-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Nov 2009
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 552020.
In Mitre's CVE dictionary: CVE-2009-3628, CVE-2009-3629, CVE-2009-3630, CVE-2009-3631, CVE-2009-3632, CVE-2009-3633, CVE-2009-3634, CVE-2009-3635, CVE-2009-3636.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-3628\n

    The Backend subcomponent allows remote authenticated users to\n determine an encryption key via crafted input to a form field.

    • \n
  • CVE-2009-3629\n

    Multiple cross-site scripting (XSS) vulnerabilities in the\n Backend subcomponent allow remote authenticated users to inject\n arbitrary web script or HTML.

    • \n
  • CVE-2009-3630\n

    The Backend subcomponent allows remote authenticated users to\n place arbitrary web sites in TYPO3 backend framesets via\n crafted parameters.

    • \n
  • CVE-2009-3631\n

    The Backend subcomponent, when the DAM extension or ftp upload\n is enabled, allows remote authenticated users to execute\n arbitrary commands via shell metacharacters in a filename.

    • \n
  • CVE-2009-3632\n

    SQL injection vulnerability in the traditional frontend editing\n feature in the Frontend Editing subcomponent allows remote\n authenticated users to execute arbitrary SQL commands.

    • \n
  • CVE-2009-3633\n

    Cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script.

    • \n
  • CVE-2009-3634\n

    Cross-site scripting (XSS) vulnerability in the Frontend Login Box\n (aka felogin) subcomponent allows remote attackers to inject\n arbitrary web script or HTML.

    • \n
  • CVE-2009-3635\n

    The Install Tool subcomponent allows remote attackers to gain access\n by using only the password's md5 hash as a credential.

    • \n
  • CVE-2009-3636\n

    Cross-site scripting (XSS) vulnerability in the Install Tool\n subcomponent allows remote attackers to inject arbitrary web script\n or HTML.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed\nin version 4.0.2+debian-9.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.10-1.

\n

We recommend that you upgrade your typo3-src package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.0_4.0.2+debian-9_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.0.2+debian-9_all.deb
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-9.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.0.2+debian-9.dsc
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1927": "
\n

Debian Security Advisory

\n

DSA-1927-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
05 Nov 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3228, CVE-2009-3238, CVE-2009-3547, CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3638.
\n
More information:
\n
\n

Notice: Debian 5.0.4, the next point release of Debian 'lenny', will\ninclude a new default value for the mmap_min_addr tunable. This\nchange will add an additional safeguard against a class of security\nvulnerabilities known as \"NULL pointer dereference\" vulnerabilities,\nbut it will need to be overridden when using certain applications.\nAdditional information about this change, including instructions for\nmaking this change locally in advance of 5.0.4 (recommended), can be\nfound at:\nhttps://wiki.debian.org/mmap_min_addr.

\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-3228\n

    Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.

    • \n
  • CVE-2009-3238\n

    Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.

    • \n
  • CVE-2009-3547\n

    Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.

    • \n
  • CVE-2009-3612\n

    Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.

    • \n
  • CVE-2009-3620\n

    Ben Hutchings discovered an issue in the DRM manager for ATI Rage\n 128 graphics adapters. Local users may be able to exploit this\n vulnerability to cause a denial of service (NULL pointer\n dereference).

    • \n
  • CVE-2009-3621\n

    Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).

    • \n
  • CVE-2009-3638\n

    David Wagner reported an overflow in the KVM subsystem on i386\n systems. This issue is exploitable by local users with access to\n the /dev/kvm device file.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-19lenny2.

\n

For the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

The following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+19lenny2
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-19lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-19lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-19lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-19lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-19lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-19lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-19lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-19lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-19lenny2_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-19lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-19lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-19lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-19lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-19lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-19lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-19lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-19lenny2_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1928": "
\n

Debian Security Advisory

\n

DSA-1928-1 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
05 Nov 2009
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2846, CVE-2009-2847, CVE-2009-2848, CVE-2009-2849, CVE-2009-2903, CVE-2009-2908, CVE-2009-2909, CVE-2009-2910, CVE-2009-3001, CVE-2009-3002, CVE-2009-3228, CVE-2009-3238, CVE-2009-3286, CVE-2009-3547, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-2846\n

    Michael Buesch noticed a typing issue in the eisa-eeprom driver\n for the hppa architecture. Local users could exploit this issue to\n gain access to restricted memory.

    • \n
  • CVE-2009-2847\n

    Ulrich Drepper noticed an issue in the do_sigalstack routine on\n 64-bit systems. This issue allows local users to gain access to\n potentially sensitive memory on the kernel stack.

    • \n
  • CVE-2009-2848\n

    Eric Dumazet discovered an issue in the execve path, where the\n clear_child_tid variable was not being properly cleared. Local\n users could exploit this issue to cause a denial of service\n (memory corruption).

    • \n
  • CVE-2009-2849\n

    Neil Brown discovered an issue in the sysfs interface to md\n devices. When md arrays are not active, local users can exploit\n this vulnerability to cause a denial of service (oops).

    • \n
  • CVE-2009-2903\n

    Mark Smith discovered a memory leak in the appletalk\n implementation. When the appletalk and ipddp modules are loaded,\n but no ipddp\"N\" device is found, remote attackers can cause a\n denial of service by consuming large amounts of system memory.

    • \n
  • CVE-2009-2908\n

    Loic Minier discovered an issue in the eCryptfs filesystem. A\n local user can cause a denial of service (kernel oops) by causing\n a dentry value to go negative.

    • \n
  • CVE-2009-2909\n

    Arjan van de Ven discovered an issue in the AX.25 protocol\n implementation. A specially crafted call to setsockopt() can\n result in a denial of service (kernel oops).

    • \n
  • CVE-2009-2910\n

    Jan Beulich discovered the existence of a sensitive kernel memory\n leak. Systems running the 'amd64' kernel do not properly sanitize\n registers for 32-bit processes.

    • \n
  • CVE-2009-3001\n

    Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE\n 802.2 LLC implementation. This is not exploitable in the Debian\n lenny kernel as root privileges are required to exploit this\n issue.

    • \n
  • CVE-2009-3002\n

    Eric Dumazet fixed several sensitive memory leaks in the IrDA,\n X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area\n Network (CAN) implementations. Local users can exploit these\n issues to gain access to kernel memory.

    • \n
  • CVE-2009-3228\n

    Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.\n

  • CVE-2009-3238\n

    Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.

    • \n
  • CVE-2009-3286\n

    Eric Paris discovered an issue with the NFSv4 server\n implementation. When an O_EXCL create fails, files may be left\n with corrupted permissions, possibly granting unintentional\n privileges to other local users.

    • \n
  • CVE-2009-3547\n

    Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.

    • \n
  • CVE-2009-3612\n

    Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.

    • \n
  • CVE-2009-3613\n

    Alistair Strachan reported an issue in the r8169 driver. Remote\n users can cause a denial of service (IOMMU space exhaustion and\n system crash) by transmitting a large amount of jumbo frames.

    • \n
  • CVE-2009-3620\n

    Ben Hutchings discovered an issue in the DRM manager for ATI Rage\n 128 graphics adapters. Local users may be able to exploit this\n vulnerability to cause a denial of service (NULL pointer\n dereference).

    • \n
  • CVE-2009-3621\n

    Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).

    • \n

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.24-6~etchnhalf.9etch1.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch1_mipsel.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1929": "
\n

Debian Security Advisory

\n

DSA-1929-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
05 Nov 2009
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1883, CVE-2009-2909, CVE-2009-3001, CVE-2009-3002, CVE-2009-3228, CVE-2009-3238, CVE-2009-3286, CVE-2009-3547, CVE-2009-3612, CVE-2009-3621.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-1883\n

    Solar Designer discovered a missing capability check in the\n z90crypt driver or s390 systems. This vulnerability may allow\n a local user to gain elevated privileges.

    • \n
  • CVE-2009-2909\n

    Arjan van de Ven discovered an issue in the AX.25 protocol\n implementation. A specially crafted call to setsockopt() can\n result in a denial of service (kernel oops).

    • \n
  • CVE-2009-3001\n

    Jiri Slaby fixed a sensitive memory leak issue in the ANSI/IEEE\n 802.2 LLC implementation. This is not exploitable in the Debian\n lenny kernel as root privileges are required to exploit this\n issue.

    • \n
  • CVE-2009-3002\n

    Eric Dumazet fixed several sensitive memory leaks in the IrDA,\n X.25 PLP (Rose), NET/ROM, Acorn Econet/AUN, and Controller Area\n Network (CAN) implementations. Local users can exploit these\n issues to gain access to kernel memory.

    • \n
  • CVE-2009-3228\n

    Eric Dumazet reported an instance of uninitialized kernel memory\n in the network packet scheduler. Local users may be able to\n exploit this issue to read the contents of sensitive kernel\n memory.

    • \n
  • CVE-2009-3238\n

    Linus Torvalds provided a change to the get_random_int() function\n to increase its randomness.

    • \n
  • CVE-2009-3286\n

    Eric Paris discovered an issue with the NFSv4 server\n implementation. When an O_EXCL create fails, files may be left\n with corrupted permissions, possibly granting unintentional\n privileges to other local users.

    • \n
  • CVE-2009-3547\n

    Earl Chew discovered a NULL pointer dereference issue in the\n pipe_rdwr_open function which can be used by local users to gain\n elevated privileges.

    • \n
  • CVE-2009-3612\n

    Jiri Pirko discovered a typo in the initialization of a structure\n in the netlink subsystem that may allow local users to gain access\n to sensitive kernel memory.

    • \n
  • CVE-2009-3621\n

    Tomoki Sekiyama discovered a deadlock condition in the UNIX domain\n socket implementation. Local users can exploit this vulnerability\n to cause a denial of service (system hang).

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-26etch1.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

Note: Debian 'etch' includes linux kernel packages based upon both the\n2.6.18 and 2.6.24 linux releases. All known security issues are\ncarefully tracked against both packages and both packages will receive\nsecurity updates until security support for Debian 'etch'\nconcludes. However, given the high frequency at which low-severity\nsecurity issues are discovered in the kernel and the resource\nrequirements of doing an update, lower severity 2.6.18 and 2.6.24\nupdates will typically release in a staggered or \"leap-frog\" fashion.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch1
user-mode-linux 2.6.18-1um-2etch.26etch1
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1930": "
\n

Debian Security Advisory

\n

DSA-1930-1 drupal6 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2009
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 535435, Bug 547140.
In Mitre's CVE dictionary: CVE-2009-2372, CVE-2009-2373, CVE-2009-2374.
\n
More information:
\n
\n

Several vulnerabilities have been found in drupal6, a fully-featured\ncontent management framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-2372\n

    Gerhard Killesreiter discovered a flaw in the way user signatures are\nhandled. It is possible for a user to inject arbitrary code via a\ncrafted user signature. (SA-CORE-2009-007)

    • \n
  • CVE-2009-2373\n

    Mark Piper, Sven Herrmann and Brandon Knight discovered a cross-site\nscripting issue in the forum module, which could be exploited via the\ntid parameter. (SA-CORE-2009-007)

    • \n
  • CVE-2009-2374\n

    Sumit Datta discovered that certain drupal6 pages leak sensitive\ninformation such as user credentials. (SA-CORE-2009-007)

    • \n
\n

Several design flaws in the OpenID module have been fixed, which could\nlead to cross-site request forgeries or privilege escalations. Also, the\nfile upload function does not process all extensions properly leading\nto the possible execution of arbitrary code.\n(SA-CORE-2009-008)

\n

The oldstable distribution (etch) does not contain drupal6.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 6.6-3lenny3.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 6.14-1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1931": "
\n

Debian Security Advisory

\n

DSA-1931-1 nspr -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Nov 2009
\n
Affected Packages:
\n
\nnspr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1563, CVE-2009-2463.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the NetScape Portable\nRuntime Library, which may lead to the execution of arbitrary code. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1563\n

    A programming error in the string handling code may lead to the\n execution of arbitrary code.

    • \n
  • CVE-2009-2463\n

    An integer overflow in the Base64 decoding functions may lead to\n the execution of arbitrary code.

    • \n
\n

The old stable distribution (etch) doesn't contain nspr.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.7.1-5.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 4.8.2-1.

\n

We recommend that you upgrade your NSPR packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.dsc
\n
http://security.debian.org/pool/updates/main/n/nspr/nspr_4.7.1-5.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d_4.7.1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-0d-dbg_4.7.1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nspr/libnspr4-dev_4.7.1-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1932": "
\n

Debian Security Advisory

\n

DSA-1932-1 pidgin -- programming error

\n
\n
Date Reported:
\n
08 Nov 2009
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3615.
\n
More information:
\n
\n

It was discovered that incorrect pointer handling in the purple library,\nan internal component of the multi-protocol instant messaging client\nPidgin, could lead to denial of service or the execution of arbitrary\ncode through malformed contact requests.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.3-4lenny5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.3-1.

\n

We recommend that you upgrade your pidgin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1933": "
\n

Debian Security Advisory

\n

DSA-1933-1 cups -- missing input sanitising

\n
\n
Date Reported:
\n
10 Nov 2009
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2820.
\n
More information:
\n
\n

Aaron Siegel discovered that the web interface of cups, the Common UNIX\nPrinting System, is prone to cross-site scripting attacks.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.2.7-4+etch9.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny7.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cups packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-common_1.2.7-4+etch9_all.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-gnutls10_1.2.7-4+etch9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-client_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-dbg_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2-dev_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2-dev_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys-bsd_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsys2_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/cupsys_1.2.7-4+etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cupsys/libcupsimage2_1.2.7-4+etch9_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1934": "
\n

Debian Security Advisory

\n

DSA-1934-1 apache2 -- multiple issues

\n
\n
Date Reported:
\n
16 Nov 2009
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3094, CVE-2009-3095, CVE-2009-3555.
\n
More information:
\n
\n

A design flaw has been found in the TLS and SSL protocol that allows\nan attacker to inject arbitrary content at the beginning of a TLS/SSL\nconnection. The attack is related to the way how TLS and SSL handle\nsession renegotiations. CVE-2009-3555 has been assigned to this\nvulnerability.

\n

As a partial mitigation against this attack, this apache2 update\ndisables client-initiated renegotiations. This should fix the\nvulnerability for the majority of Apache configurations in use.

\n

NOTE: This is not a complete fix for the problem. The attack is\nstill possible in configurations where the server initiates the\nrenegotiation. This is the case for the following configurations\n(the information in the changelog of the updated packages is\nslightly inaccurate):

\n
    \n
  • The \"SSLVerifyClient\" directive is used in a Directory or Location context.
    • \n
  • The \"SSLCipherSuite\" directive is used in a Directory or Location context.
    • \n
\n

As a workaround, you may rearrange your configuration in a way that\nSSLVerifyClient and SSLCipherSuite are only used on the server or\nvirtual host level.

\n

A complete fix for the problem will require a protocol change. Further\ninformation will be included in a separate announcement about this\nissue.

\n

In addition, this update fixes the following issues in Apache's\nmod_proxy_ftp:

\n
    \n
  • CVE-2009-3094\n

    Insufficient input validation in the mod_proxy_ftp module allowed remote FTP\nservers to cause a denial of service (NULL pointer dereference and child\nprocess crash) via a malformed reply to an EPSV command.

    • \n
  • CVE-2009-3095\n

    Insufficient input validation in the mod_proxy_ftp module allowed remote\nauthenticated attackers to bypass intended access restrictions and send\narbitrary FTP commands to an FTP server.

    • \n
\n

The oldstable distribution (etch), these problems have been fixed in\nversion 2.2.3-4+etch11.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny6. This version also includes some non-security\nbug fixes that were scheduled for inclusion in the next stable point\nrelease (Debian 5.0.4).

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 2.2.14-2.

\n

This advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.

\n

Updated apache2-mpm-itk packages for the armel architecture are not\nincluded yet. They will be released as soon as they become available.

\n

We recommend that you upgrade your apache2 and apache2-mpm-itk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.3-4+etch11_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.3-4+etch11_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.3-4+etch11_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.2.3-4+etch11_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.3-01-2+etch4+b1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.3-4+etch11_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.3-4+etch11_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1935": "
\n

Debian Security Advisory

\n

DSA-1935-1 gnutls13 gnutls26 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Nov 2009
\n
Affected Packages:
\n
\ngnutls13, gnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 541439.
In Mitre's CVE dictionary: CVE-2009-2409, CVE-2009-2730.
\n
More information:
\n
\n

Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of\nthe TLS/SSL protocol, does not properly handle a '\\0' character in a domain name\nin the subject's Common Name or Subject Alternative Name (SAN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification\nAuthority. (CVE-2009-2730)

\n

In addition, with this update, certificates with MD2 hash signatures are no\nlonger accepted since they're no longer considered cryptograhically secure. It\nonly affects the oldstable distribution (etch).(CVE-2009-2409)

\n

For the oldstable distribution (etch), these problems have been fixed in version\n1.4.4-3+etch5 for gnutls13.

\n

For the stable distribution (lenny), these problems have been fixed in version\n2.4.2-6+lenny2 for gnutls26.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems have been fixed in version 2.8.3-1 for gnutls26.

\n

We recommend that you upgrade your gnutls13/gnutls26 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.dsc
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1936": "
\n

Debian Security Advisory

\n

DSA-1936-1 libgd2 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Nov 2009
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 408982, Bug 552534.
In Mitre's CVE dictionary: CVE-2007-0455, CVE-2009-3546.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2007-0455\n

    Kees Cook discovered a buffer overflow in libgd2's font renderer. An\n attacker could cause denial of service (application crash) and\n possibly execute arbitrary code via a crafted string with a JIS\n encoded font. This issue only affects the oldstable distribution\n (etch).

    • \n
  • CVE-2009-3546\n

    Tomas Hoger discovered a boundary error in the \"_gdGetColors()\"\n function. An attacker could conduct a buffer overflow or buffer\n over-read attacks via a crafted GD file.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.0.33-5.2etch2.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.0.36~rc1~dfsg-3+lenny1.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n2.0.36~rc1~dfsg-3.1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.33-5.2etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.33-5.2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.33-5.2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.33-5.2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.33-5.2etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.33-5.2etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.36~rc1~dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm_2.0.36~rc1~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm-dev_2.0.36~rc1~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.36~rc1~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.36~rc1~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-xpm-dev_2.0.36~rc1~dfsg-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1937": "
\n

Debian Security Advisory

\n

DSA-1937-1 gforge -- insufficient input sanitising

\n
\n
Date Reported:
\n
21 Nov 2009
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3303.
\n
More information:
\n
\n

It was discovered that gforge, collaborative development tool, is prone\nto a cross-site scripting attack via the helpname parameter. Beside\nfixing this issue, the update also introduces some additional input\nsanitising. However, there are no known attack vectors.

\n

The oldstable distribution (etch), these problems have been fixed in\nversion 4.5.14-22etch12.

\n

For the stable distribution (lenny), these problem have been fixed in\nversion 4.7~rc2-7lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 4.8.1-3.

\n

We recommend that you upgrade your gforge packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch12.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch12.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch12_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch12_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny2.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmcvs_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-mediawiki_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmsvn_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache2_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.7~rc2-7lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.7~rc2-7lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1938": "
\n

Debian Security Advisory

\n

DSA-1938-1 php-mail -- programming error

\n
\n
Date Reported:
\n
23 Nov 2009
\n
Affected Packages:
\n
\nphp-mail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that php-mail, a PHP PEAR module for sending email,\nhas insufficient input sanitising, which might be used to obtain\nsensitive data from the system that uses php-mail.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.1.6-2+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.1.14-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.14-2.

\n

We recommend that you upgrade your php-mail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.6-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.6-2+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.6-2+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.14-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.14-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php-mail/php-mail_1.1.14-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1939": "
\n

Debian Security Advisory

\n

DSA-1939-1 libvorbis -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Nov 2009
\n
Affected Packages:
\n
\nlibvorbis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 540958.
In Mitre's CVE dictionary: CVE-2009-2663, CVE-2009-3379.
\n
More information:
\n
\n

Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered\nthat libvorbis, a library for the Vorbis general-purpose compressed\naudio codec, did not correctly handle certain malformed ogg files. An\nattacher could cause a denial of service (memory corruption and\napplication crash) or possibly execute arbitrary code via a crafted .ogg\nfile.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.1.2.dfsg-1.4+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.0.dfsg-3.1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.2.3-1

\n

We recommend that you upgrade your libvorbis packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.1.2.dfsg-1.4+etch1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.1.2.dfsg-1.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.1.2.dfsg-1.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.1.2.dfsg-1.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.1.2.dfsg-1.4+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg-3.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis_1.2.0.dfsg.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis0a_1.2.0.dfsg-3.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisfile3_1.2.0.dfsg-3.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbisenc2_1.2.0.dfsg-3.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libv/libvorbis/libvorbis-dev_1.2.0.dfsg-3.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1940": "
\n

Debian Security Advisory

\n

DSA-1940-1 php5 -- multiple issues

\n
\n
Date Reported:
\n
25 Nov 2009
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 535888, Bug 540605, Bug 527560.
In Mitre's CVE dictionary: CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the PHP 5\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n

The following issues have been fixed in both the stable (lenny)\nand the oldstable (etch) distributions:\n

    \n
  • CVE-2009-2687\nCVE-2009-3292\n

    The exif module did not properly handle malformed jpeg files,\n allowing an attacker to cause a segfault, resulting in a denial\n of service.\n

    • \n
  • CVE-2009-3291\n

    The php_openssl_apply_verification_policy() function did not\n properly perform certificate validation.

    • \n
  • No CVE id yet\n

    Bogdan Calin discovered that a remote attacker could cause a denial\n of service by uploading a large number of files in using multipart/\n form-data requests, causing the creation of a large number of\n temporary files.

    \n

    To address this issue, the max_file_uploads option introduced in PHP\n 5.3.1 has been backported. This option limits the maximum number of\n files uploaded per request. The default value for this new option is\n 50. See NEWS.Debian for more information.

    • \n
\n

The following issue has been fixed in the stable (lenny) distribution:

\n
    \n
  • CVE-2009-2626\n

    A flaw in the ini_restore() function could lead to a memory\n disclosure, possibly leading to the disclosure of sensitive data.

    • \n
\n

In the oldstable (etch) distribution, this update also fixes a regression\nintroduced by the fix for\nCVE-2008-5658\nin DSA-1789-1 (bug #527560).

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny4.

\n

The oldstable distribution (etch), these problems have been fixed in\nversion 5.2.0+dfsg-8+etch16.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed in version 5.2.11.dfsg.1-2.

\n

We recommend that you upgrade your php5 packages.

\n

\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (oldstable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0+dfsg-8+etch16_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0+dfsg-8+etch16_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch16_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch16_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1941": "
\n

Debian Security Advisory

\n

DSA-1941-1 poppler -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Nov 2009
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0755, CVE-2009-3903, CVE-2009-3904, CVE-2009-3905, CVE-2009-3906, CVE-2009-3907, CVE-2009-3908, CVE-2009-3909, CVE-2009-3938.
\n
More information:
\n
\n

Several integer overflows, buffer overflows and memory allocation\nerrors were discovered in the Poppler PDF rendering library, which may\nlead to denial of service or the execution of arbitrary code if a user\nis tricked into opening a malformed PDF document.

\n

An update for the old stable distribution (etch) will be issued soon as\nversion 0.4.5-5.1etch4.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your poppler packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1942": "
\n

Debian Security Advisory

\n

DSA-1942-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Nov 2009
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1268, CVE-2008-1829, CVE-2009-2560, CVE-2009-2562, CVE-2009-3241, CVE-2009-3550, CVE-2009-3829.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to the execution of arbitrary\ncode or denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-2560\n

    A NULL pointer dereference was found in the RADIUS dissector.

    • \n
  • CVE-2009-3550\n

    A NULL pointer dereference was found in the DCERP/NT dissector.

    • \n
  • CVE-2009-3829\n

    An integer overflow was discovered in the ERF parser.

    • \n
\n

This update also includes fixes for three minor issues\n(CVE-2008-1829,\nCVE-2009-2562,\nCVE-2009-3241),\nwhich were scheduled for the next stable point update. Also\nCVE-2009-1268\nwas fixed for Etch. Since this security update was issued prior to the release\nof the point update, the fixes were included.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 0.99.4-5.etch.4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny7.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.3-1.

\n

We recommend that you upgrade your Wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/tethereal_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-common_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal-dev_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_0.99.4-5.etch.4_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/ethereal_0.99.4-5.etch.4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1943": "
\n

Debian Security Advisory

\n

DSA-1943-1 openldap openldap2.3 -- insufficient input validation

\n
\n
Date Reported:
\n
02 Dec 2009
\n
Affected Packages:
\n
\nopenldap, openldap2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 553432.
In Mitre's CVE dictionary: CVE-2009-3767.
\n
More information:
\n
\n

It was discovered that OpenLDAP, a free implementation of the Lightweight\nDirectory Access Protocol, when OpenSSL is used, does not properly handle a '\\0'\ncharacter in a domain name in the subject's Common Name (CN) field of an X.509\ncertificate, which allows man-in-the-middle attackers to spoof arbitrary SSL\nservers via a crafted certificate issued by a legitimate Certification Authority.

\n

For the oldstable distribution (etch), this problem has been fixed in version\n2.3.30-5+etch3 for openldap2.3.

\n

For the stable distribution (lenny), this problem has been fixed in version\n2.4.11-1+lenny1 for openldap.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.4.17-2.1 for openldap.

\n

We recommend that you upgrade your openldap2.3/openldap packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1944": "
\n

Debian Security Advisory

\n

DSA-1944-1 request-tracker3.4 request-tracker3.6 -- session hijack

\n
\n
Date Reported:
\n
03 Dec 2009
\n
Affected Packages:
\n
\nrequest-tracker3.4, request-tracker3.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3585.
\n
More information:
\n
\n

Mikal Gule discovered that request-tracker, an extensible trouble-ticket\ntracking system, is prone to an attack, where an attacker with access\nto the same domain can hijack a user's RT session.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1\nof request-tracker3.4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny3.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.6.9-2.

\n

We recommend that you upgrade your request-tracker packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache2_3.6.1-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache_3.6.1-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-clients_3.4.5-2+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/request-tracker3.4_3.4.5-2+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-apache_3.4.5-2+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.1-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-clients_3.6.1-4+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.4/rt3.4-apache2_3.4.5-2+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-mysql_3.6.7-5+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-sqlite_3.6.7-5+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-apache2_3.6.7-5+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-db-postgresql_3.6.7-5+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/r/request-tracker3.6/rt3.6-clients_3.6.7-5+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1945": "
\n

Debian Security Advisory

\n

DSA-1945-1 gforge -- symlink attack

\n
\n
Date Reported:
\n
03 Dec 2009
\n
Affected Packages:
\n
\ngforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3304.
\n
More information:
\n
\n

Sylvain Beucler discovered that gforge, a collaborative development\ntool, is prone to a symlink attack, which allows local users to perform\na denial of service attack by overwriting arbitrary files.

\n

The oldstable distribution (etch), this problem has been fixed in\nversion 4.5.14-22etch13.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.7~rc2-7lenny3.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.8.2-1.

\n

We recommend that you upgrade your gforge packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_4.5.14-22etch13_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.5.14-22etch13_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3.dsc
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-mediawiki_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-courier_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-postgresql_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmsvn_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache2_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_4.7~rc2-7lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/g/gforge/gforge-plugin-scmcvs_4.7~rc2-7lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1946": "
\n

Debian Security Advisory

\n

DSA-1946-1 belpic -- cryptographic weakness

\n
\n
Date Reported:
\n
04 Dec 2009
\n
Affected Packages:
\n
\nbelpic\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 511261.
In Mitre's CVE dictionary: CVE-2009-0049.
\n
More information:
\n
\n

It was discovered that belpic, the belgian eID PKCS11 library, does not\nproperly check the result of an OpenSSL function for verifying\ncryptographic signatures, which could be used to bypass the certificate\nvalidation.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.5.9-7.etch.1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.0-6, which was already included in the lenny release.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.6.0-6.

\n

We recommend that you upgrade your belpic packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.dsc
\n
http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mipsel.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1947": "
\n

Debian Security Advisory

\n

DSA-1947-1 shibboleth-sp, shibboleth-sp2, opensaml2 -- missing input sanitising

\n
\n
Date Reported:
\n
07 Dec 2009
\n
Affected Packages:
\n
\nshibboleth-sp
shibboleth-sp2
opensaml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3300.
\n
More information:
\n
\n

Matt Elder discovered that Shibboleth, a federated web single sign-on\nsystem is vulnerable to script injection through redirection URLs. More\ndetails can be found in the Shibboleth advisory at\nhttp://shibboleth.internet2.edu/secadv/secadv_20091104.txt.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.3f.dfsg1-2+etch2 of shibboleth-sp.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.1.dfsg1-3+lenny2 of shibboleth-sp, version 2.0.dfsg1-4+lenny2\nof shibboleth-sp2 and version 2.0-2+lenny2 of opensaml2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3+dfsg-1 of shibboleth-sp2, version 2.3-1 of opensaml2 and\nversion 1.3.1-1 of xmltooling.

\n

We recommend that you upgrade your Shibboleth packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3f.dfsg1-2+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3f.dfsg1-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3f.dfsg1-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3f.dfsg1-2+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3f.dfsg1-2+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2_2.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/shibboleth-sp_1.3.1.dfsg1-3+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2_2.0.dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-doc_2.0-2+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-schemas_2.0-2+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-doc_2.0.dfsg1-4+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/shibboleth-sp2-schemas_2.0.dfsg1-4+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libapache2-mod-shib_1.3.1.dfsg1-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/opensaml2-tools_2.0-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp-dev_2.0.dfsg1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib6_1.3.1.dfsg1-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2-dev_2.0-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-target5_1.3.1.dfsg1-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libapache2-mod-shib2_2.0.dfsg1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/opensaml2/libsaml2_2.0-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp2/libshibsp1_2.0.dfsg1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/shibboleth-sp/libshib-dev_1.3.1.dfsg1-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1948": "
\n

Debian Security Advisory

\n

DSA-1948-1 ntp -- denial of service

\n
\n
Date Reported:
\n
08 Dec 2009
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 560074.
In Mitre's CVE dictionary: CVE-2009-3563.
\n
More information:
\n
\n

Robin Park and Dmitri Vinokurov discovered that the daemon component of\nthe ntp package, a reference implementation of the NTP protocol, is\nnot properly reacting to certain incoming packets.

\n

An unexpected NTP mode 7 packet (MODE_PRIVATE) with spoofed IP data can lead\nntpd to reply with a mode 7 response to the spoofed address. This may result\nin the service playing packet ping-pong with other ntp servers or even itself\nwhich causes CPU usage and excessive disk use due to logging. An attacker\ncan use this to conduct denial of service attacks.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1:4.2.2.p4+dfsg-2etch4.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:4.2.4p4+dfsg-8lenny3.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your ntp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.dsc
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.2.p4+dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.2.p4+dfsg-2etch4_all.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.2.p4+dfsg-2etch4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.2.p4+dfsg-2etch4_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.2.p4+dfsg-2etch4_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.dsc
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.4p4+dfsg-8lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.4p4+dfsg-8lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.4p4+dfsg-8lenny3_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1949": "
\n

Debian Security Advisory

\n

DSA-1949-1 php-net-ping -- programming error

\n
\n
Date Reported:
\n
12 Dec 2009
\n
Affected Packages:
\n
\nphp-net-ping\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4024.
\n
More information:
\n
\n

It was discovered that php-net-ping, a PHP PEAR module to execute ping\nindependently of the Operating System, performs insufficient input\nsanitising, which might be used to inject arguments (no CVE yet) or\nexecute arbitrary commands (CVE-2009-4024) on a system that uses\nphp-net-ping.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.4.2-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.2-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed\nsoon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-1.1.

\n

We recommend that you upgrade your php-net-ping packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php-net-ping/php-net-ping_2.4.2-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1950": "
\n

Debian Security Advisory

\n

DSA-1950-1 webkit -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Dec 2009
\n
Affected Packages:
\n
\nwebkit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 532724, Bug 532725, Bug 534946, Bug 535793, Bug 538346.
In Mitre's CVE dictionary: CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1712, CVE-2009-1725, CVE-2009-1714, CVE-2009-1710, CVE-2009-1697, CVE-2009-1695, CVE-2009-1693, CVE-2009-1694, CVE-2009-1681, CVE-2009-1684, CVE-2009-1692.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in WebKit, a Web content engine\nlibrary for Gtk+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0945\n

    Array index error in the insertItemBefore method in WebKit, allows remote\nattackers to execute arbitrary code via a document with a SVGPathList data\nstructure containing a negative index in the SVGTransformList, SVGStringList,\nSVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,\nwhich triggers memory corruption.

    • \n
  • CVE-2009-1687\n

    The JavaScript garbage collector in WebKit does not properly handle allocation\nfailures, which allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a crafted HTML\ndocument that triggers write access to an \"offset of a NULL pointer.\"

    • \n
  • CVE-2009-1690\n

    Use-after-free vulnerability in WebKit, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption and application\ncrash) by setting an unspecified property of an HTML tag that causes child\nelements to be freed and later accessed when an HTML error occurs, related to\n\"recursion in certain DOM event handlers.\"

    • \n
  • CVE-2009-1698\n

    WebKit does not initialize a pointer during handling of a Cascading Style Sheets\n(CSS) attr function call with a large numerical argument, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document.

    • \n
  • CVE-2009-1711\n

    WebKit does not properly initialize memory for Attr DOM objects, which allows\nremote attackers to execute arbitrary code or cause a denial of service\n(application crash) via a crafted HTML document.

    • \n
  • CVE-2009-1712\n

    WebKit does not prevent remote loading of local Java applets, which allows\nremote attackers to execute arbitrary code, gain privileges, or obtain sensitive\ninformation via an APPLET or OBJECT element.

    • \n
  • CVE-2009-1725\n

    WebKit do not properly handle numeric character references, which allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) via a crafted HTML document.

    • \n
  • CVE-2009-1714\n

    Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows\nuser-assisted remote attackers to inject arbitrary web script or HTML, and read\nlocal files, via vectors related to the improper escaping of HTML attributes.

    • \n
  • CVE-2009-1710\n

    WebKit allows remote attackers to spoof the browser's display of the host name,\nsecurity indicators, and unspecified other UI elements via a custom cursor in\nconjunction with a modified CSS3 hotspot property.

    • \n
  • CVE-2009-1697\n

    CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP\nheaders and bypass the Same Origin Policy via a crafted HTML document, related\nto cross-site scripting (XSS) attacks that depend on communication with\narbitrary web sites on the same server through use of XMLHttpRequest without a\nHost header.

    • \n
  • CVE-2009-1695\n

    Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to\ninject arbitrary web script or HTML via vectors involving access to frame\ncontents after completion of a page transition.

    • \n
  • CVE-2009-1693\n

    WebKit allows remote attackers to read images from arbitrary web sites via a\nCANVAS element with an SVG image, related to a \"cross-site image capture issue.\"

    • \n
  • CVE-2009-1694\n

    WebKit does not properly handle redirects, which allows remote attackers to read\nimages from arbitrary web sites via vectors involving a CANVAS element and\nredirection, related to a \"cross-site image capture issue.\"

    • \n
  • CVE-2009-1681\n

    WebKit does not prevent web sites from loading third-party content into a\nsubframe, which allows remote attackers to bypass the Same Origin Policy and\nconduct \"clickjacking\" attacks via a crafted HTML document.

    • \n
  • CVE-2009-1684\n

    Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to\ninject arbitrary web script or HTML via an event handler that triggers script\nexecution in the context of the next loaded document.

    • \n
  • CVE-2009-1692\n

    WebKit allows remote attackers to cause a denial of service (memory consumption\nor device reset) via a web page containing an HTMLSelectElement object with a\nlarge length attribute, related to the length property of a Select object.

    • \n
\n

For the stable distribution (lenny), these problems has been fixed in\nversion 1.0.1-4+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.1.16-1.

\n

We recommend that you upgrade your webkit package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/w/webkit/webkit_1.0.1-4+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1951": "
\n

Debian Security Advisory

\n

DSA-1951-1 firefox-sage -- insufficient input sanitising

\n
\n
Date Reported:
\n
15 Dec 2009
\n
Affected Packages:
\n
\nfirefox-sage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 559267.
In Mitre's CVE dictionary: CVE-2009-4102.
\n
More information:
\n
\n

It was discovered that firefox-sage, a lightweight RSS and Atom feed\nreader for Firefox, does not sanitise the RSS feed information\ncorrectly, which makes it prone to a cross-site scripting and a\ncross-domain scripting attack.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.3.6-4etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.2-0.1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.4.3-3.

\n

We recommend that you upgrade your firefox-sage packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.3.6-4etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.3.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.3.6-4etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.3.6-4etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.4.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/firefox-sage/firefox-sage_1.4.2-0.1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1952": "
\n

Debian Security Advisory

\n

DSA-1952-1 asterisk -- several vulnerabilities, end-of-life announcement in oldstable

\n
\n
Date Reported:
\n
15 Dec 2009
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 513413, Bug 522528, Bug 554487, Bug 554486, Bug 559103.
In Mitre's CVE dictionary: CVE-2009-0041, CVE-2008-3903, CVE-2009-3727, CVE-2008-7220, CVE-2009-4055, CVE-2007-2383.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in asterisk, an Open Source\nPBX and telephony toolkit. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-0041\n

    It is possible to determine valid login names via probing, due to the\nIAX2 response from asterisk (AST-2009-001).

    • \n
  • CVE-2008-3903\n

    It is possible to determine a valid SIP username, when Digest\nauthentication and authalwaysreject are enabled (AST-2009-003).

    • \n
  • CVE-2009-3727\n

    It is possible to determine a valid SIP username via multiple crafted\nREGISTER messages (AST-2009-008).

    • \n
  • CVE-2008-7220 CVE-2007-2383\n

    It was discovered that asterisk contains an obsolete copy of the\nPrototype JavaScript framework, which is vulnerable to several security\nissues. This copy is unused and now removed from asterisk\n(AST-2009-009).

    • \n
  • CVE-2009-4055\n

    It was discovered that it is possible to perform a denial of service\nattack via RTP comfort noise payload with a long data length\n(AST-2009-010).

    • \n
\n

The current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for these\nand any future issues has become unfeasible and therefore we need to\ndrop our security support for the version in oldstable. We recommend\nthat all asterisk users upgrade to the stable distribution (lenny).

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:1.4.21.2~dfsg-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1:1.6.2.0~rc7-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sounds-main_1.4.21.2~dfsg-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-config_1.4.21.2~dfsg-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1.4.21.2~dfsg-3+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1.4.21.2~dfsg-3+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.4.21.2~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dbg_1.4.21.2~dfsg-3+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.4.21.2~dfsg-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1953": "
\n

Debian Security Advisory

\n

DSA-1953-1 expat -- denial of service

\n
\n
Date Reported:
\n
15 Dec 2009
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 560901.
In Mitre's CVE dictionary: CVE-2009-3560.
\n
More information:
\n
\n

Jan Lieskovsky discovered an error in expat, an XML parsing C library,\nwhen parsing certain UTF-8 sequences, which can be exploited to crash an\napplication using the library.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.95.8-3.4+etch2.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-4+lenny2.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be in version 2.0.1-6.

\n

The builds for the mipsel architecture for the oldstable distribution\nare not included yet. They will be released when they become available.

\n

We recommend that you upgrade your expat packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_arm.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_s390.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_1.95.8-3.4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_1.95.8-3.4+etch2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_1.95.8-3.4+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_1.95.8-3.4+etch2_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_armel.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-udeb_2.0.1-4+lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1_2.0.1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/expat_2.0.1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/lib64expat1-dev_2.0.1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/e/expat/libexpat1-dev_2.0.1-4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1954": "
\n

Debian Security Advisory

\n

DSA-1954-1 cacti -- insufficient input sanitising

\n
\n
Date Reported:
\n
16 Dec 2009
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 429224.
In Mitre's CVE dictionary: CVE-2007-3112, CVE-2007-3113, CVE-2009-4032.
\n
More information:
\n
\n

Several vulnerabilities have been found in cacti, a frontend to rrdtool\nfor monitoring systems and services. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2007-3112, CVE-2007-3113\n

    It was discovered that cacti is prone to a denial of service via the\ngraph_height, graph_width, graph_start and graph_end parameters.\nThis issue only affects the oldstable (etch) version of cacti.

    • \n
  • CVE-2009-4032\n

    It was discovered that cacti is prone to several cross-site scripting\nattacks via different vectors.

    • \n
  • CVE-2009-4112\n

    It has been discovered that cacti allows authenticated administrator\nusers to gain access to the host system by executing arbitrary commands\nvia the \"Data Input Method\" for the \"Linux - Get Memory Usage\" setting.

    \n

    There is no fix for this issue at this stage. Upstream will implement a\nwhitelist policy to only allow certain \"safe\" commands. For the moment,\nwe recommend that such access is only given to trusted users and that\nthe options \"Data Input\" and \"User Administration\" are otherwise\ndeactivated.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 0.8.6i-3.6.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-1.1.

\n

We recommend that you upgrade your cacti packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.6i-3.6_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1955": "
\n

Debian Security Advisory

\n

DSA-1955-1 network-manager/network-manager-applet -- information disclosure

\n
\n
Date Reported:
\n
16 Dec 2009
\n
Affected Packages:
\n
\nnetwork-manager/network-manager-applet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 519801.
In Mitre's CVE dictionary: CVE-2009-0365.
\n
More information:
\n
\n

It was discovered that network-manager-applet, a network management\nframework, lacks some dbus restriction rules, which allows local users\nto obtain sensitive information.

\n

If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf\nfile, then please make sure that you merge the changes from this fix\nwhen asked during upgrade.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.6.4-6+etch1 of network-manager.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.6.6-4+lenny1 of network-manager-applet.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.7.0.99-1 of\nnetwork-manager-applet.

\n

We recommend that you upgrade your network-manager and\nnetwork-manager-applet packages accordingly.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1956": "
\n

Debian Security Advisory

\n

DSA-1956-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Dec 2009
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3986, CVE-2009-3985, CVE-2009-3984, CVE-2009-3983, CVE-2009-3981, CVE-2009-3979.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-3986:\n

    David James discovered that the window.opener property allows Chrome\n privilege escalation.

    • \n
  • CVE-2009-3985:\n

    Jordi Chanel discovered a spoofing vulnerability of the URL location bar\n using the document.location property.

    • \n
  • CVE-2009-3984:\n

    Jonathan Morgan discovered that the icon indicating a secure connection\n could be spoofed through the document.location property.

    • \n
  • CVE-2009-3983:\n

    Takehiro Takahashi discovered that the NTLM implementation is vulnerable\n to reflection attacks.

    • \n
  • CVE-2009-3981:\n

    Jesse Ruderman discovered a crash in the layout engine, which might allow\n the execution of arbitrary code.

    • \n
  • CVE-2009-3979:\n

    Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay\n discovered crashes in the layout engine, which might allow the execution\n of arbitrary code.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.16-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.6-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.16-1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.16-1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.16-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.16-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1957": "
\n

Debian Security Advisory

\n

DSA-1957-1 aria2 -- buffer overflow

\n
\n
Date Reported:
\n
28 Dec 2009
\n
Affected Packages:
\n
\naria2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 551070.
In Mitre's CVE dictionary: CVE-2009-3575.
\n
More information:
\n
\n

It was discovered that aria2, a high speed download utility, is prone\nto a buffer overflow in the DHT routing code, which might lead to the\nexecution of arbitrary code.

\n

The oldstable distribution (etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.14.0-1+lenny1. Binaries for powerpc, arm, ia64 and hppa will\nbe provided once they are available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.0-1.

\n

We recommend that you upgrade your aria2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1958": "
\n

Debian Security Advisory

\n

DSA-1958-1 libtool -- privilege escalation

\n
\n
Date Reported:
\n
29 Dec 2009
\n
Affected Packages:
\n
\nlibtool\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3736.
\n
More information:
\n
\n

It was discovered that ltdl, a system-independent dlopen wrapper for\nGNU libtool, can be tricked to load and run modules from an arbitrary\ndirectory, which might be used to execute arbitrary code with the\nprivileges of the user running an application that uses libltdl.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.5.22-4+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.26-4+lenny1.

\n

For the testing distribution (squeeze) and unstable distribution (sid),\nthis problem has been fixed in 2.2.6b-1.

\n

We recommend that you upgrade your libtool packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1959": "
\n

Debian Security Advisory

\n

DSA-1959-1 ganeti -- missing input sanitation

\n
\n
Date Reported:
\n
19 Dec 2009
\n
Affected Packages:
\n
\nganeti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4261.
\n
More information:
\n
\n

It was discovered that ganeti, a virtual server cluster manager, does\nnot validate the path of scripts passed as arguments to certain\ncommands, which allows local or remote users (via the web interface in\nversions 2.x) to execute arbitrary commands on a host acting as a\ncluster master.

\n

The oldstable distribution (etch) does not include ganeti.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.6-3+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed\nin version 2.0.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.5-1.

\n

We recommend that you upgrade your ganeti packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/ganeti/ganeti_1.2.6-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ganeti/ganeti_1.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/ganeti/ganeti_1.2.6-3+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/ganeti/ganeti_1.2.6-3+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1960": "
\n

Debian Security Advisory

\n

DSA-1960-1 acpid -- programming error

\n
\n
Date Reported:
\n
19 Dec 2009
\n
Affected Packages:
\n
\nacpid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4235.
\n
More information:
\n
\n

It was discovered that acpid, the Advanced Configuration and Power\nInterface event daemon, on the oldstable distribution (etch) creates\nits log file with weak permissions, which might expose sensitive\ninformation or might be abused by a local user to consume all free disk\nspace on the same partition of the file.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.0.4-5etch2.

\n

The stable distribution (lenny) in version 1.0.8-1lenny2 and the\nunstable distribution (sid) in version 1.0.10-5, have been updated to\nfix the weak file permissions of the log file created by older\nversions.

\n

We recommend that you upgrade your acpid packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2.dsc
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.4-5etch2_ia64.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2.dsc
\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8.orig.tar.gz
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/acpid/acpid_1.0.8-1lenny2_ia64.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1961": "
\n

Debian Security Advisory

\n

DSA-1961-1 bind9 -- DNS cache poisoning

\n
\n
Date Reported:
\n
23 Dec 2009
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4022.
CERT's vulnerabilities, advisories and incident notes: VU#418861.
\n
More information:
\n
\n

Michael Sinatra discovered that the DNS resolver component in BIND\ndoes not properly check DNS records contained in additional sections\nof DNS responses, leading to a cache poisoning vulnerability. This\nvulnerability is only present in resolvers which have been configured\nwith DNSSEC trust anchors, which is still rare.

\n

Note that this update contains an internal ABI change, which means\nthat all BIND-related packages (bind9, dnsutils and the library\npackages) must be updated at the same time (preferably using \"apt-get\nupdate\" and \"apt-get upgrade\"). In the unlikely event that you have\ncompiled your own software against libdns, you must recompile this\nprograms, too.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 9.3.4-2etch6.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 9.5.1.dfsg.P3-1+lenny1.

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), this problem has been fixed in version 9.6.1.dfsg.P2-1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch6_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch6_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.5.1.dfsg.P3-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc45_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns45_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres40_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-40_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc40_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg40_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.5.1.dfsg.P3-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1962": "
\n

Debian Security Advisory

\n

DSA-1962-1 kvm -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Dec 2009
\n
Affected Packages:
\n
\nkvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 557739, Bug 562075, Bug 562076.
In Mitre's CVE dictionary: CVE-2009-3638, CVE-2009-3722, CVE-2009-4031.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in kvm, a full virtualization system.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-3638\n

    It was discovered an Integer overflow in the kvm_dev_ioctl_get_supported_cpuid\nfunction. This allows local users to have an unspecified impact via a\nKVM_GET_SUPPORTED_CPUID request to the kvm_arch_dev_ioctl function.

    • \n
  • CVE-2009-3722\n

    It was discovered that the handle_dr function in the KVM subsystem does not\nproperly verify the Current Privilege Level (CPL) before accessing a debug\nregister, which allows guest OS users to cause a denial of service (trap) on the\nhost OS via a crafted application.

    • \n
  • CVE-2009-4031\n

    It was discovered that the do_insn_fetch function in the x86 emulator in the KVM\nsubsystem tries to interpret instructions that contain too many bytes to be\nvalid, which allows guest OS users to cause a denial of service (increased\nscheduling latency) on the host OS via unspecified manipulations related to SMP\nsupport.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in version\n72+dfsg-5~lenny4.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your kvm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny4_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny4_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1963": "
\n

Debian Security Advisory

\n

DSA-1963-1 unbound -- cryptographic implementation error

\n
\n
Date Reported:
\n
23 Dec 2009
\n
Affected Packages:
\n
\nunbound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3602.
\n
More information:
\n
\n

It was discovered that Unbound, a DNS resolver, does not properly\ncheck cryptographic signatures on NSEC3 records. As a result, zones\nsigned with the NSEC3 variant of DNSSEC lose their cryptographic\nprotection. (An attacker would still have to carry out an ordinary\ncache poisoning attack to add bad data to the cache.)

\n

The old stable distribution (etch) does not contain an unbound\npackage.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny1.

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), this problem has been fixed in version 1.3.4-1.

\n

We recommend that you upgrade your unbound package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/u/unbound/unbound_1.0.2-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound-dev_1.0.2-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/libunbound0_1.0.2-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/u/unbound/unbound-host_1.0.2-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1964": "
\n

Debian Security Advisory

\n

DSA-1964-1 postgresql-7.4, postgresql-8.1, postgresql-8.3 -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Dec 2009
\n
Affected Packages:
\n
\npostgresql-7.4
postgresql-8.1
postgresql-8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4034, CVE-2009-4136.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PostgreSQL, a database\nserver. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n

It was discovered that PostgreSQL did not properly verify the Common\nName attribute in X.509 certificates, enabling attackers to bypass the\n(optional) TLS protection on client-server connections, by relying on\na certificate from a trusted CA which contains an embedded NUL byte in\nthe Common Name (CVE-2009-4034).

\n

Authenticated database users could elevate their privileges by\ncreating specially-crafted index functions (CVE-2009-4136).

\n

The following matrix shows fixed source package versions for the\nrespective distributions.

\n
\n\n\n\n\n\n
\u00a0 oldstable/etch stable/lenny testing/unstable
postgresql-7.4 7.4.27-0etch1 \u00a0 \u00a0
postgresql-8.1 8.1.19-0etch1 \u00a0 \u00a0
postgresql-8.3 \u00a0 8.3.9-0lenny1 8.3.9-1
postgresql-8.4 \u00a0 \u00a0 8.4.2-1
\n

In addition to these security fixes, the updates contain reliability\nimprovements and fix other defects.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-server-dev-7.4_7.4.27-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.19-0etch1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-doc-7.4_7.4.27-0etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plperl-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-pltcl-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq-dev_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-compat2_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-pltcl-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg-dev_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plperl-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/libecpg5_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-plpython-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-client-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-7.4/postgresql-contrib-7.4_7.4.27-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.19-0etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-client-8.1_8.1.19-0etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.9-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.9-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.9-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.9-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.9-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.9-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.9-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1965": "
\n

Debian Security Advisory

\n

DSA-1965-1 phpldapadmin -- missing input sanitising

\n
\n
Date Reported:
\n
06 Jan 2010
\n
Affected Packages:
\n
\nphpldapadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 561975.
In Mitre's CVE dictionary: CVE-2009-4427.
\n
More information:
\n
\n

It was discovered that phpLDAPadmin, a web based interface for administering\nLDAP servers, doesn't sanitize an internal variable, which allows remote\nattackers to include and execute arbitrary local files.

\n

The oldstable distribution (etch) is not affected by this problem.

\n

For the stable distribution (lenny), this problem has been fixed in version\n1.1.0.5-6+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in version\n1.1.0.7-1.1

\n

We recommend that you upgrade your phpldapadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_1.1.0.5-6+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_1.1.0.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_1.1.0.5-6+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpldapadmin/phpldapadmin_1.1.0.5-6+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1966": "
\n

Debian Security Advisory

\n

DSA-1966-1 horde3 -- insufficient input sanitising

\n
\n
Date Reported:
\n
07 Jan 2010
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3237, CVE-2009-3701, CVE-2009-4363.
\n
More information:
\n
\n

Several vulnerabilities have been found in horde3, the horde web application\nframework. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-3237\n

    It has been discovered that horde3 is prone to cross-site scripting\nattacks via crafted number preferences or inline MIME text parts when\nusing text/plain as MIME type.\nFor lenny this issue was already fixed, but as an additional security\nprecaution, the display of inline text was disabled in the configuration\nfile.

    • \n
  • CVE-2009-3701\n

    It has been discovered that the horde3 administration interface is prone\nto cross-site scripting attacks due to the use of the PHP_SELF variable.\nThis issue can only be exploited by authenticated administrators.

    • \n
  • CVE-2009-4363\n

    It has been discovered that horde3 is prone to several cross-site\nscripting attacks via crafted data:text/html values in HTML messages.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.2.2+debian0-2+lenny2.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 3.1.3-4etch7.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.6+debian0-1.

\n

We recommend that you upgrade your horde3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.1.3-4etch7_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/h/horde3/horde3_3.2.2+debian0-2+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1967": "
\n

Debian Security Advisory

\n

DSA-1967-1 transmission -- directory traversal

\n
\n
Date Reported:
\n
07 Jan 2010
\n
Affected Packages:
\n
\ntransmission\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0012.
\n
More information:
\n
\n

Dan Rosenberg discovered that Transmission, a lightwight client for\nthe Bittorrent filesharing protocol, performs insufficient sanitising\nof file names specified in .torrent files. This could lead to the\noverwrite of local files with the privileges of the user running\nTransmission if the user is tricked into opening a malicious torrent\nfile.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.22-1+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.77-1.

\n

We recommend that you upgrade your transmission packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-common_1.22-1+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-gtk_1.22-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/transmission/transmission-cli_1.22-1+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1968": "
\n

Debian Security Advisory

\n

DSA-1968-1 pdns-recursor -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Jan 2010
\n
Affected Packages:
\n
\npdns-recursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4009, CVE-2009-4010.
\n
More information:
\n
\n

It was discovered that pdns-recursor, the PowerDNS recursive name\nserver, contains several vulnerabilities:

\n
    \n
  • CVE-2009-4009\n

    A buffer overflow can be exploited to crash the daemon, or potentially\nexecute arbitrary code.

    • \n
  • CVE-2009-4010\n

    A cache poisoning vulnerability may allow attackers to trick the\nserver into serving incorrect DNS data.

    • \n
\n

For the oldstable distribution (etch), fixed packages will be\nprovided soon.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.1.7-1+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.7.2-1.

\n

We recommend that you upgrade your pdns-recursor package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1969": "
\n

Debian Security Advisory

\n

DSA-1969-1 krb5 -- integer underflow

\n
\n
Date Reported:
\n
12 Jan 2010
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4212.
\n
More information:
\n
\n

It was discovered that krb5, a system for authenticating users and services on a\nnetwork, is prone to integer underflow in the AES and RC4 decryption operations of\nthe crypto library. A remote attacker can cause crashes, heap corruption, or,\nunder extraordinarily unlikely conditions, arbitrary code execution.

\n

For the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4-7etch8.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8+dfsg~alpha1-1.

\n

We recommend that you upgrade your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch8.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.4.4-7etch8.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.4.4-7etch8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.4.4-7etch8_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.4.4-7etch8_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny2.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1970": "
\n

Debian Security Advisory

\n

DSA-1970-1 openssl -- denial of service

\n
\n
Date Reported:
\n
13 Jan 2010
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4355.
\n
More information:
\n
\n

It was discovered that a significant memory leak could occur in OpenSSL,\nrelated to the reinitialization of zlib. This could result in a remotely\nexploitable denial of service vulnerability when using the Apache httpd\nserver in a configuration where mod_ssl, mod_php5, and the php5-curl\nextension are loaded.

\n

The old stable distribution (etch) is not affected by this issue.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny6.

\n

The packages for the arm architecture are not included in this advisory.\nThey will be released as soon as they become available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon. The issue does not seem to be\nexploitable with the apache2 package contained in squeeze/sid.

\n

We recommend that you upgrade your openssl packages. You also need to\nrestart your Apache httpd server to make sure it uses the updated\nlibraries.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_armel.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1971": "
\n

Debian Security Advisory

\n

DSA-1971-1 libthai -- integer overflow

\n
\n
Date Reported:
\n
15 Jan 2010
\n
Affected Packages:
\n
\nlibthai\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4012.
\n
More information:
\n
\n

Tim Starling discovered that libthai, a set of Thai language support routines,\nis vulnerable of integer/heap overflow.\nThis vulnerability could allow an attacker to run arbitrary code by sending a very\nlong string.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 0.1.6-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.1.9-4+lenny1.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your libthai package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.6-1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-doc_0.1.6-1+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.6-1+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.6-1+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai_0.1.9-4+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-doc_0.1.9-4+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-data_0.1.9-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai-dev_0.1.9-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libthai/libthai0_0.1.9-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1972": "
\n

Debian Security Advisory

\n

DSA-1972-1 audiofile -- buffer overflow

\n
\n
Date Reported:
\n
17 Jan 2010
\n
Affected Packages:
\n
\naudiofile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 510205.
In Mitre's CVE dictionary: CVE-2008-5824.
\n
More information:
\n
\n

Max Kellermann discovered a heap-based buffer overflow in the handling\nof ADPCM WAV files in libaudiofile. This flaw could result in a denial\nof service (application crash) or possibly execution of arbitrary code\nvia a crafted WAV file.

\n

The old stable distribution (etch), this problem will be fixed in\nversion 0.2.6-6+etch1.

\n

The packages for the oldstable distribution are not included in this\nadvisory. An update will be released soon.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.2.6-7+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.2.6-7.1.

\n

We recommend that you upgrade your audiofile packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/a/audiofile/audiofile_0.2.6-7+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile-dev_0.2.6-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0-dbg_0.2.6-7+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/audiofile/libaudiofile0_0.2.6-7+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1973": "
\n

Debian Security Advisory

\n

DSA-1973-1 glibc, eglibc -- information disclosure

\n
\n
Date Reported:
\n
19 Jan 2010
\n
Affected Packages:
\n
\nglibc, eglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 560333.
In Mitre's CVE dictionary: CVE-2010-0015.
\n
More information:
\n
\n

Christoph Pleger has discovered that the GNU C Library (aka glibc) and\nits derivatives add information from the passwd.adjunct.byname map to\nentries in the passwd map, which allows local users to obtain the\nencrypted passwords of NIS accounts by calling the getpwnam function.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.3.6.ds1-13etch10 of the glibc package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.7-18lenny2 of the glibc package.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 2.10.2-4 of the eglibc package.

\n

We recommend that you upgrade your glibc or eglibc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1-13etch10.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.3.6.ds1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.3.6.ds1-13etch10_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.3.6.ds1-13etch10_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.3.6.ds1-13etch10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.3.6.ds1-13etch10_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.3.6.ds1-13etch10_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.3.6.ds1-13etch10_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.3.6.ds1-13etch10_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.3.6.ds1-13etch10_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.3.6.ds1-13etch10_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.3.6.ds1-13etch10_sparc.udeb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_arm.udeb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_armel.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1974": "
\n

Debian Security Advisory

\n

DSA-1974-1 gzip -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jan 2010
\n
Affected Packages:
\n
\ngzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 507263.
In Mitre's CVE dictionary: CVE-2009-2624, CVE-2010-0001.
\n
More information:
\n
\n

Several vulnerabilities have been found in gzip, the GNU compression\nutilities. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-2624\n

    Thiemo Nagel discovered a missing input sanitation flaw in the way gzip\nused to decompress data blocks for dynamic Huffman codes, which could\nlead to the execution of arbitrary code when trying to decompress a\ncrafted archive. This issue is a reappearance of CVE-2006-4334 and only\naffects the lenny version.

    • \n
  • CVE-2010-0001\n

    Aki Helin discovered an integer underflow when decompressing files that\nare compressed using the LZW algorithm. This could lead to the execution\nof arbitrary code when trying to decompress a crafted LZW compressed\ngzip archive.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.3.12-6+lenny1.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.3.5-15+etch1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your gzip packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.dsc
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.5-15+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip-win32_1.3.12-6+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gzip/gzip_1.3.12-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1976": "
\n

Debian Security Advisory

\n

DSA-1976-1 dokuwiki -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2010
\n
Affected Packages:
\n
\ndokuwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 565406.
In Mitre's CVE dictionary: CVE-2010-0287, CVE-2010-0288, CVE-2010-0289.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in dokuwiki, a standards compliant\nsimple to use wiki.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-0287\n

    It was discovered that an internal variable is not properly sanitized before\nbeing used to list directories. This can be exploited to list contents of\narbitrary directories.

    • \n
  • CVE-2010-0288\n

    It was discovered that the ACL Manager plugin doesn't properly check the\nadministrator permissions. This allow an attacker to introduce arbitrary ACL\nrules and thus gaining access to a closed Wiki.

    • \n
  • CVE-2010-0289\n

    It was discovered that the ACL Manager plugin doesn't have protections against\ncross-site request forgeries (CSRF). This can be exploited to change the\naccess control rules by tricking a logged in administrator into visiting\na malicious web site.

    • \n
\n

The oldstable distribution (etch) is not affected by these problems.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.0.20080505-4+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 0.0.20090214b-3.1.

\n

We recommend that you upgrade your dokuwiki package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dokuwiki/dokuwiki_0.0.20080505-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/dokuwiki/dokuwiki_0.0.20080505.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dokuwiki/dokuwiki_0.0.20080505-4+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dokuwiki/dokuwiki_0.0.20080505-4+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1977": "
\n

Debian Security Advisory

\n

DSA-1977-1 python2.4 python2.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Jan 2010
\n
Affected Packages:
\n
\npython2.4 python2.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 493797, Bug 560912, Bug 560913.
In Mitre's CVE dictionary: CVE-2008-2316, CVE-2009-3560, CVE-2009-3720.
\n
More information:
\n
\n

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy\nin the interpreter for the Python language, does not properly process malformed or\ncrafted XML files. (CVE-2009-3560 CVE-2009-3720)\nThis vulnerability could allow an attacker to cause a denial of service while parsing\na malformed XML file.

\n

In addition, this update fixes an integer overflow in the hashlib module in python2.5.\nThis vulnerability could allow an attacker to defeat cryptographic digests. (CVE-2008-2316)\nIt only affects the oldstable distribution (etch).

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch3 for python2.4 and version 2.5-5+etch2 for python2.5.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.4.6-1+lenny1 for python2.4 and version 2.5.2-15+lenny1 for python2.5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.5.4-3.1 for python2.5, and will migrate to the testing distribution (squeeze)\nshortly.\npython2.4 has been removed from the testing distribution (squeeze), and it will\nbe removed from the unstable distribution soon.

\n

We recommend that you upgrade your python packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch3_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_arm.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch2_sparc.deb
\n

Debian GNU/Linux 5.0 (lenny)

\n
Source:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.6-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.6-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5.2-15+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5.2-15+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5.2-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.2-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5.2-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.6-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5.2-15+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.6-1+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1978": "
\n

Debian Security Advisory

\n

DSA-1978-1 phpgroupware -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jan 2010
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4414, CVE-2009-4415, CVE-2009-4416.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpgroupware, a\nWeb based groupware system written in PHP. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-4414\n

    An SQL injection vulnerability was found in the authentication\n module.

    • \n
  • CVE-2009-4415\n

    Multiple directory traversal vulnerabilities were found in the\n addressbook module.

    • \n
  • CVE-2009-4416\n

    The authentication module is affected by cross-site scripting.

    • \n
\n

For the stable distribution (lenny) these problems have been fixed in\nversion 0.9.16.012+dfsg-8+lenny1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 0.9.16.012+dfsg-9.

\n

We recommend that you upgrade your phpgroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1979": "
\n

Debian Security Advisory

\n

DSA-1979-1 lintian -- multiple vulnerabilities

\n
\n
Date Reported:
\n
27 Jan 2010
\n
Affected Packages:
\n
\nlintian\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4013, CVE-2009-4014, CVE-2009-4015.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in lintian,\na Debian package checker. The following Common Vulnerabilities and\nExposures project ids have been assigned to identify them:

\n
    \n
  • CVE-2009-4013: missing control files sanitation\n

    Control field names and values were not sanitised before using them\n in certain operations that could lead to directory traversals.

    \n

    Patch systems' control files were not sanitised before using them\n in certain operations that could lead to directory traversals.

    \n

    An attacker could exploit these vulnerabilities to overwrite\n arbitrary files or disclose system information.

    • \n
  • CVE-2009-4014: format string vulnerabilities\n

    Multiple check scripts and the Lintian::Schedule module were using\n user-provided input as part of the sprintf/printf format string.

    • \n
  • CVE-2009-4015: arbitrary command execution\n

    File names were not properly escaped when passing them as arguments\n to certain commands, allowing the execution of other commands as\n pipes or as a set of shell commands.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 1.23.28+etch1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.24.2.1+lenny1.

\n

For the testing distribution (squeeze), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.3.2

\n

We recommend that you upgrade your lintian packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28+etch1.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28+etch1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2.1+lenny1.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2.1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2.1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1980": "
\n

Debian Security Advisory

\n

DSA-1980-1 ircd-hybrid/ircd-ratbox -- integer underflow/denial of service

\n
\n
Date Reported:
\n
27 Jan 2010
\n
Affected Packages:
\n
\nircd-hybrid/ircd-ratbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4016, CVE-2010-0300.
\n
More information:
\n
\n

David Leadbeater discovered an integer underflow that could be triggered\nvia the LINKS command and can lead to a denial of service or the\nexecution of arbitrary code (CVE-2009-4016). This issue affects both,\nircd-hybrid and ircd-ratbox.

\n

It was discovered that the ratbox IRC server is prone to a denial of\nservice attack via the HELP command. The ircd-hybrid package is not\nvulnerable to this issue (CVE-2010-0300).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-4+lenny1 of the ircd-hybrid package and in\nversion 2.2.8.dfsg-2+lenny1 of ircd-ratbox.

\n

Due to a bug in the archive software it was not possible to release the\nfix for the oldstable distribution (etch) simultaneously. The packages\nwill be released as version 7.2.2.dfsg.2-3+etch1 once they become\navailable.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your ircd-hybrid/ircd-ratbox packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1981": "
\n

Debian Security Advisory

\n

DSA-1981-1 maildrop -- privilege escalation

\n
\n
Date Reported:
\n
28 Jan 2010
\n
Affected Packages:
\n
\nmaildrop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 564601.
\n
More information:
\n
\n

Christoph Anton Mitterer discovered that maildrop, a mail delivery agent\nwith filtering abilities, is prone to a privilege escalation issue that\ngrants a user root group privileges.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.0.2-11+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.4-3+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your maildrop packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1.dsc
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch1_s390.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1982": "
\n

Debian Security Advisory

\n

DSA-1982-1 hybserv -- denial of service

\n
\n
Date Reported:
\n
29 Jan 2010
\n
Affected Packages:
\n
\nhybserv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 550389.
In Mitre's CVE dictionary: CVE-2010-0303.
\n
More information:
\n
\n

Julien Cristau discovered that hybserv, a daemon running IRC services\nfor IRCD-Hybrid, is prone to a denial of service attack via the commands\noption.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.9.2-4+lenny2.

\n

Due to a bug in the archive system, it is not possible to release the\nfix for the oldstable distribution (etch) simultaneously. Therefore,\netch will be fixed in version 1.9.2-4+etch1 as soon as it becomes\navailable.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.2-4.1.

\n

We recommend that you upgrade your hybserv packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1983": "
\n

Debian Security Advisory

\n

DSA-1983-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Jan 2010
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4377, CVE-2010-0304.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer, which may lead to the execution of arbitrary\ncode or denial of service. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-4377\n

    A NULL pointer dereference was found in the SMB/SMB2 dissectors.

    • \n
  • CVE-2010-0304\n

    Several buffer overflows were found in the LWRES dissector.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny8.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.6-1.

\n

We recommend that you upgrade your Wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny8_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1984": "
\n

Debian Security Advisory

\n

DSA-1984-1 libxerces2-java -- denial of service

\n
\n
Date Reported:
\n
30 Jan 2010
\n
Affected Packages:
\n
\nlibxerces2-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 548358.
In Mitre's CVE dictionary: CVE-2009-2625.
\n
More information:
\n
\n

It was discovered that libxerces2-java, a validating XML parser for Java,\ndoes not properly process malformed XML files.\nThis vulnerability could allow an attacker to cause a denial of service while parsing\na malformed XML file.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.8.1-1+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.9.1-2+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9.1-4.1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your libxerces2-java package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.8.1-1+etch1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.8.1-1+etch1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.8.1-1+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.9.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.9.1-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.9.1-2+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java_2.9.1-2+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-doc_2.9.1-2+lenny1_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxerces2-java/libxerces2-java-gcj_2.9.1-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1985": "
\n

Debian Security Advisory

\n

DSA-1985-1 sendmail -- insufficient input validation

\n
\n
Date Reported:
\n
31 Jan 2010
\n
Affected Packages:
\n
\nsendmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 564581.
In Mitre's CVE dictionary: CVE-2009-4565.
\n
More information:
\n
\n

It was discovered that sendmail, a Mail Transport Agent, does not properly handle\na '\\0' character in a Common Name (CN) field of an X.509 certificate.

\n

This allows an attacker to spoof arbitrary SSL-based SMTP servers via a crafted server\ncertificate issued by a legitimate Certification Authority, and to bypass intended\naccess restrictions via a crafted client certificate issued by a legitimate\nCertification Authority.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 8.13.8-3+etch1

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 8.14.3-5+lenny1

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.14.3-9.1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your sendmail package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.8-3+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.8-3+etch1.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.8-3+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.8-3+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.8-3+etch1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.8-3+etch1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.8-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0-dbg_8.13.8-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.8-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.8-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.8-3+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.8-3+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.14.3-5+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.14.3-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.14.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.14.3-5+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.14.3-5+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.14.3-5+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.14.3-5+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.14.3-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1_8.14.3-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.14.3-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.14.3-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.14.3-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sendmail/libmilter1.0.1-dbg_8.14.3-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1986": "
\n

Debian Security Advisory

\n

DSA-1986-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Feb 2010
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 559531.
In Mitre's CVE dictionary: CVE-2009-4297, CVE-2009-4298, CVE-2009-4299, CVE-2009-4301, CVE-2009-4302, CVE-2009-4303, CVE-2009-4305.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-4297\n

    Multiple cross-site request forgery (CSRF) vulnerabilities have been\ndiscovered.

    • \n
  • CVE-2009-4298\n

    It has been discovered that the LAMS module is prone to the disclosure\nof user account information.

    • \n
  • CVE-2009-4299\n

    The Glossary module has an insufficient access control mechanism.

    • \n
  • CVE-2009-4301\n

    Moodle does not properly check permissions when the MNET service is\nenabled, which allows remote authenticated servers to execute arbitrary\nMNET functions.

    • \n
  • CVE-2009-4302\n

    The login/index_form.html page links to an HTTP page instead of using an\nSSL secured connection.

    • \n
  • CVE-2009-4303\n

    Moodle stores sensitive data in backup files, which might make it\npossible for attackers to obtain them.

    • \n
  • CVE-2009-4305\n

    It has been discovered that the SCORM module is prone to an SQL\ninjection.

    • \n
\n

Additionally, an SQL injection in the update_record function, a problem\nwith symbolic links and a verification problem with Glossary, database\nand forum ratings have been fixed.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny3.

\n

For the oldstable distribution (etch), there are no fixed packages\navailable and it is too hard to backport many of the fixes. Therefore,\nwe recommend to upgrade to the lenny version.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.2.dfsg-6.

\n

We recommend that you upgrade your moodle packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.2.dfsg-3+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1987": "
\n

Debian Security Advisory

\n

DSA-1987-1 lighttpd -- denial of service

\n
\n
Date Reported:
\n
02 Feb 2010
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0295.
\n
More information:
\n
\n

Li Ming discovered that lighttpd, a small and fast webserver with minimal\nmemory footprint, is vulnerable to a denial of service attack due to bad\nmemory handling. Slowly sending very small chunks of request data causes\nlighttpd to allocate new buffers for each read instead of appending to\nold ones. An attacker can abuse this behaviour to cause denial of service\nconditions due to memory exhaustion.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.4.13-4etch12.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.19-5+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch12_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch12_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.19-5+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.19-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.19-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.19-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.19-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.19-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.19-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1988": "
\n

Debian Security Advisory

\n

DSA-1988-1 qt4-x11 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Feb 2010
\n
Affected Packages:
\n
\nqt4-x11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 532718, Bug 534946, Bug 538347, Bug 545793.
In Mitre's CVE dictionary: CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in qt4-x11, a cross-platform\nC++ application framework.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-0945\n

    Array index error in the insertItemBefore method in WebKit, as used in qt4-x11,\nallows remote attackers to execute arbitrary code.

    • \n
  • CVE-2009-1687\n

    The JavaScript garbage collector in WebKit, as used in qt4-x11 does not\nproperly handle allocation failures, which allows remote attackers to\nexecute arbitrary code or cause a denial of service (memory corruption\nand application crash) via a crafted HTML document that triggers write\naccess to an \"offset of a NULL pointer.

    • \n
  • CVE-2009-1690\n

    Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote\nattackers to execute arbitrary code or cause a denial of service (memory\ncorruption and application crash) by setting an unspecified property of\nan HTML tag that causes child elements to be freed and later accessed\nwhen an HTML error occurs.

    • \n
  • CVE-2009-1698\n

    WebKit in qt4-x11 does not initialize a pointer during handling of a\nCascading Style Sheets (CSS) attr function call with a large numerical\nargument, which allows remote attackers to execute arbitrary code or\ncause a denial of service (memory corruption and application crash) via\na crafted HTML document.

    • \n
  • CVE-2009-1699\n

    The XSL stylesheet implementation in WebKit, as used in qt4-x11 does\nnot properly handle XML external entities, which allows remote attackers to read\narbitrary files via a crafted DTD.

    • \n
  • CVE-2009-1711\n

    WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects,\nwhich allows remote attackers to execute arbitrary code or cause a denial\nof service (application crash) via a crafted HTML document.

    • \n
  • CVE-2009-1712\n

    WebKit in qt4-x11 does not prevent remote loading of local Java applets,\nwhich allows remote attackers to execute arbitrary code, gain privileges, or\nobtain sensitive information via an APPLET or OBJECT element.

    • \n
  • CVE-2009-1713\n

    The XSLT functionality in WebKit, as used in qt4-x11 does not properly\nimplement the document function, which allows remote attackers to read\narbitrary local files and files from different security zones.

    • \n
  • CVE-2009-1725\n

    WebKit in qt4-x11 does not properly handle numeric character references,\nwhich allows remote attackers to execute arbitrary code or cause a\ndenial of service (memory corruption and application crash) via a\ncrafted HTML document.

    • \n
  • CVE-2009-2700\n

    qt4-x11 does not properly handle a '\\0' character in a domain name in the\nSubject Alternative Name field of an X.509 certificate, which allows\nman-in-the-middle attackers to spoof arbitrary SSL servers via a crafted\ncertificate issued by a legitimate Certification Authority.

    • \n
\n

The oldstable distribution (etch) is not affected by these problems.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.4.3-1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.3-1.

\n

We recommend that you upgrade your qt4-x11 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-x11_4.4.3-1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc_4.4.3-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-doc-html_4.4.3-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qmake_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns-dbg_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xml_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-psql_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbg_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dbus_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-help_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-ibase_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-designer_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtcore4_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-svg_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit-dbg_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-sqlite2_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-test_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-core_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-dev-tools_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-demos_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-qt3support_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-webkit_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-odbc_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-script_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqtgui4_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-dev_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-gui_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-network_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-designer_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-assistant_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/qt4-qtconfig_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-opengl-dev_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-sql-mysql_4.4.3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/q/qt4-x11/libqt4-xmlpatterns_4.4.3-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1989": "
\n

Debian Security Advisory

\n

DSA-1989-1 fuse -- denial of service

\n
\n
Date Reported:
\n
02 Feb 2010
\n
Affected Packages:
\n
\nfuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 567633.
In Mitre's CVE dictionary: CVE-2009-3297.
\n
More information:
\n
\n

Dan Rosenberg discovered a race condition in FUSE, a Filesystem in USErspace.\nA local attacker, with access to use FUSE, could unmount arbitrary\nlocations, leading to a denial of service.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.5.3-4.4+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.7.4-1.1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.8.1-1.2, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your fuse packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3-4.4+etch1.dsc
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.5.3-4.4+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.5.3-4.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.5.3-4.4+etch1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.5.3-4.4+etch1_sparc.deb
\n

Debian GNU/Linux 5.0 (lenny)

\n
Source:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4-1.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse_2.7.4-1.1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse-dev_2.7.4-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/libfuse2_2.7.4-1.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/fuse/fuse-utils_2.7.4-1.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1990": "
\n

Debian Security Advisory

\n

DSA-1990-1 trac-git -- shell command injection

\n
\n
Date Reported:
\n
03 Feb 2010
\n
Affected Packages:
\n
\ntrac-git\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 567039.
In Mitre's CVE dictionary: CVE-2010-0394.
\n
More information:
\n
\n

Stefan Goebel discovered that the Debian version of trac-git, the Git\nadd-on for the Trac issue tracking system, contains a flaw which\nenables attackers to execute code on the web server running trac-git\nby sending crafted HTTP queries.

\n

The old stable distribution (etch) does not contain a trac-git package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.0.20080710-3+lenny1.

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), this problem has been fixed in version 0.0.20090320-1.

\n

We recommend that you upgrade your trac-git package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/trac-git/trac-git_0.0.20080710-3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/t/trac-git/trac-git_0.0.20080710-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/trac-git/trac-git_0.0.20080710.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/trac-git/trac-git_0.0.20080710-3+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1991": "
\n

Debian Security Advisory

\n

DSA-1991-1 squid/squid3 -- denial of service

\n
\n
Date Reported:
\n
04 Feb 2010
\n
Affected Packages:
\n
\nsquid/squid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 534982.
In Mitre's CVE dictionary: CVE-2009-2855, CVE-2010-0308.
\n
More information:
\n
\n

Two denial of service vulnerabilities have been discovered in\nsquid and squid3, a web proxy. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-2855\n

    Bastian Blank discovered that it is possible to cause a denial of\nservice via a crafted auth header with certain comma delimiters.

    • \n
  • CVE-2010-0308\n

    Tomas Hoger discovered that it is possible to cause a denial of service\nvia invalid DNS header-only packets.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.7.STABLE3-4.1lenny1 of the squid package and version\n3.0.STABLE8-3+lenny3 of the squid3 package.

\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 2.6.5-6etch5 of the squid package and version 3.0.PRE5-5+etch2\nof the squid3 package.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your squid/squid3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2.dsc
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.PRE5-5+etch2_all.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.6.5-6etch5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squidclient_2.6.5-6etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.6.5-6etch5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.PRE5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-client_3.0.PRE5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.PRE5-5+etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.6.5-6etch5_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid/squid-common_2.7.STABLE3-4.1lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.STABLE8-3+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid/squid-cgi_2.7.STABLE3-4.1lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid/squid_2.7.STABLE3-4.1lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1992": "
\n

Debian Security Advisory

\n

DSA-1992-1 chrony -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Feb 2010
\n
Affected Packages:
\n
\nchrony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0292, CVE-2010-0293, CVE-2010-0294.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in chrony, a pair of programs\nwhich are used to maintain the accuracy of the system clock on a computer.\nThis issues are similar to the NTP security flaw CVE-2009-3563. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-0292\n

    chronyd replies to all cmdmon packets with NOHOSTACCESS messages even for\n unauthorized hosts. An attacker can abuse this behaviour to force two\n chronyd instances to play packet ping-pong by sending such a packet with\n spoofed source address and port. This results in high CPU and network\n usage and thus denial of service conditions.

    • \n
  • CVE-2010-0293\n

    The client logging facility of chronyd doesn't limit memory that is used\n to store client information. An attacker can cause chronyd to allocate\n large amounts of memory by sending NTP or cmdmon packets with spoofed\n source addresses resulting in memory exhaustion.

    • \n
  • CVE-2010-0294\n

    chronyd lacks of a rate limit control to the syslog facility when logging\n received packets from unauthorized hosts. This allows an attacker to\n cause denial of service conditions via filling up the logs and thus disk\n space by repeatedly sending invalid cmdmon packets.

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 1.21z-5+etch1.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.23-6+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your chrony packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.dsc
\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.21z-5+etch1_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/chrony/chrony_1.23-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1993": "
\n

Debian Security Advisory

\n

DSA-1993-1 otrs2 -- sql injection

\n
\n
Date Reported:
\n
10 Feb 2010
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0438.
\n
More information:
\n
\n

It was discovered that otrs2, the Open Ticket Request System, does not\nproperly sanitise input data that is used on SQL queries, which might be\nused to inject arbitrary SQL to, for example, escalate privileges on a\nsystem that uses otrs2.

\n

The oldstable distribution (etch) is not affected.

\n

For the stable distribution (lenny), the problem has been fixed in\nversion 2.2.7-2lenny3.

\n

For the testing distribution (squeeze), the problem will be fixed soon.

\n

For the unstable distribution (sid), the problem has been fixed in\nversion 2.4.7-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.2.7-2lenny3.dsc
\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.2.7-2lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/otrs2/otrs2_2.2.7-2lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1994": "
\n

Debian Security Advisory

\n

DSA-1994-1 ajaxterm -- weak session IDs

\n
\n
Date Reported:
\n
11 Feb 2010
\n
Affected Packages:
\n
\najaxterm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1629.
\n
More information:
\n
\n

It was discovered that Ajaxterm, a web-based terminal, generates weak\nand predictable session IDs, which might be used to hijack a session or\ncause a denial of service attack on a system that uses Ajaxterm.

\n

For the oldstable distribution (etch), the problem has been fixed in\nversion 0.9-2+etch1.

\n

For the stable distribution (lenny), the problem has been fixed in\nversion 0.10-2+lenny1.

\n

For the unstable distribution (sid), the problem has been fixed in\nversion 0.10-5.

\n

We recommend that you upgrade your ajaxterm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.dsc
\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1_all.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1995": "
\n

Debian Security Advisory

\n

DSA-1995-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Feb 2010
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0136, CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the OpenOffice.org office\nsuite. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-0136\n

    It was discovered that macro security settings were insufficiently\n enforced for VBA macros.

    • \n
  • CVE-2009-0217\n

    It was discovered that the W3C XML Signature recommendation\n contains a protocol-level vulnerability related to HMAC output\n truncation. This also affects the integrated libxmlsec library.

    • \n
  • CVE-2009-2949\n

    Sebastian Apelt discovered that an integer overflow in the XPM\n import code may lead to the execution of arbitrary code.

    • \n
  • CVE-2009-2950\n

    Sebastian Apelt and Frank Reissner discovered that a buffer\n overflow in the GIF import code may lead to the execution of\n arbitrary code.

    • \n
  • CVE-2009-3301/CVE-2009-3302\n

    Nicolas Joly discovered multiple vulnerabilities in the parser for\n Word document files, which may lead to the execution of arbitrary\n code.

    • \n
\n

For the old stable distribution (etch), these problems have been fixed in\nversion 2.0.4.dfsg.2-7etch9.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:2.4.1+dfsg-1+lenny6.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.0.4.dfsg.2-7etch9_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.0.4.dfsg.2-7etch8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.0.4.dfsg.2-7etch9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-so52_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_2.0.4.dfsg.2-7etch9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.0.4.dfsg.2-7etch9_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny6_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny5_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1996": "
\n

Debian Security Advisory

\n

DSA-1996-1 linux-2.6 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
12 Feb 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3939, CVE-2009-4027, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0007, CVE-2010-0291, CVE-2010-0298, CVE-2010-0306, CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-3939\n

    Joseph Malicki reported that the dbg_lvl sysfs attribute for the\n megaraid_sas device driver had world-writable permissions,\n permitting local users to modify logging settings.

    • \n
  • CVE-2009-4027\n

    Lennert Buytenhek reported a race in the mac80211 subsystem that\n may allow remote users to cause a denial of service (system crash)\n on a system connected to the same wireless network.

    • \n
  • CVE-2009-4536 CVE-2009-4538\n

    Fabian Yamaguchi reported issues in the e1000 and e1000e drivers\n for Intel gigabit network adapters which allow remote users to\n bypass packet filters using specially crafted ethernet frames.

    • \n
  • CVE-2010-0003\n

    Andi Kleen reported a defect which allows local users to gain read\n access to memory reachable by the kernel when the\n print-fatal-signals option is enabled. This option is disabled by\n default.

    • \n
  • CVE-2010-0007\n

    Florian Westphal reported a lack of capability checking in the\n ebtables netfilter subsystem. If the ebtables module is loaded,\n local users can add and modify ebtables rules.

    • \n
  • CVE-2010-0291\n

    Al Viro reported several issues with the mmap/mremap system calls\n that allow local users to cause a denial of service (system panic)\n or obtain elevated privileges.

    • \n
  • CVE-2010-0298 & CVE-2010-0306\n

    Gleb Natapov discovered issues in the KVM subsystem where missing\n permission checks (CPL/IOPL) permit a user in a guest system to\n denial of service a guest (system crash) or gain escalated\n privileges with the guest.

    • \n
  • CVE-2010-0307\n

    Mathias Krause reported an issue with the load_elf_binary code on\n the amd64 flavor kernels that allows local users to cause a denial\n of service (system crash).

    • \n
  • CVE-2010-0309\n

    Marcelo Tosatti fixed an issue in the PIT emulation code in the\n KVM subsystem that allows privileged users in a guest domain to\n cause a denial of service (crash) of the host system.

    • \n
  • CVE-2010-0410\n

    Sebastian Krahmer discovered an issue in the netlink connector\n subsystem that permits local users to allocate large amounts of\n system memory resulting in a denial of service (out of memory).

    • \n
  • CVE-2010-0415\n

    Ramon de Carvalho Valle discovered an issue in the sys_move_pages\n interface, limited to amd64, ia64 and powerpc64 flavors in Debian.\n Local users can exploit this issue to cause a denial of service\n (system crash) or gain access to sensitive kernel memory.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-21lenny3.

\n

For the oldstable distribution (etch), these problems, where\napplicable, will be fixed in updates to linux-2.6 and linux-2.6.24.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

The following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 stable/lenny
user-mode-linux 2.6.26-1um-2+21lenny3
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny2.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-21lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-21lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-21lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-21lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-21lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-21lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-21lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-21lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-21lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-21lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-21lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-21lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-21lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-21lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-21lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-21lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-21lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-21lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-21lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1997": "
\n

Debian Security Advisory

\n

DSA-1997-1 mysql-dfsg-5.0 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Feb 2010
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4019, CVE-2009-4030, CVE-2009-4484.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the MySQL\ndatabase server.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2009-4019\n

    Domas Mituzas discovered that mysqld does not properly handle errors during\nexecution of certain SELECT statements with subqueries, and does not preserve\ncertain null_value flags during execution of statements that use the\nGeomFromWKB function, which allows remote authenticated users to cause a\ndenial of service (daemon crash) via a crafted statement.

    • \n
  • CVE-2009-4030\n

    Sergei Golubchik discovered that MySQL allows local users to bypass certain\nprivilege checks by calling CREATE TABLE on a MyISAM table with modified\nDATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated\nwith pathnames without symlinks, and that can point to tables created at\na future time at which a pathname is modified to contain a symlink to a\nsubdirectory of the MySQL data home directory.

    • \n
  • CVE-2009-4484\n

    Multiple stack-based buffer overflows in the CertDecoder::GetName function\nin src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow\nremote attackers to execute arbitrary code or cause a denial of service\n(memory corruption and daemon crash) by establishing an SSL connection and\nsending an X.509 client certificate with a crafted name field.

    • \n
\n

For the oldstable distribution (etch), these problems have been fixed in\nversion 5.0.32-7etch12

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.0.51a-24+lenny3

\n

The testing (squeeze) and unstable (sid) distribution do not contain\nmysql-dfsg-5 anymore.

\n

We recommend that you upgrade your mysql-dfsg-5.0 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (Etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch12.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32-7etch12.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.32.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.32-7etch12_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.32-7etch12_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.32-7etch12_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.32-7etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.32-7etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-4.1_5.0.32-7etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.32-7etch12_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.32-7etch12_sparc.deb
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1998": "
\n

Debian Security Advisory

\n

DSA-1998-1 kdelibs -- buffer overflow

\n
\n
Date Reported:
\n
17 Feb 2010
\n
Affected Packages:
\n
\nkdelibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0689.
\n
More information:
\n
\n

Maksymilian Arciemowicz discovered a buffer overflow in the internal\nstring routines of the KDE core libraries, which could lead to the\nexecution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4:3.5.10.dfsg.1-0lenny4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:3.5.10.dfsg.1-3.

\n

We recommend that you upgrade your kdelibs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4.dsc
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "1999": "
\n

Debian Security Advisory

\n

DSA-1999-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Feb 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-1571\n

    Alin Rad Pop discovered that incorrect memory handling in the\n HTML parser could lead to the execution of arbitrary code.

    • \n
  • CVE-2009-3988\n

    Hidetake Jo discovered that the same-origin policy can be\n bypassed through window.dialogArguments.

    • \n
  • CVE-2010-0159\n

    Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn\n Wargers and Paul Nickerson reported crashes in layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2010-0160\n

    Orlando Barrera II discovered that incorrect memory handling in the\n implementation of the web worker API could lead to the execution\n of arbitrary code.

    • \n
  • CVE-2010-0162\n

    Georgi Guninski discovered that the same origin policy can be\n bypassed through specially crafted SVG documents.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.18-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.8-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18-1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.18-1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.18-1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.18-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.18-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2000": "
\n

Debian Security Advisory

\n

DSA-2000-1 ffmpeg-debian -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Feb 2010
\n
Affected Packages:
\n
\nffmpeg-debian\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4640.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in ffmpeg, a multimedia\nplayer, server and encoder, which also provides a range of multimedia\nlibraries used in applications like MPlayer:

\n

Various programming errors in container and codec implementations\nmay lead to denial of service or the execution of arbitrary code\nif the user is tricked into opening a malformed media file or stream.

\n

The implementations of the following affected codecs and container formats\nhave been updated:

\n
    \n
  • the Vorbis audio codec
    • \n
  • the Ogg container implementation
    • \n
  • the FF Video 1 codec
    • \n
  • the MPEG audio codec
    • \n
  • the H264 video codec
    • \n
  • the MOV container implementation
    • \n
  • the Oggedc container implementation
    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.svn20080206-18+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:0.5+svn20090706-5.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-18+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-debian_0.svn20080206-18+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-doc_0.svn20080206-18+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc51_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil49_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg-dbg_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavutil-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libpostproc-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat52_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libswscale0_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavformat-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice-dev_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/ffmpeg_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavdevice52_0.svn20080206-18+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/ffmpeg-debian/libavcodec51_0.svn20080206-18+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2001": "
\n

Debian Security Advisory

\n

DSA-2001-1 php5 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
19 Feb 2010
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4142, CVE-2009-4143.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP\u00a05, an\nhypertext preprocessor. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-4142\n

    The htmlspecialchars function does not properly handle invalid\n multi-byte sequences.

    • \n
  • CVE-2009-4143\n

    Memory corruption via session interruption.

    • \n
\n

In the stable distribution (lenny), this update also includes bug fixes\n(bug #529278, #556459, #565387, #523073) that were to be included in a\nstable point release as version 5.2.6.dfsg.1-1+lenny5.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny6.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 5.2.12.dfsg.1-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2002": "
\n

Debian Security Advisory

\n

DSA-2002-1 polipo -- denial of service

\n
\n
Date Reported:
\n
19 Feb 2010
\n
Affected Packages:
\n
\npolipo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 547047, Bug 560779.
In Mitre's CVE dictionary: CVE-2009-3305, CVE-2009-4413.
\n
More information:
\n
\n

Several denial of service vulnerabilities have been discovered in polipo, a\nsmall, caching web proxy. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-3305\n

    A malicous remote sever could cause polipo to crash by sending an\n invalid Cache-Control header.

    • \n
  • CVE-2009-4143\n

    A malicous client could cause polipo to crash by sending a large\n Content-Length value.

    • \n
\n

This upgrade also fixes some other bugs that could lead to a daemon crash\nor an infinite loop and may be triggerable remotely.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.4-1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.0.4-3.

\n

We recommend that you upgrade your polipo packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/polipo/polipo_1.0.4-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2003": "
\n

Debian Security Advisory

\n

DSA-2003-1 linux-2.6 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
22 Feb 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3080, CVE-2009-3726, CVE-2009-4005, CVE-2009-4020, CVE-2009-4021, CVE-2009-4536, CVE-2010-0007, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622.
\n
More information:
\n
\n

NOTE: This kernel update marks the final planned kernel security update for\nthe 2.6.18 kernel in the Debian release 'etch'. Although security support for\n'etch' officially ended on Feburary 15th, 2010, this update was already in\npreparation before that date. A final update that includes fixes for these\nissues in the 2.6.24 kernel is also in preparation and will be released\nshortly.

\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-3080\n

    Dave Jones reported an issue in the gdth SCSI driver. A missing\n check for negative offsets in an ioctl call could be exploited by\n local users to create a denial of service or potentially gain\n elevated privileges.

    • \n
  • CVE-2009-3726\n

    Trond Myklebust reported an issue where a malicious NFS server\n could cause a denial of service condition on its clients by\n returning incorrect attributes during an open call.

    • \n
  • CVE-2009-4005\n

    Roel Kluin discovered an issue in the hfc_usb driver, an ISDN\n driver for Colognechip HFC-S USB chip. A potential read overflow\n exists which may allow remote users to cause a denial of service\n condition (oops).

    • \n
  • CVE-2009-4020\n

    Amerigo Wang discovered an issue in the HFS filesystem that would\n allow a denial of service by a local user who has sufficient\n privileges to mount a specially crafted filesystem.

    • \n
  • CVE-2009-4021\n

    Anana V. Avati discovered an issue in the fuse subsystem. If the\n system is sufficiently low on memory, a local user can cause the\n kernel to dereference an invalid pointer resulting in a denial of\n service (oops) and potentially an escalation of privileges.

    • \n
  • CVE-2009-4536\n

    Fabian Yamaguchi reported an issue in the e1000 driver for Intel\n gigabit network adapters which allow remote users to bypass packet\n filters using specially crafted ethernet frames.

    • \n
  • CVE-2010-0007\n

    Florian Westphal reported a lack of capability checking in the\n ebtables netfilter subsystem. If the ebtables module is loaded,\n local users can add and modify ebtables rules.

    • \n
  • CVE-2010-0410\n

    Sebastian Krahmer discovered an issue in the netlink connector\n subsystem that permits local users to allocate large amounts of\n system memory resulting in a denial of service (out of memory).

    • \n
  • CVE-2010-0415\n

    Ramon de Carvalho Valle discovered an issue in the sys_move_pages\n interface, limited to amd64, ia64 and powerpc64 flavors in Debian.\n Local users can exploit this issue to cause a denial of service\n (system crash) or gain access to sensitive kernel memory.

    • \n
  • CVE-2010-0622\n

    Jerome Marchand reported an issue in the futex subsystem that\n allows a local user to force an invalid futex state which results\n in a denial of service (oops).

    • \n
\n

This update also fixes a regression introduced by a previous security\nupdate that caused problems booting on certain s390 systems.

\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.18.dfsg.1-26etch2.

\n

We recommend that you upgrade your linux-2.6, fai-kernels, and\nuser-mode-linux packages.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n
\u00a0 Debian 4.0 (etch)
fai-kernels 1.17+etch.26etch2
user-mode-linux 2.6.18-1um-2etch.26etch2
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch2.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-26etch2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.18-6_2.6.18.dfsg.1-26etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.18_2.6.18.dfsg.1-26etch2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-legacy_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-alpha-smp_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-alpha_2.6.18.dfsg.1-26etch2_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-alpha-generic_2.6.18.dfsg.1-26etch2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-amd64_2.6.18.dfsg.1-26etch2_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-arm_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s3c2410_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-ixp4xx_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-ixp4xx_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-footbridge_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-footbridge_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s3c2410_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-iop32x_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-rpc_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-rpc_2.6.18.dfsg.1-26etch2_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-iop32x_2.6.18.dfsg.1-26etch2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc-smp_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-parisc64_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-parisc64-smp_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-hppa_2.6.18.dfsg.1-26etch2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-k7_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-i386_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-486_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-k7_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-amd64_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-686-bigmem_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-k7_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-xen-vserver-686_2.6.18.dfsg.1-26etch2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-itanium_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-ia64_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-mckinley_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-itanium_2.6.18.dfsg.1-26etch2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mips_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-ip32_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-ip22_2.6.18.dfsg.1-26etch2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-mipsel_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-qemu_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r4k-kn04_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sb1a-bcm91480b_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r5k-cobalt_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sb1-bcm91250a_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-r3k-kn02_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-prep_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-prep_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc-smp_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc-miboot_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-powerpc_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-powerpc64_2.6.18.dfsg.1-26etch2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390x_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390-tape_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-s390_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-s390x_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-s390_2.6.18.dfsg.1-26etch2_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-s390x_2.6.18.dfsg.1-26etch2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64-smp_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc32_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-all-sparc_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-sparc32_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-sparc64_2.6.18.dfsg.1-26etch2_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.18-6-vserver_2.6.18.dfsg.1-26etch2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2004": "
\n

Debian Security Advisory

\n

DSA-2004-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Feb 2010
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3297, CVE-2010-0547.
\n
More information:
\n
\n

Two local vulnerabilities have been discovered in samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-3297\n

    Ronald Volgers discovered that a race condition in mount.cifs\n allows local users to mount remote filesystems over arbitrary\n mount points.

    • \n
  • CVE-2010-0547\n

    Jeff Layton discovered that missing input sanitising in mount.cifs\n allows denial of service by corrupting /etc/mtab.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny9.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:3.4.5~dfsg-2.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny9_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2005": "
\n

Debian Security Advisory

\n

DSA-2005-1 linux-2.6.24 -- privilege escalation/denial of service/sensitive memory leak

\n
\n
Date Reported:
\n
27 Feb 2010
\n
Affected Packages:
\n
\nlinux-2.6.24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2691, CVE-2009-2695, CVE-2009-3080, CVE-2009-3726, CVE-2009-3889, CVE-2009-4005, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4308, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0007, CVE-2010-0291, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622.
\n
More information:
\n
\n

NOTE: This kernel update marks the final planned kernel security\nupdate for the 2.6.24 kernel in the Debian release 'etch'. Although\nsecurity support for 'etch' officially ended on Feburary 15th, 2010,\nthis update was already in preparation before that date.

\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, sensitive memory leak or privilege\nescalation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-2691\n

    Steve Beattie and Kees Cook reported an information leak in the\n maps and smaps files available under /proc. Local users may be\n able to read this data for setuid processes while the ELF binary\n is being loaded.

    • \n
  • CVE-2009-2695\n

    Eric Paris provided several fixes to increase the protection\n provided by the mmap_min_addr tunable against NULL pointer\n dereference vulnerabilities.

    • \n
  • CVE-2009-3080\n

    Dave Jones reported an issue in the gdth SCSI driver. A missing\n check for negative offsets in an ioctl call could be exploited by\n local users to create a denial of service or potentially gain\n elevated privileges.

    • \n
  • CVE-2009-3726\n

    Trond Myklebust reported an issue where a malicious NFS server\n could cause a denial of service condition on its clients by\n returning incorrect attributes during an open call.

    • \n
  • CVE-2009-3889\n

    Joe Malicki discovered an issue in the megaraid_sas driver.\n Insufficient permissions on the sysfs dbg_lvl interface allow\n local users to modify the debug logging behavior.

    • \n
  • CVE-2009-4005\n

    Roel Kluin discovered an issue in the hfc_usb driver, an ISDN\n driver for Colognechip HFC-S USB chip. A potential read overflow\n exists which may allow remote users to cause a denial of service\n condition (oops).

    • \n
  • CVE-2009-4020\n

    Amerigo Wang discovered an issue in the HFS filesystem that would\n allow a denial of service by a local user who has sufficient\n privileges to mount a specially crafted filesystem.

    • \n
  • CVE-2009-4021\n

    Anana V. Avati discovered an issue in the fuse subsystem. If the\n system is sufficiently low on memory, a local user can cause the\n kernel to dereference an invalid pointer resulting in a denial of\n service (oops) and potentially an escalation of privileges.

    • \n
  • CVE-2009-4138\n

    Jay Fenlason discovered an issue in the firewire stack that allows\n local users to cause a denial of service (oops or crash) by making\n a specially crafted ioctl call.

    • \n
  • CVE-2009-4308\n

    Ted Ts'o discovered an issue in the ext4 filesystem that allows\n local users to cause a denial of service (NULL pointer\n dereference). For this to be exploitable, the local user must\n have sufficient privileges to mount a filesystem.

    • \n
  • CVE-2009-4536\nCVE-2009-4538\n

    Fabian Yamaguchi reported issues in the e1000 and e1000e drivers\n for Intel gigabit network adapters which allow remote users to\n bypass packet filters using specially crafted Ethernet frames.

    • \n
  • CVE-2010-0003\n

    Andi Kleen reported a defect which allows local users to gain read\n access to memory reachable by the kernel when the\n print-fatal-signals option is enabled. This option is disabled by\n default.

    • \n
  • CVE-2010-0007\n

    Florian Westphal reported a lack of capability checking in the\n ebtables netfilter subsystem. If the ebtables module is loaded,\n local users can add and modify ebtables rules.

    • \n
  • CVE-2010-0291\n

    Al Viro reported several issues with the mmap/mremap system calls\n that allow local users to cause a denial of service (system panic)\n or obtain elevated privileges.

    • \n
  • CVE-2010-0410\n

    Sebastian Krahmer discovered an issue in the netlink connector\n subsystem that permits local users to allocate large amounts of\n system memory resulting in a denial of service (out of memory).

    • \n
  • CVE-2010-0415\n

    Ramon de Carvalho Valle discovered an issue in the sys_move_pages\n interface, limited to amd64, ia64 and powerpc64 flavors in Debian.\n Local users can exploit this issue to cause a denial of service\n (system crash) or gain access to sensitive kernel memory.

    • \n
  • CVE-2010-0622\n

    Jerome Marchand reported an issue in the futex subsystem that\n allows a local user to force an invalid futex state which results\n in a denial of service (oops).

    • \n
\n

For the oldstable distribution (etch), this problem has been fixed in\nversion 2.6.24-6~etchnhalf.9etch3.

\n

We recommend that you upgrade your linux-2.6.24 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 4.0 (etch)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch3.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch3.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.9etch3_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.9etch3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.9etch3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.9etch3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.9etch3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2006": "
\n

Debian Security Advisory

\n

DSA-2006-1 sudo -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Mar 2010
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 570737.
In Mitre's CVE dictionary: CVE-2010-0426, CVE-2010-0427.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in sudo, a program\ndesigned to allow a sysadmin to give limited root privileges to users.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-0426\n

    It was discovered that sudo when a pseudo-command is enabled, permits a\nmatch between the name of the pseudo-command and the name of an\nexecutable file in an arbitrary directory, which allows local users to\ngain privileges via a crafted executable file.

    • \n
  • CVE-2010-0427\n

    It was discovered that sudo when the runas_default option is used, does\nnot properly set group memberships, which allows local users to gain privileges\nvia a sudo command.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.6.9p17-2+lenny1

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.7.2p1-1.2, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your sudo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2007": "
\n

Debian Security Advisory

\n

DSA-2007-1 cups -- format string vulnerability

\n
\n
Date Reported:
\n
03 Mar 2010
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0393.
\n
More information:
\n
\n

Ronald Volgers discovered that the lppasswd component of the cups suite,\nthe Common UNIX Printing System, is vulnerable to format string attacks\ndue to insecure use of the LOCALEDIR environment variable. An attacker\ncan abuse this behaviour to execute arbitrary code via crafted localization\nfiles and triggering calls to _cupsLangprintf(). This works as the lppasswd\nbinary happens to be installed with setuid 0 permissions.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny8.

\n

For the testing distribution (squeeze) this problem will be fixed soon.

\n

For the unstable distribution (sid) this problem has been fixed in\nversion 1.4.2-9.1.

\n

We recommend that you upgrade your cups packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.dsc
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2008": "
\n

Debian Security Advisory

\n

DSA-2008-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Mar 2010
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 571151.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework: Cross-site scripting vulnerabilities have\nbeen discovered in both the frontend and the backend. Also, user data\ncould be leaked. More details can be found in the\nTypo3\nsecurity advisory.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny3.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version 4.3.2-1.

\n

We recommend that you upgrade your typo3-src package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2009": "
\n

Debian Security Advisory

\n

DSA-2009-1 tdiary -- insufficient input sanitising

\n
\n
Date Reported:
\n
09 Mar 2010
\n
Affected Packages:
\n
\ntdiary\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 572417.
In Mitre's CVE dictionary: CVE-2010-0726.
\n
More information:
\n
\n

It was discovered that tdiary, a communication-friendly weblog system,\nis prone to a cross-site scripting vulnerability due to insufficient\ninput sanitising in the TrackBack transmission plugin.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.1-1+lenny1.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.1-1.1.

\n

We recommend that you upgrade your tdiary packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-theme_2.2.1-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-contrib_2.2.1-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-plugin_2.2.1-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary-mode_2.2.1-1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2010": "
\n

Debian Security Advisory

\n

DSA-2010-1 kvm -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
10 Mar 2010
\n
Affected Packages:
\n
\nkvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0298, CVE-2010-0306, CVE-2010-0309, CVE-2010-0419.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in kvm, a full\nvirtualization system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2010-0298\nCVE-2010-0306\n

    Gleb Natapov discovered issues in the KVM subsystem where missing\n permission checks (CPL/IOPL) permit a user in a guest system to\n denial of service a guest (system crash) or gain escalated\n privileges with the guest.

    • \n
  • CVE-2010-0309\n

    Marcelo Tosatti fixed an issue in the PIT emulation code in the\n KVM subsystem that allows privileged users in a guest domain to\n cause a denial of service (crash) of the host system.

    • \n
  • CVE-2010-0419\n

    Paolo Bonzini found a bug in KVM that can be used to bypass proper\n permission checking while loading segment selectors. This\n potentially allows privileged guest users to execute privileged\n instructions on the host system.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 72+dfsg-5~lenny5.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthese problems will be addressed within the linux-2.6 package.

\n

We recommend that you upgrade your kvm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.dsc
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny5_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_i386.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2011": "
\n

Debian Security Advisory

\n

DSA-2011-1 dpkg -- path traversal

\n
\n
Date Reported:
\n
10 Mar 2010
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0396.
\n
More information:
\n
\n

William Grant discovered that the dpkg-source component of dpkg, the\nlow-level infrastructure for handling the installation and removal of\nDebian software packages, is vulnerable to path traversal attacks.\nA specially crafted Debian source package can lead to file modification\noutside of the destination directory when extracting the package content.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.14.29.

\n

For the testing (squeeze) and unstable (sid) distribution this problem\nwill be fixed soon.

\n

We recommend that you upgrade your dpkg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.dsc
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg-dev_1.14.29_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2012": "
\n

Debian Security Advisory

\n

DSA-2012-1 linux-2.6 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
11 Mar 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 568561, Bug 570554.
In Mitre's CVE dictionary: CVE-2009-3725, CVE-2010-0622.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-3725\n

    Philipp Reisner reported an issue in the connector subsystem\n which allows unprivileged users to send netlink packets. This\n allows local users to manipulate settings for uvesafb devices\n which are normally reserved for privileged users.

    • \n
  • CVE-2010-0622\n

    Jerome Marchand reported an issue in the futex subsystem that\n allows a local user to force an invalid futex state which results\n in a denial of service (oops).

    • \n
\n

This update also includes fixes for regressions introduced by previous\nupdates. See the referenced Debian bug pages for details.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-21lenny4.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

The following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+21lenny4
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-21lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-21lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-21lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-21lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-21lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-21lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-21lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-21lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-21lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-21lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-21lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-21lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-21lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-21lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-21lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-21lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-21lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-21lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-21lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-21lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-21lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-21lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-21lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-21lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2013": "
\n

Debian Security Advisory

\n

DSA-2013-1 egroupware -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2010
\n
Affected Packages:
\n
\negroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573279.
\n
More information:
\n
\n

Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based\ngroupware suite: Missing input sanitising in the spellchecker integration\nmay lead to the execution of arbitrary commands and a cross-site scripting\nvulnerability was discovered in the login page.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.4.004-2.dfsg-4.2.

\n

The upcoming stable distribution (squeeze), no longer contains egroupware\npackages.

\n

We recommend that you upgrade your egroupware packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.dsc
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-bookmarks_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-felamimail_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-mydms_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-polls_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-calendar_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-developer-tools_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-etemplate_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-emailadmin_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpsysinfo_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-resources_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-news-admin_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-filemanager_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-registration_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sitemgr_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-phpbrain_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-core_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-infolog_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-tracker_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-wiki_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-sambaadmin_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-addressbook_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-timesheet_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-manual_1.4.004-2.dfsg-4.2_all.deb
\n
http://security.debian.org/pool/updates/main/e/egroupware/egroupware-projectmanager_1.4.004-2.dfsg-4.2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2014": "
\n

Debian Security Advisory

\n

DSA-2014-1 moin -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Mar 2010
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 569975.
In Mitre's CVE dictionary: CVE-2010-0668, CVE-2010-0669, CVE-2010-0717.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in moin, a python clone of\nWikiWiki.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-0668\n

    Multiple security issues in MoinMoin related to configurations that have\na non-empty superuser list, the xmlrpc action enabled, the SyncPages\naction enabled, or OpenID configured.

    • \n
  • CVE-2010-0669\n

    MoinMoin does not properly sanitize user profiles.

    • \n
  • CVE-2010-0717\n

    The default configuration of cfg.packagepages_actions_excluded in MoinMoin\ndoes not prevent unsafe package actions.

    • \n
\n

In addition, this update fixes an error when processing hierarchical ACLs,\nwhich can be exploited to access restricted sub-pages.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.7.1-3+lenny3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.2-1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your moin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2015": "
\n

Debian Security Advisory

\n

DSA-2015-1 drbd8 -- privilege escalation

\n
\n
Date Reported:
\n
15 Mar 2010
\n
Affected Packages:
\n
\ndrbd8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573531.
\n
More information:
\n
\n

A local vulnerability has been discovered in drbd8.

\n

Philipp Reisner fixed an issue in the drbd kernel module that allows\nlocal users to send netlink packets to perform actions that should be\nrestricted to users with CAP_SYS_ADMIN privileges. This is a similar\nissue to those described by CVE-2009-3725.

\n

This update also fixes an ABI compatibility issue which was introduced\nby linux-2.6 (2.6.26-21lenny3). The prebuilt drbd module packages listed\nin this advisory require a linux-image package version 2.6.26-21lenny3\nor greater.

\n

For the stable distribution (lenny), this problem has been fixed in\ndrbd8 (2:8.0.14-2+lenny1).

\n

We recommend that you upgrade your drbd8 packages.

\n

The linux-modules-extra-2.6 package has been rebuilt against the updated\ndrbd8 package to provide fixed prebuilt drbd8-modules packages. If,\ninstead of using the prebuilt drbd8-modules packages, you have built and\ninstalled a local copy of the drbd module from the drbd8-source package\n(e.g., using module-assistant), you will need to follow the same steps\nyou originally used to rebuild your module after upgrading the\ndrbd8-source package.

\n

Note: After upgrading a kernel module you must reload the module\nfor the changes to take effect:

\n
    \n
  1. Shutdown all services that make use of the drbd module
    2. \n
  2. Unload the previous drbd module (modprobe -r drbd)
    3. \n
  3. Load the updated drbd module (modprobe drbd)
    4. \n
  4. Restart any services that make use of the drbd module
    5. \n
\n

A system reboot will also cause the updated module to be used.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8_8.0.14.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.26-6+lenny3.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/linux-modules-extra-2.6_2.6.26-6+lenny3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-source_8.0.14-2+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-alpha-smp_2.6.26+3.3-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-alpha-legacy_2.6.26+2.0.4-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-alpha-smp_2.6.26+0+20080719-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-alpha-legacy_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-alpha-generic_2.6.26+3.2c-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-alpha-smp_2.6.26+2.20081102-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-alpha-generic_2.6.26+1.2.3-2-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-alpha-smp_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-alpha-generic_2.6.26+0+20080719-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-alpha-legacy_2.6.26+0+20080719-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-alpha-smp_2.6.26+1.2.3-2-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-alpha-legacy_2.6.26+3.3-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-alpha-legacy_2.6.26+2.20081102-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-alpha-generic_2.6.26+2.0.5-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-alpha-generic_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-alpha-generic_2.6.26+3.3-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-alpha-generic_2.6.26+4.43-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-alpha-smp_2.6.26+3.2c-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-alpha-generic_2.6.26+2.0.4-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-alpha-legacy_2.6.26+1.2.3-2-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-alpha-smp_2.6.26+2.0.4-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-alpha-smp_2.6.26+4.43-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-alpha-smp_2.6.26+2.0.5-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-alpha-legacy_2.6.26+3.2c-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-alpha-legacy_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-alpha-generic_2.6.26-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-alpha-generic_2.6.26+2.20081102-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-alpha-legacy_2.6.26+2.0.5-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-alpha-legacy_2.6.26+4.43-6+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-alpha-smp_2.6.26-6+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-amd64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-amd64_2.6.26+3.2c-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-xen-amd64_2.6.26+0.4.16+svn162-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-amd64_2.6.26+01.00.20-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-amd64_2.6.26+2.0.5-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-amd64_2.6.26+3.2c-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-amd64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-openvz-amd64_2.6.26+0.4.16+svn162-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-openvz-amd64_2.6.26+2.0.4-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-openvz-amd64_2.6.26+4.43-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-vserver-amd64_2.6.26+1.6.6-dfsg-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-amd64_2.6.26+0.4.16+svn162-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-openvz-amd64_2.6.26+1.2.3-2-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-xen-amd64_2.6.26+0.37-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-amd64_2.6.26+1.2.3-2-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-amd64_2.6.26+2.0.4-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-vserver-amd64_2.6.26+0.37-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-openvz-amd64_2.6.26+2.20081102-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-amd64_2.6.26+2.20081102-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-amd64_2.6.26+4.43-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-amd64_2.6.26+0.37-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-xen-amd64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-amd64_2.6.26+1.6.6-dfsg-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-openvz-amd64_2.6.26+3.2c-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-amd64_2.6.26+0+20080719-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-openvz-amd64_2.6.26+01.00.20-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-amd64_2.6.26+2.0.5-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-openvz-amd64_2.6.26+3.3-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-openvz-amd64_2.6.26+2.0.5-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-xen-amd64_2.6.26+4.43-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-xen-amd64_2.6.26+2.20081102-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-amd64_2.6.26+8.0.14-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-amd64_2.6.26+0.4.16+svn162-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-amd64_2.6.26+2.20081102-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-openvz-amd64_2.6.26+8.0.14-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-xen-amd64_2.6.26+0+20080719-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-openvz-amd64_2.6.26+0.37-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-xen-amd64_2.6.26+2.0.4-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-amd64_2.6.26+4.43-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-openvz-amd64_2.6.26+1.6.6-dfsg-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-amd64_2.6.26+0+20080719-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-amd64_2.6.26+3.3-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-xen-amd64_2.6.26+3.3-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-xen-amd64_2.6.26+8.0.14-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-openvz-amd64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-vserver-amd64_2.6.26+01.00.20-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-amd64_2.6.26+8.0.14-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-openvz-amd64_2.6.26+0+20080719-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-xen-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-amd64_2.6.26+2.0.4-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-xen-amd64_2.6.26+3.2c-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-amd64_2.6.26+3.3-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-openvz-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-amd64_2.6.26-6+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-vserver-amd64_2.6.26-6+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-footbridge_2.6.26+3.3-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-footbridge_2.6.26+4.43-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-footbridge_2.6.26+0+20080719-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-iop32x_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-orion5x_2.6.26+3.3-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-ixp4xx_2.6.26+4.43-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-orion5x_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-ixp4xx_2.6.26+2.20081102-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-footbridge_2.6.26+2.20081102-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-orion5x_2.6.26+2.20081102-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-orion5x_2.6.26+0.4.16+svn162-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-iop32x_2.6.26+3.3-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-iop32x_2.6.26+8.0.14-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-iop32x_2.6.26+0+20080719-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-footbridge_2.6.26+8.0.14-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-footbridge_2.6.26+2.0.5-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-iop32x_2.6.26+2.0.4-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-iop32x_2.6.26+4.43-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-ixp4xx_2.6.26+3.3-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-orion5x_2.6.26+4.43-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-iop32x_2.6.26+2.0.5-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-footbridge_2.6.26+3.2c-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-footbridge_2.6.26+1.2.3-2-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-iop32x_2.6.26+3.2c-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-orion5x_2.6.26+2.0.5-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-iop32x_2.6.26+1.2.3-2-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-ixp4xx_2.6.26+0+20080719-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-orion5x_2.6.26+2.0.4-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-orion5x_2.6.26+3.2c-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-ixp4xx_2.6.26+8.0.14-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-orion5x_2.6.26+8.0.14-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-footbridge_2.6.26+0.4.16+svn162-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-ixp4xx_2.6.26+3.2c-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-ixp4xx_2.6.26+2.0.5-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-footbridge_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-iop32x_2.6.26+2.20081102-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-ixp4xx_2.6.26+0.4.16+svn162-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-ixp4xx_2.6.26+2.0.4-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-ixp4xx_2.6.26+1.2.3-2-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-ixp4xx_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-footbridge_2.6.26+2.0.4-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-iop32x_2.6.26+0.4.16+svn162-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-iop32x_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-ixp4xx_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-orion5x_2.6.26+1.2.3-2-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-orion5x_2.6.26+0+20080719-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-footbridge_2.6.26-6+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-orion5x_2.6.26-6+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-ixp4xx_2.6.26+0.4.16+svn162-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-iop32x_2.6.26+8.0.14-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-iop32x_2.6.26+0+20080719-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-ixp4xx_2.6.26+0+20080719-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-iop32x_2.6.26+1.2.3-2-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-iop32x_2.6.26+2.20081102-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-versatile_2.6.26+2.0.5-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-versatile_2.6.26+3.3-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-versatile_2.6.26+1.2.3-2-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-versatile_2.6.26+3.2c-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-ixp4xx_2.6.26+2.20081102-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-orion5x_2.6.26+2.20081102-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-versatile_2.6.26+4.43-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-orion5x_2.6.26+0+20080719-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-iop32x_2.6.26+4.43-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-versatile_2.6.26+0.4.16+svn162-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-iop32x_2.6.26+2.0.5-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-versatile_2.6.26+2.0.4-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-orion5x_2.6.26+3.2c-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-iop32x_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-ixp4xx_2.6.26+8.0.14-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-ixp4xx_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-orion5x_2.6.26+3.3-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-orion5x_2.6.26+2.0.5-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-orion5x_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-ixp4xx_2.6.26+2.0.4-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-versatile_2.6.26+2.20081102-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-versatile_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-iop32x_2.6.26+2.0.4-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-orion5x_2.6.26+1.2.3-2-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-orion5x_2.6.26+8.0.14-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-orion5x_2.6.26+2.0.4-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-iop32x_2.6.26+3.2c-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-iop32x_2.6.26+0.4.16+svn162-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-orion5x_2.6.26+0.4.16+svn162-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-ixp4xx_2.6.26+1.2.3-2-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-iop32x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-versatile_2.6.26+0+20080719-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-ixp4xx_2.6.26+3.3-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-versatile_2.6.26+8.0.14-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-iop32x_2.6.26+3.3-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-orion5x_2.6.26+4.43-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-ixp4xx_2.6.26+4.43-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-ixp4xx_2.6.26+3.2c-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-orion5x_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-ixp4xx_2.6.26+2.0.5-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-versatile_2.6.26-6+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-ixp4xx_2.6.26-6+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-parisc64-smp_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-parisc-smp_2.6.26+8.0.14-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-parisc64_2.6.26+3.2c-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-parisc_2.6.26+4.43-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-parisc64_2.6.26+2.0.5-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-parisc-smp_2.6.26+0+20080719-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-parisc_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-parisc64-smp_2.6.26+1.2.3-2-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-parisc64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-parisc64_2.6.26+2.0.4-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-parisc64-smp_2.6.26+0+20080719-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-parisc_2.6.26+8.0.14-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-parisc64-smp_2.6.26+2.0.5-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-parisc_2.6.26+3.2c-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-parisc-smp_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-parisc_2.6.26+2.0.5-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-parisc-smp_2.6.26+2.0.5-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-parisc_2.6.26+2.0.4-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-parisc64_2.6.26+2.20081102-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-parisc-smp_2.6.26+3.2c-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-parisc_2.6.26+2.20081102-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-parisc64-smp_2.6.26+2.20081102-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-parisc_2.6.26+0+20080719-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-parisc64-smp_2.6.26+8.0.14-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-parisc64-smp_2.6.26+4.43-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-parisc64-smp_2.6.26+3.2c-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-parisc-smp_2.6.26+2.20081102-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-parisc-smp_2.6.26+1.2.3-2-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-parisc_2.6.26+1.2.3-2-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-parisc64_2.6.26+4.43-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-parisc64-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-parisc64_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-parisc-smp_2.6.26+4.43-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-parisc64_2.6.26+0+20080719-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-parisc64_2.6.26+8.0.14-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-parisc-smp_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-parisc64_2.6.26+1.2.3-2-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-parisc_2.6.26-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-parisc-smp_2.6.26+2.0.4-6+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-parisc64-smp_2.6.26+2.0.4-6+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-486_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-686_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-686_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-amd64_2.6.26+1.2.3-2-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-486_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-486_2.6.26+1.2.3-2-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-vserver-686-bigmem_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-686-bigmem_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-vserver-686_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-openvz-686_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-486_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-openvz-686_2.6.26+1.2.3-2-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-amd64_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-686_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-xen-686_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-686_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-686-bigmem_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-486_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-openvz-686_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-amd64_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-openvz-686_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-vserver-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-686_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-686_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-486_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-amd64_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-xen-686_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-486_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-686-bigmem_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-486_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-openvz-686_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-686_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-686_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-686-bigmem_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-openvz-686_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-686_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-openvz-686_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-openvz-686_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-686_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-486_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-686-bigmem_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-openvz-686_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-openvz-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-amd64_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-vserver-686_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-vserver-686-bigmem_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-686_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-xen-686_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-686_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-686-bigmem_2.6.26+1.2.3-2-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-486_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-amd64_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-vserver-686-bigmem_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-686-bigmem_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-686-bigmem_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-686-bigmem_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-686_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-xen-686_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-486_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-686-bigmem_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-686-bigmem_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-xen-686_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-686-bigmem_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-amd64_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-vserver-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-686-bigmem_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-686-bigmem_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-686_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-vserver-686-bigmem_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-686-bigmem_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-686-bigmem_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-686-bigmem_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-486_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6.26-2-openvz-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-686_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-686_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-486_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-686_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-amd64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-686-bigmem_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-openvz-686_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-686-bigmem_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-amd64_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-amd64_2.6.26+0+20080719-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-amd64_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-amd64_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-686_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-686_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-686-bigmem_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-amd64_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-openvz-686_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-686-bigmem_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-xen-686_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-amd64_2.6.26+3.3-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-xen-686_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-486_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-amd64_2.6.26+2.0.4-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-686-bigmem_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-686_2.6.26+1.2.3-2-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-686-bigmem_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-686_2.6.26+2.0.5-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-686_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-xen-686_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-xen-686_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-686-bigmem_2.6.26+0.4.16+svn162-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-486_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-openvz-686_2.6.26+01.00.20-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-guest-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-openvz-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-686_2.6.26+2.20081102-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/virtualbox-ose-modules-2.6.26-2-486_2.6.26+1.6.6-dfsg-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-686-bigmem_2.6.26+8.0.14-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/tp-smapi-modules-2.6.26-2-xen-686_2.6.26+0.37-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-686_2.6.26+4.43-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-686-bigmem_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-686_2.6.26-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-openvz-686_2.6.26+3.2c-6+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-xen-686_2.6.26-6+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-itanium_2.6.26+0+20080719-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-mckinley_2.6.26+2.0.4-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-mckinley_2.6.26+4.43-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-mckinley_2.6.26+2.0.4-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-mckinley_2.6.26+2.20081102-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-itanium_2.6.26+2.20081102-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-itanium_2.6.26+3.3-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-mckinley_2.6.26+0+20080719-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-itanium_2.6.26+8.0.14-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-itanium_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-itanium_2.6.26+2.0.4-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-mckinley_2.6.26+8.0.14-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-itanium_2.6.26+3.2c-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-itanium_2.6.26+4.43-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-itanium_2.6.26+2.0.5-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-mckinley_2.6.26+8.0.14-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-itanium_2.6.26+0+20080719-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-itanium_2.6.26+0.4.16+svn162-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-mckinley_2.6.26+3.2c-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-itanium_2.6.26+8.0.14-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-mckinley_2.6.26+2.0.5-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-itanium_2.6.26+3.3-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-itanium_2.6.26+2.20081102-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-mckinley_2.6.26+0+20080719-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-mckinley_2.6.26+0.4.16+svn162-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-mckinley_2.6.26+3.3-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-itanium_2.6.26+1.2.3-2-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-itanium_2.6.26+0.4.16+svn162-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-mckinley_2.6.26+3.3-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-mckinley_2.6.26+0.4.16+svn162-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-mckinley_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-mckinley_2.6.26+3.2c-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-mckinley_2.6.26+2.20081102-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-itanium_2.6.26+4.43-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-itanium_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-mckinley_2.6.26+2.0.5-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-itanium_2.6.26+3.2c-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-mckinley_2.6.26+1.2.3-2-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-itanium_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-itanium_2.6.26+2.0.4-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-mckinley_2.6.26+4.43-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-itanium_2.6.26+2.0.5-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-mckinley_2.6.26-6+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-mckinley_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-4kc-malta_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-r5k-ip32_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-4kc-malta_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-4kc-malta_2.6.26+1.2.3-2-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-4kc-malta_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-5kc-malta_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-5kc-malta_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-r5k-ip32_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-r4k-ip22_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-4kc-malta_2.6.26+2.0.5-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-r4k-ip22_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+1.2.3-2-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-4kc-malta_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-5kc-malta_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-r5k-ip32_2.6.26+2.0.5-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-r5k-ip32_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-5kc-malta_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-4kc-malta_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.0.5-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-r4k-ip22_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.0.5-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-r4k-ip22_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-r5k-ip32_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-r4k-ip22_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-r5k-ip32_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-4kc-malta_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-4kc-malta_2.6.26+2.20081102-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sb1-bcm91250a_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-5kc-malta_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sb1-bcm91250a_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-5kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-r5k-ip32_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-r5k-ip32_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-r5k-ip32_2.6.26+1.2.3-2-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-r4k-ip22_2.6.26+3.3-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sb1-bcm91250a_2.6.26+1.2.3-2-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-r5k-ip32_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-r4k-ip22_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-r4k-ip22_2.6.26+4.43-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-5kc-malta_2.6.26+2.0.4-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-5kc-malta_2.6.26+0+20080719-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-5kc-malta_2.6.26+1.2.3-2-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.2c-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-4kc-malta_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-5kc-malta_2.6.26+2.0.5-6+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-4kc-malta_2.6.26+3.3-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-5kc-malta_2.6.26+2.0.4-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-5kc-malta_2.6.26+1.2.3-2-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-5kc-malta_2.6.26+0+20080719-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-5kc-malta_2.6.26+4.43-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sb1-bcm91250a_2.6.26+0+20080719-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-4kc-malta_2.6.26+4.43-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-r5k-cobalt_2.6.26+2.20081102-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-r5k-cobalt_2.6.26+3.3-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.3-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.20081102-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-4kc-malta_2.6.26+3.2c-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.2c-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+3.3-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.0.4-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+1.2.3-2-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-5kc-malta_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-5kc-malta_2.6.26+3.3-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-4kc-malta_2.6.26+2.0.5-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+2.0.5-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.20081102-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-4kc-malta_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-r5k-cobalt_2.6.26+2.0.5-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-4kc-malta_2.6.26+0+20080719-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-5kc-malta_2.6.26+3.2c-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-r5k-cobalt_2.6.26+0+20080719-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+0+20080719-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-5kc-malta_2.6.26+2.0.5-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sb1a-bcm91480b_2.6.26+4.43-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-5kc-malta_2.6.26+2.20081102-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.0.4-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-r5k-cobalt_2.6.26+3.2c-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-r5k-cobalt_2.6.26+1.2.3-2-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-r5k-cobalt_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sb1-bcm91250a_2.6.26+3.2c-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sb1-bcm91250a_2.6.26+4.43-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-4kc-malta_2.6.26+2.20081102-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-r5k-cobalt_2.6.26+4.43-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sb1-bcm91250a_2.6.26+2.0.5-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sb1a-bcm91480b_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-4kc-malta_2.6.26+2.0.4-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-4kc-malta_2.6.26+1.2.3-2-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-4kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sb1-bcm91250a_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-r5k-cobalt_2.6.26+2.0.4-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-r5k-cobalt_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sb1-bcm91250a_2.6.26+1.2.3-2-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-5kc-malta_2.6.26-6+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-powerpc64_2.6.26+0.4.16+svn162-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-powerpc64_2.6.26+01.00.20-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-powerpc_2.6.26+2.20081102-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-powerpc_2.6.26+8.0.14-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-powerpc_2.6.26+3.2c-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-powerpc_2.6.26+3.3-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-powerpc_2.6.26+2.0.4-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-powerpc-smp_2.6.26+3.3-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-powerpc64_2.6.26+8.0.14-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-powerpc64_2.6.26+8.0.14-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-powerpc-smp_2.6.26+8.0.14-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-powerpc_2.6.26+0.4.16+svn162-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-powerpc64_2.6.26+2.20081102-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-powerpc_2.6.26+4.43-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-powerpc64_2.6.26+0+20080719-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-powerpc-smp_2.6.26+0+20080719-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-powerpc_2.6.26+2.0.5-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-vserver-powerpc64_2.6.26+01.00.20-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-powerpc64_2.6.26+3.2c-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-powerpc-smp_2.6.26+2.0.4-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-powerpc_2.6.26+0.4.16+svn162-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-powerpc64_2.6.26+2.20081102-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-powerpc64_2.6.26+4.43-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-powerpc_2.6.26+1.2.3-2-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-powerpc_2.6.26+2.20081102-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-powerpc-smp_2.6.26+4.43-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-powerpc_2.6.26+0+20080719-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-powerpc64_2.6.26+4.43-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-powerpc64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-powerpc-smp_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-powerpc_2.6.26+8.0.14-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-powerpc_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-powerpc64_2.6.26+1.2.3-2-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-powerpc-smp_2.6.26+3.2c-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-powerpc-smp_2.6.26+0.4.16+svn162-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6.26-2-powerpc_2.6.26+0.9.72.1~dfsg-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-powerpc_2.6.26+3.2c-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-powerpc_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-powerpc64_2.6.26+2.0.4-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-powerpc64_2.6.26+2.0.4-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-vserver-powerpc_2.6.26+01.00.20-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-powerpc-smp_2.6.26+01.00.20-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-powerpc64_2.6.26+3.3-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-powerpc64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-powerpc64_2.6.26+0+20080719-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-powerpc64_2.6.26+3.2c-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-powerpc_2.6.26+3.3-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-powerpc-smp_2.6.26+1.2.3-2-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6.26-2-vserver-powerpc_2.6.26+0.9.72.1~dfsg-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-powerpc64_2.6.26+2.0.5-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-powerpc_2.6.26+4.43-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-powerpc64_2.6.26+2.0.5-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-powerpc-smp_2.6.26+2.20081102-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-powerpc_2.6.26+2.0.4-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6.26-2-powerpc-smp_2.6.26+0.9.72.1~dfsg-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-powerpc64_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6.26-2-powerpc_2.6.26+01.00.20-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-powerpc_2.6.26+2.0.5-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-powerpc-smp_2.6.26+2.0.5-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-powerpc_2.6.26+0+20080719-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/gspca-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-powerpc64_2.6.26+0.4.16+svn162-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-powerpc-smp_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/mol-modules-2.6-vserver-powerpc_2.6.26-6+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-powerpc64_2.6.26+3.3-6+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-s390_2.6.26+8.0.14-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-s390_2.6.26+4.43-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-s390x_2.6.26+2.20081102-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-s390x_2.6.26+2.20081102-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-s390x_2.6.26+8.0.14-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-s390x_2.6.26+4.43-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-s390x_2.6.26+3.3-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-s390x_2.6.26+0+20080719-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-s390x_2.6.26+0.4.16+svn162-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-s390x_2.6.26+4.43-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-s390_2.6.26+3.2c-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-s390_2.6.26+0.4.16+svn162-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-s390_2.6.26+0+20080719-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-s390x_2.6.26+8.0.14-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-s390x_2.6.26+2.0.4-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-s390x_2.6.26+2.0.4-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-s390_2.6.26+2.0.4-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-s390_2.6.26+3.3-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-s390x_2.6.26+0.4.16+svn162-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-s390x_2.6.26+3.2c-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-s390x_2.6.26+3.2c-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-s390x_2.6.26+0+20080719-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-s390x_2.6.26+3.3-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-s390_2.6.26+2.20081102-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-s390_2.6.26-6+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-s390x_2.6.26-6+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/drbd8/drbd8-utils_8.0.14-2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sparc64-smp_2.6.26+3.3-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-vserver-sparc64_2.6.26+3.2c-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sparc64-smp_2.6.26+3.2c-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sparc64_2.6.26+2.20081102-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-vserver-sparc64_2.6.26+0.4.16+svn162-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-sparc64-smp_2.6.26+8.0.14-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-sparc64-smp_2.6.26+2.20081102-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sparc64-smp_2.6.26+4.43-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-sparc64_2.6.26+8.0.14-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sparc64-smp_2.6.26+0+20080719-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sparc64_2.6.26+2.0.5-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-vserver-sparc64_2.6.26+2.0.5-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-sparc64_2.6.26+0.4.16+svn162-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sparc64-smp_2.6.26+1.2.3-2-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sparc64-smp_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sparc64-smp_2.6.26+2.0.4-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6.26-2-sparc64_2.6.26+1.2.3-2-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-sparc64_2.6.26+3.3-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-sparc64_2.6.26+4.43-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/drbd8-modules-2.6.26-2-vserver-sparc64_2.6.26+8.0.14-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6.26-2-vserver-sparc64_2.6.26+2.20081102-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-vserver-sparc64_2.6.26+0+20080719-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6.26-2-sparc64-smp_2.6.26+0.4.16+svn162-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-vserver-sparc64_2.6.26+2.0.4-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-vserver-sparc64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/et131x-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/lzma-modules-2.6.26-2-vserver-sparc64_2.6.26+4.43-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/nilfs2-modules-2.6.26-2-sparc64_2.6.26+2.0.4-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/redhat-cluster-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/aufs-modules-2.6.26-2-sparc64_2.6.26+0+20080719-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/squashfs-modules-2.6.26-2-vserver-sparc64_2.6.26+3.3-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/loop-aes-modules-2.6.26-2-sparc64_2.6.26+3.2c-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/iscsitarget-modules-2.6-vserver-sparc64_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6-sparc64-smp_2.6.26-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/atl2-modules-2.6.26-2-sparc64-smp_2.6.26+2.0.5-6+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-modules-extra-2.6/speakup-modules-2.6.26-2-sparc64_2.6.26+3.0.3+git20080724.dfsg.1-6+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2016": "
\n

Debian Security Advisory

\n

DSA-2016-1 drupal6 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Mar 2010
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 572439.
\n
More information:
\n
\n

Several vulnerabilities (SA-CORE-2010-001) have been discovered in\ndrupal6, a fully-featured content management framework.

\n

Installation cross site scripting

\n

A user-supplied value is directly output during installation allowing a\nmalicious user to craft a URL and perform a cross-site scripting attack.\nThe exploit can only be conducted on sites not yet installed.

\n

Open redirection

\n

The API function drupal_goto() is susceptible to a phishing attack.\nAn attacker could formulate a redirect in a way that gets the Drupal site\nto send the user to an arbitrarily provided URL.\nNo user submitted data will be sent to that URL.

\n

Locale module cross site scripting

\n

Locale module and dependent contributed modules do not sanitize the display\nof language codes, native and English language names properly.\nWhile these usually come from a preselected list, arbitrary administrator\ninput is allowed.\nThis vulnerability is mitigated by the fact that the attacker must have a\nrole with the 'administer languages' permission.

\n

Blocked user session regeneration

\n

Under certain circumstances, a user with an open session that is blocked\ncan maintain his/her session on the Drupal site, despite being blocked.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 6.6-3lenny5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6.16-1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your drupal6 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny5.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2017": "
\n

Debian Security Advisory

\n

DSA-2017-1 pulseaudio -- insecure temporary directory

\n
\n
Date Reported:
\n
15 Mar 2010
\n
Affected Packages:
\n
\npulseaudio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573615.
In Mitre's CVE dictionary: CVE-2009-1299.
\n
More information:
\n
\n

Dan Rosenberg discovered that the PulseAudio sound server creates a\ntemporary directory with a predictable name. This allows a local attacker\nto create a Denial of Service condition or possibly disclose sensitive\ninformation to unprivileged users.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.10-3+lenny2.

\n

For the testing (squeeze) and unstable (sid) distribution this problem\nwill be fixed soon.

\n

We recommend that you upgrade your pulseaudio package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-dev_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse0_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-hal-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-zeroconf-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-browse0-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-lirc_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulsecore5-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-utils-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-x11_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/libpulse-mainloop-glib0-dbg_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-esound-compat_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-jack_0.9.10-3+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pulseaudio/pulseaudio-module-gconf_0.9.10-3+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2018": "
\n

Debian Security Advisory

\n

DSA-2018-1 php5 -- DoS (crash)

\n
\n
Date Reported:
\n
18 Mar 2010
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573573.
In Mitre's CVE dictionary: CVE-2010-0397.
\n
More information:
\n
\n

Auke van Slooten discovered that PHP\u00a05, an hypertext preprocessor,\ncrashes (because of a NULL pointer dereference) when processing invalid\nXML-RPC requests.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 5.2.6.dfsg.1-1+lenny8.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.2-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.diff.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2019": "
\n

Debian Security Advisory

\n

DSA-2019-1 pango1.0 -- missing input sanitization

\n
\n
Date Reported:
\n
20 Mar 2010
\n
Affected Packages:
\n
\npango1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 574021.
In Mitre's CVE dictionary: CVE-2010-0421.
\n
More information:
\n
\n

Marc Schoenefeld discovered an improper input sanitization in Pango, a library\nfor layout and rendering of text, leading to array indexing error.\nIf a local user was tricked into loading a specially-crafted font file in an\napplication, using the Pango font rendering library, it could lead to denial\nof service (application crash).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.20.5-5+lenny1.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your pango1.0 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_amd64.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_arm.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_armel.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_hppa.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_ia64.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_s390.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_sparc.udeb
\n
http://security.debian.org/pool/updates/main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2020": "
\n

Debian Security Advisory

\n

DSA-2020-1 ikiwiki -- insufficient input sanitization

\n
\n
Date Reported:
\n
20 Mar 2010
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Ivan Shmakov discovered that the htmlscrubber component of ikiwiki, a wiki\ncompiler, performs insufficient input sanitization on data:image/svg+xml\nURIs. As these can contain script code this can be used by an attacker\nto conduct cross-site scripting attacks.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.53.5.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 3.20100312.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.20100312.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5.dsc
\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/ikiwiki/ikiwiki_2.53.5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2021": "
\n

Debian Security Advisory

\n

DSA-2021-1 spamass-milter -- missing input sanitization

\n
\n
Date Reported:
\n
22 Mar 2010
\n
Affected Packages:
\n
\nspamass-milter\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573228.
\n
More information:
\n
\n

A missing input sanitization in spamass-milter, a milter\nused to filter mail through spamassassin, was discovered.\nThis allows a remote attacker to inject and execute arbitrary shell commands.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.3.1-8+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution this problem\nhas been fixed in version 0.3.1-9.

\n

We recommend that you upgrade your spamass-milter package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/spamass-milter/spamass-milter_0.3.1-8+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2022": "
\n

Debian Security Advisory

\n

DSA-2022-1 mediawiki -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Mar 2010
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mediawiki, a web-based wiki\nengine. The following issues have been identified:

\n
    \n

  • Insufficient input sanitization in the CSS validation code allows editors\nto display external images in wiki pages. This can be a privacy concern\non public wikis as it allows attackers to gather IP addresses and other\ninformation by linking these images to a web server under their control.

    • \n

  • Insufficient permission checks have been found in thump.php which can lead\nto disclosure of image files that are restricted to certain users\n(e.g. with img_auth.php).

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.12.0-2lenny4.

\n

For the testing distribution (squeeze), these problems have been fixed in\nversion 1:1.15.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.15.2-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.dsc
\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki-math_1.12.0-2lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2023": "
\n

Debian Security Advisory

\n

DSA-2023-1 curl -- buffer overflow

\n
\n
Date Reported:
\n
28 Mar 2010
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0734.
\n
More information:
\n
\n

Wesley Miaw discovered that libcurl, a multi-protocol file transfer\nlibrary, is prone to a buffer overflow via the callback function when\nan application relies on libcurl to automatically uncompress data. Note\nthat this only affects applications that trust libcurl's maximum limit\nfor a fixed buffer size and do not perform any sanity checks themselves.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny4.

\n

Due to a problem with the archive software, we are unable to release all\narchitectures simultaneously. Binaries for the hppa, ia64, mips, mipsel\nand s390 architectures will be provided once they are available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 7.20.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.dsc
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_i386.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/curl/curl_7.18.2-8lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-gnutls-dev_7.18.2-8lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl4-openssl-dev_7.18.2-8lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.18.2-8lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.18.2-8lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.18.2-8lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2024": "
\n

Debian Security Advisory

\n

DSA-2024-1 moin -- insufficient input sanitising

\n
\n
Date Reported:
\n
31 Mar 2010
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 575995.
In Mitre's CVE dictionary: CVE-2010-0828.
\n
More information:
\n
\n

Jamie Strandboge discovered that moin, a python clone of WikiWiki, does\nnot sufficiently sanitize the page name in \"Despam\" action, allowing remote\nattackers to perform cross-site scripting (XSS) attacks.

\n

In addition, this update fixes a minor issue in the \"textcha\" protection, it\ncould be trivially bypassed by blanking the \"textcha-question\" and \"textcha-answer\"\nform fields.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.7.1-3+lenny4.

\n

For the testing (squeeze) and unstable (sid) distribution, these problems\nwill be fixed soon.

\n

We recommend that you upgrade your moin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2025": "
\n

Debian Security Advisory

\n

DSA-2025-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Mar 2010
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2408, CVE-2009-2404, CVE-2009-2463, CVE-2009-3072, CVE-2009-3075, CVE-2010-0163.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Icedove\nmail client, an unbranded version of the Thunderbird mail client. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-2408\n

    Dan Kaminsky and Moxie Marlinspike discovered that icedove does not\nproperly handle a '\\0' character in a domain name in the subject's\nCommon Name (CN) field of an X.509 certificate (MFSA 2009-42).

    • \n
  • CVE-2009-2404\n

    Moxie Marlinspike reported a heap overflow vulnerability in the code\nthat handles regular expressions in certificate names (MFSA 2009-43).

    • \n
  • CVE-2009-2463\n

    monarch2020 discovered an integer overflow in a base64 decoding function\n(MFSA 2010-07).

    • \n
  • CVE-2009-3072\n

    Josh Soref discovered a crash in the BinHex decoder (MFSA 2010-07).

    • \n
  • CVE-2009-3075\n

    Carsten Book reported a crash in the JavaScript engine (MFSA 2010-07).

    • \n
  • CVE-2010-0163\n

    Ludovic Hirlimann reported a crash indexing some messages with\nattachments, which could lead to the execution of arbitrary code\n(MFSA 2010-07).

    \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.0.0.24-0lenny1.

\n

Due to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/icedove/icedove_2.0.0.24-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dbg_2.0.0.24-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-gnome-support_2.0.0.24-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/icedove/icedove-dev_2.0.0.24-0lenny1_powerpc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2026": "
\n

Debian Security Advisory

\n

DSA-2026-1 netpbm-free -- stack-based buffer overflow

\n
\n
Date Reported:
\n
02 Apr 2010
\n
Affected Packages:
\n
\nnetpbm-free\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 569060.
In Mitre's CVE dictionary: CVE-2009-4274.
\n
More information:
\n
\n

Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader\nimplementation in netpbm-free, a suite of image manipulation utilities.\nAn attacker could cause a denial of service (application crash) or possibly\nexecute arbitrary code via an XPM image file that contains a crafted header\nfield associated with a large color index value.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2:10.0-12+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 2:10.0-12.1+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

Due to a problem with the archive system it is not possible to release\nall architectures. The missing architectures will be installed into the\narchive once they become available.

\n

We recommend that you upgrade your netpbm-free package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm-free_10.0-12+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/netpbm-free/netpbm_10.0-12+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10_10.0-12+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9_10.0-12+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm9-dev_10.0-12+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/netpbm-free/libnetpbm10-dev_10.0-12+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2027": "
\n

Debian Security Advisory

\n

DSA-2027-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Apr 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications, such as the Iceweasel web\nbrowser. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2010-0174\n

    Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout\n engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2010-0175\n

    It was discovered that incorrect memory handling in the XUL event\n handler might allow the execution of arbitrary code.

    • \n
  • CVE-2010-0176\n

    It was discovered that incorrect memory handling in the XUL event\n handler might allow the execution of arbitrary code.

    • \n
  • CVE-2010-0177\n

    It was discovered that incorrect memory handling in the plugin code\n might allow the execution of arbitrary code.

    • \n
  • CVE-2010-0178\n

    Paul Stone discovered that forced drag-and-drop events could lead to\n Chrome privilege escalation.

    • \n
  • CVE-2010-0179\n

    It was discovered that a programming error in the XMLHttpRequestSpy\n module could lead to the execution of arbitrary code.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-1_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2028": "
\n

Debian Security Advisory

\n

DSA-2028-1 xpdf -- multiple vulnerabilities

\n
\n
Date Reported:
\n
05 Apr 2010
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 551287.
In Mitre's CVE dictionary: CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609.
\n
More information:
\n
\n

Several vulnerabilities have been identified in xpdf, a suite of tools for\nviewing and converting Portable Document Format (PDF) files.

\n

The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-1188 and CVE-2009-3603\n

    Integer overflow in SplashBitmap::SplashBitmap which might allow remote\n attackers to execute arbitrary code or an application crash via a crafted\n PDF document.

    • \n
  • CVE-2009-3604\n

    NULL pointer dereference or heap-based buffer overflow in\n Splash::drawImage which might allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code via\n a crafted PDF document.

    • \n
  • CVE-2009-3606\n

    Integer overflow in the PSOutputDev::doImageL1Sep which might allow\n remote attackers to execute arbitrary code via a crafted PDF document.

    • \n
  • CVE-2009-3608\n

    Integer overflow in the ObjectStream::ObjectStream which might allow\n remote attackers to execute arbitrary code via a crafted PDF document.

    • \n
  • CVE-2009-3609\n

    Integer overflow in the ImageStream::ImageStream which might allow\n remote attackers to cause a denial of service via a crafted PDF\n document.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.02-1.4+lenny2.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.02-2.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.02-1.4+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.02-1.4+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.02-1.4+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.02-1.4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2029": "
\n

Debian Security Advisory

\n

DSA-2029-1 imlib2 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Apr 2010
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 576469.
In Mitre's CVE dictionary: CVE-2008-6079.
\n
More information:
\n
\n

It was discovered that imlib2, a library to load and process several image\nformats, did not properly process various image file types.

\n

Several heap and stack based buffer overflows - partly due to integer\noverflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can\nlead to the execution of arbitrary code via crafted image files.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1.2+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.4.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.2-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0-1.2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.4.0-1.2+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.4.0-1.2+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.4.0-1.2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2030": "
\n

Debian Security Advisory

\n

DSA-2030-1 mahara -- sql injection

\n
\n
Date Reported:
\n
06 Apr 2010
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0400.
\n
More information:
\n
\n

It was discovered that mahara, an electronic portfolio, weblog, and resume\nbuilder is not properly escaping input when generating a unique username\nbased on a remote user name from a single sign-on application. An attacker\ncan use this to compromise the mahara database via crafted user names.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny5.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.4-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2031": "
\n

Debian Security Advisory

\n

DSA-2031-1 krb5 -- use-after-free

\n
\n
Date Reported:
\n
11 Apr 2010
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 567052.
In Mitre's CVE dictionary: CVE-2010-0629.
\n
More information:
\n
\n

Sol Jerome discovered that kadmind service in krb5, a system for authenticating\nusers and services on a network, allows remote authenticated users to cause a\ndenial of service (daemon crash) via a request from a kadmin client that sends\nan invalid API version number.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny3.

\n

The testing distribution (squeeze), and the unstable distribution (sid) are\nnot affected by this issue.

\n

We recommend that you upgrade your krb5 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2032": "
\n

Debian Security Advisory

\n

DSA-2032-1 libpng -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Apr 2010
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 533676, Bug 572308.
In Mitre's CVE dictionary: CVE-2009-2042, CVE-2010-0205.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-2042\n

    libpng does not properly parse 1-bit interlaced images with width values\nthat are not divisible by 8, which causes libpng to include\nuninitialized bits in certain rows of a PNG file and might allow remote\nattackers to read portions of sensitive memory via \"out-of-bounds\npixels\" in the file.

    • \n
  • CVE-2010-0205\n

    libpng does not properly handle compressed ancillary-chunk data that has\na disproportionately large uncompressed representation, which allows\nremote attackers to cause a denial of service (memory and CPU\nconsumption, and application hang) via a crafted PNG file

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny3.

\n

For the testing (squeeze) and unstable (sid) distribution, these\nproblems have been fixed in version 1.2.43-1

\n

We recommend that you upgrade your libpng package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_alpha.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_amd64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_arm.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_armel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_hppa.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_ia64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_s390.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_sparc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2033": "
\n

Debian Security Advisory

\n

DSA-2033-1 ejabberd -- heap overflow

\n
\n
Date Reported:
\n
15 Apr 2010
\n
Affected Packages:
\n
\nejabberd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 568383.
In Mitre's CVE dictionary: CVE-2010-0305.
\n
More information:
\n
\n

It was discovered that in ejabberd, a distributed XMPP/Jabber server\nwritten in Erlang, a problem in ejabberd_c2s.erl allows remote\nauthenticated users to cause a denial of service by sending a large\nnumber of c2s (client2server) messages; that triggers an overload of the\nqueue, which in turn causes a crash of the ejabberd daemon.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.1-6+lenny2.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 2.1.2-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.2-2.

\n

We recommend that you upgrade your ejabberd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/e/ejabberd/ejabberd_2.0.1-6+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2034": "
\n

Debian Security Advisory

\n

DSA-2034-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Apr 2010
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-7251, CVE-2008-7252, CVE-2009-4605.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-7251\n

    phpMyAdmin may create a temporary directory, if the configured directory\n does not exist yet, with insecure filesystem permissions.

    • \n
  • CVE-2008-7252\n

    phpMyAdmin uses predictable filenames for temporary files, which may\n lead to a local denial of service attack or privilege escalation.

    • \n
  • CVE-2009-4605\n

    The setup.php script shipped with phpMyAdmin may unserialize untrusted\n data, allowing for cross site request forgery.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in version\nphpmyadmin 2.11.8.1-5+lenny4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.4-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2035": "
\n

Debian Security Advisory

\n

DSA-2035-1 apache2 -- multiple issues

\n
\n
Date Reported:
\n
17 Apr 2010
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0408, CVE-2010-0434.
\n
More information:
\n
\n

Two issues have been found in the Apache HTTPD web server:

\n
    \n
  • CVE-2010-0408\n

    mod_proxy_ajp would return the wrong status code if it encountered an\nerror, causing a backend server to be put into an error state until the\nretry timeout expired. A remote attacker could send malicious requests\nto trigger this issue, resulting in denial of service.

    • \n
  • CVE-2010-0434\n

    A flaw in the core subrequest process code was found, which could lead\nto a daemon crash (segfault) or disclosure of sensitive information\nif the headers of a subrequest were modified by modules such as\nmod_headers.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.2.9-10+lenny7.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 2.2.15-1.

\n

This advisory also provides updated apache2-mpm-itk packages which\nhave been recompiled against the new apache2 packages.

\n

We recommend that you upgrade your apache2 and apache2-mpm-itk packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.dsc
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7.diff.gz
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2_2.2.9-10+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.2.9-10+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-src_2.2.9-10+lenny7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2.2-common_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-event_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-suexec-custom_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-dbg_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.2.9-10+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apache2-mpm-itk/apache2-mpm-itk_2.2.6-02-1+lenny2+b3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2036": "
\n

Debian Security Advisory

\n

DSA-2036-1 jasper -- programming error

\n
\n
Date Reported:
\n
17 Apr 2010
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 528543.
In Mitre's CVE dictionary: CVE-2007-2721.
\n
More information:
\n
\n

It was discovered that the JasPer JPEG-2000 runtime library allowed an\nattacker to create a crafted input file that could lead to denial of\nservice and heap corruption.

\n

Besides addressing this vulnerability, this updates also addresses a\nregression introduced in the security fix for CVE-2008-3521, applied\nbefore Debian Lenny's release, that could cause errors when reading some\nJPEG input files.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.900.1-5.1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.900.1-6.

\n

We recommend that you upgrade your jasper package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/j/jasper/jasper_1.900.1-5.1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_i386.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper1_1.900.1-5.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-dev_1.900.1-5.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/j/jasper/libjasper-runtime_1.900.1-5.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2037": "
\n

Debian Security Advisory

\n

DSA-2037-1 kdm (kdebase) -- race condition

\n
\n
Date Reported:
\n
17 Apr 2010
\n
Affected Packages:
\n
\nkdebase\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0436.
\n
More information:
\n
\n

Sebastian Krahmer discovered that a race condition in the KDE Desktop\nEnvironment's KDM display manager, allow a local user to elevate privileges\nto root.

\n

For the stable distribution (lenny), this problem has been fixed in version\n4:3.5.9.dfsg.1-6+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your kdm package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.9.dfsg.1-6+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.9.dfsg.1-6+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeeject_3.5.9.dfsg.1-6+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.9.dfsg.1-6+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.9.dfsg.1-6+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_4.0.0.really.3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin-kde3_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.5.9.dfsg.1-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2038": "
\n

Debian Security Advisory

\n

DSA-2038-1 pidgin -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Apr 2010
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 566775.
In Mitre's CVE dictionary: CVE-2010-0420, CVE-2010-0423.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Pidgin, a multi\nprotocol instant messaging client. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2010-0420\n

    Crafted nicknames in the XMPP protocol can crash Pidgin remotely.

    • \n
  • CVE-2010-0423\n

    Remote contacts may send too many custom smilies, crashing Pidgin.

    • \n
\n

Since a few months, Microsoft's servers for MSN have changed the protocol,\nmaking Pidgin non-functional for use with MSN. It is not feasible to port\nthese changes to the version of Pidgin in Debian Lenny. This update\nformalises that situation by disabling the protocol in the client. Users\nof the MSN protocol are advised to use the version of Pidgin in the\nrepositories of www.backports.org.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.4.3-4lenny6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.6.6-1.

\n

We recommend that you upgrade your pidgin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.dsc
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-data_2.4.3-4lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch-dev_2.4.3-4lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-bin_2.4.3-4lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple-dev_2.4.3-4lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dev_2.4.3-4lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pidgin/libpurple0_2.4.3-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/finch_2.4.3-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin-dbg_2.4.3-4lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pidgin/pidgin_2.4.3-4lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2039": "
\n

Debian Security Advisory

\n

DSA-2039-1 cacti -- missing input sanitising

\n
\n
Date Reported:
\n
23 Apr 2010
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 578909.
\n
More information:
\n
\n

It was discovered that Cacti, a frontend to rrdtool for monitoring\nsystems and services missed input sanitising, making an SQL injection\nattack possible.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cacti package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2040": "
\n

Debian Security Advisory

\n

DSA-2040-1 squidguard -- buffer overflow

\n
\n
Date Reported:
\n
02 May 2010
\n
Affected Packages:
\n
\nsquidguard\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 553319.
In Mitre's CVE dictionary: CVE-2009-3700, CVE-2009-3826.
\n
More information:
\n
\n

It was discovered that in squidguard, a URL redirector/filter/ACL plugin\nfor squid, several problems in src/sgLog.c and src/sgDiv.c allow remote\nusers to either:

\n
    \n
  • cause a denial of service, by requesting long URLs containing many\n slashes; this forces the daemon into emergency mode, where it does not\n process requests anymore.
    • \n
  • bypass rules by requesting URLs whose length is close to predefined\n buffer limits, in this case 2048 for squidguard and 4096 or 8192 for squid\n (depending on its version).
    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.0-8.4+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.0-9.

\n

We recommend that you upgrade your squidguard package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2041": "
\n

Debian Security Advisory

\n

DSA-2041-1 mediawiki -- Cross-Site Request Forgery

\n
\n
Date Reported:
\n
03 May 2010
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1150.
\n
More information:
\n
\n

It was discovered that mediawiki, a website engine for collaborative\nwork, is vulnerable to a Cross-Site Request Forgery login attack, which\ncould be used to conduct phishing or similar attacks to users via\naffected mediawiki installations.

\n

Note that the fix used breaks the login API and may require clients using it to\nbe updated.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:1.12.0-2lenny5.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 1:1.15.3-1.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mediawiki/mediawikimath_1.12.0-2lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2042": "
\n

Debian Security Advisory

\n

DSA-2042-1 iscsitarget -- format string

\n
\n
Date Reported:
\n
05 May 2010
\n
Affected Packages:
\n
\niscsitarget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 574935.
In Mitre's CVE dictionary: CVE-2010-0743.
\n
More information:
\n
\n

Florent Daigniere discovered multiple format string vulnerabilities in Linux\nSCSI target framework (which is known as iscsitarget under Debian) allow remote\nattackers to cause a denial of service in the ietd daemon. The flaw could be\ntrigger by sending a carefully-crafted Internet Storage Name Service (iSNS)\nrequest.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.4.16+svn162-3.1+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 0.4.17+svn229-1.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.17+svn229-1.4.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2043": "
\n

Debian Security Advisory

\n

DSA-2043-1 vlc -- integer overflow

\n
\n
Date Reported:
\n
11 May 2010
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

tixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimedia\nplayer and streamer. Missing data validation in vlc's real data transport\n(RDT) implementation enable an integer underflow and consequently an\nunbounded buffer operation. A maliciously crafted stream could thus enable\nan attacker to execute arbitrary code.

\n

No Common Vulnerabilities and Exposures project identifier is available for\nthis issue.

\n

For the stable distribution (lenny), this problem has been fixed in version\n0.8.6.h-4+lenny2.3.

\n

For the testing distribution (squeeze), this problem was fixed in version\n1.0.1-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.dsc
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_arm.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_armel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_i386.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_s390.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2044": "
\n

Debian Security Advisory

\n

DSA-2044-1 mplayer -- integer overflow

\n
\n
Date Reported:
\n
11 May 2010
\n
Affected Packages:
\n
\nmplayer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie\nplayer. Missing data validation in mplayer's real data transport (RDT)\nimplementation enable an integer underflow and consequently an unbounded\nbuffer operation. A maliciously crafted stream could thus enable an\nattacker to execute arbitrary code.

\n

No Common Vulnerabilities and Exposures project identifier is available for\nthis issue.

\n

For the stable distribution (lenny), this problem has been fixed in version\n1.0~rc2-17+lenny3.2.

\n

We recommend that you upgrade your mplayer packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2045": "
\n

Debian Security Advisory

\n

DSA-2045-1 libtheora -- integer overflow

\n
\n
Date Reported:
\n
11 May 2010
\n
Affected Packages:
\n
\nlibtheora\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 572950.
In Mitre's CVE dictionary: CVE-2009-3389.
\n
More information:
\n
\n

Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a\nvideo library part of the Ogg project, several flaws allow\ncontext-dependent attackers via a large and specially crafted media\nfile, to cause a denial of service (crash of the player using this\nlibrary), and possibly arbitrary code execution.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0~beta3-1+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.1.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.0-1.

\n

We recommend that you upgrade your libtheora packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2046": "
\n

Debian Security Advisory

\n

DSA-2046-1 phpgroupware -- several vulnerabilities

\n
\n
Date Reported:
\n
13 May 2010
\n
Affected Packages:
\n
\nphpgroupware\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0403, CVE-2010-0404.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpgroupware, a\nWeb based groupware system written in PHP. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-0403\n

    A local file inclusion vulnerability allows remote attackers to execute\narbitrary PHP code and include arbitrary local files.

    • \n
  • CVE-2010-0404\n

    Multiple SQL injection vulnerabilities allows remote attackers to execute\narbitrary SQL commands.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:0.9.16.012+dfsg-8+lenny2

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your phpgroupware package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny2_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2047": "
\n

Debian Security Advisory

\n

DSA-2047-1 aria2 -- insufficient input sanitising

\n
\n
Date Reported:
\n
17 May 2010
\n
Affected Packages:
\n
\naria2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1512.
\n
More information:
\n
\n

A vulnerability was discovered in aria2, a download client. The \"name\"\nattribute of the \"file\" element of metalink files is not properly\nsanitised before using it to download files. If a user is tricked into\ndownloading from a specially crafted metalink file, this can be\nexploited to download files to directories outside of the intended\ndownload directory.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.14.0-1+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-1.

\n

We recommend that you upgrade your aria2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2048": "
\n

Debian Security Advisory

\n

DSA-2048-1 dvipng -- buffer overflow

\n
\n
Date Reported:
\n
22 May 2010
\n
Affected Packages:
\n
\ndvipng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 580628.
In Mitre's CVE dictionary: CVE-2010-0829.
\n
More information:
\n
\n

Dan Rosenberg discovered that in dvipng, a utility that converts DVI\nfiles to PNG graphics, several array index errors allow context-dependent\nattackers, via a specially crafted DVI file, to cause a denial of\nservice (crash of the application), and possibly arbitrary code\nexecution.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion dvipng_1.11-1+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.13-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.13-1.

\n

We recommend that you upgrade your dvipng package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/d/dvipng/dvipng_1.11-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2049": "
\n

Debian Security Advisory

\n

DSA-2049-1 barnowl -- buffer overflow

\n
\n
Date Reported:
\n
23 May 2010
\n
Affected Packages:
\n
\nbarnowl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 574418.
In Mitre's CVE dictionary: CVE-2010-0793.
\n
More information:
\n
\n

It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM\nand Zephyr client, is prone to a buffer overflow via its \"CC:\" handling,\nwhich could lead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.1-4+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.5.1-1.

\n

We recommend that you upgrade your barnowl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl-irc_1.0.1-4+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_arm.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2050": "
\n

Debian Security Advisory

\n

DSA-2050-1 kdegraphics -- several vulnerabilities

\n
\n
Date Reported:
\n
24 May 2010
\n
Affected Packages:
\n
\nkdegraphics\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in KPDF, a PDF viewer\nfor KDE, which allow the execution of arbitrary code or denial of\nservice if a user is tricked into opening a crafted PDF document.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4:3.5.9-3+lenny3.

\n

The unstable distribution (sid) no longer contains kpdf. It's replacement,\nOkular, links against the poppler PDF library.

\n

We recommend that you upgrade your kdegraphics packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.9-3+lenny3_all.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kuickshow_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kviewshell_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.9-3+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.9-3+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2051": "
\n

Debian Security Advisory

\n

DSA-2051-1 postgresql-8.3 -- several vulnerabilities

\n
\n
Date Reported:
\n
24 May 2010
\n
Affected Packages:
\n
\npostgresql-8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0442, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2010-1169\n

    Tim Bunce discovered that the implementation of the procedural\n language PL/Perl insufficiently restricts the subset of allowed\n code, which allows authenticated users the execution of arbitrary\n Perl code.

    • \n
  • CVE-2010-1170\n

    Tom Lane discovered that the implementation of the procedural\n language PL/Tcl insufficiently restricts the subset of allowed\n code, which allows authenticated users the execution of arbitrary\n Tcl code.

    • \n
  • CVE-2010-1975\n

    It was discovered that an unprivileged user could reset\n superuser-only parameter settings.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 8.3.11-0lenny1. This update also introduces a fix for\nCVE-2010-0442, which was originally scheduled for the next Lenny point\nupdate.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8.4.4-1 of postgresql-8.4.

\n

We recommend that you upgrade your postgresql-8.3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.11-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.11-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.11-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.11-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.11-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.11-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.11-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2052": "
\n

Debian Security Advisory

\n

DSA-2052-1 krb5 -- null pointer dereference

\n
\n
Date Reported:
\n
24 May 2010
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 582261.
In Mitre's CVE dictionary: CVE-2010-1321.
\n
More information:
\n
\n

Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for\nauthenticating users and services on a network, a null pointer\ndereference flaw in the Generic Security Service Application Program\nInterface (GSS-API) library could allow an authenticated remote attacker\nto crash any server application using the GSS-API authentication\nmechanism, by sending a specially-crafted GSS-API token with a missing\nchecksum field.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny4.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.8.1+dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.1+dfsg-3.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny4.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2053": "
\n

Debian Security Advisory

\n

DSA-2053-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
25 May 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 573071.
In Mitre's CVE dictionary: CVE-2009-4537, CVE-2010-0727, CVE-2010-1083, CVE-2010-1084, CVE-2010-1086, CVE-2010-1087, CVE-2010-1088, CVE-2010-1162, CVE-2010-1173, CVE-2010-1187, CVE-2010-1437, CVE-2010-1446, CVE-2010-1451.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-4537\n

    Fabian Yamaguchi reported a missing check for Ethernet frames larger\n than the MTU in the r8169 driver. This may allow users on the local\n network to crash a system, resulting in a denial of service.

    • \n
  • CVE-2010-0727\n

    Sachin Prabhu reported an issue in the GFS2 filesystem. Local users\n can trigger a BUG() altering the permissions on a locked file,\n resulting in a denial of service.

    • \n
  • CVE-2010-1083\n

    Linus Torvalds reported an issue in the USB subsystem, which may allow\n local users to obtain portions of sensitive kernel memory.

    • \n
  • CVE-2010-1084\n

    Neil Brown reported an issue in the Bluetooth subsystem that may\n permit remote attackers to overwrite memory through the creation\n of large numbers of sockets, resulting in a denial of service.

    • \n
  • CVE-2010-1086\n

    Ang Way Chuang reported an issue in the DVB subsystem for Digital\n TV adapters. By creating a specially-encoded MPEG2-TS frame, a remote\n attacker could cause the receiver to enter an endless loop, resulting\n in a denial of service.

    • \n
  • CVE-2010-1087\n

    Trond Myklebust reported an issue in the NFS filesystem. A local\n user may cause an oops by sending a fatal signal during a file\n truncation operation, resulting in a denial of service.

    • \n
  • CVE-2010-1088\n

    Al Viro reported an issue where automount symlinks may not\n be followed when LOOKUP_FOLLOW is not set. This has an unknown\n security impact.

    • \n
  • CVE-2010-1162\n

    Catalin Marinas reported an issue in the tty subsystem that allows\n local attackers to cause a kernel memory leak, possibly resulting\n in a denial of service.

    • \n
  • CVE-2010-1173\n

    Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from\n Codenomicon Ltd reported an issue in the SCTP subsystem that allows\n a remote attacker to cause a denial of service using a malformed init\n package.

    • \n
  • CVE-2010-1187\n

    Neil Hormon reported an issue in the TIPC subsystem. Local users can\n cause a denial of service by way of a NULL pointer dereference by\n sending datagrams through AF_TIPC before entering network mode.

    • \n
  • CVE-2010-1437\n

    Toshiyuki Okajima reported a race condition in the keyring subsystem.\n Local users can cause memory corruption via keyctl commands that\n access a keyring in the process of being deleted, resulting in a\n denial of service.

    • \n
  • CVE-2010-1446\n

    Wufei reported an issue with kgdb on the PowerPC architecture,\n allowing local users to write to kernel memory. Note: this issue\n does not affect binary kernels provided by Debian. The fix is\n provided for the benefit of users who build their own kernels\n from Debian source.

    • \n
  • CVE-2010-1451\n

    Brad Spengler reported an issue on the SPARC architecture that allows\n local users to execute non-executable pages.

    • \n
\n

This update also includes fixes a regression introduced by a previous\nupdate. See the referenced Debian bug page for details.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.6.26-22lenny1.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

The user-mode-linux source package was additional rebuilt for\ncompatibility to take advantage of this update. The updated version of\nthe package is 2.6.26-1um-2+22lenny1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-22lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-22lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-22lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-22lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-22lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-22lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-22lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-22lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-22lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-22lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-22lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-22lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-22lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-22lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-22lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-22lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-22lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-22lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r4k-ip22_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-ip32_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mips_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r4k-ip22_2.6.26-22lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-ip32_2.6.26-22lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-22lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-22lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-22lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-22lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-22lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-22lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-22lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2054": "
\n

Debian Security Advisory

\n

DSA-2054-1 bind9 -- DNS cache poisoning

\n
\n
Date Reported:
\n
04 Jun 2010
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0097, CVE-2010-0290, CVE-2010-0382.
\n
More information:
\n
\n

Several cache-poisoning vulnerabilities have been discovered in BIND.\nThese vulnerabilities apply only if DNSSEC validation is enabled and\ntrust anchors have been installed, which is not the default.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n

  • CVE-2010-0097\n

    BIND does not properly validate DNSSEC NSEC records, which allows\n remote attackers to add the Authenticated Data (AD) flag to a forged\n NXDOMAIN response for an existing domain.

    • \n
  • CVE-2010-0290\n

    When processing crafted responses containing CNAME or DNAME records,\n BIND is subject to a DNS cache poisoning vulnerability, provided that\n DNSSEC validation is enabled and trust anchors have been installed.

    • \n
  • CVE-2010-0382\n

    When processing certain responses containing out-of-bailiwick data,\n BIND is subject to a DNS cache poisoning vulnerability, provided that\n DNSSEC validation is enabled and trust anchors have been installed.

    • \n
\n

In addition, this update introduce a more conservative query behavior\nin the presence of repeated DNSSEC validation failures, addressing the\n\"roll over and die\" phenomenon. The new version also supports the\ncryptographic algorithm used by the upcoming signed ICANN DNS root\n(RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence\nalgorithm used by some signed top-level domains.

\n

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1.\nBecause of the scope of changes, extra care is recommended when\ninstalling the update. Due to ABI changes, new Debian packages are\nincluded, and the update has to be installed using \"apt-get\ndist-upgrade\" (or an equivalent aptitude command).

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:9.6.ESV.R1+dfsg-0+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:9.7.0.dfsg-1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.6.ESV.R1+dfsg-0+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns55_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc52_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R1+dfsg-0+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2055": "
\n

Debian Security Advisory

\n

DSA-2055-1 openoffice.org -- macro execution

\n
\n
Date Reported:
\n
05 Jun 2010
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0395.
\n
More information:
\n
\n

It was discovered that OpenOffice.org, a full-featured office productivity\nsuite that provides a near drop-in replacement for Microsoft\u00ae Office, is\nnot properly handling python macros embedded in an office document. This\nallows an attacker to perform user-assisted execution of arbitrary code in\ncertain use cases of the python macro viewer component.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1:2.4.1+dfsg-1+lenny7.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.2.1-1.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny7_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny7_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny7_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny7_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2056": "
\n

Debian Security Advisory

\n

DSA-2056-1 zonecheck -- missing input sanitizing

\n
\n
Date Reported:
\n
06 Jun 2010
\n
Affected Packages:
\n
\nzonecheck\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 583290.
In Mitre's CVE dictionary: CVE-2010-2052, CVE-2010-2155, CVE-2009-4882.
\n
More information:
\n
\n

It was discovered that in ZoneCheck, a tool to check DNS configurations,\nthe CGI does not perform sufficient sanitation of user input; an\nattacker can take advantage of this and pass script code in order to\nperform cross-site scripting attacks.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.4-13lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 2.1.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.1-1.

\n

We recommend that you upgrade your zonecheck packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1.dsc
\n
http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck-cgi_2.0.4-13lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/z/zonecheck/zonecheck_2.0.4-13lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2057": "
\n

Debian Security Advisory

\n

DSA-2057-1 mysql-dfsg-5.0 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jun 2010
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1626, CVE-2010-1848, CVE-2010-1849, CVE-2010-1850.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the MySQL\ndatabase server.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-1626\n

    MySQL allows local users to delete the data and index files of another\nuser's MyISAM table via a symlink attack in conjunction with the DROP\nTABLE command.

    • \n
  • CVE-2010-1848\n

    MySQL failed to check the table name argument of a COM_FIELD_LIST\ncommand packet for validity and compliance to acceptable table name\nstandards. This allows an authenticated user with SELECT privileges on\none table to obtain the field definitions of any table in all other\ndatabases and potentially of other MySQL instances accessible from the\nserver's file system.

    • \n
  • CVE-2010-1849\n

    MySQL could be tricked to read packets indefinitely if it received a\npacket larger than the maximum size of one packet.\nThis results in high CPU usage and thus denial of service conditions.

    • \n
  • CVE-2010-1850\n

    MySQL was susceptible to a buffer-overflow attack due to a\nfailure to perform bounds checking on the table name argument of a\nCOM_FIELD_LIST command packet. By sending long data for the table\nname, a buffer is overflown, which could be exploited by an\nauthenticated user to inject malicious code.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.0.51a-24+lenny4

\n

The testing (squeeze) and unstable (sid) distribution do not contain\nmysql-dfsg-5.0 anymore.

\n

We recommend that you upgrade your mysql-dfsg-5.0 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a-24+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-dfsg-5.0_5.0.51a.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client_5.0.51a-24+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server_5.0.51a-24+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-common_5.0.51a-24+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-server-5.0_5.0.51a-24+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/mysql-client-5.0_5.0.51a-24+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15off_5.0.51a-24+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mysql-dfsg-5.0/libmysqlclient15-dev_5.0.51a-24+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2058": "
\n

Debian Security Advisory

\n

DSA-2058-1 glibc, eglibc -- multiple vulnerabilities

\n
\n
Date Reported:
\n
10 Jun 2010
\n
Affected Packages:
\n
\nglibc, eglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 583908.
In Mitre's CVE dictionary: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the GNU C Library (aka\nglibc) and its derivatives. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2008-1391, CVE-2009-4880, CVE-2009-4881\n

    Maksymilian Arciemowicz discovered that the GNU C library did not\n correctly handle integer overflows in the strfmon family of\n functions. If a user or automated system were tricked into\n processing a specially crafted format string, a remote attacker\n could crash applications, leading to a denial of service.

    • \n
  • CVE-2010-0296\n

    Jeff Layton and Dan Rosenberg discovered that the GNU C library did\n not correctly handle newlines in the mntent family of functions. If\n a local attacker were able to inject newlines into a mount entry\n through other vulnerable mount helpers, they could disrupt the\n system or possibly gain root privileges.

    • \n
  • CVE-2010-0830\n

    Dan Rosenberg discovered that the GNU C library did not correctly\n validate certain ELF program headers. If a user or automated system\n were tricked into verifying a specially crafted ELF program, a\n remote attacker could execute arbitrary code with user privileges.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.7-18lenny4 of the glibc package.

\n

For the testing distribution (squeeze), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems has been fixed in\nversion 2.1.11-1 of the eglibc package.

\n

We recommend that you upgrade your glibc or eglibc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_armel.udeb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny4_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2059": "
\n

Debian Security Advisory

\n

DSA-2059-1 pcsc-lite -- buffer overflow

\n
\n
Date Reported:
\n
10 Jun 2010
\n
Affected Packages:
\n
\npcsc-lite\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0407.
\n
More information:
\n
\n

It was discovered that PCSCD, a daemon to access smart cards, was vulnerable\nto a buffer overflow allowing a local attacker to elevate his privileges\nto root.

\n

For the stable distribution (lenny), this problem has been fixed in version\n1.4.102-1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.4-1.

\n

We recommend that you upgrade your pcsc-lite package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2060": "
\n

Debian Security Advisory

\n

DSA-2060-1 cacti -- insufficient input sanitization

\n
\n
Date Reported:
\n
13 Jun 2010
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 582691.
In Mitre's CVE dictionary: CVE-2010-2092.
\n
More information:
\n
\n

Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring\nsystems and services, is not properly validating input passed to the rra_id\nparameter of the graph.php script. Due to checking the input of $_REQUEST\nbut using $_GET input in a query an unauthenticated attacker is able to\nperform SQL injections via a crafted rra_id $_GET value and an additional\nvalid rra_id $_POST or $_COOKIE value.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny3.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7e-4.

\n

We recommend that you upgrade your cacti packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.dsc
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/cacti/cacti_0.8.7b-2.1+lenny3_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2061": "
\n

Debian Security Advisory

\n

DSA-2061-1 samba -- memory corruption

\n
\n
Date Reported:
\n
16 Jun 2010
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2063.
\n
More information:
\n
\n

Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol\nfor Unix systems, is not properly handling certain offset values when\nprocessing chained SMB1 packets. This enables an unauthenticated attacker\nto write to an arbitrary memory location resulting in the possibility to\nexecute arbitrary code with root privileges or to perform denial of service\nattacks by crashing the samba daemon.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.2.5-4lenny12.

\n

This problem does not affect the versions in the testing (squeeze) and\nunstable (sid) distribution.

\n

We recommend that you upgrade your samba packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12.diff.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny12_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny12_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_mips.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny12_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny12_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2062": "
\n

Debian Security Advisory

\n

DSA-2062-1 sudo -- missing input sanitization

\n
\n
Date Reported:
\n
17 Jun 2010
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 585394.
In Mitre's CVE dictionary: CVE-2010-1646.
\n
More information:
\n
\n

Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a\nprogram designed to allow a sysadmin to give limited root privileges to\nusers, that allows a user with sudo permissions on certain programs to\nuse those programs with an untrusted value of PATH.\nThis could possibly lead to certain intended restrictions being bypassed,\nsuch as the secure_path setting.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.9p17-3

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.2p7-1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your sudo package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3.diff.gz
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3.dsc
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_arm.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_armel.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_i386.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_mips.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_s390.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2063": "
\n

Debian Security Advisory

\n

DSA-2063-1 pmount -- insecure temporary file

\n
\n
Date Reported:
\n
17 Jun 2010
\n
Affected Packages:
\n
\npmount\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2192.
\n
More information:
\n
\n

Dan Rosenberg discovered that pmount, a wrapper around the standard mount\nprogram which permits normal users to mount removable devices without a\nmatching /etc/fstab entry, creates files in /var/lock insecurely.\nA local attacker could overwrite arbitrary files utilising a symlink attack.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.18-2+lenny1

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.23-1, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your pmount package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2064": "
\n

Debian Security Advisory

\n

DSA-2064-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jun 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0183, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1201, CVE-2010-1202.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-0183\n

    \"wushi\" discovered that incorrect pointer handling in the frame\n processing code could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-1196\n

    \"Nils\" discovered that an integer overflow in DOM node parsing could\n lead to the execution of arbitrary code.

    • \n
  • CVE-2010-1197\n

    Ilja von Sprundel discovered that incorrect parsing of\n Content-Disposition headers could lead to cross-site scripting.

    • \n
  • CVE-2010-1198\n

    Microsoft engineers discovered that incorrect memory handling in the\n interaction of browser plugins could lead to the execution of\n arbitrary code.

    • \n
  • CVE-2010-1199\n

    Martin Barbella discovered that an integer overflow in XSLT node\n parsing could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-1200\n

    Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben\n Turner, Jonathan Kew and David Humphrey discovered crashes in the\n layout engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2010-1201\n

    \"boardraider\" and \"stedenon\" discovered crashes in the layout engine,\n which might allow the execution of arbitrary code.

    • \n
  • CVE-2010-1202\n

    Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes\n in the Javascript engine, which might allow the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.10-1

\n

For the experimental distribution, these problems have been fixed in\nversion 1.9.2.4-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-2_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2065": "
\n

Debian Security Advisory

\n

DSA-2065-1 kvirc -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jun 2010
\n
Affected Packages:
\n
\nkvirc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2451, CVE-2010-2452.
\n
More information:
\n
\n

Two security issues have been discovered in the DCC protocol support\ncode of kvirc, a KDE-based next generation IRC client, which allow\nthe overwriting of local files through directory traversal and the\nexecution of arbitrary code through a format string attack.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.4.0-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.0~svn4340+rc3-1.

\n

We recommend that you upgrade your kvirc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.dsc
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2066": "
\n

Debian Security Advisory

\n

DSA-2066-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jul 2010
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2283, CVE-2010-2284, CVE-2010-2285, CVE-2010-2286, CVE-2010-2287.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the Wireshark\nnetwork traffic analyzer. It was discovered that null pointer\ndereferences, buffer overflows and infinite loops in the SMB, SMB\nPIPE, ASN1.1 and SigComp dissectors could lead to denial of service\nor the execution of arbitrary code.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny9.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1.2.9-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2067": "
\n

Debian Security Advisory

\n

DSA-2067-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Jul 2010
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1667, CVE-2010-1668, CVE-2010-1670, CVE-2010-2479.
\n
More information:
\n
\n

Several vulnerabilities were discovered in mahara, an electronic portfolio,\nweblog, and resume builder. The following Common Vulnerabilities and\nExposures project ids identify them:

\n
    \n
  • CVE-2010-1667\n

    Multiple pages performed insufficient input sanitising, making them\n vulnerable to cross-site scripting attacks.

    • \n
  • CVE-2010-1668\n

    Multiple forms lacked protection against cross-site request forgery\n attacks, therefore making them vulnerable.

    • \n
  • CVE-2010-1670\n

    Gregor Anzelj discovered that it was possible to accidentally\n configure an installation of mahara that allows access to another\n user's account without a password.

    • \n
  • CVE-2010-2479\n

    Certain Internet Explorer-specific cross-site scripting\n vulnerabilities were discovered in HTML Purifier, of which a copy\n is included in the mahara package.

    • \n
\n

For the stable distribution (lenny), the problems have been fixed in\nversion 1.0.4-4+lenny6.

\n

For the testing distribution (squeeze), the problems will be fixed soon.

\n

For the unstable distribution (sid), the problems have been fixed in\nversion 1.2.5.

\n

We recommend that you upgrade your mahara packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2068": "
\n

Debian Security Advisory

\n

DSA-2068-1 python-cjson -- buffer overflow

\n
\n
Date Reported:
\n
11 Jul 2010
\n
Affected Packages:
\n
\npython-cjson\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 587700.
In Mitre's CVE dictionary: CVE-2010-1666.
\n
More information:
\n
\n

Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON\nencoder/decoder for Python.\nThis allows a remote attacker to cause a denial of service (application crash)\nthrough a specially-crafted Python script.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.5-1+lenny1.

\n

For the testing (squeeze) and the unstable (sid) distribution, this problem\nhas been fixed in version 1.0.5-3.

\n

We recommend that you upgrade your python-cjson package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/python-cjson/python-cjson-dbg_1.0.5-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2069": "
\n

Debian Security Advisory

\n

DSA-2069-1 znc -- denial of service

\n
\n
Date Reported:
\n
11 Jul 2010
\n
Affected Packages:
\n
\nznc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 584929.
In Mitre's CVE dictionary: CVE-2010-2448.
\n
More information:
\n
\n

It was discovered that ZNC, an IRC bouncer, is vulnerable to denial\nof service attacks via a NULL pointer dereference when traffic\nstatistics are requested while there is an unauthenticated connection.

\n

For the stable distribution (lenny), the problem has been fixed in\nversion 0.058-2+lenny4.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthe problem has been fixed in version 0.090-2.

\n

We recommend that you upgrade your znc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/z/znc/znc_0.058-2+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2070": "
\n

Debian Security Advisory

\n

DSA-2070-1 freetype -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jul 2010
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527.
\n
More information:
\n
\n

Robert Swiecki discovered several vulnerabilities in the FreeType font\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.

\n

Also, several buffer overflows were found in the included demo programs.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2071": "
\n

Debian Security Advisory

\n

DSA-2071-1 libmikmod -- buffer overflows

\n
\n
Date Reported:
\n
14 Jul 2010
\n
Affected Packages:
\n
\nlibmikmod\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-3995, CVE-2009-3996.
\n
More information:
\n
\n

Dyon Balding discovered buffer overflows in the MikMod sound library,\nwhich could lead to the execution of arbitrary code if a user is\ntricked into opening malformed Impulse Tracker or Ultratracker sound\nfiles.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.1.11-6+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.11-6.2.

\n

We recommend that you upgrade your libmikmod packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2072": "
\n

Debian Security Advisory

\n

DSA-2072-1 libpng -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jul 2010
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 533676, Bug 572308.
In Mitre's CVE dictionary: CVE-2010-1205, CVE-2010-2249.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libpng, a library for\nreading and writing PNG files. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2010-1205\n

    It was discovered a buffer overflow in libpng which allows remote\n attackers to execute arbitrary code via a PNG image that triggers\n an additional data row.

    • \n
  • CVE-2010-2249\n

    It was discovered a memory leak in libpng which allows remote\n attackers to cause a denial of service (memory consumption and\n application crash) via a PNG image containing malformed Physical\n Scale (aka sCAL) chunks.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.27-2+lenny4.

\n

For the testing (squeeze) and unstable (sid) distribution, these\nproblems have been fixed in version 1.2.44-1.

\n

We recommend that you upgrade your libpng package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng_1.2.27-2+lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng3_1.2.27-2+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_amd64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_arm.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_armel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_ia64.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mips.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_s390.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0_1.2.27-2+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/libp/libpng/libpng12-dev_1.2.27-2+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2073": "
\n

Debian Security Advisory

\n

DSA-2073-1 mlmmj -- insufficient input sanitising

\n
\n
Date Reported:
\n
20 Jul 2010
\n
Affected Packages:
\n
\nmlmmj\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4896.
\n
More information:
\n
\n

Florian Streibelt reported a directory traversal flaw in the way the\nMailing List Managing Made Joyful mailing list manager processed\nusers' requests originating from the administrator web interface\nwithout enough input validation. A remote, authenticated attacker could\nuse these flaws to write and/or delete arbitrary files.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.2.15-1.1+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.17-1.1.

\n

We recommend that you upgrade your mlmmj package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj-php-web_1.2.15-1.1+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj-php-web-admin_1.2.15-1.1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mlmmj/mlmmj_1.2.15-1.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2074": "
\n

Debian Security Advisory

\n

DSA-2074-1 ncompress -- integer underflow

\n
\n
Date Reported:
\n
21 Jul 2010
\n
Affected Packages:
\n
\nncompress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0001.
\n
More information:
\n
\n

Aki Helin discovered an integer underflow in ncompress, the original\nLempel-Ziv compress/uncompress programs.\nThis could lead to the execution of arbitrary code when trying to decompress\na crafted LZW compressed gzip archive.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.2.4.2-1+lenny1.

\n

For the testing (squeeze) and unstable (sid) distribution, this\nproblem has been fixed in version 4.2.4.3-1.

\n

We recommend that you upgrade your ncompress package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/ncompress/ncompress_4.2.4.2-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2075": "
\n

Debian Security Advisory

\n

DSA-2075-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jul 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0182, CVE-2010-0654, CVE-2010-1205, CVE-2010-1208, CVE-2010-1211, CVE-2010-1214, CVE-2010-2751, CVE-2010-2753, CVE-2010-2754.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-0182\n

    Wladimir Palant discovered that security checks in XML processing\n were insufficiently enforced.

    • \n
  • CVE-2010-0654\n

    Chris Evans discovered that insecure CSS handling could lead to\n reading data across domain boundaries.

    • \n
  • CVE-2010-1205\n

    Aki Helin discovered a buffer overflow in the internal copy of\n libpng, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-1208\n

    \"regenrecht\" discovered that incorrect memory handling in DOM\n parsing could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-1211\n

    Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary\n Kwong, Tobias Markus and Daniel Holbert discovered crashes in the\n layout engine, which might allow the execution of arbitrary code.

    • \n
  • CVE-2010-1214\n

    \"JS3\" discovered an integer overflow in the plugin code, which\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-2751\n

    Jordi Chancel discovered that the location could be spoofed to\n appear like a secured page.

    • \n
  • CVE-2010-2753\n

    \"regenrecht\" discovered that incorrect memory handling in XUL\n parsing could lead to the execution of arbitrary code.

    • \n
  • CVE-2010-2754\n

    Soroush Dalili discovered an information leak in script\n processing.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.1.11-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 1.9.2.7-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-3.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-3_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2076": "
\n

Debian Security Advisory

\n

DSA-2076-1 gnupg2 -- use-after-free

\n
\n
Date Reported:
\n
27 Jul 2010
\n
Affected Packages:
\n
\ngnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 590122.
In Mitre's CVE dictionary: CVE-2010-2547.
\n
More information:
\n
\n

It was discovered that GnuPG 2 uses a freed pointer when verifying a\nsignature or importing a certificate with many Subject Alternate Names,\npotentially leading to arbitrary code execution.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.0.9-3.1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-2.

\n

GnuPG 1 (in the gnupg package) is not affected by this problem.

\n

We recommend that you upgrade your gnupg2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg-agent_2.0.9-3.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gnupg2_2.0.9-3.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gnupg2/gpgsm_2.0.9-3.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2077": "
\n

Debian Security Advisory

\n

DSA-2077-1 openldap -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Jul 2010
\n
Affected Packages:
\n
\nopenldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0211, CVE-2010-0212.
\n
More information:
\n
\n

Two remote vulnerabilities have been discovered in OpenLDAP. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-0211\n

    The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does\n not check the return value of a call to the smr_normalize\n function, which allows remote attackers to cause a denial of\n service (segmentation fault) and possibly execute arbitrary code\n via a modrdn call with an RDN string containing invalid UTF-8\n sequences.

    • \n
  • CVE-2010-0212\n

    OpenLDAP 2.4.22 allows remote attackers to cause a denial of\n service (crash) via a modrdn call with a zero-length RDN\n destination string.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.4.11-1+lenny2. (The missing update for the mips\narchitecture will be provided soon.)

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.23-1.

\n

We recommend that you upgrade your openldap packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2078": "
\n

Debian Security Advisory

\n

DSA-2078-1 kvirc -- programming error

\n
\n
Date Reported:
\n
31 Jul 2010
\n
Affected Packages:
\n
\nkvirc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2785.
\n
More information:
\n
\n

It was discovered that incorrect parsing of CTCP commands in kvirc, a\nKDE-based IRC client, could lead to the execution of arbitrary IRC\ncommands against other users.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2:3.4.0-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:4.0.0-3.

\n

We recommend that you upgrade your kvirc package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mips.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2079": "
\n

Debian Security Advisory

\n

DSA-2079-1 mapserver -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Jul 2010
\n
Affected Packages:
\n
\nmapserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2539, CVE-2010-2540.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mapserver, a CGI-based\nweb framework to publish spatial data and interactive mapping applications.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-2539\n

    A stack-based buffer overflow in the msTmpFile function might lead to\n arbitrary code execution under some conditions.

    • \n
  • CVE-2010-2540\n

    It was discovered that the CGI debug command-line arguments which are\n enabled by default are insecure and may allow a remote attacker to\n execute arbitrary code. Therefore they have been disabled by default.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 5.0.3-3+lenny5.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 5.6.4-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.6.4-1.

\n

We recommend that you upgrade your mapserver packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3-3+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver_5.0.3.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby_5.0.3-3+lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-doc_5.0.3-3+lenny5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/m/mapserver/php5-mapscript_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/perl-mapscript_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.9_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/mapserver-bin_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/libmapscript-ruby1.8_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/cgi-mapserver_5.0.3-3+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/m/mapserver/python-mapscript_5.0.3-3+lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2080": "
\n

Debian Security Advisory

\n

DSA-2080-1 ghostscript -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Aug 2010
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2007-6725, CVE-2008-3522, CVE-2008-6679, CVE-2009-0196, CVE-2009-0792, CVE-2009-4270, CVE-2010-1869.
\n
More information:
\n
\n

Several security issues have been discovered in Ghostscript, a GPL\nPostScript/PDF interpreter, which might lead to the execution of\narbitrary code if a user processes a malformed PDF or Postscript file.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 8.62.dfsg.1-3.2lenny4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8.71~dfsg-4.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2081": "
\n

Debian Security Advisory

\n

DSA-2081-1 libmikmod -- buffer overflow

\n
\n
Date Reported:
\n
01 Aug 2010
\n
Affected Packages:
\n
\nlibmikmod\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2546.
\n
More information:
\n
\n

Tomas Hoger discovered that the upstream fix for CVE-2009-3995 was\ninsufficient. This update provides a corrected package.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.1.11-6.0.1+lenny1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.11-6.3.

\n

We recommend that you upgrade your libmikmod packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6.0.1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod_3.1.11-6.0.1+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2_3.1.11-a-6.0.1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/libm/libmikmod/libmikmod2-dev_3.1.11-a-6.0.1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2082": "
\n

Debian Security Advisory

\n

DSA-2082-1 gmime2.2 -- buffer overflow

\n
\n
Date Reported:
\n
02 Aug 2010
\n
Affected Packages:
\n
\ngmime2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0409.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the MIME library GMime might\nlead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.2.22-2+lenny2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.25-1.1.

\n

We recommend that you upgrade your gmime2.2 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/gmime2.2_2.2.22-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/gmime2.2_2.2.22.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/gmime2.2_2.2.22-2+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime2.2-cil_2.2.22-2+lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-doc_2.2.22-2+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_mipsel.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2-dev_2.2.22-2+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/gmime2.2/libgmime-2.0-2a_2.2.22-2+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2083": "
\n

Debian Security Advisory

\n

DSA-2083-1 moin -- missing input sanitization

\n
\n
Date Reported:
\n
02 Aug 2010
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 584809.
In Mitre's CVE dictionary: CVE-2010-2487.
\n
More information:
\n
\n

It was discovered that moin, a python clone of WikiWiki, does not sufficiently\nsanitize parameters when passing them to the add_msg function. This allows a\nremote attackers to conduct cross-site scripting (XSS) attacks for example\nvia the template parameter.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny5.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-1.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moin/python-moinmoin_1.7.1-3+lenny5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2084": "
\n

Debian Security Advisory

\n

DSA-2084-1 tiff -- integer overflows

\n
\n
Date Reported:
\n
03 Aug 2010
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1411.
\n
More information:
\n
\n

Kevin Finisterre discovered that several integer overflows in the TIFF\nlibrary could lead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.8.2-11.3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.9.4-1.

\n

We recommend that you upgrade your tiff packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.tar.gz
\n
http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_alpha.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_amd64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_armel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_hppa.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_i386.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_ia64.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mips.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_s390.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.3_sparc.deb
\n
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2085": "
\n

Debian Security Advisory

\n

DSA-2085-1 lftp -- missing input validation

\n
\n
Date Reported:
\n
03 Aug 2010
\n
Affected Packages:
\n
\nlftp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2251.
\n
More information:
\n
\n

It was discovered that in lftp, a command-line HTTP/FTP client, there is\nno proper validation of the filename provided by the server through the\nContent-Disposition header; attackers can use this flaw by suggesting a\nfilename they wish to overwrite on the client machine, and then possibly\nexecute arbitrary code (for instance if the attacker elects to write a\ndotfile in a home directory).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.7.3-1+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 4.0.6-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.0.6-1.

\n

We recommend that you upgrade your lftp packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lftp/lftp_3.7.3-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2086": "
\n

Debian Security Advisory

\n

DSA-2086-1 avahi -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2010
\n
Affected Packages:
\n
\navahi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-0758, CVE-2010-2244.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Avahi mDNS/DNS-SD\ndaemon. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-0758\n

    Rob Leslie discovered a denial of service vulnerability in the\n code used to reflect unicast mDNS traffic.

    • \n
  • CVE-2010-2244\n

    Ludwig Nussel discovered a denial of service vulnerability in\n the processing of malformed DNS packets.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.6.23-3lenny2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.6.26-1.

\n

We recommend that you upgrade your Avahi packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23-3lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi_0.6.23-3lenny2.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/a/avahi/python-avahi_0.6.23-3lenny2_all.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-discover_0.6.23-3lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dnsconfd_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-client3_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-data_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common3_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-ui-utils_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core5_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt3-1_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-core-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl0_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-autoipd_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-glib1_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-dbg_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-howl-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-common-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-utils_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-gobject0_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd-dev_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-qt4-1_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-ui0_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/libavahi-compat-libdnssd1_0.6.23-3lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/avahi/avahi-daemon_0.6.23-3lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2087": "
\n

Debian Security Advisory

\n

DSA-2087-1 cabextract -- programming error

\n
\n
Date Reported:
\n
04 Aug 2010
\n
Affected Packages:
\n
\ncabextract\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2801.
\n
More information:
\n
\n

It was discovered that a programming error in the archive test mode of\ncabextract, a program to extract Microsoft Cabinet files, could lead to\nthe execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2-3+lenny1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your cabextract package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cabextract/cabextract_1.2-3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2088": "
\n

Debian Security Advisory

\n

DSA-2088-1 wget -- missing input sanitization

\n
\n
Date Reported:
\n
05 Aug 2010
\n
Affected Packages:
\n
\nwget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 590296.
In Mitre's CVE dictionary: CVE-2010-2252.
\n
More information:
\n
\n

It was discovered that wget, a command line tool for downloading files\nfrom the WWW, uses server-provided file names when creating local\nfiles. This may lead to code execution in some scenarios.

\n

After this update, wget will ignore server-provided file names. You\ncan restore the old behavior in cases where it is not desirable by\ninvoking wget with the new --use-server-file-name option.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.11.4-2+lenny2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your wget package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wget/wget_1.11.4-2+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2089": "
\n

Debian Security Advisory

\n

DSA-2089-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Aug 2010
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1917, CVE-2010-2225, CVE-2010-3065.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in PHP\u00a05, an hypertext\npreprocessor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-1917\n

    The fnmatch function can be abused to conduct denial of service attacks\n (by crashing the interpreter) by the means of a stack overflow.

    • \n
  • CVE-2010-2225\n

    The SplObjectStorage unserializer allows attackers to execute arbitrary\n code via serialized data by the means of a use-after-free\n vulnerability.

    • \n
  • CVE-2010-3065\n

    The default sessions serializer does not correctly handle a special\n marker, which allows an attacker to inject arbitrary variables into the\n session and possibly exploit vulnerabilities in the unserializer.

    • \n
  • CVE-2010-1128\n

    For this vulnerability (predictable entropy for the Linear Congruential\n Generator used to generate session ids) we do not consider upstream's\n solution to be sufficient. It is recommended to uncomment the\n session.entropy_file and session.entropy_length settings in the php.ini\n files. Further improvements can be achieved by setting\n session.hash_function to 1 (one) and incrementing the value of\n session.entropy_length.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny9.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9.dsc
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny9_all.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny9_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2090": "
\n

Debian Security Advisory

\n

DSA-2090-1 socat -- incorrect user-input validation

\n
\n
Date Reported:
\n
06 Aug 2010
\n
Affected Packages:
\n
\nsocat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 591443.
In Mitre's CVE dictionary: CVE-2010-2799.
\n
More information:
\n
\n

A stack overflow vulnerability was found in socat that allows an\nattacker to execute arbitrary code with the privileges of the socat\nprocess.

\n

This vulnerability can only be exploited when an attacker is able to\ninject more than 512 bytes of data into socat's argument.

\n

A vulnerable scenario would be a CGI script that reads data from\nclients and uses (parts of) this data as argument for a socat\ninvocation.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.6.0.1-1+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1.3-1.

\n

We recommend that you upgrade your socat package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/socat/socat_1.6.0.1-1+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2091": "
\n

Debian Security Advisory

\n

DSA-2091-1 squirrelmail -- No user-specific token implemented

\n
\n
Date Reported:
\n
12 Aug 2010
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 543818.
In Mitre's CVE dictionary: CVE-2009-2964, CVE-2010-2813.
\n
More information:
\n
\n

SquirrelMail, a webmail application, does not employ a user-specific token\nfor webforms. This allows a remote attacker to perform a Cross Site Request\nForgery (CSRF) attack. The attacker may hijack the authentication of\nunspecified victims and send messages or change user preferences among other\nactions, by tricking the victim into following a link controlled by the\noffender.

\n

In addition, a denial-of-service was fixed, which could be triggered when a\npassword containing 8-bit characters was used to log in (CVE-2010-2813).

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny3.1.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 1.4.21-1.

\n

We recommend that you upgrade your squirrelmail packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.4.15-4+lenny3.1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2092": "
\n

Debian Security Advisory

\n

DSA-2092-1 lxr-cvs -- missing input sanitizing

\n
\n
Date Reported:
\n
17 Aug 2010
\n
Affected Packages:
\n
\nlxr-cvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 588137, Bug 585412, Bug 588036, Bug 575745.
In Mitre's CVE dictionary: CVE-2010-1625, CVE-2010-1738, CVE-2010-1448, CVE-2009-4497.
\n
More information:
\n
\n

Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a\nweb frontend, not enough sanitation of user input is performed; an\nattacker can take advantage of this and pass script code in order to\nperform cross-site scripting attacks.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.5+cvs20071020-1+lenny1.

\n

For the testing distribution (sid), this problem has been fixed in\nversion 0.9.5+cvs20071020-1.1.

\n

We recommend that you upgrade your lxr-cvs packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/lxr-cvs/lxr-cvs_0.9.5+cvs20071020-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2093": "
\n

Debian Security Advisory

\n

DSA-2093-1 ghostscript -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Aug 2010
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 584516.
In Mitre's CVE dictionary: CVE-2009-4897, CVE-2010-1628.
\n
More information:
\n
\n

Two security issues have been discovered in Ghostscript, the GPL\nPostScript/PDF interpreter. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-4897\n

    A buffer overflow was discovered that allows remote attackers to\n execute arbitrary code or cause a denial of service via a crafted PDF\n document containing a long name.

    • \n
  • CVE-2010-1628\n

    Dan Rosenberg discovered that ghostscript incorrectly handled certain\n recursive Postscript files. An attacker could execute arbitrary code\n via a PostScript file containing unlimited recursive procedure\n invocations, which trigger memory corruption in the stack of the\n interpreter.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 8.62.dfsg.1-3.2lenny5

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthese problems have been fixed in version 8.71~dfsg2-4

\n

We recommend that you upgrade your ghostscript package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.diff.gz
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5.dsc
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny5_all.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2094": "
\n

Debian Security Advisory

\n

DSA-2094-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
19 Aug 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 589179.
In Mitre's CVE dictionary: CVE-2009-4895, CVE-2010-2226, CVE-2010-2240, CVE-2010-2248, CVE-2010-2521, CVE-2010-2798, CVE-2010-2803, CVE-2010-2959, CVE-2010-3015.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-4895\n

    Kyle Bader reported an issue in the tty subsystem that allows local\n users to create a denial of service (NULL pointer dereference).

    • \n
  • CVE-2010-2226\n

    Dan Rosenberg reported an issue in the xfs filesystem that allows local\n users to copy and read a file owned by another user, for which they\n only have write permissions, due to a lack of permission checking in the\n XFS_SWAPEXT ioctl.

    • \n
  • CVE-2010-2240\n

    Rafal Wojtczuk reported an issue that allows users to obtain escalated\n privileges. Users must already have sufficient privileges to execute or\n connect clients to an Xorg server.

    • \n
  • CVE-2010-2248\n

    Suresh Jayaraman discovered an issue in the CIFS filesystem. A malicious\n file server can set an incorrect \"CountHigh\" value, resulting in a\n denial of service (BUG_ON() assertion).

    • \n
  • CVE-2010-2521\n

    Neil Brown reported an issue in the NFSv4 server code. A malicious client\n could trigger a denial of service (Oops) on a server due to a bug in\n the read_buf() routine.

    • \n
  • CVE-2010-2798\n

    Bob Peterson reported an issue in the GFS2 file system. A file system\n user could cause a denial of service (Oops) via certain rename\n operations.

    • \n
  • CVE-2010-2803\n

    Kees Cook reported an issue in the DRM (Direct Rendering Manager)\n subsystem. Local users with sufficient privileges (local X users\n or members of the 'video' group on a default Debian install) could\n acquire access to sensitive kernel memory.

    • \n
  • CVE-2010-2959\n

    Ben Hawkes discovered an issue in the AF_CAN socket family. An integer\n overflow condition may allow local users to obtain elevated privileges.

    • \n
  • CVE-2010-3015\n

    Toshiyuki Okajima reported an issue in the ext4 filesystem. Local users\n could trigger a denial of service (BUG assertion) by generating a specific\n set of filesystem operations.

    • \n
\n

This update also includes fixes a regression introduced by a previous\nupdate. See the referenced Debian bug page for details.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-24lenny1.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

The following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+24lenny1
\n

Updates for arm and mips will be released as they become\navailable.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-24lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-24lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-24lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-24lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-24lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-24lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-24lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-24lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-24lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-24lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-24lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-24lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-24lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-24lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-24lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-24lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-24lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-24lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-24lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-24lenny1_powerpc.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-24lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-24lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-24lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-24lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-24lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2095": "
\n

Debian Security Advisory

\n

DSA-2095-1 lvm2 -- insecure communication protocol

\n
\n
Date Reported:
\n
23 Aug 2010
\n
Affected Packages:
\n
\nlvm2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 591204.
In Mitre's CVE dictionary: CVE-2010-2526.
\n
More information:
\n
\n

Alasdair Kergon discovered that the cluster logical volume manager daemon\n(clvmd) in LVM2, The Linux Logical Volume Manager, does not verify client\ncredentials upon a socket connection, which allows local users to cause a\ndenial of service.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.02.39-8.

\n

For the testing distribution (squeeze), and the unstable distribution (sid),\nthis problem has been fixed in version 2.02.66-3.

\n

We recommend that you upgrade your lvm2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8.diff.gz
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_alpha.udeb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_amd64.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_armel.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_armel.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_i386.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_i386.udeb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_ia64.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_mips.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_mips.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_s390.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/lvm2/clvm_2.02.39-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2_2.02.39-8_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/lvm2/lvm2-udeb_2.02.39-8_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2096": "
\n

Debian Security Advisory

\n

DSA-2096-1 zope-ldapuserfolder -- missing input validation

\n
\n
Date Reported:
\n
24 Aug 2010
\n
Affected Packages:
\n
\nzope-ldapuserfolder\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 593466.
In Mitre's CVE dictionary: CVE-2010-2944.
\n
More information:
\n
\n

Jeremy James discovered that in LDAPUserFolder, a Zope extension\nused to authenticate against an LDAP server, the authentication code\ndoes not verify the password provided for the emergency user. Malicious\nusers that manage to get the emergency user login can use this flaw to\ngain administrative access to the Zope instance, by providing an\narbitrary password.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.9-1+lenny1.

\n

The package no longer exists in the upcoming stable distribution\n(squeeze) or the unstable distribution.

\n

We recommend that you upgrade your zope-ldapuserfolder package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/z/zope-ldapuserfolder/zope-ldapuserfolder_2.9.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/z/zope-ldapuserfolder/zope-ldapuserfolder_2.9-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/z/zope-ldapuserfolder/zope-ldapuserfolder_2.9-1+lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/z/zope-ldapuserfolder/zope-ldapuserfolder_2.9-1+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2097": "
\n

Debian Security Advisory

\n

DSA-2097-1 phpmyadmin -- insufficient input sanitising

\n
\n
Date Reported:
\n
29 Aug 2010
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3055, CVE-2010-3056.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2010-3055\n

    The configuration setup script does not properly sanitise its output\n file, which allows remote attackers to execute arbitrary PHP code via\n a crafted POST request. In Debian, the setup tool is protected through\n Apache HTTP basic authentication by default.

    • \n
  • CVE-2010-3056\n

    Various cross site scripting issues have been discovered that allow\n a remote attacker to inject arbitrary web script or HTML.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny5.

\n

For the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.5.1-1.

\n

We recommend that you upgrade your phpmyadmin package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny5.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny5_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2098": "
\n

Debian Security Advisory

\n

DSA-2098-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2010
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 590719.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework: cross-site Scripting, open redirection,\nSQL injection, broken authentication and session management,\ninsecure randomness, information disclosure and arbitrary code\nexecution. More details can be found in\nthe Typo3 security advisory.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny4.

\n

The testing distribution (squeeze) will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.5-1.

\n

We recommend that you upgrade your typo3-src package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny4.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny4_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny4_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2099": "
\n

Debian Security Advisory

\n

DSA-2099-1 openoffice.org -- buffer overflows

\n
\n
Date Reported:
\n
30 Aug 2010
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2935, CVE-2010-2936.
\n
More information:
\n
\n

Charlie Miller has discovered two vulnerabilities in OpenOffice.org\nImpress, which can be exploited by malicious people to compromise a\nuser's system and execute arbitrary code.

\n
    \n

  • An integer truncation error when parsing certain content can be\n exploited to cause a heap-based buffer overflow via a specially\n crafted file.

    • \n

  • A short integer overflow error when parsing certain content can\n be exploited to cause a heap-based buffer overflow via a specially\n crafted file.

    • \n
\n

For the stable distribution (lenny) these problems have been fixed in\nversion 2.4.1+dfsg-1+lenny8.

\n

For the testing (squeeze) and unstable (sid) distributions these\nproblems have been fixed in version 3.2.1-6.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8.dsc
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8.diff.gz
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/broffice.org_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-basetypes1.0-cil_1.0.10.0+OOo2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-cppuhelper1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-types1.1-cil_1.1.13.0+OOo2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libuno-cli-ure1.0-cil_1.0.13.0+OOo2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev-doc_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-emailmerge_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-cs_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-da_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-de_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-dz_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-gb_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-en-us_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-es_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-et_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-eu_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-fr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-gl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hu_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-it_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ko_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-nl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt-br_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-pt_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ru_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-sv_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-cn_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-java-common_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-as-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-be-by_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bg_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-br_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bs_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-gb_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en-za_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eo_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fa_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gu-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ka_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-km_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ku_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lo_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mk_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-mr-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-or-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pa-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ro_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-rw_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr-cs_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ss_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-st_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ta-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-te-in_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tg_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ts_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uk_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-uz_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ve_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-vi_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-xh_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-za_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-api-tests_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder_1.0.2+OOo2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-andromeda_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-crystal_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-hicontrast_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-industrial_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-style-tango_2.4.1+dfsg-1+lenny8_all.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_2.4.1+dfsg-1+lenny8_all.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_ia64.deb
\n
Big endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_mips.deb
\n
Little endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openoffice.org/cli-uno-bridge_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/libmythes-dev_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/mozilla-openoffice.org_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-base-core_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-calc_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-core_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dbg_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-draw_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-binfilter_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gcj_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gnome_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-headless_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-impress_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-math_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-officebean_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-ogltrans_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-presentation-minimizer_1.0+OOo2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-qa-tools_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-report-builder-bin_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-sdbc-postgresql_0.7.6+OOo2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-writer_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/python-uno_2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure_1.4+OOo2.4.1+dfsg-1+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openoffice.org/ure-dbg_1.4+OOo2.4.1+dfsg-1+lenny8_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2100": "
\n

Debian Security Advisory

\n

DSA-2100-1 openssl -- double free

\n
\n
Date Reported:
\n
30 Aug 2010
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2939.
\n
More information:
\n
\n

George Guninski discovered a double free in the ECDH code of the OpenSSL\ncrypto library, which may lead to denial of service and potentially the\nexecution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8o-2.

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_armel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_mips.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny8_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny8_sparc.udeb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2101": "
\n

Debian Security Advisory

\n

DSA-2101-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Aug 2010
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2994, CVE-2010-2995.
\n
More information:
\n
\n

Several implementation errors in the dissector of the Wireshark network\ntraffic analyzer for the ASN.1 BER protocol and in the SigComp Universal\nDecompressor Virtual Machine may lead to the execution of arbitrary code.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.0.2-3+lenny10.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.10-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny10_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny10_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny10_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny10_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2102": "
\n

Debian Security Advisory

\n

DSA-2102-1 barnowl -- unchecked return value

\n
\n
Date Reported:
\n
03 Sep 2010
\n
Affected Packages:
\n
\nbarnowl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 593299.
In Mitre's CVE dictionary: CVE-2010-2725.
\n
More information:
\n
\n

It has been discovered that in barnowl, a curses-based instant-messaging\nclient, the return codes of calls to the ZPending and ZReceiveNotice\nfunctions in libzephyr were not checked, allowing attackers to cause a\ndenial of service (crash of the application), and possibly execute\narbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.1-4+lenny2.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.6.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1.

\n

We recommend that you upgrade your barnowl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl-irc_1.0.1-4+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2103": "
\n

Debian Security Advisory

\n

DSA-2103-1 smbind -- sql injection

\n
\n
Date Reported:
\n
05 Sep 2010
\n
Affected Packages:
\n
\nsmbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that smbind, a PHP-based tool for managing DNS zones\nfor BIND, does not properly validating input.\nAn unauthenticated remote attacker could execute arbitrary SQL commands\nor gain access to the admin account.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.4.7-3+lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.7-5, and will migrate to the testing distribution (squeeze)\nshortly.

\n

We recommend that you upgrade your smbind (0.4.7-3+lenny1) package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/smbind/smbind_0.4.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/smbind/smbind_0.4.7-3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/s/smbind/smbind_0.4.7-3+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/smbind/smbind_0.4.7-3+lenny1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2104": "
\n

Debian Security Advisory

\n

DSA-2104-1 quagga -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Sep 2010
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 594262.
In Mitre's CVE dictionary: CVE-2010-2948, CVE-2010-2949.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the BGP\nimplementation of Quagga, a routing daemon.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-2948\n

    When processing a crafted Route Refresh message received\n\tfrom a configured, authenticated BGP neighbor, Quagga\n\tmay crash, leading to a denial of service.

    • \n
  • CVE-2010-2949\n

    When processing certain crafted AS paths, Quagga would crash\n\twith a NULL pointer dereference, leading to a denial of\n\tservice. In some configurations, such crafted AS paths could\n\tbe relayed by intermediate BGP routers.

    • \n
\n

In addition, this update contains a reliability fix: Quagga will no\nlonger advertise confederation-related AS paths to non-confederation\npeers, and reject unexpected confederation-related AS paths by\nresetting the session with the BGP peer which is advertising them.\n(Previously, such AS paths would trigger resets of unrelated BGP\nsessions.)

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.99.10-1lenny3.

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 0.99.17-1.

\n

We recommend that you upgrade your quagga package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.10-1lenny3_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.10-1lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2105": "
\n

Debian Security Advisory

\n

DSA-2105-1 freetype -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Sep 2010
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1797, CVE-2010-2541, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FreeType font\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-1797\n

    Multiple stack-based buffer overflows in the\n cff_decoder_parse_charstrings function in the CFF Type2 CharStrings\n interpreter in cff/cffgload.c in FreeType allow remote attackers to\n execute arbitrary code or cause a denial of service (memory\n corruption) via crafted CFF opcodes in embedded fonts in a PDF\n document, as demonstrated by JailbreakMe.

    • \n
  • CVE-2010-2541\n

    Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType\n allows remote attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted font file.

    • \n
  • CVE-2010-2805\n

    The FT_Stream_EnterFrame function in base/ftstream.c in FreeType does\n not properly validate certain position values, which allows remote\n attackers to cause a denial of service (application crash) or\n possibly execute arbitrary code via a crafted font file

    • \n
  • CVE-2010-2806\n

    Array index error in the t42_parse_sfnts function in\n type42/t42parse.c in FreeType allows remote attackers to cause a\n denial of service (application crash) or possibly execute arbitrary\n code via negative size values for certain strings in FontType42 font\n files, leading to a heap-based buffer overflow.

    • \n
  • CVE-2010-2807\n

    FreeType uses incorrect integer data types during bounds checking,\n which allows remote attackers to cause a denial of service\n (application crash) or possibly execute arbitrary code via a crafted\n font file.

    • \n
  • CVE-2010-2808\n

    Buffer overflow in the Mac_Read_POST_Resource function in\n base/ftobjs.c in FreeType allows remote attackers to cause a denial\n of service (memory corruption and application crash) or possibly\n execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka\n LWFN) font.

    • \n
  • CVE-2010-3053\n

    bdf/bdflib.c in FreeType allows remote attackers to cause a denial of\n service (application crash) via a crafted BDF font file, related to\n an attempted modification of a value in a static string.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny3

\n

For the unstable distribution (sid) and the testing distribution\n(squeeze), these problems have been fixed in version 2.4.2-1

\n

We recommend that you upgrade your freetype package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.diff.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny3.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_alpha.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_amd64.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_arm.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_armel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_s390.udeb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny3_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny3_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny3_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2106": "
\n

Debian Security Advisory

\n

DSA-2106-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Sep 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2760, CVE-2010-2763, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-2760, CVE-2010-3167, CVE-2010-3168\n

    Implementation errors in XUL processing allow the execution of arbitrary\ncode.

    • \n
  • CVE-2010-2763\n

    An implementation error in the XPCSafeJSObjectWrapper wrapper allows the\nbypass of the same origin policy.

    • \n
  • CVE-2010-2765\n

    An integer overflow in frame handling allows the execution of arbitrary\ncode.

    • \n
  • CVE-2010-2766\n

    An implementation error in DOM handling allows the execution of arbitrary\ncode.

    • \n
  • CVE-2010-2767\n

    Incorrect pointer handling in the plugin code allow the execution of\narbitrary code.

    • \n
  • CVE-2010-2768\n

    Incorrect handling of an object tag may lead to the bypass of cross\nsite scripting filters.

    • \n
  • CVE-2010-2769\n

    Incorrect copy and paste handling could lead to cross site scripting.

    • \n
  • CVE-2010-3169\n

    Crashes in the layout engine may lead to the execution of arbitrary\ncode.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.5.12-1 of the iceweasel source package (which now builds the\nxulrunner library binary packages).

\n

For the experimental distribution, these problems have been fixed in\nversion 3.6.9-1 of the iceweasel source package (which now builds the\nxulrunner library binary packages).

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-4.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2107": "
\n

Debian Security Advisory

\n

DSA-2107-1 couchdb -- untrusted search path

\n
\n
Date Reported:
\n
09 Sep 2010
\n
Affected Packages:
\n
\ncouchdb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 594412.
In Mitre's CVE dictionary: CVE-2010-2953.
\n
More information:
\n
\n

Dan Rosenberg discovered that in couchdb, a distributed,\nfault-tolerant and schema-free document-oriented database, an insecure\nlibrary search path is used. A local attacker could execute arbitrary\ncode by first dumping a maliciously crafted shared library in some\ndirectory, and then having an administrator run couchdb from this same\ndirectory.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.8.0-2+lenny1.

\n

We recommend that you upgrade your couchdb package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/couchdb/couchdb_0.8.0-2+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2108": "
\n

Debian Security Advisory

\n

DSA-2108-1 cvsnt -- programming error

\n
\n
Date Reported:
\n
14 Sep 2010
\n
Affected Packages:
\n
\ncvsnt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 593884.
In Mitre's CVE dictionary: CVE-2010-1326.
\n
More information:
\n
\n

It has been discovered that in cvsnt, a multi-platform version of the\noriginal source code versioning system CVS, an error in the\nauthentication code allows a malicious, unprivileged user, through the\nuse of a specially crafted branch name, to gain write access to any\nmodule or directory, including CVSROOT itself. The attacker can then\nexecute arbitrary code as root by modifying or adding administrative\nscripts in that directory.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.5.03.2382-3.3+lenny1.

\n

We recommend that you upgrade your cvsnt package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382.orig.tar.gz
\n
Alpha\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_alpha.deb
\n
AMD64\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_amd64.deb
\n
ARM\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_arm.deb
\n
ARM EABI\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_armel.deb
\n
HP Precision\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/cvsnt/cvsnt_2.5.03.2382-3.3+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2109": "
\n

Debian Security Advisory

\n

DSA-2109-1 samba -- buffer overflow

\n
\n
Date Reported:
\n
16 Sep 2010
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 596891.
In Mitre's CVE dictionary: CVE-2010-3069.
\n
More information:
\n
\n

A vulnerability has been discovered in samba, a SMB/CIFS file, print,\nand login server for Unix.

\n

The sid_parse() function does not correctly check its input lengths\nwhen reading a binary representation of a Windows SID (Security ID).\nThis allows a malicious client to send a sid that can overflow the\nstack variable that is being used to store the SID in the Samba smbd\nserver. (CVE-2010-3069)

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.2.5-4lenny13.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem will be fixed in version 3.5.5~dfsg-1.

\n

We recommend that you upgrade your samba packages. The packages for the\nmips architecture are not included in this upgrade. They will be released\nas soon as they become available.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.dsc
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny13_all.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny13_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_arm.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_armel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_i386.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_s390.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny13_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny13_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2110": "
\n

Debian Security Advisory

\n

DSA-2110-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
17 Sep 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2492, CVE-2010-2954, CVE-2010-3078, CVE-2010-3080, CVE-2010-3081.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information leak.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-2492\n

    Andre Osterhues reported an issue in the eCryptfs subsystem. A buffer\n overflow condition may allow local users to cause a denial of service\n or gain elevated privileges.

    • \n
  • CVE-2010-2954\n

    Tavis Ormandy reported an issue in the irda subsystem which may allow\n local users to cause a denial of service via a NULL pointer dereference.

    • \n
  • CVE-2010-3078\n

    Dan Rosenberg discovered an issue in the XFS file system that allows\n local users to read potentially sensitive kernel memory.

    • \n
  • CVE-2010-3080\n

    Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation\n layer. Local users with sufficient privileges to open /dev/sequencer\n (by default on Debian, this is members of the 'audio' group) can\n cause a denial of service via a NULL pointer dereference.

    • \n
  • CVE-2010-3081\n

    Ben Hawkes discovered an issue in the 32-bit compatibility code\n for 64-bit systems. Local users can gain elevated privileges due\n to insufficient checks in compat_alloc_user_space allocations.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-25lenny1.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux\npackages.

\n

The following matrix lists additional source packages that were\nrebuilt for compatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+25lenny1
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-25lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-25lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-25lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-25lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-25lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-25lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-25lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-25lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-25lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-25lenny1_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-25lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-25lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-25lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-25lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-25lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-25lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-25lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-25lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-25lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-25lenny1_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-25lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-25lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2111": "
\n

Debian Security Advisory

\n

DSA-2111-1 squid3 -- denial of service

\n
\n
Date Reported:
\n
19 Sep 2010
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 596086.
In Mitre's CVE dictionary: CVE-2010-3072.
\n
More information:
\n
\n

Phil Oester discovered that Squid-3, a fully featured Web Proxy cache, is\nprone to a denial of service attack via a specially crafted request that\nincludes empty strings.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny4.

\n

For the testing distribution (squeeze), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.6-1.1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4.diff.gz
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-common_3.0.STABLE8-3+lenny4_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_amd64.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_powerpc.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/squid3/squidclient_3.0.STABLE8-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3_3.0.STABLE8-3+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/squid3/squid3-cgi_3.0.STABLE8-3+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2112": "
\n

Debian Security Advisory

\n

DSA-2112-1 bzip2 -- integer overflow

\n
\n
Date Reported:
\n
20 Sep 2010
\n
Affected Packages:
\n
\nbzip2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0405.
\n
More information:
\n
\n

Mikolaj Izdebski has discovered an integer overflow flaw in the\nBZ2_decompress function in bzip2/libbz2. An attacker could use a\ncrafted bz2 file to cause a denial of service (application crash)\nor potentially to execute arbitrary code. (CVE-2010-0405)

\n

After the upgrade, all running services that use libbz2 need to be\nrestarted.

\n

This update also provides rebuilt dpkg packages, which are statically\nlinked to the fixed version of libbz2. Updated packages for clamav,\nwhich is also affected by this issue, will be provided on debian-volatile.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.5-1+lenny1.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem in bzip2 will be fixed soon. Updated dpkg packages are not\nnecessary for testing/unstable.

\n

We recommend that you upgrade your bzip2 / dpkg packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1.dsc
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2-doc_1.0.5-1+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-dev_1.0.5-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_amd64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib32bz2-1.0_1.0.5-1+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_armel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_hppa.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-1.0_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/bzip2_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-1.0_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/lib64bz2-dev_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bzip2/libbz2-dev_1.0.5-1+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29+b1_sparc.deb
\n
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29+b1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2113": "
\n

Debian Security Advisory

\n

DSA-2113-1 drupal6 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Sep 2010
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 592716.
In Mitre's CVE dictionary: CVE-2010-3091, CVE-2010-3092, CVE-2010-3093, CVE-2010-3094.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Drupal 6 a fully-featured\ncontent management framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2010-3091\n

    Several issues have been discovered in the OpenID module that allows\nmalicious access to user accounts.

    \n
    • \n
  • CVE-2010-3092\n

    The upload module includes a potential bypass of access restrictions due\nto not checking letter case-sensitivity.

    • \n
  • CVE-2010-3093\n

    The comment module has a privilege escalation issue that allows certain\nusers to bypass limitations.

    • \n
  • CVE-2010-3094\n

    Several cross-site scripting (XSS) issues have been discovered in the\nAction feature.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 6.6-3lenny6.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problems have been fixed in version 6.18-1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny6.dsc
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny6.diff.gz
\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/d/drupal6/drupal6_6.6-3lenny6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2114": "
\n

Debian Security Advisory

\n

DSA-2114-1 git-core -- buffer overflow

\n
\n
Date Reported:
\n
26 Sep 2010
\n
Affected Packages:
\n
\ngit-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 595728, Bug 590026.
In Mitre's CVE dictionary: CVE-2010-2542.
\n
More information:
\n
\n

The Debian stable point release 5.0.6 included updated packages of\nthe Git revision control system in order to fix a security issue.\nUnfortunately, the update introduced a regression which could make\nit impossible to clone or create Git repositories. This upgrade\nfixes this regression, which is tracked as\nDebian bug #595728.

\n

The original security issue allowed an attacker to execute arbitrary\ncode if he could trick a local user to execute a git command in a\ncrafted working directory (CVE-2010-2542).

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.6.5-3+lenny3.2.

\n

The packages for the hppa architecture are not included in this\nadvisory. However, the hppa architecture is not known to be affected\nby the regression.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), the security issue has been fixed in version 1.7.1-1.1. These\ndistributions were not affected by the regression.

\n

We recommend that you upgrade your git-core packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (stable)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.dsc
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/git-core/git-cvs_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-gui_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-arch_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-daemon-run_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitweb_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-svn_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-doc_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/git-email_1.5.6.5-3+lenny3.2_all.deb
\n
http://security.debian.org/pool/updates/main/g/git-core/gitk_1.5.6.5-3+lenny3.2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/git-core/git-core_1.5.6.5-3+lenny3.2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2115": "
\n

Debian Security Advisory

\n

DSA-2115-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Sep 2010
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1613, CVE-2010-1614, CVE-2010-1615, CVE-2010-1616, CVE-2010-1617, CVE-2010-1618, CVE-2010-1619, CVE-2010-2228, CVE-2010-2229, CVE-2010-2230, CVE-2010-2231.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Moodle, a\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2010-1613\n

    Moodle does not enable the Regenerate session id during\n\tlogin setting by default, which makes it easier for remote\n\tattackers to conduct session fixation attacks.

    • \n
  • CVE-2010-1614\n

    Multiple cross-site scripting (XSS) vulnerabilities allow\n\tremote attackers to inject arbitrary web script or HTML via\n\tvectors related to (1) the Login-As feature or (2) when the\n\tglobal search feature is enabled, unspecified global search\n\tforms in the Global Search Engine.

    • \n
  • CVE-2010-1615\n

    Multiple SQL injection vulnerabilities allow remote attackers\n\tto execute arbitrary SQL commands via vectors related to (1)\n\tthe add_to_log function in mod/wiki/view.php in the wiki\n\tmodule, or (2) data validation in some forms elements\n\trelated to lib/form/selectgroups.php.

    • \n
  • CVE-2010-1616\n

    Moodle can create new roles when restoring a course, which\n\tallows teachers to create new accounts even if they do not\n\thave the moodle/user:create capability.

    • \n
  • CVE-2010-1617\n

    user/view.php does not properly check a role, which allows\n\tremote authenticated users to obtain the full names of other\n\tusers via the course profile page.

    • \n
  • CVE-2010-1618\n

    A Cross-site scripting (XSS) vulnerability in the phpCAS\n\tclient library allows remote attackers to inject arbitrary web\n\tscript or HTML via a crafted URL, which is not properly\n\thandled in an error message.

    • \n
  • CVE-2010-1619\n

    A Cross-site scripting (XSS) vulnerability in the\n\tfix_non_standard_entities function in the KSES HTML text\n\tcleaning library (weblib.php) allows remote attackers to\n\tinject arbitrary web script or HTML via crafted HTML entities.

    • \n
  • CVE-2010-2228\n

    A Cross-site scripting (XSS) vulnerability in the MNET\n\taccess-control interface allows remote attackers to inject\n\tarbitrary web script or HTML via vectors involving extended\n\tcharacters in a username.

    • \n
  • CVE-2010-2229\n

    Multiple cross-site scripting (XSS) vulnerabilities in\n\tblog/index.php allow remote attackers to inject arbitrary web\n\tscript or HTML via unspecified parameters.

    • \n
  • CVE-2010-2230\n

    The KSES text cleaning filter in lib/weblib.php does\n\tnot properly handle vbscript URIs, which allows remote\n\tauthenticated users to conduct cross-site scripting (XSS)\n\tattacks via HTML input.

    • \n
  • CVE-2010-2231\n

    A Cross-site request forgery (CSRF) vulnerability in\n\treport/overview/report.php in the quiz module allows remote\n\tattackers to hijack the authentication of arbitrary users for\n\trequests that delete quiz attempts via the attemptid\n\tparameter.

    • \n
\n

This security update switches to a new upstream version and requires\ndatabase updates. After installing the fixed package, you must visit\n<http://localhost/moodle/admin/> and follow the update instructions.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.8.13-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.9.dfsg2-1.

\n

We recommend that you upgrade your moodle package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.13-1.diff.gz
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.13-1.dsc
\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.13.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.8.13-1_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2116": "
\n

Debian Security Advisory

\n

DSA-2116-1 freetype -- integer overflow

\n
\n
Date Reported:
\n
04 Oct 2010
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3311.
\n
More information:
\n
\n

Marc Schoenefeld has found an input stream position error in the\nway the FreeType font rendering engine processed input file streams.\nIf a user loaded a specially-crafted font file with an application\nlinked against FreeType and relevant font glyphs were subsequently\nrendered with the X FreeType library (libXft), it could cause the\napplication to crash or, possibly execute arbitrary code.

\n

After the upgrade, all running applications and services that use\nlibfreetype6 should be restarted. In most cases, logging out and\nin again should be enough. The script checkrestart from the\ndebian-goodies package or lsof may help to find out which\nprocesses are still using the old version of libfreetype6.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny4.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\nare not affected by this problem.

\n

We recommend that you upgrade your freetype packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.dsc
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny4.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_alpha.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_alpha.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_amd64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_amd64.udeb
\n
ARM:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_arm.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_arm.udeb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_armel.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_armel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_hppa.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_hppa.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_i386.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_i386.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_ia64.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_ia64.udeb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mips.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mips.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_mipsel.udeb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_s390.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_s390.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny4_sparc.deb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny4_sparc.udeb
\n
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2117": "
\n

Debian Security Advisory

\n

DSA-2117-1 apr-util -- denial of service

\n
\n
Date Reported:
\n
04 Oct 2010
\n
Affected Packages:
\n
\napr-util\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1623.
\n
More information:
\n
\n

APR-util is part of the Apache Portable Runtime library which is used\nby projects such as Apache httpd and Subversion.

\n

Jeff Trawick discovered a flaw in the apr_brigade_split_line() function\nin apr-util. A remote attacker could send crafted http requests to\ncause a greatly increased memory consumption in Apache httpd, resulting\nin a denial of service.

\n

This upgrade fixes this issue. After the upgrade, any running apache2\nserver processes need to be restarted.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.12+dfsg-8+lenny5.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.9+dfsg-4.

\n

We recommend that you upgrade your apr-util packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.dsc
\n
http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny5.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_alpha.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_amd64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_arm.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_armel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_hppa.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_i386.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_ia64.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mips.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_s390.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny5_sparc.deb
\n
http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2118": "
\n

Debian Security Advisory

\n

DSA-2118-1 subversion -- logic flaw

\n
\n
Date Reported:
\n
08 Oct 2010
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3315.
\n
More information:
\n
\n

Kamesh Jayachandran and C. Michael Pilat discovered that the mod_dav_svn\nmodule of Subversion, a version control system, is not properly enforcing\naccess rules which are scope-limited to named repositories. If the\nSVNPathAuthz option is set to short_circuit set this may enable an\nunprivileged attacker to bypass intended access restrictions and disclose\nor modify repository content.

\n

As a workaround it is also possible to set SVNPathAuthz to on but be\nadvised that this can result in a performance decrease for large\nrepositories.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-5.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12dfsg-2.

\n

We recommend that you upgrade your subversion packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.diff.gz
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5.dsc
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-doc_1.5.1dfsg1-5_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion-tools_1.5.1dfsg1-5_all.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby_1.5.1dfsg1-5_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_alpha.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_amd64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_amd64.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_armel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_hppa.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_i386.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_ia64.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_mips.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_mipsel.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_powerpc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_s390.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-dev_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libapache2-svn_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-ruby1.8_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-java_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/subversion_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn1_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/python-subversion_1.5.1dfsg1-5_sparc.deb
\n
http://security.debian.org/pool/updates/main/s/subversion/libsvn-perl_1.5.1dfsg1-5_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2119": "
\n

Debian Security Advisory

\n

DSA-2119-1 poppler -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Oct 2010
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 599165.
In Mitre's CVE dictionary: CVE-2010-3702, CVE-2010-3704.
\n
More information:
\n
\n

Joel Voss of Leviathan Security Group discovered two vulnerabilities in\nthe Poppler PDF rendering library, which may lead to the execution of\narbitrary code if a malformed PDF file is opened.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your poppler packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_arm.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_armel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_i386.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mips.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_s390.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2120": "
\n

Debian Security Advisory

\n

DSA-2120-1 postgresql-8.3 -- privilege escalation

\n
\n
Date Reported:
\n
12 Oct 2010
\n
Affected Packages:
\n
\npostgresql-8.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3433.
\n
More information:
\n
\n

Tim Bunce discovered that PostgreSQL, a database server software, does\nnot properly separate interpreters for server-side stored procedures\nwhich run in different security contexts. As a result, non-privileged\nauthenticated database users might gain additional privileges.

\n

Note that this security update may impact intended communication through\nglobal variables between stored procedures. It might be necessary to\nconvert these functions to run under the plperlu or pltclu languages,\nwith database superuser privileges.

\n

This security update also includes unrelated bug fixes from PostgreSQL\n8.3.12.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 8.3_8.3.12-0lenny1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.5-1 of the postgresql-8.4 package.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.dsc
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc_8.3.12-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib_8.3.12-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-doc-8.3_8.3.12-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql_8.3.12-0lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client_8.3.12-0lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-pltcl-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-dev_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plpython-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-client-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq-dev_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg6_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-contrib-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpgtypes3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-plperl-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libecpg-compat3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/postgresql-server-dev-8.3_8.3.12-0lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/p/postgresql-8.3/libpq5_8.3.12-0lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2121": "
\n

Debian Security Advisory

\n

DSA-2121-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Oct 2010
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3714, CVE-2010-3715, CVE-2010-3716, CVE-2010-3717.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in TYPO3. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-3714\n

    Multiple remote file disclosure vulnerabilities in the jumpUrl\n\tmechanism and the Extension Manager allowed attackers to read\n\tfiles with the privileges of the account under which the web\n\tserver was running.

    • \n
  • CVE-2010-3715\n

    The TYPO3 backend contained several cross-site scripting\n\tvulnerabilities, and the RemoveXSS function did not filter\n\tall Javascript code.

    • \n
  • CVE-2010-3716\n

    Malicious editors with user creation permission could escalate\n\ttheir privileges by creating new users in arbitrary groups, due\n\tto lack of input validation in the taskcenter.

    • \n
  • CVE-2010-3717\n

    TYPO3 exposed a crasher bug in the PHP filter_var function,\n\tenabling attackers to cause the web server process to crash\n\tand thus consume additional system resources.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny6.

\n

For the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n4.3.7-1.

\n

We recommend that you upgrade your TYPO3 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny6.dsc
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny6_all.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2122": "
\n

Debian Security Advisory

\n

DSA-2122-1 glibc -- missing input sanitization

\n
\n
Date Reported:
\n
22 Oct 2010
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 600667.
In Mitre's CVE dictionary: CVE-2010-3847, CVE-2010-3856.
\n
More information:
\n
\n

Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU\nlibc allows local users to gain root privileges using a crafted\nLD_AUDIT environment variable.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.7-18lenny6.

\n

For the upcoming stable distribution (squeeze), this problem has been\nfixed in version 2.11.2-6+squeeze1 of the eglibc package.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your glibc packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny6.dsc
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc_2.7-18lenny6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.7-18lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales_2.7-18lenny6_all.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/glibc-source_2.7-18lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny6_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_alpha.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-alphaev67_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i386_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_amd64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-i386_2.7-18lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_arm.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_armel.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-xen_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_i386.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-amd64_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-amd64_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-i686_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.7-18lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6.1-udeb_2.7-18lenny6_ia64.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mips64_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mips64_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-mipsn32_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_mips.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_mips.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-mipsn32_2.7-18lenny6_mips.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-ppc64_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-ppc64_2.7-18lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_powerpc.udeb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-s390x_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-s390x_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_s390.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-udeb_2.7-18lenny6_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/locales-all_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparcv9b_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-files-udeb_2.7-18lenny6_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/nscd_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libnss-dns-udeb_2.7-18lenny6_sparc.udeb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.7-18lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.7-18lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2123": "
\n

Debian Security Advisory

\n

DSA-2123-1 nss -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Nov 2010
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3170, CVE-2010-3173.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Mozilla's Network\nSecurity Services (NSS) library. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2010-3170\n

    NSS recognizes a wildcard IP address in the subject's Common\n\tName field of an X.509 certificate, which might allow\n\tman-in-the-middle attackers to spoof arbitrary SSL servers via\n\ta crafted certificate issued by a legitimate Certification\n\tAuthority.

    • \n
  • CVE-2010-3173\n

    NSS does not properly set the minimum key length for\n\tDiffie-Hellman Ephemeral (DHE) mode, which makes it easier for\n\tremote attackers to defeat cryptographic protection mechanisms\n\tvia a brute-force attack.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.12.3.1-0lenny2.

\n

For the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n3.12.8-1.

\n

We recommend that you upgrade your NSS packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny2.dsc
\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1-0lenny2.diff.gz
\n
http://security.debian.org/pool/updates/main/n/nss/nss_3.12.3.1.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_mips.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d-dbg_3.12.3.1-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-dev_3.12.3.1-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-1d_3.12.3.1-0lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/n/nss/libnss3-tools_3.12.3.1-0lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2124": "
\n

Debian Security Advisory

\n

DSA-2124-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Nov 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3765, CVE-2010-3174, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Xulrunner, the\ncomponent that provides the core functionality of Iceweasel, Debian's\nvariant of Mozilla's browser technology.

\n

The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2010-3765\n

    Xulrunner allows remote attackers to execute arbitrary code\n\tvia vectors related to nsCSSFrameConstructor::ContentAppended,\n\tthe appendChild method, incorrect index tracking, and the\n\tcreation of multiple frames, which triggers memory corruption.

    • \n
  • CVE-2010-3174\nCVE-2010-3176\n

    Multiple unspecified vulnerabilities in the browser engine in\n\tXulrunner allow remote attackers to cause a denial of service\n\t(memory corruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.

    • \n
  • CVE-2010-3177\n

    Multiple cross-site scripting (XSS) vulnerabilities in the\n\tGopher parser in Xulrunner allow remote attackers to inject\n\tarbitrary web script or HTML via a crafted name of a (1) file\n\tor (2) directory on a Gopher server.

    • \n
  • CVE-2010-3178\n

    Xulrunner does not properly handle certain modal calls made by\n\tjavascript: URLs in circumstances related to opening a new\n\twindow and performing cross-domain navigation, which allows\n\tremote attackers to bypass the Same Origin Policy via a\n\tcrafted HTML document.

    • \n
  • CVE-2010-3179\n

    Stack-based buffer overflow in the text-rendering\n\tfunctionality in Xulrunner allows remote attackers to execute\n\tarbitrary code or cause a denial of service (memory corruption\n\tand application crash) via a long argument to the\n\tdocument.write method.

    • \n
  • CVE-2010-3180\n

    Use-after-free vulnerability in the nsBarProp function in\n\tXulrunner allows remote attackers to execute arbitrary code by\n\taccessing the locationbar property of a closed window.

    • \n
  • CVE-2010-3183\n

    The LookupGetterOrSetter function in Xulrunner does not\n\tproperly support window.__lookupGetter__ function calls that\n\tlack arguments, which allows remote attackers to execute\n\tarbitrary code or cause a denial of service (incorrect pointer\n\tdereference and application crash) via a crafted HTML\n\tdocument.

    • \n
\n

In addition, this security update includes corrections for regressions\ncaused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1\nand DSA-2106-1.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-6.

\n

For the unstable distribution (sid) and the upcoming stable\ndistribution (squeeze), these problems have been fixed in version\n3.5.15-1 of the iceweasel package.

\n

We recommend that you upgrade your Xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-6.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_armel.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-6_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2125": "
\n

Debian Security Advisory

\n

DSA-2125-1 openssl -- buffer overflow

\n
\n
Date Reported:
\n
22 Nov 2010
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 603709.
In Mitre's CVE dictionary: CVE-2010-3864.
\n
More information:
\n
\n

A flaw has been found in the OpenSSL TLS server extension code parsing\nwhich on affected servers can be exploited in a buffer overrun attack.\nThis allows an attacker to cause an application crash or potentially to\nexecute arbitrary code.

\n

However, not all OpenSSL based SSL/TLS servers are vulnerable: a server\nis vulnerable if it is multi-threaded and uses OpenSSL's internal caching\nmechanism. In particular the Apache HTTP server (which never uses OpenSSL\ninternal caching) and Stunnel (which includes its own workaround) are NOT\naffected.

\n

This upgrade fixes this issue. After the upgrade, any services using the\nopenssl libraries need to be restarted. The checkrestart script from the\ndebian-goodies package or lsof can help to find out which services need\nto be restarted.

\n

A note to users of the tor packages from the Debian backports or Debian\nvolatile: this openssl update causes problems with some versions of tor.\nYou need to update to tor 0.2.1.26-4~bpo50+1 or 0.2.1.26-1~lennyvolatile2,\nrespectively. The tor package version 0.2.0.35-1~lenny2 from Debian stable\nis not affected by these problems.

\n

For the stable distribution (lenny), the problem has been fixed in\nopenssl version 0.9.8g-15+lenny9.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 0.9.8o-3.

\n

We recommend that you upgrade your openssl packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.dsc
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9.diff.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_alpha.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_alpha.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_amd64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_amd64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_arm.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_arm.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_armel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_armel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_hppa.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_hppa.udeb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_i386.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_i386.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_ia64.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_ia64.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mips.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mips.udeb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_mipsel.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_mipsel.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_powerpc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_powerpc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_s390.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_s390.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny9_sparc.deb
\n
http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny9_sparc.udeb
\n
http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny9_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2126": "
\n

Debian Security Advisory

\n

DSA-2126-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
26 Nov 2010
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2963, CVE-2010-3067, CVE-2010-3296, CVE-2010-3297, CVE-2010-3310, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3448, CVE-2010-3477, CVE-2010-3705, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3858, CVE-2010-3859, CVE-2010-3873, CVE-2010-3874, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-3880, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4078, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4083, CVE-2010-4164.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-2963\n

    Kees Cook discovered an issue in the v4l 32-bit compatibility layer for\n 64-bit systems that allows local users with /dev/video write permission to\n overwrite arbitrary kernel memory, potentially leading to a privilege\n escalation. On Debian systems, access to /dev/video devices is restricted to\n members of the 'video' group by default.

    • \n
  • CVE-2010-3067\n

    Tavis Ormandy discovered an issue in the io_submit system call. Local users\n can cause an integer overflow resulting in a denial of service.

    • \n
  • CVE-2010-3296\n

    Dan Rosenberg discovered an issue in the cxgb network driver that allows\n unprivileged users to obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3297\n

    Dan Rosenberg discovered an issue in the eql network driver that allows\n local users to obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3310\n

    Dan Rosenberg discovered an issue in the ROSE socket implementation. On\n systems with a rose device, local users can cause a denial of service\n (kernel memory corruption).

    • \n
  • CVE-2010-3432\n

    Thomas Dreibholz discovered an issue in the SCTP protocol that permits a\n remote user to cause a denial of service (kernel panic).

    • \n
  • CVE-2010-3437\n

    Dan Rosenberg discovered an issue in the pktcdvd driver. Local users with\n permission to open /dev/pktcdvd/control can obtain the contents of sensitive\n kernel memory or cause a denial of service. By default on Debian systems,\n this access is restricted to members of the group 'cdrom'.

    • \n
  • CVE-2010-3442\n

    Dan Rosenberg discovered an issue in the ALSA sound system. Local users with\n permission to open /dev/snd/controlC0 can create an integer overflow\n condition that causes a denial of service. By default on Debian systems,\n this access is restricted to members of the group 'audio'.

    • \n
  • CVE-2010-3448\n

    Dan Jacobson reported an issue in the thinkpad-acpi driver. On certain\n Thinkpad systems, local users can cause a denial of service (X.org crash) by\n reading /proc/acpi/ibm/video.

    • \n
  • CVE-2010-3477\n

    Jeff Mahoney discovered an issue in the Traffic Policing (act_police) module\n that allows local users to obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3705\n

    Dan Rosenberg reported an issue in the HMAC processing code in the SCTP\n protocol that allows remote users to create a denial of service (memory\n corruption).

    • \n
  • CVE-2010-3848\n

    Nelson Elhage discovered an issue in the Econet protocol. Local users can\n cause a stack overflow condition with large msg->msgiovlen values that can\n result in a denial of service or privilege escalation.

    • \n
  • CVE-2010-3849\n

    Nelson Elhage discovered an issue in the Econet protocol. Local users can\n cause a denial of service (oops) if a NULL remote addr value is passed as a\n parameter to sendmsg().

    • \n
  • CVE-2010-3850\n

    Nelson Elhage discovered an issue in the Econet protocol. Local users can\n assign econet addresses to arbitrary interfaces due to a missing\n capabilities check.

    • \n
  • CVE-2010-3858\n

    Brad Spengler reported an issue in the setup_arg_pages() function. Due to a\n bounds-checking failure, local users can create a denial of service (kernel\n oops).

    • \n
  • CVE-2010-3859\n

    Dan Rosenberg reported an issue in the TIPC protocol. When the tipc module\n is loaded, local users can gain elevated privileges via the sendmsg() system\n call.

    • \n
  • CVE-2010-3873\n

    Dan Rosenberg reported an issue in the X.25 network protocol. Local users\n can cause heap corruption, resulting in a denial of service (kernel panic).

    • \n
  • CVE-2010-3874\n

    Dan Rosenberg discovered an issue in the Control Area Network (CAN)\n subsystem on 64-bit systems. Local users may be able to cause a denial of\n service (heap corruption).

    • \n
  • CVE-2010-3875\n

    Vasiliy Kulikov discovered an issue in the AX.25 protocol. Local users can\n obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3876\n

    Vasiliy Kulikov discovered an issue in the Packet protocol. Local users can\n obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3877\n

    Vasiliy Kulikov discovered an issue in the TIPC protocol. Local users can\n obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-3880\n

    Nelson Elhage discovered an issue in the INET_DIAG subsystem. Local users\n can cause the kernel to execute unaudited INET_DIAG bytecode, resulting in a\n denial of service.

    • \n
  • CVE-2010-4072\n

    Kees Cook discovered an issue in the System V shared memory subsystem.\n Local users can obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-4073\n

    Dan Rosenberg discovered an issue in the System V shared memory subsystem.\n Local users on 64-bit system can obtain the contents of sensitive kernel\n memory via the 32-bit compatible semctl() system call.

    • \n
  • CVE-2010-4074\n

    Dan Rosenberg reported issues in the mos7720 and mos7840 drivers for USB\n serial converter devices. Local users with access to these devices can\n obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-4078\n

    Dan Rosenberg reported an issue in the framebuffer driver for SiS graphics\n chipsets (sisfb). Local users with access to the framebuffer device can\n obtain the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.

    • \n
  • CVE-2010-4079\n

    Dan Rosenberg reported an issue in the ivtvfb driver used for the Hauppauge\n PVR-350 card. Local users with access to the framebuffer device can obtain\n the contents of sensitive kernel memory via the FBIOGET_VBLANK ioctl.

    • \n
  • CVE-2010-4080\n

    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP\n audio devices. Local users with access to the audio device can obtain the\n contents of sensitive kernel memory via the SNDRV_HDSP_IOCTL_GET_CONFIG_INFO\n ioctl.

    • \n
  • CVE-2010-4081\n

    Dan Rosenberg discovered an issue in the ALSA driver for RME Hammerfall DSP\n MADI audio devices. Local users with access to the audio device can obtain\n the contents of sensitive kernel memory via the\n SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl.

    • \n
  • CVE-2010-4083\n

    Dan Rosenberg discovered an issue in the semctl system call. Local users can\n obtain the contents of sensitive kernel memory through usage of the semid_ds\n structure.

    • \n
  • CVE-2010-4164\n

    Dan Rosenberg discovered an issue in the X.25 network protocol. Remote users\n can achieve a denial of service (infinite loop) by taking advantage of an\n integer underflow in the facility parsing code.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in version\n2.6.26-26lenny1.

\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny1
\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-26lenny1.dsc
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-2.6_2.6.26-26lenny1.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-doc-2.6.26_2.6.26-26lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-tree-2.6.26_2.6.26-26lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-manual-2.6.26_2.6.26-26lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-support-2.6.26-2_2.6.26-26lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-patch-debian-2.6.26_2.6.26-26lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-source-2.6.26_2.6.26-26lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-generic_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-legacy_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-smp_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-alpha-generic_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-legacy_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-alpha_2.6.26-26lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-alpha-smp_2.6.26-26lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-amd64_2.6.26-26lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-amd64_2.6.26-26lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-arm_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-footbridge_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-26lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-footbridge_2.6.26-26lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-ixp4xx_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-ixp4xx_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-orion5x_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-versatile_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-orion5x_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-iop32x_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-armel_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-versatile_2.6.26-26lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-iop32x_2.6.26-26lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc-smp_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc64-smp_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-hppa_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64-smp_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-parisc64_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-parisc-smp_2.6.26-26lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-xen-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-amd64_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-686-bigmem_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-modules-2.6.26-2-xen-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/xen-linux-system-2.6.26-2-xen-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-openvz_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-686-bigmem_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686-bigmem_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-686-bigmem_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-i386_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-xen_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-openvz-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-xen-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-amd64_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-486_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-openvz-686_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-486_2.6.26-26lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-ia64_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-mckinley_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-itanium_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-itanium_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-mckinley_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-mckinley_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-itanium_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-mckinley_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-itanium_2.6.26-26lenny1_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-r5k-cobalt_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-5kc-malta_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-5kc-malta_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1-bcm91250a_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-mipsel_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1-bcm91250a_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-4kc-malta_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-r5k-cobalt_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sb1a-bcm91480b_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-4kc-malta_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sb1a-bcm91480b_2.6.26-26lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc-smp_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-powerpc64_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc-smp_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-powerpc64_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-powerpc64_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-powerpc64_2.6.26-26lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-powerpc_2.6.26-26lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390x_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390x_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390-tape_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-s390_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-s390_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-s390x_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-s390x_2.6.26-26lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-s390_2.6.26-26lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all-sparc_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-vserver-sparc64_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-vserver-sparc64_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-libc-dev_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common-vserver_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-sparc64-smp_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.26-2-sparc64-smp_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-common_2.6.26-26lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-headers-2.6.26-2-all_2.6.26-26lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2127": "
\n

Debian Security Advisory

\n

DSA-2127-1 wireshark -- denial of service

\n
\n
Date Reported:
\n
28 Nov 2010
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3445.
\n
More information:
\n
\n

A flaw has been found in wireshark, a network protocol analyzer.

\n

It was found that the ASN.1 BER dissector was susceptible to a stack\noverflow, causing the application to crash.

\n

For the stable distribution (lenny), the problem has been fixed in\nversion 1.0.2-3+lenny11.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.11-3.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11.dsc
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11.diff.gz
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2.orig.tar.gz
\n
Alpha:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_alpha.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_amd64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_arm.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_armel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_hppa.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_i386.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_ia64.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_mips.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_mipsel.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_powerpc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_s390.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/w/wireshark/tshark_1.0.2-3+lenny11_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark_1.0.2-3+lenny11_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-common_1.0.2-3+lenny11_sparc.deb
\n
http://security.debian.org/pool/updates/main/w/wireshark/wireshark-dev_1.0.2-3+lenny11_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2128": "
\n

Debian Security Advisory

\n

DSA-2128-1 libxml2 -- invalid memory access

\n
\n
Date Reported:
\n
01 Dec 2010
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4008.
\n
More information:
\n
\n

Bui Quang Minh discovered that libxml2, a library for parsing and\nhandling XML data files, does not well process a malformed XPATH,\ncausing crash and allowing arbitrary code execution.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny2.

\n

For the testing (squeeze) and unstable (sid) distribution, this problem\nhas been fixed in version 2.7.8.dfsg-1.

\n

We recommend that you upgrade your libxml2 package.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.dsc
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.diff.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny2_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_alpha.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_amd64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_arm.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_armel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_hppa.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_i386.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_ia64.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_mipsel.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_s390.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_sparc.deb
\n
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2129": "
\n

Debian Security Advisory

\n

DSA-2129-1 krb5 -- checksum verification weakness

\n
\n
Date Reported:
\n
01 Dec 2010
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1323.
\n
More information:
\n
\n

A vulnerability has been found in krb5, the MIT implementation of\nKerberos.

\n

MIT krb5 clients incorrectly accept unkeyed checksums in the SAM-2\npreauthentication challenge: an unauthenticated remote attacker could\nalter a SAM-2 challenge, affecting the prompt text seen by the user or\nthe kind of response sent to the KDC. Under some circumstances, this\ncan negate the incremental security benefit of using a single-use\nauthentication mechanism token.

\n

MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums using\nRC4 keys when verifying KRB-SAFE messages: an unauthenticated remote\nattacker has a 1/256 chance of forging KRB-SAFE messages in an\napplication protocol if the targeted pre-existing session uses an RC4\nsession key. Few application protocols use KRB-SAFE messages.

\n

The Common Vulnerabilities and Exposures project has assigned\nCVE-2010-1323 to these issues.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.6.dfsg.4~beta1-5lenny6.

\n

The builds for the mips architecture are not included in this advisory.\nThey will be released as soon as they are available.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problem have been fixed in version 1.8.3+dfsg-3.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny6.dsc
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1-5lenny6.diff.gz
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5_1.6.dfsg.4~beta1.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-doc_1.6.dfsg.4~beta1-5lenny6_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_ia64.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-rsh-server_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dbg_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-kdc-ldap_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-user_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb5-dev_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-ftpd_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-admin-server_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkrb53_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-pkinit_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/libkadm55_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-telnetd_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
http://security.debian.org/pool/updates/main/k/krb5/krb5-clients_1.6.dfsg.4~beta1-5lenny6_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2130": "
\n

Debian Security Advisory

\n

DSA-2130-1 bind9 -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Dec 2010
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3762, CVE-2010-3614, CVE-2010-3613.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in BIND, an\nimplementation of the DNS protocol suite. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-3762\n

    When DNSSEC validation is enabled, BIND does not properly\n\thandle certain bad signatures if multiple trust anchors exist\n\tfor a single zone, which allows remote attackers to cause a\n\tdenial of service (server crash) via a DNS query.

    • \n
  • CVE-2010-3614\n

    BIND does not properly determine the security status of an NS\n\tRRset during a DNSKEY algorithm rollover, which may lead to\n\tzone unavailability during rollovers.

    • \n
  • CVE-2010-3613\n

    BIND does not properly handle the combination of signed\n\tnegative responses and corresponding RRSIG records in the\n\tcache, which allows remote attackers to cause a denial of\n\tservice (server crash) via a query for cached data.

    • \n
\n

In addition, this security update improves compatibility with\npreviously installed versions of the bind9 package. As a result, it\nis necessary to initiate the update with \"apt-get dist-upgrade\"\ninstead of \"apt-get update\".

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1:9.6.ESV.R3+dfsg-0+lenny1.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version\n1:9.7.2.dfsg.P3-1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.6.ESV.R3+dfsg-0+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/b/bind9/libisccc50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisccfg50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9utils_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/liblwres50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libbind9-50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libdns58_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/bind9_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
http://security.debian.org/pool/updates/main/b/bind9/libisc50_9.6.ESV.R3+dfsg-0+lenny1_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2131": "
\n

Debian Security Advisory

\n

DSA-2131-1 exim4 -- arbitrary code execution

\n
\n
Date Reported:
\n
10 Dec 2010
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4344.
\n
More information:
\n
\n

Several vulnerabilities have been found in exim4 that allow a remote\nattacker to execute arbitrary code as root user. Exploits for these\nissues have been seen in the wild.

\n

This update fixes a memory corruption issue that allows a remote\nattacker to execute arbitrary code as the Debian-exim user\n(CVE-2010-4344).

\n

A fix for an additional issue that allows the Debian-exim user to\nobtain root privileges (CVE-2010-4345) is currently being checked for\ncompatibility issues. It is not yet included in this upgrade but will\nreleased soon in an update to this advisory.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.69-9+lenny1.

\n

This advisory only contains the packages for the alpha, amd64, hppa,\ni386, ia64, powerpc, and s390 architectures. The packages for the\narm, armel, mips, mipsel, and sparc architectures will be released\nas soon as they are built.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 4.70-1.

\n

We strongly recommend that you upgrade your exim4 packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.diff.gz
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69.orig.tar.gz
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1.dsc
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-config_4.69-9+lenny1_all.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4_4.69-9+lenny1_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_alpha.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_amd64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_amd64.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_hppa.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_i386.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_ia64.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_ia64.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_powerpc.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy-dbg_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/eximon4_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dbg_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-dev_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light-dbg_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-heavy_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-daemon-light_4.69-9+lenny1_s390.deb
\n
http://security.debian.org/pool/updates/main/e/exim4/exim4-base_4.69-9+lenny1_s390.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2132": "
\n

Debian Security Advisory

\n

DSA-2132-1 xulrunner -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Dec 2010
\n
Affected Packages:
\n
\nxulrunner\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3776, CVE-2010-3778, CVE-2010-3769, CVE-2010-3771, CVE-2010-3772, CVE-2010-3775, CVE-2010-3767, CVE-2010-3773, CVE-2010-3770.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in Xulrunner, a\nruntime environment for XUL applications. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.9.0.19-7.

\n

For the upcoming stable version (squeeze) and the unstable\ndistribution (sid), these problems have been fixed in version 3.5.15-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 3.6.13-1.

\n

We recommend that you upgrade your xulrunner packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-7.dsc
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19-7.diff.gz
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner_1.9.0.19.orig.tar.gz
\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozillainterfaces-java_1.9.0.19-7_all.deb
\n
Alpha:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_alpha.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_alpha.deb
\n
AMD64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_amd64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_amd64.deb
\n
ARM:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_arm.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_arm.deb
\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_armel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_armel.deb
\n
HP Precision:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_hppa.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_hppa.deb
\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_i386.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_i386.deb
\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_ia64.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_ia64.deb
\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_mips.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_mips.deb
\n
Little-endian MIPS:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_mipsel.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_mipsel.deb
\n
PowerPC:\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_powerpc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_powerpc.deb
\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_s390.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_s390.deb
\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs-dev_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/python-xpcom_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-dev_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d-dbg_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/libmozjs1d_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-dbg_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/spidermonkey-bin_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9_1.9.0.19-7_sparc.deb
\n
http://security.debian.org/pool/updates/main/x/xulrunner/xulrunner-1.9-gnome-support_1.9.0.19-7_sparc.deb
\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2133": "
\n

Debian Security Advisory

\n

DSA-2133-1 collectd -- denial of service

\n
\n
Date Reported:
\n
13 Dec 2010
\n
Affected Packages:
\n
\ncollectd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 605092.
In Mitre's CVE dictionary: CVE-2010-4336.
\n
More information:
\n
\n

It was discovered that collectd, a statistics collection and monitoring\ndaemon, is prone to a denial of service attack via a crafted network\npacket.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 4.4.2-3+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 4.10.1-1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.10.1-2.1.

\n

This advisory only contains the packages for the alpha, amd64, arm,\narmel, hppa, i386, ia64, mips, powerpc, s390 and sparc architectures.\nThe packages for the mipsel architecture will be released soon.

\n

We recommend that you upgrade your collectd packages.

\n
\n
Fixed in:
\n
\n

Debian GNU/Linux 5.0 (lenny)

\n
\n
Source:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1.dsc
\n Size/MD5 checksum: 1742 7eb809863e35c70e5da831ef83e5935b\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2.orig.tar.gz
\n Size/MD5 checksum: 1220408 dbffe35a2d19840e86253c7052485ff0\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1.diff.gz
\n Size/MD5 checksum: 38096 6e0579c82d00a84da53d06eba261a157\n
Architecture-independent component:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dev_4.4.2-3+lenny1_all.deb
\n Size/MD5 checksum: 58100 6ab2decfb0f6d4822bd399f83acde4bf\n
Alpha:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_alpha.deb
\n Size/MD5 checksum: 476094 3ba6081a7bda823e51deb57e670681a6\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_alpha.deb
\n Size/MD5 checksum: 465310 512bcae97e48588f6f8e3c06b71b4a05\n
AMD64:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_amd64.deb
\n Size/MD5 checksum: 496366 90685a47da1745e9bbc8dba2979cfe64\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_amd64.deb
\n Size/MD5 checksum: 443120 1ab233f04323751ced0078715dd82071\n
ARM:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_arm.deb
\n Size/MD5 checksum: 466518 399a912918db34f2986fb5338081b261\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_arm.deb
\n Size/MD5 checksum: 425430 21cd791ba65567b6998188efe1b9d9c3\n
ARM EABI:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_armel.deb
\n Size/MD5 checksum: 469682 8054cff25dc257476d2a533b6058ee93\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_armel.deb
\n Size/MD5 checksum: 439244 f53bd8054c6c27b08e39b2aef5aaab61\n
HP Precision:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_hppa.deb
\n Size/MD5 checksum: 462784 cf54ada8a3af6e42c06b0900dbeb90e7\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_hppa.deb
\n Size/MD5 checksum: 465640 5d2b68b4a158e7ff513227dec30cdd16\n
Intel IA-32:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_i386.deb
\n Size/MD5 checksum: 464516 2a7655f9aa1b3a4c7621cf78bd374efc\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_i386.deb
\n Size/MD5 checksum: 423402 a4d5e2884269a67f3e97751dd71c27fd\n
Intel IA-64:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_ia64.deb
\n Size/MD5 checksum: 480124 44fcf702d45fcf3eabb96d61472dcb55\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_ia64.deb
\n Size/MD5 checksum: 546484 5775d3d87c1f2f565e4b638d935bea7c\n
Big-endian MIPS:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_mips.deb
\n Size/MD5 checksum: 480898 0809b6c3bdb6571ce7a8f2e4a3d26522\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_mips.deb
\n Size/MD5 checksum: 432446 0d96311abc84ea9d52633410cf9bc9ac\n
PowerPC:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_powerpc.deb
\n Size/MD5 checksum: 530484 c566c5caa95ebf68637cbf22ebb09d55\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_powerpc.deb
\n Size/MD5 checksum: 528826 9465884478ae3b9d01e917c6a83c4f11\n
IBM S/390:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_s390.deb
\n Size/MD5 checksum: 467426 19128d66e83d38e13dc393741218a7b2\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_s390.deb
\n Size/MD5 checksum: 446950 01f36f15ede792ce1c6840b8e058ef9d\n
Sun Sparc:\n
http://security.debian.org/pool/updates/main/c/collectd/collectd-dbg_4.4.2-3+lenny1_sparc.deb
\n Size/MD5 checksum: 433938 5e577a4403d2318faac96709179bf47e\n
http://security.debian.org/pool/updates/main/c/collectd/collectd_4.4.2-3+lenny1_sparc.deb
\n Size/MD5 checksum: 428472 7661dd06cf7c90130dd706cf21bacf3d\n
\n

MD5 checksums of the listed files are available in the original advisory.

\n\n\n
\n
", "2135": "
\n

Debian Security Advisory

\n

DSA-2135-1 xpdf -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Dec 2010
\n
Affected Packages:
\n
\nxpdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3702, CVE-2010-3704.
\n
More information:
\n
\n

Joel Voss of Leviathan Security Group discovered two vulnerabilities\nin xpdf rendering engine, which may lead to the execution of arbitrary\ncode if a malformed PDF file is opened.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 3.02-1.4+lenny3.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems don't apply, since xpdf has been\npatched to use the Poppler PDF library.

\n

We recommend that you upgrade your poppler packages.

\n
\n
\n
\n
", "2136": "
\n

Debian Security Advisory

\n

DSA-2136-1 tor -- buffer overflow

\n
\n
Date Reported:
\n
21 Dec 2010
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1676.
\n
More information:
\n
\n

Willem Pinckaers discovered that Tor, a tool to enable online anonymity,\ndoes not correctly handle all data read from the network. By supplying\nspecially crafted packets a remote attacker can cause Tor to overflow its\nheap, crashing the process. Arbitrary code execution has not been\nconfirmed but there is a potential risk.

\n

In the stable distribution (lenny), this update also includes an update of\nthe IP address for the Tor directory authority gabelmoo and addresses\na weakness in the package's postinst maintainer script.

\n

For the stable distribution (lenny) this problem has been fixed in\nversion 0.2.1.26-1~lenny+4.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 0.2.1.26-6.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "2137": "
\n

Debian Security Advisory

\n

DSA-2137-1 libxml2 -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Dec 2010
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4494.
\n
More information:
\n
\n

Yang Dingning discovered a double free in libxml's Xpath processing,\nwhich might allow the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed\nin version 2.6.32.dfsg-5+lenny3.

\n

For the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), this problem has been fixed in version\n2.7.8.dfsg-2.

\n

We recommend that you upgrade your libxml2 packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2138": "
\n

Debian Security Advisory

\n

DSA-2138-1 wordpress -- SQL injection

\n
\n
Date Reported:
\n
29 Dec 2010
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4257.
\n
More information:
\n
\n

Vladimir Kolesnikov discovered a SQL injection vulnerability in WordPress,\na weblog manager.\nAn authenticated user could execute arbitrary SQL commands via the Send\nTrackbacks field.

\n

For the stable distribution (lenny), this problem has been fixed\nin version 2.5.1-11+lenny4.

\n

For the unstable distribution (sid), and the testing distribution (squeeze),\nthis problem has been fixed in version 3.0.2-1.

\n

We recommend that you upgrade your wordpress package.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2139": "
\n

Debian Security Advisory

\n

DSA-2139-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Dec 2010
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4329, CVE-2010-4480, CVE-2010-4481.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2010-4329\n

    Cross site scripting was possible in search, that allowed\n a remote attacker to inject arbitrary web script or HTML.

    • \n
  • CVE-2010-4480\n

    Cross site scripting was possible in errors, that allowed\n a remote attacker to inject arbitrary web script or HTML.

    • \n
  • CVE-2010-4481\n

    Display of PHP's phpinfo() function was available to world, but only\n if this functionality had been enabled (defaults to off). This may\n leak some information about the host system.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed in\nversion 2.11.8.1-5+lenny7.

\n

For the testing (squeeze) and unstable distribution (sid), these problems\nhave been fixed in version 3.3.7-3.

\n

We recommend that you upgrade your phpmyadmin package.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2140": "
\n

Debian Security Advisory

\n

DSA-2140-1 libapache2-mod-fcgid -- stack overflow

\n
\n
Date Reported:
\n
05 Jan 2011
\n
Affected Packages:
\n
\nlibapache2-mod-fcgid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3872.
\n
More information:
\n
\n

A vulnerability has been found in Apache mod_fcgid.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problem:

\n
    \n
  • CVE-2010-3872\n

    A stack overflow could allow an untrusted FCGI application to cause\n a server crash or possibly to execute arbitrary code as the user\n running the web server.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed\nin version 2.2-1+lenny1.

\n

For the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 2.3.6-1.

\n

We recommend that you upgrade your libapache2-mod-fcgid packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2141": "
\n

Debian Security Advisory

\n

DSA-2141-1 openssl -- SSL/TLS insecure renegotiation protocol design flaw

\n
\n
Date Reported:
\n
06 Jan 2011
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 555829.
In Mitre's CVE dictionary: CVE-2009-3555, CVE-2010-4180.
\n
More information:
\n
\n

DSA-2141 consists of three individual parts, which can be viewed in the\nmailing list archive:\nDSA 2141-1 (openssl),\nDSA 2141-2 (nss),\nDSA 2141-3 (apache2), and\nDSA 2141-4 (lighttpd).\nThis page only covers the first part, openssl.

\n
    \n
  • CVE-2009-3555\n

    Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user's session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue.

    \n

    If openssl is used in a server application, it will by default no\nlonger accept renegotiation from clients that do not support the\nRFC5746 secure renegotiation extension. A separate advisory will add\nRFC5746 support for nss, the security library used by the iceweasel\nweb browser. For apache2, there will be an update which allows to\nre-enable insecure renegotiation.

    \n

    This version of openssl is not compatible with older versions of tor.\nYou have to use at least tor version 0.2.1.26-1~lenny+1, which has\nbeen included in the point release 5.0.7 of Debian stable.

    \n

    Currently we are not aware of other software with similar compatibility\nproblems.

    • \n
  • CVE-2010-4180\n

    In addition, this update fixes a flaw that allowed a client to bypass\nrestrictions configured in the server for the used cipher suite.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed\nin version 0.9.8g-15+lenny11.

\n

For the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 0.9.8o-4.

\n

We recommend that you upgrade your openssl package.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2142": "
\n

Debian Security Advisory

\n

DSA-2142-1 dpkg -- directory traversal

\n
\n
Date Reported:
\n
06 Jan 2011
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1679.
\n
More information:
\n
\n

Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian\npackage management system, doesn't correctly handle paths in patches of\nsource packages, which could make it traverse directories.\nRapha\u00ebl Hertzog additionally discovered that symbolic links in the .pc\ndirectory are followed, which could make it traverse directories too.

\n

Both issues only affect source packages using the \"3.0 quilt\" format at\nunpack-time.

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 1.14.31.

\n

For the testing (squeeze) and unstable distributions (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your dpkg packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2143": "
\n

Debian Security Advisory

\n

DSA-2143-1 mysql-dfsg-5.0 -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jan 2011
\n
Affected Packages:
\n
\nmysql-dfsg-5.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3834, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3840.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the MySQL database server.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-3677\n

    It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) via a join query that uses a\n table with a unique SET column.

    • \n
  • CVE-2010-3680\n

    It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) by creating temporary tables\n while using InnoDB, which triggers an assertion failure.

    • \n
  • CVE-2010-3681\n

    It was discovered that MySQL allows remote authenticated users to cause\n a denial of service (mysqld daemon crash) by using the HANDLER interface\n and performing \"alternate reads from two indexes on a table,\" which\n triggers an assertion failure.

    • \n
  • CVE-2010-3682\n

    It was discovered that MySQL incorrectly handled use of EXPLAIN with\n certain queries.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3833\n

    It was discovered that MySQL incorrectly handled propagation during\n evaluation of arguments to extreme-value functions.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3834\n

    It was discovered that MySQL incorrectly handled materializing a derived\n table that required a temporary table for grouping.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3835\n

    It was discovered that MySQL incorrectly handled certain user-variable\n assignment expressions that are evaluated in a logical expression context.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3836\n

    It was discovered that MySQL incorrectly handled pre-evaluation of LIKE\n predicates during view preparation.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3837\n

    It was discovered that MySQL incorrectly handled using GROUP_CONCAT()\n and WITH ROLLUP together.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3838\n

    It was discovered that MySQL incorrectly handled certain queries using a\n mixed list of numeric and LONGBLOB arguments to the GREATEST() or\n LEAST() functions.\n An authenticated user could crash the server.

    • \n
  • CVE-2010-3840\n

    It was discovered that MySQL incorrectly handled improper WKB data\n passed to the PolyFromWKB() function.\n An authenticated user could crash the server.

    • \n
\n

For the stable distribution (lenny), these problems have been fixed\nin version 5.0.51a-24+lenny5.

\n

The testing (squeeze) and unstable (sid) distribution do not contain\nmysql-dfsg-5.0 anymore.

\n

We recommend that you upgrade your mysql-dfsg-5.0 packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2144": "
\n

Debian Security Advisory

\n

DSA-2144-1 wireshark -- buffer overflow

\n
\n
Date Reported:
\n
15 Jan 2011
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4538.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the ENTTEC dissector may\nlead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny12.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.11-6.

\n

We recommend that you upgrade your wireshark packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2145": "
\n

Debian Security Advisory

\n

DSA-2145-1 libsmi -- buffer overflow

\n
\n
Date Reported:
\n
16 Jan 2011
\n
Affected Packages:
\n
\nlibsmi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2891.
\n
More information:
\n
\n

Andres Lopez Luksenberg discovered a buffer overflow in the OID parser\nof libsmi, a library to access SMI MIB data.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.4.7+dfsg-0.2.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 0.4.8+dfsg2-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.8+dfsg2-3.

\n

We recommend that you upgrade your libsmi packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2146": "
\n

Debian Security Advisory

\n

DSA-2146-1 mydms -- directory traversal

\n
\n
Date Reported:
\n
16 Jan 2011
\n
Affected Packages:
\n
\nmydms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2006.
\n
More information:
\n
\n

D. Fabian and L. Weichselbaum discovered a directory traversal\nvulnerability in MyDMS, a open-source document management system based\non PHP and MySQL.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.7.0-1+lenny1.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\nno longer contain mydms packages.

\n

We recommend that you upgrade your mydms packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2147": "
\n

Debian Security Advisory

\n

DSA-2147-1 pimd -- insecure temporary files

\n
\n
Date Reported:
\n
16 Jan 2011
\n
Affected Packages:
\n
\npimd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0007.
\n
More information:
\n
\n

Vincent Bernat discovered that pimd, a multicast routing daemon, creates\nfiles with predictable names upon the receipt of particular signals.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-alpha29.17-8.1lenny1.

\n

The testing distribution (squeeze) and the unstable distribution (sid)\nwill receive updates shortly.

\n

We recommend that you upgrade your pimd packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2148": "
\n

Debian Security Advisory

\n

DSA-2148-1 tor -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jan 2011
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0427.
\n
More information:
\n
\n

The developers of Tor, an anonymizing overlay network for TCP, found three\nsecurity issues during a security audit. A heap overflow allowed the execution\nof arbitrary code\n(CVE-2011-0427),\na denial of service vulnerability was found in the zlib compression handling\nand some key memory was incorrectly zeroed out before being freed. The latter\ntwo issues do not yet have CVE identifiers assigned. The Debian Security\nTracker will be updated once they're available:\nhttps://security-tracker.debian.org/tracker/source-package/tor

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 0.2.1.29-1~lenny+1.

\n

For the testing distribution (squeeze) and the unstable distribution (sid),\nthis problem has been fixed in version 0.2.1.29-1.

\n

For the experimental distribution, this problem has been fixed in\nversion 0.2.2.21-alpha-1.

\n

We recommend that you upgrade your tor packages.

\n

Further information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/

\n
\n
\n
\n
", "2149": "
\n

Debian Security Advisory

\n

DSA-2149-1 dbus -- denial of service

\n
\n
Date Reported:
\n
20 Jan 2011
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4352.
\n
More information:
\n
\n

R\u00e9mi Denis-Courmont discovered that dbus, a message bus application,\nis not properly limiting the nesting level when examining messages with\nextensive nested variants. This allows an attacker to crash the dbus system\ndaemon due to a call stack overflow via crafted messages.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.2.1-5+lenny2.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.2.24-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.24-4.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "2150": "
\n

Debian Security Advisory

\n

DSA-2150-1 request-tracker3.6 -- unsalted password hashing

\n
\n
Date Reported:
\n
22 Jan 2011
\n
Affected Packages:
\n
\nrequest-tracker3.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0009.
\n
More information:
\n
\n

It was discovered that Request Tracker, an issue tracking system,\nstored passwords in its database by using an insufficiently strong\nhashing method. If an attacker would have access to the password\ndatabase, he could decode the passwords stored in it.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 3.6.7-5+lenny5.

\n

The testing distribution (squeeze) will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.8.8-7 of the request-tracker3.8 package.

\n

We recommend that you upgrade your Request Tracker packages.

\n
\n
\n
\n
", "2151": "
\n

Debian Security Advisory

\n

DSA-2151-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jan 2011
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643.
\n
More information:
\n
\n

Several security related problems have been discovered in the\nOpenOffice.org package that allows malformed documents to trick the\nsystem into crashes or even the execution of arbitrary code.

\n
    \n
  • CVE-2010-3450\n

    During an internal security audit within Red Hat, a directory\n traversal vulnerability has been discovered in the way\n OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If\n a local user is tricked into opening a specially-crafted OOo XML\n filters package file, this problem could allow remote attackers to\n create or overwrite arbitrary files belonging to local user or,\n potentially, execute arbitrary code.

    • \n
  • CVE-2010-3451\n

    During his work as a consultant at Virtual Security Research\n (VSR), Dan Rosenberg discovered a vulnerability in\n OpenOffice.org's RTF parsing functionality. Opening a maliciously\n crafted RTF document can cause an out-of-bounds memory read into\n previously allocated heap memory, which may lead to the execution\n of arbitrary code.

    • \n
  • CVE-2010-3452\n

    Dan Rosenberg discovered a vulnerability in the RTF file parser\n which can be leveraged by attackers to achieve arbitrary code\n execution by convincing a victim to open a maliciously crafted RTF\n file.

    • \n
  • CVE-2010-3453\n

    As part of his work with Virtual Security Research, Dan Rosenberg\n discovered a vulnerability in the WW8ListManager::WW8ListManager()\n function of OpenOffice.org that allows a maliciously crafted file\n to cause the execution of arbitrary code.

    • \n
  • CVE-2010-3454\n

    As part of his work with Virtual Security Research, Dan Rosenberg\n discovered a vulnerability in the WW8DopTypography::ReadFromMem()\n function in OpenOffice.org that may be exploited by a maliciously\n crafted file which allows an attacker to control program flow\n and potentially execute arbitrary code.

    • \n
  • CVE-2010-3689\n

    Dmitri Gribenko discovered that the soffice script does not treat\n an empty LD_LIBRARY_PATH variable like an unset one, which may lead to\n the execution of arbitrary code.

    • \n
  • CVE-2010-4253\n

    A heap based buffer overflow has been discovered with unknown\n impact.

    • \n
  • CVE-2010-4643\n

    A vulnerability has been discovered in the way OpenOffice.org\n handles TGA graphics which can be tricked by a specially crafted\n TGA file that could cause the program to crash due to a heap-based\n buffer overflow with unknown impact.

    • \n
\n

For the stable distribution (lenny) these problems have been fixed in\nversion 2.4.1+dfsg-1+lenny11.

\n

For the upcoming stable distribution (squeeze) these problems have\nbeen fixed in version 3.2.1-11+squeeze1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 3.2.1-11+squeeze1.

\n

For the experimental distribution these problems have been fixed in\nversion 3.3.0~rc3-1.

\n

We recommend that you upgrade your OpenOffice.org packages.

\n
\n
\n
\n
", "2152": "
\n

Debian Security Advisory

\n

DSA-2152-1 hplip -- buffer overflow

\n
\n
Date Reported:
\n
27 Jan 2011
\n
Affected Packages:
\n
\nhplip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 610960.
In Mitre's CVE dictionary: CVE-2010-4267.
\n
More information:
\n
\n

Sebastian Krahmer discovered a buffer overflow in the SNMP discovery code\nof the HP Linux Printing and Imaging System, which could result in the\nexecution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.8.6.b-4+lenny1.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 3.10.6-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.10.6-2.

\n

For the experimental distribution, this problem has been fixed in\nversion 3.11.1-1.

\n

We recommend that you upgrade your hplip packages.

\n
\n
\n
\n
", "2153": "
\n

Debian Security Advisory

\n

DSA-2153-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
30 Jan 2011
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-0435, CVE-2010-3699, CVE-2010-4158, CVE-2010-4162, CVE-2010-4163, CVE-2010-4242, CVE-2010-4243, CVE-2010-4248, CVE-2010-4249, CVE-2010-4258, CVE-2010-4342, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE-2010-4529, CVE-2010-4565, CVE-2010-4649, CVE-2010-4656, CVE-2010-4668, CVE-2011-0521.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-0435\n

    Gleb Napatov reported an issue in the KVM subsystem that allows virtual\n machines to cause a denial of service of the host machine by executing mov\n to/from DR instructions.

    • \n
  • CVE-2010-3699\n

    Keir Fraser provided a fix for an issue in the Xen subsystem. A guest can\n cause a denial of service on the host by retaining a leaked reference to a\n device. This can result in a zombie domain, xenwatch process hangs, and xm\n command failures.

    • \n
  • CVE-2010-4158\n

    Dan Rosenberg discovered an issue in the socket filters subsystem, allowing\n local unprivileged users to obtain the contents of sensitive kernel memory.

    • \n
  • CVE-2010-4162\n

    Dan Rosenberg discovered an overflow issue in the block I/O subsystem that\n allows local users to map large numbers of pages, resulting in a denial of\n service due to invocation of the out of memory killer.

    • \n
  • CVE-2010-4163\n

    Dan Rosenberg discovered an issue in the block I/O subsystem. Due to\n improper validation of iov segments, local users can trigger a kernel panic\n resulting in a denial of service.

    • \n
  • CVE-2010-4242\n

    Alan Cox reported an issue in the Bluetooth subsystem. Local users with\n sufficient permission to access HCI UART devices can cause a denial of\n service (NULL pointer dereference) due to a missing check for an existing\n tty write operation.

    • \n
  • CVE-2010-4243\n

    Brad Spengler reported a denial-of-service issue in the kernel memory\n accounting system. By passing large argv/envp values to exec, local users\n can cause the out of memory killer to kill processes owned by other users.

    • \n
  • CVE-2010-4248\n

    Oleg Nesterov reported an issue in the POSIX CPU timers subsystem. Local\n users can cause a denial of service (Oops) due to incorrect assumptions\n about thread group leader behavior.

    • \n
  • CVE-2010-4249\n

    Vegard Nossum reported an issue with the UNIX socket garbage collector.\n Local users can consume all of LOWMEM and decrease system performance by\n overloading the system with inflight sockets.

    • \n
  • CVE-2010-4258\n

    Nelson Elhage reported an issue in Linux oops handling. Local users may be\n able to obtain elevated privileges if they are able to trigger an oops with\n a process' fs set to KERNEL_DS.

    • \n
  • CVE-2010-4342\n

    Nelson Elhage reported an issue in the Econet protocol. Remote attackers can\n cause a denial of service by sending an Acorn Universal Networking packet\n over UDP.

    • \n
  • CVE-2010-4346\n

    Tavis Ormandy discovered an issue in the install_special_mapping routine\n which allows local users to bypass the mmap_min_addr security restriction.\n Combined with an otherwise low severity local denial of service\n vulnerability (NULL pointer dereference), a local user could obtain elevated\n privileges.

    • \n
  • CVE-2010-4526\n

    Eugene Teo reported a race condition in the Linux SCTP implementation.\n Remote users can cause a denial of service (kernel memory corruption) by\n transmitting an ICMP unreachable message to a locked socket.

    • \n
  • CVE-2010-4527\n

    Dan Rosenberg reported two issues in the OSS soundcard driver. Local users\n with access to the device (members of group 'audio' on default Debian\n installations) may access to sensitive kernel memory or cause a\n buffer overflow, potentially leading to an escalation of privileges.

    • \n
  • CVE-2010-4529\n

    Dan Rosenberg reported an issue in the Linux kernel IrDA socket\n implementation on non-x86 architectures. Local users may be able to gain\n access to sensitive kernel memory via a specially crafted IRLMP_ENUMDEVICES\n getsockopt call.

    • \n
  • CVE-2010-4565\n

    Dan Rosenberg reported an issue in the Linux CAN protocol implementation.\n Local users can obtain the address of a kernel heap object which might help\n facilitate system exploitation.

    • \n
  • CVE-2010-4649\n

    Dan Carpenter reported an issue in the uverb handling of the InfiniBand\n subsystem. A potential buffer overflow may allow local users to cause a\n denial of service (memory corruption) by passing in a large cmd.ne value.

    • \n
  • CVE-2010-4656\n

    Kees Cook reported an issue in the driver for I/O-Warrior USB devices.\n Local users with access to these devices may be able to overrun kernel\n buffers, resulting in a denial of service or privilege escalation.

    • \n
  • CVE-2010-4668\n

    Dan Rosenberg reported an issue in the block subsystem. A local user can\n cause a denial of service (kernel panic) by submitting certain 0-length I/O\n requests.

    • \n
  • CVE-2011-0521\n

    Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local\n users can pass a negative info->num value, corrupting kernel memory and\n causing a denial of service.

    • \n
\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny2.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny2
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n

Note that these updates will not become active until after your system is\nrebooted.

\n
\n
\n
\n
", "2154": "
\n

Debian Security Advisory

\n

DSA-2154-1 exim4 -- privilege escalation

\n
\n
Date Reported:
\n
30 Jan 2011
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4345, CVE-2011-0017.
\n
More information:
\n
\n

A design flaw (CVE-2010-4345)\nin exim4 allowed the local Debian-exim user to obtain root privileges by\nspecifying an alternate configuration file using the -C option or by using the\nmacro override facility (-D option). Unfortunately, fixing this vulnerability\nis not possible without some changes in exim4's behaviour. If you use the -C\nor -D options or use the system filter facility, you should evaluate\nthe changes carefully and adjust your configuration accordingly. The\nDebian default configuration is not affected by the changes.

\n

The detailed list of changes is described in the NEWS.Debian file in\nthe packages. The relevant sections are also reproduced below.

\n

In addition to that, missing error handling for the setuid/setgid\nsystem calls allowed the Debian-exim user to cause root to append log data to\narbitrary files (CVE-2011-0017).

\n

For the stable distribution (lenny), these problems have been fixed in\nversion 4.69-9+lenny3.

\n

For the testing distribution (squeeze) and the unstable distribution\n(sid), these problem have been fixed in version 4.72-4.

\n

Excerpt from the NEWS.Debian file from the packages exim4-daemon-light\nand exim4-daemon-heavy:

\n
\nExim versions up to and including 4.72 are vulnerable to\nCVE-2010-4345. This is a privilege escalation issue that allows the\nexim user to gain root privileges by specifying an alternate\nconfiguration file using the -C option. The macro override facility\n(-D) might also be misused for this purpose.\n\nIn reaction to this security vulnerability upstream has made a number\nof user visible changes. This package includes these changes.\n\nIf exim is invoked with the -C or -D option the daemon will not regain\nroot privileges though re-execution. This is usually necessary for\nlocal delivery, though. Therefore it is generally not possible anymore\nto run an exim daemon with -D or -C options.\n\nHowever this version of exim has been built with\nTRUSTED_CONFIG_LIST=/etc/exim4/trusted_configs. TRUSTED_CONFIG_LIST\ndefines a list of configuration files which are trusted; if a config\nfile is owned by root and matches a pathname in the list, then it may\nbe invoked by the Exim build-time user without Exim relinquishing root\nprivileges.\n\nAs a hotfix to not break existing installations of mailscanner we have\nalso set WHITELIST_D_MACROS=OUTGOING. i.e. it is still possible to\nstart exim with -DOUTGOING while being able to do local deliveries.\n\nIf you previously were using -D switches you will need to change your\nsetup to use a separate configuration file. The \".include\" mechanism\nmakes this easy.\n\nThe system filter is run as exim_user instead of root by default.  If\nyour setup requies root privileges when running the system filter you\nwill need to set the system_filter_user exim main configuration\noption.\n
\n
\n
\n
\n
\n
", "2155": "
\n

Debian Security Advisory

\n

DSA-2155-1 freetype -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Jan 2011
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3814, CVE-2010-3855.
\n
More information:
\n
\n

Two buffer overflows were found in the Freetype font library, which could\nlead to the execution of arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny5.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-2.1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "2156": "
\n

Debian Security Advisory

\n

DSA-2156-1 pcscd -- buffer overflow

\n
\n
Date Reported:
\n
31 Jan 2011
\n
Affected Packages:
\n
\npcscd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4531.
\n
More information:
\n
\n

MWR InfoSecurity identified a buffer overflow in pcscd, middleware\nto access a smart card via PC/SC, which could lead to the execution\nof arbitrary code.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 1.4.102-1+lenny4.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 1.5.5-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.5-4.

\n

We recommend that you upgrade your pcscd packages.

\n
\n
\n
\n
", "2157": "
\n

Debian Security Advisory

\n

DSA-2157-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- buffer overflow

\n
\n
Date Reported:
\n
03 Feb 2011
\n
Affected Packages:
\n
\npostgresql-8.3
postgresql-8.4
postgresql-9.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4015.
\n
More information:
\n
\n

It was discovered that PostgreSQL's intarray contrib module does not\nproperly handle integers with a large number of digits, leading to a\nserver crash and potentially arbitrary code execution.

\n

For the stable distribution (lenny), this problem has been fixed in\nversion 8.3.14-0lenny1 of the postgresql-8.3 package.

\n

For the testing distribution (squeeze), this problem has been fixed in\nversion 8.4.7-0squeeze1 of the postgresql-8.4 package.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.7-1 of the postgresql-8.4 package and version 9.0.3-1 of\nthe postgresql-9.0 package.

\n

The updates also include reliability improvements; for details see the\nrespective changelogs.

\n

We recommend that you upgrade your PostgreSQL packages.

\n
\n
\n
\n
", "2158": "
\n

Debian Security Advisory

\n

DSA-2158-1 cgiirc -- cross-site scripting

\n
\n
Date Reported:
\n
09 Feb 2011
\n
Affected Packages:
\n
\ncgiirc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0050.
\n
More information:
\n
\n

Michael Brooks (Sitewatch) discovered a reflective XSS flaw in\nCGI:IRC, a web based IRC client, which could lead to the execution\nof arbitrary javascript.

\n

For the old-stable distribution (lenny), this problem has been fixed in\nversion 0.5.9-3lenny1.

\n

For the stable distribution (squeeze), and unstable distribution (sid),\nthis problem will be fixed shortly.

\n

We recommend that you upgrade your cgiirc packages.

\n
\n
\n
\n
", "2159": "
\n

Debian Security Advisory

\n

DSA-2159-1 vlc -- missing input sanitising

\n
\n
Date Reported:
\n
10 Feb 2011
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0531.
\n
More information:
\n
\n

Dan Rosenberg discovered that insufficient input validation in VLC's\nprocessing of Matroska/WebM containers could lead to the execution of\narbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze3.

\n

The version of vlc in the oldstable distribution (lenny) is affected\nby further issues and will be addressed in a followup DSA.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.7-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "2160": "
\n

Debian Security Advisory

\n

DSA-2160-1 tomcat6 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Feb 2011
\n
Affected Packages:
\n
\ntomcat6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 612257.
In Mitre's CVE dictionary: CVE-2010-3718, CVE-2011-0013, CVE-2011-0534.
\n
More information:
\n
\n

\nSeveral vulnerabilities were discovered in the Tomcat Servlet and JSP\nengine:\n

\n
    \n
  • CVE-2010-3718\n

    \n It was discovered that the SecurityManager insufficiently\n restricted the working directory.\n

    • \n
  • CVE-2011-0013\n

    \n It was discovered that the HTML manager interface is affected\n by cross-site scripting.\n

    • \n
  • CVE-2011-0534\n

    \n It was discovered that NIO connector performs insufficient\n validation of the HTTP headers, which could lead to denial\n of service.\n

    • \n
\n

\nThe oldstable distribution (lenny) is not affected by these issues.\n

\n

\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.28-9+squeeze1.\n

\n

\nFor the unstable distribution (sid), this problem has been fixed in\nversion 6.0.28-10.\n

\n

\nWe recommend that you upgrade your tomcat6 packages.\n

\n
\n
\n
\n
", "2161": "
\n

Debian Security Advisory

\n

DSA-2161-1 openjdk-6 -- denial of service

\n
\n
Date Reported:
\n
13 Feb 2011
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 612660.
In Mitre's CVE dictionary: CVE-2010-4476.
\n
More information:
\n
\n

It was discovered that the floating point parser in OpenJDK, an\nimplementation of the Java platform, can enter an infinite loop when\nprocessing certain input strings. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack.

\n

For the oldstable distribution (lenny), this problem will be fixed in\nversion 6b18-1.8.3-2~lenny1. For technical reasons, this update will\nbe released separately.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.3-2+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2162": "
\n

Debian Security Advisory

\n

DSA-2162-1 openssl -- invalid memory access

\n
\n
Date Reported:
\n
14 Feb 2011
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0014.
\n
More information:
\n
\n

Neel Mehta discovered that an incorrectly formatted ClientHello handshake\nmessage could cause OpenSSL to parse past the end of the message. This\nallows an attacker to crash an application using OpenSSL by triggering\nan invalid memory access. Additionally, some applications may be vulnerable\nto expose contents of a parsed OCSP nonce extension.

\n

Packages in the oldstable distribution (lenny) are not affected by this\nproblem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.9.8o-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.8o-5.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2163": "
\n

Debian Security Advisory

\n

DSA-2163-1 python-django -- multiple vulnerabilities

\n
\n
Date Reported:
\n
14 Feb 2011
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0696, CVE-2011-0697.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Django web development\nframework:

\n
    \n
  • CVE-2011-0696\n

    For several reasons the internal CSRF protection was not used to\n validate AJAX requests in the past. However, it was discovered that\n this exception can be exploited with a combination of browser plugins\n and redirects and thus is not sufficient.

    • \n
  • CVE-2011-0697\n

    It was discovered that the file upload form is prone to cross-site\n scripting attacks via the file name.

    • \n
\n

It is important to note that this update introduces minor backward\nincompatibilities due to the fixes for the above issues.\nFor the exact details, please see: http://docs.djangoproject.com/en/1.2/releases/1.2.5\nand in particular the Backwards incompatible changes section.

\n

Packages in the oldstable distribution (lenny) are not affected by these\nproblems.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.5-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2164": "
\n

Debian Security Advisory

\n

DSA-2164-1 shadow -- insufficient input sanitization

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\nshadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0721.
\n
More information:
\n
\n

Kees Cook discovered that the chfn and chsh utilities do not properly\nsanitize user input that includes newlines. An attacker could use this\nto corrupt passwd entries and may create users or groups in NIS\nenvironments.

\n

Packages in the oldstable distribution (lenny) are not affected by this\nproblem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:4.1.4.2+svn3283-2+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your shadow packages.

\n
\n
\n
\n
", "2165": "
\n

Debian Security Advisory

\n

DSA-2165-1 ffmpeg-debian -- buffer overflow

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\nffmpeg-debian\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3429, CVE-2010-4704, CVE-2010-4705.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg coders, which are used\nby MPlayer and other applications.

\n
    \n
  • CVE-2010-3429\n

    Cesar Bernardini and Felipe Andres Manzano reported an arbitrary offset\n dereference vulnerability in the libavcodec, in particular in the FLIC file\n format parser. A specific FLIC file may exploit this vulnerability and execute\n arbitrary code. Mplayer is also affected by this problem, as well as other\n software that use this library.

    • \n
  • CVE-2010-4704\n

    Greg Maxwell discovered an integer overflow the Vorbis decoder in FFmpeg. A\n specific Ogg file may exploit this vulnerability and execute arbitrary code.

    • \n
  • CVE-2010-4705\n

    A potential integer overflow has been discovered in the Vorbis decoder in\n FFmpeg.

    • \n
\n

This upload also fixes an incomplete patch from DSA-2000-1. Michael Gilbert\nnoticed that there was remaining vulnerabilities, which may cause a denial of\nservice and potentially execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.svn20080206-18+lenny3.

\n

We recommend that you upgrade your ffmpeg-debian packages.

\n
\n
\n
\n
", "2166": "
\n

Debian Security Advisory

\n

DSA-2166-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0777, CVE-2011-0778, CVE-2011-0783, CVE-2011-0983, CVE-2011-0981, CVE-2011-0984, CVE-2011-0985.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-0777\n

    Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows remote\n attackers to cause a denial of service or possibly have unspecified other\n impact via vectors related to image loading.

    • \n
  • CVE-2011-0778\n

    Google Chrome before 9.0.597.84 does not properly restrict drag and drop\n operations, which might allow remote attackers to bypass the Same Origin\n Policy via unspecified vectors.

    • \n
  • CVE-2011-0783\n

    Unspecified vulnerability in Google Chrome before 9.0.597.84 allows\n user-assisted remote attackers to cause a denial of service\n (application crash) via vectors involving a bad volume setting.

    • \n
  • CVE-2011-0983\n

    Google Chrome before 9.0.597.94 does not properly handle anonymous blocks,\n which allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a stale pointer.

    • \n
  • CVE-2011-0981\n

    Google Chrome before 9.0.597.94 does not properly perform event handling for\n animations, which allows remote attackers to cause a denial of service or\n possibly have unspecified other impact via unknown vectors that lead to a\n stale pointer.

    • \n
  • CVE-2011-0984\n

    Google Chrome before 9.0.597.94 does not properly handle plug-ins, which\n allows remote attackers to cause a denial of service (out-of-bounds read)\n via unspecified vectors.

    • \n
  • CVE-2011-0985\n

    Google Chrome before 9.0.597.94 does not properly perform process termination\n upon memory exhaustion, which has unspecified impact and remote attack vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze2.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed\nin version 9.0.597.98~r74359-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2167": "
\n

Debian Security Advisory

\n

DSA-2167-1 phpmyadmin -- SQL injection

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0987.
\n
More information:
\n
\n

It was discovered that phpMyAdmin, a tool to administer MySQL over\nthe web, when the bookmarks feature is enabled, allowed to create a\nbookmarked query which would be executed unintentionally by other users.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 4:2.11.8.1-5+lenny8.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4:3.3.7-5.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 4:3.3.9.2-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "2168": "
\n

Debian Security Advisory

\n

DSA-2168-1 openafs -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0430, CVE-2011-0431.
\n
More information:
\n
\n

Two vulnerabilities were discovered the distributed filesystem AFS:

\n
    \n
  • CVE-2011-0430\n

    Andrew Deason discovered that a double free in the Rx server\n process could lead to denial of service or the execution of\n arbitrary code.

    • \n
  • CVE-2011-0431\n

    It was discovered that insufficient error handling in the\n kernel module could lead to denial of service.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.7.dfsg1-6+lenny4. Due to a technical problem with the\nbuildd infrastructure the update is not yet available, but will be\ninstalled into the archive soon.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.12.1+dfsg-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.14+dfsg-1.

\n

We recommend that you upgrade your openafs packages. Note that in order\nto apply this security update, you must rebuild the OpenAFS kernel module.

\n
\n
\n
\n
", "2169": "
\n

Debian Security Advisory

\n

DSA-2169-1 telepathy-gabble -- insufficient input validation

\n
\n
Date Reported:
\n
16 Feb 2011
\n
Affected Packages:
\n
\ntelepathy-gabble\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that telepathy-gabble, the Jabber/XMPP connection manager\nfor the Telepathy framework, is processing google:jingleinfo updates without\nvalidating their origin. This may allow an attacker to trick telepathy-gabble\ninto relaying streamed media data through a server of his choice and thus\nintercept audio and video calls.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.7.6-1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.15-1+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your telepathy-gabble packages.

\n
\n
\n
\n
", "2170": "
\n

Debian Security Advisory

\n

DSA-2170-1 mailman -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Feb 2011
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3089, CVE-2011-0707.
\n
More information:
\n
\n

Two cross site scripting vulnerabilities were been discovered in\nMailman, a web-based mailing list manager. These allowed an attacker\nto retrieve session cookies via inserting crafted JavaScript into\nconfirmation messages (CVE-2011-0707) and in the list admin interface\n(CVE-2010-3089; oldstable only).

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1:2.1.11-11+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.1.13-5.

\n

For the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1:2.1.14-1.

\n

We recommend that you upgrade your mailman packages.

\n
\n
\n
\n
", "2171": "
\n

Debian Security Advisory

\n

DSA-2171-1 asterisk -- buffer overflow

\n
\n
Date Reported:
\n
21 Feb 2011
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 610487.
In Mitre's CVE dictionary: CVE-2011-0495.
\n
More information:
\n
\n

Matthew Nicholson discovered a buffer overflow in the SIP channel driver\nof Asterisk, an open source PBX and telephony toolkit, which could lead\nto the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2172": "
\n

Debian Security Advisory

\n

DSA-2172-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Feb 2011
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2795, CVE-2010-2796, CVE-2010-3690, CVE-2010-3691, CVE-2010-3692.
\n
More information:
\n
\n

Several vulnerabilties have been discovered in phpCAS, a CAS client\nlibrary for PHP. The Moodle course management system includes a copy\nof phpCAS.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.8.13-3.

\n

The stable distribution (squeeze) already contains a fixed version of\nphpCAS.

\n

The unstable distribution (sid) already contains a fixed version of\nphpCAS.

\n

We recommend that you upgrade your moodle packages.

\n
\n
\n
\n
", "2173": "
\n

Debian Security Advisory

\n

DSA-2173-1 pam-pgsql -- buffer overflow

\n
\n
Date Reported:
\n
26 Feb 2011
\n
Affected Packages:
\n
\npam-pgsql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 603436.
\n
More information:
\n
\n

It was discovered that pam-pgsql, a PAM module to authenticate using\na PostgreSQL database, was vulnerable to a buffer overflow in supplied\nIP-addresses.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.6.3-2+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.1-4+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nhas been fixed in version 0.7.1-5.

\n

We recommend that you upgrade your pam-pgsql packages.

\n
\n
\n
\n
", "2174": "
\n

Debian Security Advisory

\n

DSA-2174-1 avahi -- denial of service

\n
\n
Date Reported:
\n
26 Feb 2011
\n
Affected Packages:
\n
\navahi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 614785.
In Mitre's CVE dictionary: CVE-2011-1002.
\n
More information:
\n
\n

It was discovered that Avahi, an implementation of the zeroconf protocol,\ncan be crashed remotely by a single UDP packet, which may result in a\ndenial of service.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.6.23-3lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.6.27-2+squeeze1.

\n

For the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 0.6.28-4.

\n

We recommend that you upgrade your avahi packages.

\n
\n
\n
\n
", "2175": "
\n

Debian Security Advisory

\n

DSA-2175-1 samba -- missing input sanitising

\n
\n
Date Reported:
\n
28 Feb 2011
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0719.
\n
More information:
\n
\n

Volker Lendecke discovered that missing range checks in Samba's file\ndescriptor handling could lead to memory corruption, resulting in denial\nof service.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.2.5-4lenny14.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.6~dfsg-3squeeze2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2176": "
\n

Debian Security Advisory

\n

DSA-2176-1 cups -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Mar 2011
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5183, CVE-2009-3553, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748, CVE-2010-2431, CVE-2010-2432, CVE-2010-2941.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Common UNIX Printing\nSystem:

\n
    \n
  • CVE-2008-5183\n

    A null pointer dereference in RSS job completion notifications\n could lead to denial of service.

    • \n
  • CVE-2009-3553\n

    It was discovered that incorrect file descriptor handling\n could lead to denial of service.

    • \n
  • CVE-2010-0540\n

    A cross-site request forgery vulnerability was discovered in\n the web interface.

    • \n
  • CVE-2010-0542\n

    Incorrect memory management in the filter subsystem could lead\n to denial of service.

    • \n
  • CVE-2010-1748\n

    Information disclosure in the web interface.

    • \n
  • CVE-2010-2431\n

    Emmanuel Bouillon discovered a symlink vulnerability in handling\n of cache files.

    • \n
  • CVE-2010-2432\n

    Denial of service in the authentication code.

    • \n
  • CVE-2010-2941\n

    Incorrect memory management in the IPP code could lead to denial\n of service or the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny9.

\n

The stable distribution (squeeze) and the unstable distribution (sid)\nhad already been fixed prior to the initial Squeeze release.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "2177": "
\n

Debian Security Advisory

\n

DSA-2177-1 pywebdav -- SQL injection

\n
\n
Date Reported:
\n
02 Mar 2011
\n
Affected Packages:
\n
\npywebdav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0432.
\n
More information:
\n
\n

It was discovered that PyWebDAV, a WebDAV server implementation,\ncontains several SQL injection vulnerabilities in the processing of\nuser credentials.

\n

The oldstable distribution (lenny) does not contain a python-webdav\npackage.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.4-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.9.4-3.

\n

We recommend that you upgrade your python-webdav packages.

\n
\n
\n
\n
", "2178": "
\n

Debian Security Advisory

\n

DSA-2178-1 pango1.0 -- NULL pointer dereference

\n
\n
Date Reported:
\n
02 Mar 2011
\n
Affected Packages:
\n
\npango1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0064.
\n
More information:
\n
\n

It was discovered that Pango did not check for memory allocation\nfailures, causing a NULL pointer dereference with an adjustable\noffset. This can lead to application crashes and potentially\narbitrary code execution.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.28.3-1+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your pango1.0 packages.

\n
\n
\n
\n
", "2179": "
\n

Debian Security Advisory

\n

DSA-2179-1 dtc -- SQL injection

\n
\n
Date Reported:
\n
02 Mar 2011
\n
Affected Packages:
\n
\ndtc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 614302.
In Mitre's CVE dictionary: CVE-2011-0434, CVE-2011-0435, CVE-2011-0436, CVE-2011-0437.
\n
More information:
\n
\n

Ansgar Burchardt discovered several vulnerabilities in DTC, a web\ncontrol panel for admin and accounting hosting services.

\n
    \n
  • CVE-2011-0434\n

    The bw_per_moth.php graph contains an SQL injection vulnerability.

    • \n
  • CVE-2011-0435\n

    Insufficient checks in bw_per_month.php can lead to bandwidth\n usage information disclosure.

    • \n
  • CVE-2011-0436\n

    After a registration, passwords are sent in cleartext\n email messages.

    • \n
  • CVE-2011-0437\n

    Authenticated users could delete accounts using an obsolete\n interface which was incorrectly included in the package.

    • \n
\n

This update introduces a new configuration option which controls the\npresence of cleartext passwords in email messages. The default is not\nto include cleartext passwords.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.29.17-1+lenny1.

\n

The stable distribution (squeeze) and the testing distribution\n(wheezy) do not contain any dtc packages.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.32.10-1.

\n

We recommend that you upgrade your dtc packages.

\n
\n
\n
\n
", "2180": "
\n

Debian Security Advisory

\n

DSA-2180-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Mar 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n
    \n
  • CVE-2010-1585\n

    Roberto Suggi Liverani discovered that the sanitising performed by\n ParanoidFragmentSink was incomplete.

    • \n
  • CVE-2011-0051\n

    Zach Hoffmann discovered that incorrect parsing of recursive eval()\n calls could lead to attackers forcing acceptance of a confirmation\n dialogue.

    • \n
  • CVE-2011-0053\n

    Crashes in the layout engine may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-0054\n

    Christian Holler discovered buffer overflows in the JavaScript engine,\n which could allow the execution of arbitrary code.

    • \n
  • CVE-2011-0055\n

    regenrecht and Igor Bukanov discovered a use-after-free error in the\n JSON-Implementation, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0056\n

    Christian Holler discovered buffer overflows in the JavaScript engine,\n which could allow the execution of arbitrary code.

    • \n
  • CVE-2011-0057\n

    Daniel Kozlowski discovered that incorrect memory handling the web workers\n implementation could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0059\n

    Peleus Uhley discovered a cross-site request forgery risk in the plugin\n code.

    • \n
\n

The oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.12-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2181": "
\n

Debian Security Advisory

\n

DSA-2181-1 subversion -- denial of service

\n
\n
Date Reported:
\n
04 Mar 2011
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0715.
\n
More information:
\n
\n

Philip Martin discovered that HTTP-based Subversion servers crash when\nprocessing lock requests on repositories which support unauthenticated\nread access.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed in version 1.6.16dfsg-1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "2182": "
\n

Debian Security Advisory

\n

DSA-2182-1 logwatch -- shell command injection

\n
\n
Date Reported:
\n
04 Mar 2011
\n
Affected Packages:
\n
\nlogwatch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 615995.
In Mitre's CVE dictionary: CVE-2011-1018.
\n
More information:
\n
\n

Dominik George discovered that Logwatch does not guard against shell\nmeta-characters in crafted log file names (such as those produced by\nSamba). As a result, an attacker might be able to execute shell\ncommands on the system running Logwatch.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 7.3.6.cvs20080702-2lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.3.6.cvs20090906-1squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 7.3.6.cvs20090906-2.

\n

We recommend that you upgrade your logwatch packages.

\n
\n
\n
\n
", "2183": "
\n

Debian Security Advisory

\n

DSA-2183-1 nbd -- buffer overflow

\n
\n
Date Reported:
\n
04 Mar 2011
\n
Affected Packages:
\n
\nnbd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0530.
\n
More information:
\n
\n

It was discovered a regression of a buffer overflow (CVE-2005-3534) in NBD,\nthe Network Block Device server, that could allow arbitrary code execution\non the NBD server via a large request.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:2.9.11-3lenny1.

\n

The stable distribution (squeeze), the testing distribution (wheezy),\nand the unstable distribution (sid) are not affected. This problem was\nfixed prior the release of squeeze in version 1:2.9.16-8.

\n

We recommend that you upgrade your nbd packages.

\n
\n
\n
\n
", "2184": "
\n

Debian Security Advisory

\n

DSA-2184-1 isc-dhcp -- denial of service

\n
\n
Date Reported:
\n
05 Mar 2011
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 611217.
In Mitre's CVE dictionary: CVE-2011-0413.
\n
More information:
\n
\n

It was discovered that the ISC DHCPv6 server does not correctly\nprocess requests which come from unexpected source addresses, leading\nto an assertion failure and a daemon crash.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.1.1-P1-16.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "2185": "
\n

Debian Security Advisory

\n

DSA-2185-1 proftpd-dfsg -- integer overflow

\n
\n
Date Reported:
\n
07 Mar 2011
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1137.
\n
More information:
\n
\n

It was discovered that an integer overflow in the SFTP file transfer\nmodule of the ProFTPD daemon could lead to denial of service.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.3d-4.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "2186": "
\n

Debian Security Advisory

\n

DSA-2186-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Mar 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.

\n
    \n
  • CVE-2010-1585\n

    Roberto Suggi Liverani discovered that the sanitising performed by\n ParanoidFragmentSink was incomplete.

    • \n
  • CVE-2011-0051\n

    Zach Hoffmann discovered that incorrect parsing of recursive eval()\n calls could lead to attackers forcing acceptance of a confirmation\n dialogue.

    • \n
  • CVE-2011-0053\n

    Crashes in the layout engine may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-0054,\n CVE-2010-0056\n

    Christian Holler discovered buffer overflows in the Javascript engine,\n which could allow the execution of arbitrary code.

    • \n
  • CVE-2011-0055\n

    regenrecht and Igor Bukanov discovered a use-after-free error in the\n JSON-Implementation, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0057\n

    Daniel Kozlowski discovered that incorrect memory handling the web workers\n implementation could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0059\n

    Peleus Uhley discovered a cross-site request forgery risk in the plugin\n code.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-8 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.17-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2187": "
\n

Debian Security Advisory

\n

DSA-2187-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Mar 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0059.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n
    \n
  • CVE-2010-1585\n

    Roberto Suggi Liverani discovered that the sanitising performed by\n ParanoidFragmentSink was incomplete.

    • \n
  • CVE-2011-0051\n

    Zach Hoffmann discovered that incorrect parsing of recursive eval()\n calls could lead to attackers forcing acceptance of a confirmation\n dialogue.

    • \n
  • CVE-2011-0053\n

    Crashes in the layout engine may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-0054,\n CVE-2010-0056\n

    Christian Holler discovered buffer overflows in the Javascript engine,\n which could allow the execution of arbitrary code.

    • \n
  • CVE-2011-0055\n

    regenrecht and Igor Bukanov discovered a use-after-free error in the\n JSON-Implementation, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0057\n

    Daniel Kozlowski discovered that incorrect memory handling the web workers\n implementation could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0059\n

    Peleus Uhley discovered a cross-site request forgery risk in the plugin\n code.

    \n
\n

As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.11-2.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2188": "
\n

Debian Security Advisory

\n

DSA-2188-1 webkit -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Mar 2011
\n
Affected Packages:
\n
\nwebkit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1783, CVE-2010-2901, CVE-2010-4199, CVE-2010-4040, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577, CVE-2010-4578, CVE-2010-0474, CVE-2011-0482, CVE-2011-0778.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in WebKit, a Web content engine\nlibrary for GTK+. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2010-1783\n

    WebKit does not properly handle dynamic modification of a text node, which\n allows remote attackers to execute arbitrary code or cause a denial of service\n (memory corruption and application crash) via a crafted HTML\n document.

    • \n
  • CVE-2010-2901\n

    The rendering implementation in WebKit allows remote attackers to cause a\n denial of service (memory corruption) or possibly have unspecified other\n impact via unknown vectors.

    • \n
  • CVE-2010-4199\n

    WebKit does not properly perform a cast of an unspecified variable during\n processing of an SVG <use> element, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via a crafted SVG\n document.

    • \n
  • CVE-2010-4040\n

    WebKit does not properly handle animated GIF images, which allows remote\n attackers to cause a denial of service (memory corruption) or possibly have\n unspecified other impact via a crafted image.

    • \n
  • CVE-2010-4492\n

    Use-after-free vulnerability in WebKit allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via vectors\n involving SVG animations.

    • \n
  • CVE-2010-4493\n

    Use-after-free vulnerability in WebKit allows remote attackers to cause a\n denial of service via vectors related to the handling of mouse dragging\n events.

    • \n
  • CVE-2010-4577\n

    The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in\n WebKit does not properly parse Cascading Style Sheets (CSS) token sequences,\n which allows remote attackers to cause a denial of service (out-of-bounds\n read) via a crafted local font, related to Type Confusion.

    • \n
  • CVE-2010-4578\n

    WebKit does not properly perform cursor handling, which allows remote\n attackers to cause a denial of service or possibly have unspecified other\n impact via unknown vectors that lead to stale pointers.

    • \n
  • CVE-2011-0482\n

    WebKit does not properly perform a cast of an unspecified variable during\n handling of anchors, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via a crafted HTML\n document.

    • \n
  • CVE-2011-0778\n

    WebKit does not properly restrict drag and drop operations, which might\n allow remote attackers to bypass the Same Origin Policy via unspecified\n vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 1.2.7-0+squeeze1.

\n

For the testing distribution (wheezy), and the unstable distribution (sid),\nthese problems have been fixed in version 1.2.7-1.

\n

Security support for WebKit has been discontinued for the oldstable\ndistribution (lenny). The current version in oldstable is not supported by\nupstream anymore and is affected by several security issues. Backporting fixes\nfor these and any future issues has become unfeasible and therefore we need to\ndrop our security support for the version in oldstable.

\n

We recommend that you upgrade your webkit packages.

\n
\n
\n
\n
", "2189": "
\n

Debian Security Advisory

\n

DSA-2189-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Mar 2011
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1108, CVE-2011-1109, CVE-2011-1113, CVE-2011-1114, CVE-2011-1115, CVE-2011-1121, CVE-2011-1122.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-1108\n

    Google Chrome before 9.0.597.107 does not properly implement JavaScript\n dialogs, which allows remote attackers to cause a denial of service\n (application crash) or possibly have unspecified other impact via a crafted\n HTML document.

    • \n
  • CVE-2011-1109\n

    Google Chrome before 9.0.597.107 does not properly process nodes in Cascading\n Style Sheets (CSS) stylesheets, which allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via unknown\n vectors that lead to a stale pointer.

    • \n
  • CVE-2011-1113\n

    Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly\n perform pickle deserialization, which allows remote attackers to cause a\n denial of service (out-of-bounds read) via unspecified vectors.

    • \n
  • CVE-2011-1114\n

    Google Chrome before 9.0.597.107 does not properly handle tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale node.

    • \n
  • CVE-2011-1115\n

    Google Chrome before 9.0.597.107 does not properly render tables, which allows\n remote attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors that lead to a stale pointer.

    • \n
  • CVE-2011-1121\n

    Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n vectors involving a TEXTAREA element.

    • \n
  • CVE-2011-1122\n

    The WebGL implementation in Google Chrome before 9.0.597.107 allows remote\n attackers to cause a denial of service (out-of-bounds read) via unspecified\n vectors, aka Issue 71960.

    • \n
  • \n

    In addition, this upload fixes the following issues (they don't have a CVE\n id yet):

    \n
      \n
    • Out-of-bounds read in text searching. [69640]
      • \n
    • Memory corruption in SVG fonts. [72134]
      • \n
    • Memory corruption with counter nodes. [69628]
      • \n
    • Stale node in box layout. [70027]
      • \n
    • Cross-origin error message leak with workers. [70336]
      • \n
    • Stale pointer in table painting. [72028]
      • \n
    • Stale pointer with SVG cursors. [73746]
      • \n
    \n
    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze3.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed\nversion 10.0.648.127~r76697-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2190": "
\n

Debian Security Advisory

\n

DSA-2190-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2011
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0700, CVE-2011-0701.
\n
More information:
\n
\n

Two XSS bugs and one potential information disclosure issue were discovered\nin WordPress, a weblog manager.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-0700\n

    Input passed via the post title when performing a Quick Edit or\n Bulk Edit action and via the post_status, comment_status,\n and ping_status parameters is not properly sanitised before being used.\n Certain input passed via tags in the tags meta-box is not properly sanitised\n before being returned to the user.

    • \n
  • CVE-2011-0701\n

    WordPress incorrectly enforces user access restrictions when accessing posts\n via the media uploader and can be exploited to disclose the contents\n of e.g. private or draft posts.

    • \n
\n

The oldstable distribution (lenny) is not affected by these problems.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.0.5+dfsg-0+squeeze1.

\n

For the testing distribution (wheezy), and the unstable distribution (sid),\nthese problems have been fixed in version 3.0.5+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "2191": "
\n

Debian Security Advisory

\n

DSA-2191-1 proftpd-dfsg -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Mar 2011
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-7265, CVE-2010-3867, CVE-2010-4652.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in ProFTPD, a versatile,\nvirtual-hosting FTP daemon:

\n
    \n
  • CVE-2008-7265\n

    Incorrect handling of the ABOR command could lead to\n denial of service through elevated CPU consumption.

    • \n
  • CVE-2010-3867\n

    Several directory traversal vulnerabilities have been\n discovered in the mod_site_misc module.

    • \n
  • CVE-2010-4562\n

    A SQL injection vulnerability was discovered in the\n mod_sql module.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny6.

\n

The stable distribution (squeeze) and the unstable distribution (sid)\nare not affected, these vulnerabilities have been fixed prior to the\nrelease of Debian 6.0 (squeeze).

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "2192": "
\n

Debian Security Advisory

\n

DSA-2192-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Mar 2011
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0779, CVE-2011-1290.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-0779\n

    Google Chrome before 9.0.597.84 does not properly handle a missing key in an\n extension, which allows remote attackers to cause a denial of service\n (application crash) via a crafted extension.

    • \n
  • CVE-2011-1290\n

    Integer overflow in WebKit allows remote attackers to execute arbitrary code\n via unknown vectors, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and\n Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 6.0.472.63~r59945-5+squeeze4.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.648.133~r77742-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2193": "
\n

Debian Security Advisory

\n

DSA-2193-1 libcgroup -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Mar 2011
\n
Affected Packages:
\n
\nlibcgroup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 615987.
In Mitre's CVE dictionary: CVE-2011-1006, CVE-2011-1022.
\n
More information:
\n
\n

Several issues have been discovered in libcgroup, a library to control\nand monitor control groups:

\n
    \n
  • CVE-2011-1006\n

    Heap-based buffer overflow by converting list of controllers for\n given task into an array of strings could lead to privilege\n escalation by a local attacker.

    • \n
  • CVE-2011-1022\n

    libcgroup did not properly check the origin of Netlink messages,\n allowing a local attacker to send crafted Netlink messages which\n could lead to privilege escalation.

    • \n
\n

The oldstable distribution (lenny) does not contain libcgroup packages.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.36.2-3+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your libcgroup packages.

\n
\n
\n
\n
", "2194": "
\n

Debian Security Advisory

\n

DSA-2194-1 libvirt -- insufficient checks

\n
\n
Date Reported:
\n
18 Mar 2011
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 617773.
In Mitre's CVE dictionary: CVE-2011-1146.
\n
More information:
\n
\n

It was discovered that libvirt, a library for interfacing with different\nvirtualization systems, did not properly check for read-only connections.\nThis allowed a local attacker to perform a denial of service (crash) or\npossibly escalate privileges.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.3-5+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.8-3.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "2195": "
\n

Debian Security Advisory

\n

DSA-2195-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Mar 2011
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0441, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150.
\n
More information:
\n
\n

Stephane Chazelas discovered that the cronjob of the PHP 5 package in\nDebian suffers from a race condition which might be used to remove\narbitrary files from a system (CVE-2011-0441).

\n

When upgrading your php5-common package take special care to accept\nthe changes to the /etc/cron.d/php5 file. Ignoring them would leave the\nsystem vulnerable.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.2.6.dfsg.1-1+lenny10.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.6-1.

\n

Additionally, the following vulnerabilities have also been fixed in the\noldstable distribution (lenny):

\n
    \n
  • CVE-2010-3709\n

    Maksymilian Arciemowicz discovered that the ZipArchive class\n may dereference a NULL pointer when extracting comments from a ZIP\n archive, leading to application crash and possible denial of\n service.

    • \n
  • CVE-2010-3710\n

    Stefan Neufeind discovered that the FILTER_VALIDATE_EMAIL filter\n does not correctly handle long, to be validated, strings. Such\n crafted strings may lead to denial of service because of high memory\n consumption and application crash.

    • \n
  • CVE-2010-3870\n

    It was discovered that PHP does not correctly handle certain UTF-8\n sequences and may be used to bypass XSS protections.

    • \n
  • CVE-2010-4150\n

    Mateusz Kocielski discovered that the IMAP extension may try to\n free already freed memory when processing user credentials, leading\n to application crash and possibly arbitrary code execution.

    • \n
\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2196": "
\n

Debian Security Advisory

\n

DSA-2196-1 maradns -- buffer overflow

\n
\n
Date Reported:
\n
19 Mar 2011
\n
Affected Packages:
\n
\nmaradns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 610834.
In Mitre's CVE dictionary: CVE-2011-0520.
\n
More information:
\n
\n

Witold Baryluk discovered that MaraDNS, a simple security-focused\nDomain Name System server, may overflow an internal buffer when\nhandling requests with a large number of labels, causing a server\ncrash and the consequent denial of service.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.07.09-2.1.

\n

For the stable distribution (squeeze) and greater this problem had\nalready been fixed in version 1.4.03-1.1.

\n

We recommend that you upgrade your maradns packages.

\n
\n
\n
\n
", "2197": "
\n

Debian Security Advisory

\n

DSA-2197-1 quagga -- denial of service

\n
\n
Date Reported:
\n
21 Mar 2011
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1674, CVE-2010-1675.
\n
More information:
\n
\n

It has been discovered that the Quagga routing daemon contains two\ndenial-of-service vulnerabilities in its BGP implementation:

\n
    \n
  • CVE-2010-1674\n

    A crafted Extended Communities attribute triggers a NULL\n pointer dereference which causes the BGP daemon to crash.\n The crafted attributes are not propagated by the Internet\n core, so only explicitly configured direct peers are able\n to exploit this vulnerability in typical configurations.

    • \n
  • CVE-2010-1675\n

    The BGP daemon resets BGP sessions when it encounters\n malformed AS_PATHLIMIT attributes, introducing a distributed\n BGP session reset vulnerability which disrupts packet\n forwarding. Such malformed attributes are propagated by the\n Internet core, and exploitation of this vulnerability is not\n restricted to directly configured BGP peers.

    • \n
\n

This security update removes AS_PATHLIMIT processing from the BGP\nimplementation, preserving the configuration statements for backwards\ncompatibility. (Standardization of this BGP extension was abandoned\nlong ago.)

\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny5.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "2198": "
\n

Debian Security Advisory

\n

DSA-2198-1 tex-common -- insufficient input sanitization

\n
\n
Date Reported:
\n
22 Mar 2011
\n
Affected Packages:
\n
\ntex-common\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1400.
\n
More information:
\n
\n

Mathias Svensson discovered that tex-common, a package shipping a number\nof scripts and configuration files necessary for TeX, contains insecure\nsettings for the shell_escape_commands directive. Depending on the\nscenario, this may result in arbitrary code execution when a victim is\ntricked into processing a malicious tex-file or this is done in an\nautomated fashion.

\n

The oldstable distribution (lenny) is not affected by this problem due\nto shell_escape being disabled.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.08.1.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your tex-common packages.

\n
\n
\n
\n
", "2199": "
\n

Debian Security Advisory

\n

DSA-2199-1 iceape -- ssl certificate blacklist update

\n
\n
Date Reported:
\n
23 Mar 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This update for the Iceape internet suite, an unbranded version of\nSeamonkey, updates the certificate blacklist for several fraudulent\nHTTPS certificates.

\n

More details can be found in a blog posting by Jacob Appelbaum of the Tor project.\n

\n

The oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.13-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2200": "
\n

Debian Security Advisory

\n

DSA-2200-1 iceweasel -- ssl certificate blacklist update

\n
\n
Date Reported:
\n
23 Mar 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This update for Iceweasel, a web browser based on Firefox, updates the\ncertificate blacklist for several fraudulent HTTPS certificates.

\n

More details can be found in a blog posting by Jacob Appelbaum of the Tor project.\n

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-9 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.18-1.

\n

For the experimental distribution, this problem has been fixed in\nversion 4.0~rc2-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2201": "
\n

Debian Security Advisory

\n

DSA-2201-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Mar 2011
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0538, CVE-2011-0713, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141.
\n
More information:
\n
\n

Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several\nvulnerabilities in the Wireshark network traffic analyzer.\nVulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to\nparse pcag-ng files could lead to denial of service or the execution of\narbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny13.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2202": "
\n

Debian Security Advisory

\n

DSA-2202-1 apache2 -- failure to drop root privileges

\n
\n
Date Reported:
\n
23 Mar 2011
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 618857.
In Mitre's CVE dictionary: CVE-2011-1176.
\n
More information:
\n
\n

MPM_ITK is an alternative Multi-Processing Module for Apache HTTPD that\nis included in Debian's apache2 package.

\n

A configuration parsing flaw has been found in MPM_ITK. If the\nconfiguration directive NiceValue was set, but no AssignUserID directive\nwas specified, the requests would be processed as user and group root\ninstead of the default Apache user and group.

\n

This issue does not affect the standard Apache HTTPD MPMs prefork,\nworker, and event.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.17-2.

\n

If you use apache2-mpm-itk, we recommend that you upgrade your apache2\npackages.

\n
\n
\n
\n
", "2203": "
\n

Debian Security Advisory

\n

DSA-2203-1 nss -- ssl certificate blacklist update

\n
\n
Date Reported:
\n
26 Mar 2011
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This update for the Network Security Service libraries marks several\nfraudulent HTTPS certificates as unstrusted.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.12.3.1-0lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.12.9.with.ckbi.1.82-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2204": "
\n

Debian Security Advisory

\n

DSA-2204-1 imp4 -- insufficient input sanitising

\n
\n
Date Reported:
\n
27 Mar 2011
\n
Affected Packages:
\n
\nimp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 598584.
In Mitre's CVE dictionary: CVE-2010-3695.
\n
More information:
\n
\n

Moritz Naumann discovered that IMP 4, a webmail component for the Horde\nframework, is prone to cross-site scripting attacks by a lack of input\nsanitising of certain Fetchmail information.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 4.2-4lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.7+debian0-2.1, which was already included in the squeeze\nrelease.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.3.7+debian0-2.1.

\n

We recommend that you upgrade your imp4 packages.

\n
\n
\n
\n
", "2205": "
\n

Debian Security Advisory

\n

DSA-2205-1 gdm3 -- privilege escalation

\n
\n
Date Reported:
\n
28 Mar 2011
\n
Affected Packages:
\n
\ngdm3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0727.
\n
More information:
\n
\n

Sebastian Krahmer discovered that GDM 3, the GNOME Display Manager,\ndoes not properly drop privileges when manipulating files related to\nthe logged-in user. As a result, local users can gain root\nprivileges.

\n

The oldstable distribution (lenny) does not contain a gdm3 package.\nThe gdm package is not affected by this issue.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.5-6squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your gdm3 packages.

\n
\n
\n
\n
", "2206": "
\n

Debian Security Advisory

\n

DSA-2206-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Mar 2011
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0439, CVE-2011-0440.
\n
More information:
\n
\n

Two security vulnerabilities have been discovered in Mahara, a fully\nfeatured electronic portfolio, weblog, resume builder and social\nnetworking system:

\n
    \n
  • CVE-2011-0439\n

    A security review commissioned by a Mahara user discovered that\n Mahara processes unsanitized input which can lead to cross-site\n scripting (XSS).

    • \n
  • CVE-2011-0440\n

    Mahara Developers discovered that Mahara doesn't check the session\n key under certain circumstances which can be exploited as\n cross-site request forgery (CSRF) and can lead to the deletion of\n blogs.

    • \n
\n

For the old stable distribution (lenny) these problems have been fixed in\nversion 1.0.4-4+lenny8.

\n

For the stable distribution (squeeze) these problems have been fixed in\nversion 1.2.6-2+squeeze1.

\n

For the unstable distribution (sid) these problems have been fixed in\nversion 1.2.7.

\n

We recommend that you upgrade your mahara package.

\n
\n
\n
\n
", "2207": "
\n

Debian Security Advisory

\n

DSA-2207-1 tomcat5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Mar 2011
\n
Affected Packages:
\n
\ntomcat5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783, CVE-2009-2693, CVE-2009-2902, CVE-2010-1157, CVE-2010-2227.
\n
More information:
\n
\n

Various vulnerabilities have been discovered in the Tomcat Servlet and\nJSP engine, resulting in denial of service, cross-site scripting,\ninformation disclosure and WAR file traversal. Further details on the\nindividual security issues can be found on the Apache\nTomcat 5 vulnerabilities page.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.5.26-5lenny2.

\n

The stable distribution (squeeze) no longer contains tomcat5.5. tomcat6\nis already fixed.

\n

The unstable distribution (sid) no longer contains tomcat5.5. tomcat6\nis already fixed.

\n

We recommend that you upgrade your tomcat5.5 packages.

\n
\n
\n
\n
", "2208": "
\n

Debian Security Advisory

\n

DSA-2208-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
30 Mar 2011
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0414.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, contains a race condition\nwhen processing zones updates in an authoritative server, either\nthrough dynamic DNS updates or incremental zone transfer (IXFR). Such\nan update while processing a query could result in deadlock and denial\nof service.\n(CVE-2011-0414)

\n

In addition, this security update addresses a defect related to the\nprocessing of new DNSSEC DS records by the caching resolver, which may\nlead to name resolution failures in the delegated zone. If DNSSEC\nvalidation is enabled, this issue can make domains ending in .COM\nunavailable when the DS record for .COM is added to the DNS root zone\non March 31st, 2011. An unpatched server which is affected by this\nissue can be restarted, thus re-enabling resolution of .COM domains.\nThis workaround applies to the version in oldstable, too.

\n

Configurations not using DNSSEC validations are not affected by this\nsecond issue.

\n

For the oldstable distribution (lenny), the DS record issue has been\nfixed in version 1:9.6.ESV.R4+dfsg-0+lenny1.\n(CVE-2011-0414 does not affect the lenny version.)

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:9.7.3.dfsg-1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2209": "
\n

Debian Security Advisory

\n

DSA-2209-1 tgt -- double free

\n
\n
Date Reported:
\n
02 Apr 2011
\n
Affected Packages:
\n
\ntgt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0001.
\n
More information:
\n
\n

Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target\nuser-space tools, which could lead to denial of service.

\n

The oldstable distribution (lenny) doesn't include tgt.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.0.4-2squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.0.4-3.

\n

We recommend that you upgrade your tgt packages.

\n
\n
\n
\n
", "2210": "
\n

Debian Security Advisory

\n

DSA-2210-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Apr 2011
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 619614.
In Mitre's CVE dictionary: CVE-2011-0191, CVE-2011-0192, CVE-2011-1167.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the TIFF manipulation and\nconversion library:

\n
    \n
  • CVE-2011-0191\n

    A buffer overflow allows to execute arbitrary code or cause\n a denial of service via a crafted TIFF image with JPEG encoding.\n This issue affects the Debian 5.0 Lenny package only.

    • \n
  • CVE-2011-0192\n

    A buffer overflow allows to execute arbitrary code or cause\n a denial of service via a crafted TIFF Internet Fax image\n file that has been compressed using CCITT Group 4 encoding.

    • \n
  • CVE-2011-1167\n

    Heap-based buffer overflow in the thunder (aka ThunderScan)\n decoder allows to execute arbitrary code via a TIFF file that\n has an unexpected BitsPerSample value.

    • \n
\n

For the oldstable distribution (lenny), these problems have been\nfixed in version 3.8.2-11.4.

\n

For the stable distribution (squeeze), these problems have been\nfixed in version 3.9.4-5+squeeze1.

\n

For the testing distribution, the first two problems have been fixed\nin version 3.9.4-8, the last problem will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed\nin version 3.9.4-9.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2211": "
\n

Debian Security Advisory

\n

DSA-2211-1 vlc -- missing input sanitising

\n
\n
Date Reported:
\n
06 Apr 2011
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3275, CVE-2010-3276.
\n
More information:
\n
\n

Ricardo Narvaja discovered that missing input sanitising in VLC, a\nmultimedia player and streamer, could lead to the execution of arbitrary\ncode if a user is tricked into opening a malformed media file.

\n

This update also provides updated packages for oldstable (lenny) for\nvulnerabilities, which have already been addressed in Debian stable\n(squeeze), either during the freeze or in DSA-2159\n(CVE-2010-0522,\nCVE-2010-1441,\nCVE-2010-1442 and\nCVE-2011-0531).

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.6.h-4+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "2212": "
\n

Debian Security Advisory

\n

DSA-2212-1 tmux -- privilege escalation

\n
\n
Date Reported:
\n
07 Apr 2011
\n
Affected Packages:
\n
\ntmux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 620304.
In Mitre's CVE dictionary: CVE-2011-1496.
\n
More information:
\n
\n

Daniel Danner discovered that tmux, a terminal multiplexer, is not\nproperly dropping group privileges. Due to a patch introduced by Debian,\nwhen invoked with the -S option, tmux is not dropping permissions obtained\nthrough its setgid installation.

\n

The oldstable distribution (lenny) is not affected by this problem,\nas it does not include tmux.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.3-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.4-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4-6.

\n

We recommend that you upgrade your tmux packages.

\n
\n
\n
\n
", "2213": "
\n

Debian Security Advisory

\n

DSA-2213-1 x11-xserver-utils -- missing input sanitization

\n
\n
Date Reported:
\n
08 Apr 2011
\n
Affected Packages:
\n
\nx11-xserver-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 621423.
In Mitre's CVE dictionary: CVE-2011-0465.
\n
More information:
\n
\n

Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils,\na X server resource database utility, is not properly filtering crafted\nhostnames. This allows a remote attacker to execute arbitrary code with\nroot privileges given that either remote logins via xdmcp are allowed or\nthe attacker is able to place a rogue DHCP server into the victims network.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 7.3+6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.5+3.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.6+2.

\n

We recommend that you upgrade your x11-xserver-utils packages.

\n
\n
\n
\n
", "2214": "
\n

Debian Security Advisory

\n

DSA-2214-1 ikiwiki -- missing input validation

\n
\n
Date Reported:
\n
08 Apr 2011
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1401.
\n
More information:
\n
\n

Tango discovered that ikiwiki, a wiki compiler, is not validating\nif the htmlscrubber plugin is enabled or not on a page when adding\nalternative stylesheets to pages. This enables an attacker who is able\nto upload custom stylesheets to add malicious stylesheets as an alternate\nstylesheet, or replace the default stylesheet, and thus conduct\ncross-site scripting attacks.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.53.6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.20100815.7.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.20110328.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.20110328.

\n

We recommend that you upgrade your ikiwiki packages.

\n
\n
\n
\n
", "2215": "
\n

Debian Security Advisory

\n

DSA-2215-1 gitolite -- directory traversal

\n
\n
Date Reported:
\n
09 Apr 2011
\n
Affected Packages:
\n
\ngitolite\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Dylan Simon discovered that gitolite, a SSH-based gatekeeper for Git\nrepositories, is prone to directory traversal attacks when restricting\nadmin defined commands (ADC). This allows an attacker to execute arbitrary\ncommands with privileges of the gitolite server via crafted command names.

\n

Please note that this only affects installations that have ADC enabled\n(not the Debian default).

\n

The oldstable distribution (lenny) is not affected by this problem,\nit does not include gitolite.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.5.4-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.7-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.7-2.

\n

We recommend that you upgrade your gitolite packages.

\n
\n
\n
\n
", "2216": "
\n

Debian Security Advisory

\n

DSA-2216-1 isc-dhcp -- missing input sanitization

\n
\n
Date Reported:
\n
10 Apr 2011
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 621099.
In Mitre's CVE dictionary: CVE-2011-0997.
\n
More information:
\n
\n

Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of\nisc-dhcp, a DHCP client, is not properly filtering shell meta-characters\nin certain options in DHCP server responses. These options are reused in\nan insecure fashion by dhclient scripts. This allows an attacker to execute\narbitrary commands with the privileges of such a process by sending crafted\nDHCP options to a client using a rogue server.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nadditional update for dhcp3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze2.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.1.1-P1-16.1.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "2217": "
\n

Debian Security Advisory

\n

DSA-2217-1 dhcp3 -- missing input sanitization

\n
\n
Date Reported:
\n
10 Apr 2011
\n
Affected Packages:
\n
\ndhcp3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0997.
\n
More information:
\n
\n

Sebastian Krahmer and Marius Tomaschewski discovered that dhclient of\ndhcp3, a DHCP client, is not properly filtering shell meta-characters\nin certain options in DHCP server responses. These options are reused in\nan insecure fashion by dhclient scripts. This allows an attacker to execute\narbitrary commands with the privileges of such a process by sending crafted\nDHCP options to a client using a rogue server.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.1.1-6+lenny5.

\n

For the stable (squeeze), testing (wheezy) and unstable (sid) distributions,\nthis problem has been fixed in an additional update for isc-dhcp.

\n

We recommend that you upgrade your dhcp3 packages.

\n
\n
\n
\n
", "2218": "
\n

Debian Security Advisory

\n

DSA-2218-1 vlc -- heap-based buffer overflow

\n
\n
Date Reported:
\n
12 Apr 2011
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Aliz Hammond discovered that the MP4 decoder plugin of VLC, a multimedia\nplayer and streamer, is vulnerable to a heap-based buffer overflow.\nThis has been introduced by a wrong data type being used for a size\ncalculation. An attacker could use this flaw to trick a victim into\nopening a specially crafted MP4 file and possibly execute arbitrary code\nor crash the media player.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze5.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.8-3.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "2219": "
\n

Debian Security Advisory

\n

DSA-2219-1 xmlsec1 -- arbitrary file overwrite

\n
\n
Date Reported:
\n
18 Apr 2011
\n
Affected Packages:
\n
\nxmlsec1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 620560.
In Mitre's CVE dictionary: CVE-2011-1425.
\n
More information:
\n
\n

Nicolas Gregoire discovered that the XML Security Library xmlsec allowed\nremote attackers to create or overwrite arbitrary files through\nspecially crafted XML files using the libxslt output extension and a\nds:Transform element during signature verification.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.9-5+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.14-1+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.2.14-1.1.

\n

We recommend that you upgrade your xmlsec1 packages.

\n
\n
\n
\n
", "2220": "
\n

Debian Security Advisory

\n

DSA-2220-1 request-tracker3.6, request-tracker3.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Apr 2011
\n
Affected Packages:
\n
\nrequest-tracker3.6, request-tracker3.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, CVE-2011-1690.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Request Tracker, an issue tracking\nsystem.

\n
    \n
  • CVE-2011-1685\n

    If the external custom field feature is enabled, Request Tracker\n allows authenticated users to execute arbitrary code with the\n permissions of the web server, possible triggered by a cross-site\n request forgery attack. (External custom fields are disabled by\n default.)

    • \n
  • CVE-2011-1686\n

    Multiple SQL injection attacks allow authenticated users to obtain\n data from the database in an unauthorized way.

    • \n
  • CVE-2011-1687\n

    An information leak allows an authenticated privileged user to\n obtain sensitive information, such as encrypted passwords, via the\n search interface.

    • \n
  • CVE-2011-1688\n

    When running under certain web servers (such as Lighttpd), Request\n Tracker is vulnerable to a directory traversal attack, allowing\n attackers to read any files accessible to the web server. Request\n Tracker instances running under Apache or Nginx are not affected.

    • \n
  • CVE-2011-1689\n

    Request Tracker contains multiple cross-site scripting\n vulnerabilities.

    • \n
  • CVE-2011-1690\n

    Request Tracker enables attackers to redirect authentication\n credentials supplied by legitimate users to third-party servers.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 3.6.7-5+lenny6 of the request-tracker3.6 package.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.8.8-7+squeeze1 of the request-tracker3.8 package.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 3.8.10-1 of the\nrequest-tracker3.8 package.

\n

We recommend that you upgrade your Request Tracker packages.

\n
\n
\n
\n
", "2221": "
\n

Debian Security Advisory

\n

DSA-2221-1 libmojolicious-perl -- directory traversal

\n
\n
Date Reported:
\n
19 Apr 2011
\n
Affected Packages:
\n
\nlibmojolicious-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 622952.
In Mitre's CVE dictionary: CVE-2011-1589.
\n
More information:
\n
\n

Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in\nMojolicious, a Perl Web Application Framework.

\n

The oldstable distribution (lenny) doesn't contain libmojolicious-perl.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.999926-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.16-1.

\n

We recommend that you upgrade your libmojolicious-perl packages.

\n
\n
\n
\n
", "2222": "
\n

Debian Security Advisory

\n

DSA-2222-1 tinyproxy -- incorrect ACL processing

\n
\n
Date Reported:
\n
20 Apr 2011
\n
Affected Packages:
\n
\ntinyproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 621493.
In Mitre's CVE dictionary: CVE-2011-1499.
\n
More information:
\n
\n

Christoph Martin discovered that incorrect ACL processing in TinyProxy,\na lightweight, non-caching, optionally anonymizing HTTP proxy, could\nlead to unintended network access rights.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.2-1squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2-2.

\n

We recommend that you upgrade your tinyproxy packages.

\n
\n
\n
\n
", "2223": "
\n

Debian Security Advisory

\n

DSA-2223-1 doctrine -- SQL injection

\n
\n
Date Reported:
\n
20 Apr 2011
\n
Affected Packages:
\n
\ndoctrine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 622674.
In Mitre's CVE dictionary: CVE-2011-1522.
\n
More information:
\n
\n

It was discovered that Doctrine, a PHP library for implementing object\npersistence, contains SQL injection vulnerabilities.\nThe exact impact depends on the application which uses the Doctrine\nlibrary.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-2+squeeze1.

\n

We recommend that you upgrade your doctrine packages.

\n
\n
\n
\n
", "2224": "
\n

Debian Security Advisory

\n

DSA-2224-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Apr 2011
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4351, CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2011-0025, CVE-2011-0706.
\n
More information:
\n
\n

Several security vulnerabilities were discovered in OpenJDK, an\nimplementation of the Java platform.

\n
    \n
  • CVE-2010-4351\n

    The JNLP SecurityManager returns from the checkPermission method\n instead of throwing an exception in certain circumstances, which\n might allow context-dependent attackers to bypass the intended\n security policy by creating instances of ClassLoader.

    • \n
  • CVE-2010-4448\n

    Malicious applets can perform DNS cache poisoning.

    • \n
  • CVE-2010-4450\n

    An empty (but set) LD_LIBRARY_PATH environment variable results in\n a misconstructed library search path, resulting in code execution\n from possibly untrusted sources.

    • \n
  • CVE-2010-4465\n

    Malicious applets can extend their privileges by abusing Swing\n timers.

    • \n
  • CVE-2010-4469\n

    The Hotspot just-in-time compiler miscompiles crafted byte\n sequences, resulting in heap corruption.

    • \n
  • CVE-2010-4470\n

    JAXP can be exploited by untrusted code to elevate privileges.

    • \n
  • CVE-2010-4471\n

    Java2D can be exploited by untrusted code to elevate privileges.

    • \n
  • CVE-2010-4472\n

    Untrusted code can replace the XML DSIG implementation.

    • \n
  • CVE-2011-0025\n

    Signatures on JAR files are not properly verified, which allows\n remote attackers to trick users into executing code that appears\n to come from a trusted source.

    • \n
  • CVE-2011-0706\n

    The JNLPClassLoader class allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of an inappropriate security descriptor.

    • \n
\n

\nIn addition, this security update contains stability fixes, such as\nswitching to the recommended Hotspot version (hs14) for this\nparticular version of OpenJDK.\n

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 6b18-1.8.7-2~lenny1.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.7-2~squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.8.7-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2225": "
\n

Debian Security Advisory

\n

DSA-2225-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Apr 2011
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1147, CVE-2011-1174, CVE-2011-1175, CVE-2011-1507, CVE-2011-1599.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Asterisk, an Open Source\nPBX and telephony toolkit.

\n
    \n
  • CVE-2011-1147\n

    Matthew Nicholson discovered that incorrect handling of UDPTL packets\n may lead to denial of service or the execution of arbitrary code.

    • \n
  • CVE-2011-1174\n

    Blake Cornell discovered that incorrect connection handling in the\n manager interface may lead to denial of service.

    • \n
  • CVE-2011-1175\n

    Blake Cornell and Chris May discovered that incorrect TCP connection\n handling may lead to denial of service.

    • \n
  • CVE-2011-1507\n

    Tzafrir Cohen discovered that insufficient limitation of connection\n requests in several TCP based services may lead to denial of service.\n Please see AST-2011-005\n for details.

    • \n
  • CVE-2011-1599\n

    Matthew Nicholson discovered a privilege escalation vulnerability in\n the manager interface.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:1.4.21.2~dfsg-3+lenny2.1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8.3.3-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2226": "
\n

Debian Security Advisory

\n

DSA-2226-1 libmodplug -- buffer overflow

\n
\n
Date Reported:
\n
26 Apr 2011
\n
Affected Packages:
\n
\nlibmodplug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 622091.
In Mitre's CVE dictionary: CVE-2011-1574.
\n
More information:
\n
\n

M. Lucinskij and P. Tumenas discovered a buffer overflow in the code for\nprocessing S3M tracker files in the Modplug tracker music library, which\nmay result in the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.4-1+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:0.8.8.1-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.8.8.2-1.

\n

We recommend that you upgrade your libmodplug packages.

\n
\n
\n
\n
", "2227": "
\n

Debian Security Advisory

\n

DSA-2227-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Apr 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n\n

The oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2228": "
\n

Debian Security Advisory

\n

DSA-2228-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081.
\n
More information:
\n
\n

Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:

\n\n

For the oldstable distribution (lenny), this problem will be fixed soon\nwith updated packages of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2229": "
\n

Debian Security Advisory

\n

DSA-2229-1 spip -- programming error

\n
\n
Date Reported:
\n
01 May 2011
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

A vulnerability has been found in SPIP, a website engine for publishing,\nwhich allows a malicious registered author to disconnect the website\nfrom its database, resulting in denial of service.

\n

The oldstable distribution (lenny) doesn't include spip.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "2230": "
\n

Debian Security Advisory

\n

DSA-2230-1 qemu-kvm -- several vulnerabilities

\n
\n
Date Reported:
\n
01 May 2011
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 611134, Bug 624177.
In Mitre's CVE dictionary: CVE-2011-0011, CVE-2011-1750.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in KVM, a solution for full\nvirtualization on x86 hardware:

\n
    \n
  • CVE-2011-0011\n

    Setting the VNC password to an empty string silently disabled\n all authentication.

    • \n
  • CVE-2011-1750\n

    The virtio-blk driver performed insufficient validation of\n read/write I/O from the guest instance, which could lead to\n denial of service or privilege escalation.

    • \n
\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2231": "
\n

Debian Security Advisory

\n

DSA-2231-1 otrs2 -- cross-site scripting

\n
\n
Date Reported:
\n
06 May 2011
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1518.
\n
More information:
\n
\n

Multiple cross-site scripting vulnerabilities were discovered in Open\nTicket Request System (OTRS), a trouble-ticket system. (CVE-2011-1518)

\n

In addition, this security update fix a failure when upgrading the package\nfrom lenny to squeeze.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.9+dfsg1-3+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.10+dfsg1-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2232": "
\n

Debian Security Advisory

\n

DSA-2232-1 exim4 -- format string vulnerability

\n
\n
Date Reported:
\n
06 May 2011
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 624670.
In Mitre's CVE dictionary: CVE-2011-1764.
\n
More information:
\n
\n

It was discovered that Exim, the default mail transport agent in\nDebian, uses DKIM data obtain from DNS directly in a format string,\npotentially allowing malicious mail senders to execute arbitrary code.\n(CVE-2011-1764)

\n

The oldstable distribution (lenny) is not affected by this problem\nbecause it does not contain DKIM support.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.75-3.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "2233": "
\n

Debian Security Advisory

\n

DSA-2233-1 postfix -- several vulnerabilities

\n
\n
Date Reported:
\n
10 May 2011
\n
Affected Packages:
\n
\npostfix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-2939, CVE-2011-0411, CVE-2011-1720.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Postfix, a mail transfer\nagent. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2009-2939\n

    The postinst script grants the postfix user write access to\n /var/spool/postfix/pid, which might allow local users to\n conduct symlink attacks that overwrite arbitrary files.

    • \n
  • CVE-2011-0411\n

    The STARTTLS implementation does not properly restrict I/O\n buffering, which allows man-in-the-middle attackers to insert\n commands into encrypted SMTP sessions by sending a cleartext\n command that is processed after TLS is in place.

    • \n
  • CVE-2011-1720\n

    A heap-based read-only buffer overflow allows malicious\n clients to crash the smtpd server process using a crafted SASL\n authentication request.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.5.5-1.1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0-1.

\n

We recommend that you upgrade your postfix packages.

\n
\n
\n
\n
", "2234": "
\n

Debian Security Advisory

\n

DSA-2234-1 zodb -- several vulnerabilities

\n
\n
Date Reported:
\n
10 May 2011
\n
Affected Packages:
\n
\nzodb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 540465.
In Mitre's CVE dictionary: CVE-2009-0668, CVE-2009-0669.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in python-zodb, a set of\ntools for using ZODB, that could lead to arbitrary code execution in the worst\ncase. The Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2009-0668\n

    The ZEO server doesn't restrict the callables when unpickling data\n received from a malicious client which can be used by an attacker to execute\n arbitrary Python code on the server by sending certain exception pickles. This\n also allows an attacker to import any importable module as ZEO is importing the\n module containing a callable specified in a pickle to test for a certain flag.

    • \n
  • CVE-2009-0669\n

    Due to a programming error, an authorization method in the StorageServer\n component of ZEO was not used as an internal method. This allows a malicious\n client to bypass authentication when connecting to a ZEO server by simply\n calling this authorization method.

    • \n
\n

The update also limits the number of new object ids a client can request\nto 100 as it would be possible to consume huge amounts of resources by\nrequesting a big batch of new object ids. No CVE id has been assigned to this.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:3.6.0-2+lenny3.

\n

The stable distribution (squeeze) is not affected, it was fixed before\nthe initial release.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.8.2-1.

\n

We recommend that you upgrade your zodb packages.

\n
\n
\n
\n
", "2235": "
\n

Debian Security Advisory

\n

DSA-2235-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
10 May 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n\n

As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2236": "
\n

Debian Security Advisory

\n

DSA-2236-1 exim4 -- command injection

\n
\n
Date Reported:
\n
12 May 2011
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1407.
\n
More information:
\n
\n

It was discovered that Exim, Debian's default mail transfer agent, is\nvulnerable to command injection attacks in its DKIM processing code,\nleading to arbitrary code execution. (CVE-2011-1407)

\n

The default configuration supplied by Debian does not expose this\nvulnerability.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.76-1.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "2237": "
\n

Debian Security Advisory

\n

DSA-2237-1 apr -- denial of service

\n
\n
Date Reported:
\n
15 May 2011
\n
Affected Packages:
\n
\napr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0419.
\n
More information:
\n
\n

A flaw was found in the APR library, which could be exploited through\nApache HTTPD's mod_autoindex. If a directory indexed by mod_autoindex\ncontained files with sufficiently long names, a remote attacker could\nsend a carefully crafted request which would cause excessive CPU\nusage. This could be used in a denial of service attack.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.12-5+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.2-6+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed in\nversion 1.4.4-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.

\n

We recommend that you upgrade your apr packages and restart the\napache2 server.

\n
\n
\n
\n
", "2238": "
\n

Debian Security Advisory

\n

DSA-2238-1 vino -- several vulnerabilities

\n
\n
Date Reported:
\n
19 May 2011
\n
Affected Packages:
\n
\nvino\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0904, CVE-2011-0905.
\n
More information:
\n
\n

Kevin Chen discovered that incorrect processing of framebuffer requests\nin the Vino VNC server could lead to denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.28.2-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.28.2-3.

\n

We recommend that you upgrade your vino packages.

\n
\n
\n
\n
", "2239": "
\n

Debian Security Advisory

\n

DSA-2239-1 libmojolicious-perl -- several vulnerabilities

\n
\n
Date Reported:
\n
24 May 2011
\n
Affected Packages:
\n
\nlibmojolicious-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4802, CVE-2010-4803, CVE-2011-1841.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Mojolicious, a Perl Web\nApplication Framework. The link_to helper was affected by cross-site\nscripting and implementation errors in the MD5 HMAC and CGI environment\nhandling have been corrected.

\n

The oldstable distribution (lenny) doesn't include libmojolicious-perl.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.999926-1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.12-1.

\n

We recommend that you upgrade your libmojolicious-perl packages.

\n
\n
\n
\n
", "2240": "
\n

Debian Security Advisory

\n

DSA-2240-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
24 May 2011
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-3875, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1016, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1090, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1476, CVE-2011-1477, CVE-2011-1478, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1585, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1759, CVE-2011-1767, CVE-2011-1770, CVE-2011-1776, CVE-2011-2022.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2010-3875\n

    Vasiliy Kulikov discovered an issue in the Linux implementation of the\n Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to\n sensitive kernel memory.

    • \n
  • CVE-2011-0695\n

    Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can\n exploit a race condition to cause a denial of service (kernel panic).

    • \n
  • CVE-2011-0711\n

    Dan Rosenberg reported an issue in the XFS filesystem. Local users may\n obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-0726\n

    Kees Cook reported an issue in the /proc/pid/stat implementation. Local\n users could learn the text location of a process, defeating protections\n provided by address space layout randomization (ASLR).

    • \n
  • CVE-2011-1016\n

    Marek Ol\u0161\u00e1k discovered an issue in the driver for ATI/AMD Radeon video\n chips. Local users could pass arbitrary values to video memory and the\n graphics translation table, resulting in denial of service or escalated\n privileges. On default Debian installations, this is exploitable only by\n members of the video group.

    • \n
  • CVE-2011-1078\n

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\n can obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-1079\n

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\n with the CAP_NET_ADMIN capability can cause a denial of service (kernel\n Oops).

    • \n
  • CVE-2011-1080\n

    Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users\n can obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-1090\n

    Neil Horman discovered a memory leak in the setacl() call on NFSv4\n filesystems. Local users can exploit this to cause a denial of service\n (Oops).

    • \n
  • CVE-2011-1160\n

    Peter Huewe reported an issue in the Linux kernel's support for TPM security\n chips. Local users with permission to open the device can gain access to\n sensitive kernel memory.

    • \n
  • CVE-2011-1163\n

    Timo Warns reported an issue in the kernel support for Alpha OSF format disk\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted OSF partition.

    • \n
  • CVE-2011-1170\n

    Vasiliy Kulikov reported an issue in the Netfilter ARP table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1171\n

    Vasiliy Kulikov reported an issue in the Netfilter IP table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1172\n

    Vasiliy Kulikov reported an issue in the Netfilter IPv6 table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1173\n

    Vasiliy Kulikov reported an issue in the Acorn Econet protocol\n implementation. Local users can obtain access to sensitive kernel memory on\n systems that use this rare hardware.

    • \n
  • CVE-2011-1180\n

    Dan Rosenberg reported a buffer overflow in the Information Access Service\n of the IrDA protocol, used for Infrared devices. Remote attackers within IR\n device range can cause a denial of service or possibly gain elevated\n privileges.

    • \n
  • CVE-2011-1182\n

    Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local\n users can generate signals with falsified source pid and uid information.

    • \n
  • CVE-2011-1476\n

    Dan Rosenberg reported issues in the Open Sound System MIDI interface that\n allow local users to cause a denial of service. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debian's linux-source-2.6.32 may\n have enabled this configuration and would therefore be vulnerable.

    • \n
  • CVE-2011-1477\n

    Dan Rosenberg reported issues in the Open Sound System driver for cards that\n include a Yamaha FM synthesizer chip. Local users can cause memory\n corruption resulting in a denial of service. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debian's linux-source-2.6.32 may\n have enabled this configuration and would therefore be vulnerable.

    • \n
  • CVE-2011-1478\n

    Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in\n the Linux networking subsystem. If an interface has GRO enabled and is\n running in promiscuous mode, remote users can cause a denial of service\n (NULL pointer dereference) by sending packets on an unknown VLAN.

    • \n
  • CVE-2011-1493\n

    Dan Rosenburg reported two issues in the Linux implementation of the Amateur\n Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service\n by providing specially crafted facilities fields.

    • \n
  • CVE-2011-1494\n

    Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by\n the driver for LSI MPT Fusion SAS 2.0 controllers. Local users can obtain\n elevated privileges by specially crafted ioctl calls. On default Debian\n installations this is not exploitable as this interface is only accessible\n to root.

    • \n
  • CVE-2011-1495\n

    Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface\n provided by the driver for LSI MPT Fusion SAS 2.0 controllers. Local users\n can obtain elevated privileges and read arbitrary kernel memory by using\n specially crafted ioctl calls. On default Debian installations this is not\n exploitable as this interface is only accessible to root.

    • \n
  • CVE-2011-1585\n

    Jeff Layton reported an issue in the Common Internet File System (CIFS).\n Local users can bypass authentication requirements for shares that are\n already mounted by another user.

    • \n
  • CVE-2011-1593\n

    Robert Swiecki reported a signedness issue in the next_pidmap() function,\n which can be exploited by local users to cause a denial of service.

    • \n
  • CVE-2011-1598\n

    Dave Jones reported an issue in the Broadcast Manager Controller Area\n Network (CAN/BCM) protocol that may allow local users to cause a NULL\n pointer dereference, resulting in a denial of service.

    • \n
  • CVE-2011-1745\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service due\n to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian\n installations, this is exploitable only by users in the video group.

    • \n
  • CVE-2011-1746\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service due\n to missing bounds checking in the agp_allocate_memory and\n agp_create_user_memory routines. On default Debian installations, this is exploitable\n only by users in the video group.

    • \n
  • CVE-2011-1748\n

    Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw\n socket implementation which permits local users to cause a NULL pointer\n dereference, resulting in a denial of service.

    • \n
  • CVE-2011-1759\n

    Dan Rosenberg reported an issue in the support for executing old ABI\n binaries on ARM processors. Local users can obtain elevated privileges due\n to insufficient bounds checking in the semtimedop system call.

    • \n
  • CVE-2011-1767\n

    Alexecy Dobriyan reported an issue in the GRE over IP implementation.\n Remote users can cause a denial of service by sending a packet during module\n initialization.

    • \n
  • CVE-2011-1770\n

    Dan Rosenberg reported an issue in the Datagram Congestion Control Protocol\n (DCCP). Remote users can cause a denial of service or potentially obtain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1776\n

    Timo Warns reported an issue in the Linux implementation for GUID\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted corrupted invalid\n partition table.

    • \n
  • CVE-2011-2022\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service due\n to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian\n installations, this is exploitable only by users in the video group.

    • \n
\n

This update also includes changes queued for the next point release of\nDebian 6.0, which also fix various non-security issues. These additional\nchanges are described in the\npackage\nchangelog.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.6.32-34squeeze1. Updates for issues impacting the oldstable\ndistribution (lenny) will be available soon.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+34squeeze1
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n
\n
\n
\n
", "2241": "
\n

Debian Security Advisory

\n

DSA-2241-1 qemu-kvm -- implementation error

\n
\n
Date Reported:
\n
24 May 2011
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1751.
\n
More information:
\n
\n

Nelson Elhage discovered that incorrect memory handling during the\nremoval of ISA devices in KVM, a solution for full virtualization on\nx86 hardware, could lead to denial of service or the execution of\narbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2242": "
\n

Debian Security Advisory

\n

DSA-2242-1 cyrus-imapd-2.2 -- implementation error

\n
\n
Date Reported:
\n
25 May 2011
\n
Affected Packages:
\n
\ncyrus-imapd-2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 627081.
In Mitre's CVE dictionary: CVE-2011-1926.
\n
More information:
\n
\n

It was discovered that the STARTTLS implementation of the Cyrus IMAP\nserver does not properly restrict I/O buffering, which allows\nman-in-the-middle attackers to insert commands into encrypted IMAP,\nLMTP, NNTP and POP3 sessions by sending a cleartext command that is\nprocessed after TLS is in place.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2.13-14+lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.13-19+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.13p1-11 for cyrus-imapd-2.2 and in version 2.4.7-1\nfor cyrus-imapd-2.4.

\n

We recommend that you upgrade your cyrus-imapd-2.2 packages.

\n
\n
\n
\n
", "2243": "
\n

Debian Security Advisory

\n

DSA-2243-1 unbound -- design flaw

\n
\n
Date Reported:
\n
27 May 2011
\n
Affected Packages:
\n
\nunbound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4008.
\n
More information:
\n
\n

It was discovered that Unbound, a caching DNS resolver, ceases to\nprovide answers for zones signed using DNSSEC after it has processed a\ncrafted query. (CVE-2009-4008)

\n

In addition, this update improves the level of DNSSEC support in the\nlenny version of Unbound so that it is possible for system\nadministrators to configure the trust anchor for the root zone.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.6-1~lenny1.

\n

For the other distributions (squeeze, wheezy, sid), this problem has\nbeen fixed in version 1.4.4-1.

\n

We recommend that you upgrade your unbound packages.

\n
\n
\n
\n
", "2244": "
\n

Debian Security Advisory

\n

DSA-2244-1 bind9 -- incorrect boundary condition

\n
\n
Date Reported:
\n
27 May 2011
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1910.
\n
More information:
\n
\n

It was discovered that BIND, an implementation of the DNS protocol,\ndoes not correctly process certain large RRSIG record sets in DNSSEC\nresponses. The resulting assertion failure causes the name server\nprocess to crash, making name resolution unavailable. (CVE-2011-1910)

\n

In addition, this update fixes handling of certain signed/unsigned\nzone combinations when a DLV service is used. Previously, data from\ncertain affected zones could become unavailable from the resolver.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:9.6.ESV.R4+dfsg-0+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze2.

\n

The testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2245": "
\n

Debian Security Advisory

\n

DSA-2245-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
29 May 2011
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1292, CVE-2011-1293, CVE-2011-1440, CVE-2011-1444, CVE-2011-1797, CVE-2011-1799.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-1292\n

    Use-after-free vulnerability in the frame-loader implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via unknown vectors.

    • \n
  • CVE-2011-1293\n

    Use-after-free vulnerability in the HTMLCollection implementation in Google\n Chrome allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.

    • \n
  • CVE-2011-1440\n

    Use-after-free vulnerability in Google Chrome allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via vectors\n related to the Ruby element and Cascading Style Sheets (CSS) token sequences.

    • \n
  • CVE-2011-1444\n

    Race condition in the sandbox launcher implementation in Google Chrome on\n Linux allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors.

    • \n
  • CVE-2011-1797\n

    Google Chrome does not properly render tables, which allows remote attackers\n to cause a denial of service or possibly have unspecified other impact via\n unknown vectors that lead to a stale pointer.

    • \n
  • CVE-2011-1799\n

    Google Chrome does not properly perform casts of variables during interaction\n with the WebKit engine, which allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 6.0.472.63~r59945-5+squeeze5.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 11.0.696.68~r84545-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2246": "
\n

Debian Security Advisory

\n

DSA-2246-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
29 May 2011
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1402, CVE-2011-1403, CVE-2011-1404, CVE-2011-1405, CVE-2011-1406.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Mahara, an electronic portfolio,\nweblog, and resume builder. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-1402\n

    It was discovered that previous versions of Mahara did not check user\n credentials before adding a secret URL to a view or suspending a user.

    • \n
  • CVE-2011-1403\n

    Due to a misconfiguration of the Pieform package in Mahara, the cross-site\n request forgery protection mechanism that Mahara relies on to harden its\n form was not working and was essentially disabled.\n This is a critical vulnerability which could allow attackers to trick other\n users (for example administrators) into performing malicious actions on\n behalf of the attacker. Most Mahara forms are vulnerable.

    • \n
  • CVE-2011-1404\n

    Many of the JSON structures returned by Mahara for its AJAX interactions\n included more information than what ought to be disclosed to the logged in\n user. New versions of Mahara limit this information to what is necessary for\n each page.

    • \n
  • CVE-2011-1405\n

    Previous versions of Mahara did not escape the contents of HTML emails sent\n to users. Depending on the filters enabled in one's mail reader, it could\n lead to cross-site scripting attacks.

    • \n
  • CVE-2011-1406\n

    It has been pointed out to us that if Mahara is configured (through its\n wwwroot variable) to use HTTPS, it will happily let users login via the HTTP\n version of the site if the web server is configured to serve content over\n both protocol. The new version of Mahara will, when the wwwroot points to an\n HTTPS URL, automatically redirect to HTTPS if it detects that it is being\n run over HTTP.

    \n

    We recommend that sites wanting to run Mahara over HTTPS make sure that\n their web server configuration does not allow the serving of content over\n HTTP and merely redirects to the secure version. We also suggest that site\n administrators consider adding the HSTS\n headers to their web server configuration.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1.0.4-4+lenny10.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.6-2+squeeze2.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 1.3.6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
\n
\n
", "2247": "
\n

Debian Security Advisory

\n

DSA-2247-1 rails -- several vulnerabilities

\n
\n
Date Reported:
\n
31 May 2011
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 614864.
In Mitre's CVE dictionary: CVE-2011-0446, CVE-2011-0447.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2011-0446\n

    Multiple cross-site scripting (XSS) vulnerabilities when JavaScript\n encoding is used, allow remote attackers to inject arbitrary web\n script or HTML.

    • \n
  • CVE-2011-0447\n

    Rails does not properly validate HTTP requests that contain an\n X-Requested-With header, which makes it easier for remote attackers\n to conduct cross-site request forgery (CSRF) attacks.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny0.1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze0.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.11-0.1.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2248": "
\n

Debian Security Advisory

\n

DSA-2248-1 ejabberd -- denial of service

\n
\n
Date Reported:
\n
31 Mar 2011
\n
Affected Packages:
\n
\nejabberd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1753.
\n
More information:
\n
\n

Wouter Coekaerts discovered that ejabberd, a distributed XMPP/Jabber server\nwritten in Erlang, is vulnerable to the so-called billion laughs attack\nbecause it does not prevent entity expansion on received data.\nThis allows an attacker to perform denial of service attacks against the\nservice by sending specially crafted XML data to it.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.0.1-6+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.5-3+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.6-2.1.

\n

We recommend that you upgrade your ejabberd packages.

\n
\n
\n
\n
", "2249": "
\n

Debian Security Advisory

\n

DSA-2249-1 jabberd14 -- denial of service

\n
\n
Date Reported:
\n
31 Mar 2011
\n
Affected Packages:
\n
\njabberd14\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1754.
\n
More information:
\n
\n

Wouter Coekaerts discovered that jabberd14, an instant messaging server\nusing the Jabber/XMPP protocol, is vulnerable to the so-called\nbillion laughs attack because it does not prevent entity expansion on\nreceived data. This allows an attacker to perform denial of service\nattacks against the service by sending specially crafted XML data to it.

\n

The oldstable distribution (lenny), does not contain jabberd14.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1.1-5+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1.1-5.1

\n

We recommend that you upgrade your jabberd14 packages.

\n
\n
\n
\n
", "2250": "
\n

Debian Security Advisory

\n

DSA-2250-1 citadel -- denial of service

\n
\n
Date Reported:
\n
31 Mar 2011
\n
Affected Packages:
\n
\ncitadel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1756.
\n
More information:
\n
\n

Wouter Coekaerts discovered that the Jabber server component of Citadel,\na complete and feature-rich groupware server, is vulnerable to the so-called\nbillion laughs attack because it does not prevent entity expansion on\nreceived data. This allows an attacker to perform denial of service\nattacks against the service by sending specially crafted XML data to it.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 7.37-8+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.83-2squeeze2.

\n

For the testing (wheezy) and unstable (sid) distributions,\nthis problem will be fixed soon.

\n

We recommend that you upgrade your citadel packages.

\n
\n
\n
\n
", "2251": "
\n

Debian Security Advisory

\n

DSA-2251-1 subversion -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Jun 2011
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1752, CVE-2011-1783, CVE-2011-1921.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Subversion, the version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2011-1752\n

    The mod_dav_svn Apache HTTPD server module can be crashed though\n when asked to deliver baselined WebDAV resources.

    • \n
  • CVE-2011-1783\n

    The mod_dav_svn Apache HTTPD server module can trigger a loop which\n consumes all available memory on the system.

    • \n
  • CVE-2011-1921\n

    The mod_dav_svn Apache HTTPD server module may leak to remote users\n the file contents of files configured to be unreadable by those\n users.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.5.1dfsg1-7.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.12dfsg-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.17dfsg-1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "2252": "
\n

Debian Security Advisory

\n

DSA-2252-1 dovecot -- programming error

\n
\n
Date Reported:
\n
02 Jun 2011
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 627443.
In Mitre's CVE dictionary: CVE-2011-1929.
\n
More information:
\n
\n

It was discovered that the message header parser in the Dovecot mail\nserver parsed NUL characters incorrectly, which could lead to denial\nof service through malformed mail headers.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.15-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.13-1.

\n

We recommend that you upgrade your dovecot packages.

\n
\n
\n
\n
", "2253": "
\n

Debian Security Advisory

\n

DSA-2253-1 fontforge -- buffer overflow

\n
\n
Date Reported:
\n
03 Jun 2011
\n
Affected Packages:
\n
\nfontforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 605537.
In Mitre's CVE dictionary: CVE-2010-4259.
\n
More information:
\n
\n

Ulrik Persson reported a stack-based buffer overflow flaw in FontForge,\na font editor. When processed a crafted Bitmap Distribution Format (BDF)\nFontForge could crash or execute arbitrary code with the privileges of\nthe user running FontForge.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.0.20080429-1+lenny2.

\n

The stable distribution (squeeze), testing distribution (wheezy),\nand unstable distribution (sid) are not affected by this problem.

\n

We recommend that you upgrade your fontforge packages.

\n
\n
\n
\n
", "2254": "
\n

Debian Security Advisory

\n

DSA-2254-1 oprofile -- command injection

\n
\n
Date Reported:
\n
03 Jun 2011
\n
Affected Packages:
\n
\noprofile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 624212.
In Mitre's CVE dictionary: CVE-2011-1760.
\n
More information:
\n
\n

OProfile is a performance profiling tool which is configurable by opcontrol, its\ncontrol utility. Stephane Chauveau reported several ways to inject arbitrary\ncommands in the arguments of this utility. If a local unprivileged user is\nauthorized by sudoers file to run opcontrol as root, this user could use the\nflaw to escalate his privileges.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.3-2+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.6-1.1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.9.6-1.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.6-1.2.

\n

We recommend that you upgrade your oprofile packages.

\n
\n
\n
\n
", "2255": "
\n

Debian Security Advisory

\n

DSA-2255-1 libxml2 -- buffer overflow

\n
\n
Date Reported:
\n
06 Jun 2011
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 628537.
\n
More information:
\n
\n

Chris Evans discovered that libxml was vulnerable to buffer overflows,\nwhich allowed a crafted XML input file to potentially execute arbitrary\ncode.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-3.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2256": "
\n

Debian Security Advisory

\n

DSA-2256-1 tiff -- buffer overflow

\n
\n
Date Reported:
\n
09 Jun 2011
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 624287.
In Mitre's CVE dictionary: CVE-2009-5022.
\n
More information:
\n
\n

Tavis Ormandy discovered that the Tag Image File Format (TIFF) library\nis vulnerable to a buffer overflow triggered by a crafted OJPEG file\nwhich allows for a crash and potentially execution of arbitrary code.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze2.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 3.9.5-1.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2257": "
\n

Debian Security Advisory

\n

DSA-2257-1 vlc -- heap-based buffer overflow

\n
\n
Date Reported:
\n
10 Jun 2011
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2194.
\n
More information:
\n
\n

Rocco Calvi discovered that the XSPF playlist parser of VLC, a multimedia\nplayer and streamer, is prone to an integer overflow resulting in a\nheap-based buffer overflow. This might allow an attacker to execute\narbitrary code by tricking a victim into opening a specially crafted\nfile.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.3-1squeeze6.

\n

For the testing (wheezy) and unstable (sid) distributions, this\nproblem will be fixed soon.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "2258": "
\n

Debian Security Advisory

\n

DSA-2258-1 kolab-cyrus-imapd -- implementation error

\n
\n
Date Reported:
\n
11 Jun 2011
\n
Affected Packages:
\n
\nkolab-cyrus-imapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 629350.
In Mitre's CVE dictionary: CVE-2011-1926.
\n
More information:
\n
\n

It was discovered that the STARTTLS implementation of the\nKolab Cyrus IMAP server does not properly restrict I/O buffering,\nwhich allows man-in-the-middle attackers to insert commands into encrypted\nIMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is\nprocessed after TLS is in place.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2.13-5+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.13-9.1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.2.13p1-0.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.13p1-0.1.

\n

We recommend that you upgrade your kolab-cyrus-imapd packages.

\n
\n
\n
\n
", "2259": "
\n

Debian Security Advisory

\n

DSA-2259-1 fex -- authentication bypass

\n
\n
Date Reported:
\n
12 Jun 2011
\n
Affected Packages:
\n
\nfex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1409.
\n
More information:
\n
\n

It was discovered that F*EX, a web service for transferring very large\nfiles, is not properly validating authentication IDs. While the service\nproperly validates existing authentication IDs, an attacker who is not\nspecifying any authentication ID at all can bypass the authentication\nprocedure.

\n

The oldstable distribution (lenny) does not include fex.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 20110610-1.

\n

We recommend that you upgrade your fex packages.

\n
\n
\n
\n
", "2260": "
\n

Debian Security Advisory

\n

DSA-2260-1 rails -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jun 2011
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 545063, Bug 558685.
In Mitre's CVE dictionary: CVE-2009-3086, CVE-2009-4214.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Ruby on Rails, a web\napplication framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2009-3086\n

    \n The cookie store may be vulnerable to a timing attack,\n\tpotentially allowing remote attackers to forge message\n\tdigests.

    • \n
  • CVE-2009-4214\n

    \n\tA cross-site scripting vulnerability in the strip_tags\n\tfunction allows remote user-assisted attackers to inject\n\tarbitrary web script.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 2.1.0-7+lenny0.2.

\n

For the other distributions, these problems have been fixed in version\n2.2.3-2.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2261": "
\n

Debian Security Advisory

\n

DSA-2261-1 redmine -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jun 2011
\n
Affected Packages:
\n
\nredmine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 608397.
\n
More information:
\n
\n

Joernchen of Phenoelit discovered several vulnerabilities in Redmine,\na project management web application:

\n
    \n
  • Logged in users may be able to access private data.
    • \n
  • The Textile formatter allowed for cross site scripting, exposing\n sensitive data to an attacker.
    • \n
  • The Bazaar repository adapter could be used to remotely execute\n commands on the host running Redmine.
    • \n
\n

The oldstable distribution (lenny) does not contain redmine packages.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.1-2.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.0.5-1.

\n

We recommend that you upgrade your redmine packages.

\n
\n
\n
\n
", "2262": "
\n

Debian Security Advisory

\n

DSA-2262-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jun 2011
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several cross-site scripting and information disclosure issues have\nbeen fixed in Moodle, a course management system for online learning:

\n
    \n
  • MSA-11-0002\n

    \nCross-site request forgery vulnerability in RSS block\n

    • \n
  • MSA-11-0003\n

    \nCross-site scripting vulnerability in tag autocomplete\n

    • \n
  • MSA-11-0008\n

    \nIMS enterprise enrolment file may disclose sensitive information\n

    • \n
  • MSA-11-0011\n

    \nMultiple cross-site scripting problems in media filter\n

    • \n
  • MSA-11-0015\n

    \nCross Site Scripting through URL encoding\n

    • \n
  • MSA-11-0013\n

    \nGroup/Quiz permissions issue\n

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.9.dfsg2-2.1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.9.dfsg2-3.

\n

We recommend that you upgrade your moodle packages.

\n
\n
\n
\n
", "2263": "
\n

Debian Security Advisory

\n

DSA-2263-2 movabletype-opensource -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Jun 2011
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 627936.
\n
More information:
\n
\n

It was discovered that Movable Type, a weblog publishing system,\ncontains several security vulnerabilities:

\n

A remote attacker could execute arbitrary code in a logged-in users'\nweb browser.

\n

A remote attacker could read or modify the contents in the system\nunder certain circumstances.

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 4.2.3-1+lenny3.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.3.5+dfsg-2+squeeze2.

\n

For the testing distribution (wheezy) and for the unstable\ndistribution (sid), these problems have been fixed in version\n4.3.6.1+dfsg-1.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "2264": "
\n

Debian Security Advisory

\n

DSA-2264-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
18 Jun 2011
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 618485.
In Mitre's CVE dictionary: CVE-2010-2524, CVE-2010-3875, CVE-2010-4075, CVE-2010-4655, CVE-2011-0695, CVE-2011-0710, CVE-2011-0711, CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1017, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1090, CVE-2011-1093, CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1477, CVE-2011-1493, CVE-2011-1577, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1759, CVE-2011-1767, CVE-2011-1768, CVE-2011-1776, CVE-2011-2022, CVE-2011-2182.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2010-2524\n

    David Howells reported an issue in the Common Internet File System (CIFS).\n Local users could cause arbitrary CIFS shares to be mounted by introducing\n malicious redirects.

    • \n
  • CVE-2010-3875\n

    Vasiliy Kulikov discovered an issue in the Linux implementation of the\n Amateur Radio AX.25 Level 2 protocol. Local users may obtain access to\n sensitive kernel memory.

    • \n
  • CVE-2010-4075\n

    Dan Rosenberg reported an issue in the tty layer that may allow local\n users to obtain access to sensitive kernel memory.

    • \n
  • CVE-2010-4655\n

    Kees Cook discovered several issues in the ethtool interface which may\n allow local users with the CAP_NET_ADMIN capability to obtain access to\n sensitive kernel memory.

    • \n
  • CVE-2011-0695\n

    Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can\n exploit a race condition to cause a denial of service (kernel panic).

    • \n
  • CVE-2011-0710\n

    Al Viro reported an issue in the /proc/<pid>/status interface on the\n s390 architecture. Local users could gain access to sensitive memory\n in processes they do not own via the task_show_regs entry.

    • \n
  • CVE-2011-0711\n

    Dan Rosenberg reported an issue in the XFS filesystem. Local users may\n obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-0726\n

    Kees Cook reported an issue in the /proc/<pid>/stat implementation. Local\n users could learn the text location of a process, defeating protections\n provided by address space layout randomization (ASLR).

    • \n
  • CVE-2011-1010\n

    Timo Warns reported an issue in the Linux support for Mac partition tables.\n Local users with physical access could cause a denial of service (panic)\n by adding a storage device with a malicious map_count value.

    • \n
  • CVE-2011-1012\n

    Timo Warns reported an issue in the Linux support for LDM partition tables.\n Local users with physical access could cause a denial of service (Oops)\n by adding a storage device with an invalid VBLK value in the VMDB structure.

    • \n
  • CVE-2011-1017\n

    Timo Warns reported an issue in the Linux support for LDM partition tables.\n Users with physical access can gain access to sensitive kernel memory or\n gain elevated privileges by adding a storage device with a specially\n crafted LDM partition.

    • \n
  • CVE-2011-1078\n

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\n can obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-1079\n

    Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users\n with the CAP_NET_ADMIN capability can cause a denial of service (kernel\n Oops).

    • \n
  • CVE-2011-1080\n

    Vasiliy Kulikov discovered an issue in the Netfilter subsystem. Local users\n can obtain access to sensitive kernel memory.

    • \n
  • CVE-2011-1090\n

    Neil Horman discovered a memory leak in the setacl() call on NFSv4\n filesystems. Local users can exploit this to cause a denial of service\n (Oops).

    • \n
  • CVE-2011-1093\n

    Johan Hovold reported an issue in the Datagram Congestion Control Protocol\n (DCCP) implementation. Remote users could cause a denial of service by\n sending data after closing a socket.

    • \n
  • CVE-2011-1160\n

    Peter Huewe reported an issue in the Linux kernel's support for TPM security\n chips. Local users with permission to open the device can gain access to\n sensitive kernel memory.

    • \n
  • CVE-2011-1163\n

    Timo Warns reported an issue in the kernel support for Alpha OSF format disk\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted OSF partition.

    • \n
  • CVE-2011-1170\n

    Vasiliy Kulikov reported an issue in the Netfilter arp table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1171\n

    Vasiliy Kulikov reported an issue in the Netfilter IP table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1172\n

    Vasiliy Kulikov reported an issue in the Netfilter IP6 table\n implementation. Local users with the CAP_NET_ADMIN capability can gain\n access to sensitive kernel memory.

    • \n
  • CVE-2011-1173\n

    Vasiliy Kulikov reported an issue in the Acorn Econet protocol\n implementation. Local users can obtain access to sensitive kernel memory on\n systems that use this rare hardware.

    • \n
  • CVE-2011-1180\n

    Dan Rosenberg reported a buffer overflow in the Information Access Service\n of the IrDA protocol, used for Infrared devices. Remote attackers within IR\n device range can cause a denial of service or possibly gain elevated\n privileges.

    • \n
  • CVE-2011-1182\n

    Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local\n users can generate signals with falsified source pid and uid information.

    • \n
  • CVE-2011-1477\n

    Dan Rosenberg reported issues in the Open Sound System driver for cards that\n include a Yamaha FM synthesizer chip. Local users can cause memory\n corruption resulting in a denial of service. This issue does not affect\n official Debian Linux image packages as they no longer provide support for\n OSS. However, custom kernels built from Debians linux-source-2.6.26 may\n have enabled this configuration and would therefore be vulnerable.

    • \n
  • CVE-2011-1493\n

    Dan Rosenburg reported two issues in the Linux implementation of the\n Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of\n service by providing specially crafted facilities fields.

    • \n
  • CVE-2011-1577\n

    Timo Warns reported an issue in the Linux support for GPT partition tables.\n Local users with physical access could cause a denial of service (Oops)\n by adding a storage device with a malicious partition table header.

    • \n
  • CVE-2011-1593\n

    Robert Swiecki reported a signednes issue in the next_pidmap() function,\n which can be exploited my local users to cause a denial of service.

    • \n
  • CVE-2011-1598\n

    Dave Jones reported an issue in the Broadcast Manager Controller Area\n Network (CAN/BCM) protocol that may allow local users to cause a NULL\n pointer dereference, resulting in a denial of service.

    • \n
  • CVE-2011-1745\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service due\n to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian\n installations, this is exploitable only by users in the video group.

    • \n
  • CVE-2011-1746\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service\n due to missing bounds checking in the agp_allocate_memory and\n agp_create_user_memory. On default Debian installations, this is\n exploitable only by users in the video group.

    • \n
  • CVE-2011-1748\n

    Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw\n socket implementation which permits ocal users to cause a NULL pointer\n dereference, resulting in a denial of service.

    • \n
  • CVE-2011-1759\n

    Dan Rosenberg reported an issue in the support for executing old ABI\n binaries on ARM processors. Local users can obtain elevated privileges due\n to insufficient bounds checking in the semtimedop system call.

    • \n
  • CVE-2011-1767\n

    Alexecy Dobriyan reported an issue in the GRE over IP implementation.\n Remote users can cause a denial of service by sending a packet during\n module initialization.

    • \n
  • CVE-2011-1768\n

    Alexecy Dobriyan reported an issue in the IP tunnels implementation.\n Remote users can cause a denial of service by sending a packet during\n module initialization.

    • \n
  • CVE-2011-1776\n

    Timo Warns reported an issue in the Linux implementation for GUID\n partitions. Users with physical access can gain access to sensitive kernel\n memory by adding a storage device with a specially crafted corrupted\n invalid partition table.

    • \n
  • CVE-2011-2022\n

    Vasiliy Kulikov reported an issue in the Linux support for AGP devices.\n Local users can obtain elevated privileges or cause a denial of service due\n to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian\n installations, this is exploitable only by users in the video group.

    • \n
  • CVE-2011-2182\n

    Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above)\n that made it insufficient to resolve the issue.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.26-26lenny3. Updates for arm and hppa are not yet available,\nbut will be released as soon as possible.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny3
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\nThese updates will not become active until after your system is rebooted.

\n

Note: Debian carefully tracks all known security issues across every\nLinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or leap-frog fashion.

\n
\n
\n
\n
", "2265": "
\n

Debian Security Advisory

\n

DSA-2265-1 perl -- lack of tainted flag propagation

\n
\n
Date Reported:
\n
20 Jun 2011
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 622817.
In Mitre's CVE dictionary: CVE-2011-1487.
\n
More information:
\n
\n

Mark Martinec discovered that Perl incorrectly clears the tainted flag\non values returned by case conversion functions such as lc. This\nmay expose preexisting vulnerabilities in applications which use these\nfunctions while processing untrusted input. No such applications are\nknown at this stage. Such applications will cease to work when this\nsecurity update is applied because taint checks are designed to\nprevent such unsafe use of untrusted input data.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.10.0-19lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.10.1-17squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 5.10.1-20.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "2266": "
\n

Debian Security Advisory

\n

DSA-2266-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Jun 2011
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2531, CVE-2011-0420, CVE-2011-0421, CVE-2011-0708, CVE-2011-1153, CVE-2011-1466, CVE-2011-1471, CVE-2011-2202.
\n
More information:
\n
\n

Several vulnerabilities were discovered in PHP, which could lead to\ndenial of service or potentially the execution of arbitrary code.

\n
    \n
  • CVE-2010-2531\n

    An information leak was found in the var_export() function.

    • \n
  • CVE-2011-0421\n

    The Zip module could crash.

    • \n
  • CVE-2011-0708\n

    An integer overflow was discovered in the Exif module.

    • \n
  • CVE-2011-1466\n

    An integer overflow was discovered in the Calendar module.

    • \n
  • CVE-2011-1471\n

    The Zip module was prone to denial of service through malformed\n archives.

    • \n
  • CVE-2011-2202\n

    Path names in form based file uploads (RFC 1867) were incorrectly\n validated.

    • \n
\n

This update also fixes two bugs, which are not treated as security\nissues, but fixed nonetheless, see README.Debian.security for details\non the scope of security support for PHP\n(CVE-2011-0420,\nCVE-2011-1153).

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 5.2.6.dfsg.1-1+lenny12.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.3.6-12.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2267": "
\n

Debian Security Advisory

\n

DSA-2267-1 perl -- restriction bypass

\n
\n
Date Reported:
\n
01 Jul 2011
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631529.
In Mitre's CVE dictionary: CVE-2010-1447.
\n
More information:
\n
\n

It was discovered that Perl's Safe module - a module to compile and\nexecute code in restricted compartments - could be bypassed.

\n

Please note that this update is known to break Petal, an XML-based\ntemplating engine (shipped with Debian 6.0/Squeeze in the package\nlibpetal-perl, see\nbug #582805 for details). A fix is not yet available. If you use Petal, you\nmight consider to put the previous Perl packages on hold.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.10.0-19lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.10.1-17squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.12.3-1.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "2268": "
\n

Debian Security Advisory

\n

DSA-2268-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jul 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376.
\n
More information:
\n
\n

Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:

\n
    \n
  • CVE-2011-0083 /\nCVE-2011-2363\n

    regenrecht discovered two use-after-frees in SVG processing, which\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0085\n

    regenrecht discovered a use-after-free in XUL processing, which\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2362\n

    David Chan discovered that cookies were insufficiently isolated.

    • \n
  • CVE-2011-2371\n

    Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the\n JavaScript engine, which could lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-2373\n

    Martin Barbella discovered a use-after-free in XUL processing,\n which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2374\n

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and\n Christian Biesinger discovered memory corruption bugs, which may\n lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2376\n

    Luke Wagner and Gary Kwong discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-12 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.19-3.

\n

For the experimental distribution, this problem has been fixed in\nversion 5.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2269": "
\n

Debian Security Advisory

\n

DSA-2269-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jul 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n
    \n
  • CVE-2011-0083 /\nCVE-2011-2363\n

    regenrecht discovered two use-after-frees in SVG processing,\n which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0085\n

    regenrecht discovered a use-after-free in XUL processing, which\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2362\n

    David Chan discovered that cookies were insufficiently isolated.

    • \n
  • CVE-2011-2371\n

    Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the\n JavaScript engine, which could lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-2373\n

    Martin Barbella discovered a use-after-free in XUL processing,\n which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2374\n

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and\n Christian Biesinger discovered memory corruption bugs, which may\n lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2376\n

    Luke Wagner and Gary Kwong discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.

    • \n
\n

The oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-3.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2270": "
\n

Debian Security Advisory

\n

DSA-2270-1 qemu-kvm -- programming error

\n
\n
Date Reported:
\n
01 Jul 2011
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631975.
In Mitre's CVE dictionary: CVE-2011-2512.
\n
More information:
\n
\n

It was discovered that incorrect sanitising of virtio queue commands in\nKVM, a solution for full virtualization on x86 hardware, could lead to\ndenial of service or the execution of arbitrary code.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.14.1+dfsg-2.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2271": "
\n

Debian Security Advisory

\n

DSA-2271-1 curl -- improper delegation of client credentials

\n
\n
Date Reported:
\n
02 Jul 2011
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2192.
\n
More information:
\n
\n

Richard Silverman discovered that when doing GSSAPI authentication, libcurl\nunconditionally performs credential delegation. This hands the server a copy of\nthe client's security credentials, allowing the server to impersonate the\nclient to any other using the same GSSAPI mechanism.\nThis is obviously a very sensitive operation, which should only be done when\nthe user explicitly so directs.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 7.21.6-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.21.6-2.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2272": "
\n

Debian Security Advisory

\n

DSA-2272-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
05 Jul 2011
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2464.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, does not correctly process\ncertain UPDATE requests, resulting in a server crash and a denial of\nservice. This vulnerability affects BIND installations even if they\ndo not actually use dynamic DNS updates.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:9.6.ESV.R4+dfsg-0+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze3.

\n

The testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed later.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2273": "
\n

Debian Security Advisory

\n

DSA-2273-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Jul 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2376.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n
    \n
  • CVE-2011-0083 / CVE-2011-2363\n

    regenrecht discovered two use-after-frees in SVG processing,\n which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-0085\n

    regenrecht discovered a use-after-free in XUL processing, which\n could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2362\n

    David Chan discovered that cookies were insufficiently isolated.

    • \n
  • CVE-2011-2371\n

    Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the\n Javascript engine, which could lead to the execution of arbitrary\n code.

    • \n
  • CVE-2011-2373\n

    Martin Barbella discovered a use-after-free in XUL processing,\n which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2374\n

    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and\n Christian Biesinger discovered memory corruption bugs, which may\n lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2376\n

    Luke Wagner and Gary Kwong discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.

    • \n
\n

As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.11-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2274": "
\n

Debian Security Advisory

\n

DSA-2274-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jul 2011
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1590, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175.
\n
More information:
\n
\n

Huzaifa Sidhpurwala, David Maciejak and others discovered several\nvulnerabilities in the X.509if and DICOM dissectors and in the code to\nprocess various capture and dictionary files, which could lead to denial\nof service or the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny14.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.17-1

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2275": "
\n

Debian Security Advisory

\n

DSA-2275-1 openoffice.org -- stack-based buffer overflow

\n
\n
Date Reported:
\n
07 Jul 2011
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Will Dormann and Jared Allar discovered that the Lotus Word Pro import\nfilter of OpenOffice.org, a full-featured office productivity suite that\nprovides a near drop-in replacement for Microsoft Office, is not\nproperly handling object ids in the .lwp file format. An attacker can\nexploit this with a specially crafted file and execute arbitrary code with\nthe rights of the victim importing the file.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze3.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nlibreoffice version 1:3.3.3-1.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2276": "
\n

Debian Security Advisory

\n

DSA-2276-1 asterisk -- multiple denial of service

\n
\n
Date Reported:
\n
10 Jul 2011
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631445, Bug 631446, Bug 631448.
In Mitre's CVE dictionary: CVE-2011-2529, CVE-2011-2535.
\n
More information:
\n
\n

Paul Belanger reported a vulnerability in Asterisk identified as\nAST-2011-008\n(CVE-2011-2529)\nthrough which an unauthenticated attacker may crash an Asterisk\nserver remotely. A package containing a NULL char causes the SIP header parser\nto alter unrelated memory structures.

\n

Jared Mauch reported a vulnerability in Asterisk identified as\nAST-2011-009\nthrough which an unauthenticated attacker may crash an Asterisk server remotely.\nIf a user sends a package with a Contact header with a missing left angle\nbracket (<) the server will crash. A possible workaround is to disable chan_sip.

\n

The vulnerability identified as\nAST-2011-010\n(CVE-2011-2535)\nreported about an\ninput validation error in the IAX2 channel driver. An unauthenticated attacker\nmay crash an Asterisk server remotely by sending a crafted option control frame.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.21.2~dfsg-3+lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.2.9-2+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:1.8.4.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8.4.3-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2277": "
\n

Debian Security Advisory

\n

DSA-2277-1 xml-security-c -- stack-based buffer overflow

\n
\n
Date Reported:
\n
10 Jul 2011
\n
Affected Packages:
\n
\nxml-security-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 632973.
In Mitre's CVE dictionary: CVE-2011-2516.
\n
More information:
\n
\n

It has been discovered that xml-security-c, an implementation of the XML\nDigital Signature and Encryption specifications, is not properly handling\nRSA keys of sizes on the order of 8192 or more bits. This allows an\nattacker to crash applications using this functionality or potentially\nexecute arbitrary code by tricking an application into verifying a signature\ncreated with a sufficiently long RSA key.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.0-3+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.5.1-3+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1-1.

\n

We recommend that you upgrade your xml-security-c packages.

\n
\n
\n
\n
", "2278": "
\n

Debian Security Advisory

\n

DSA-2278-1 horde3 -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Jul 2011
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 598582.
In Mitre's CVE dictionary: CVE-2010-3077, CVE-2010-3694.
\n
More information:
\n
\n

It was discovered that horde3, the horde web application framework, is\nprone to a cross-site scripting attack and a cross-site request forgery.

\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 3.2.2+debian0-2+lenny3.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.3.8+debian0-2, which was already included in the squeeze\nrelease.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.8+debian0-2.

\n

We recommend that you upgrade your horde3 packages.

\n
\n
\n
\n
", "2279": "
\n

Debian Security Advisory

\n

DSA-2279-1 libapache2-mod-authnz-external -- SQL injection

\n
\n
Date Reported:
\n
19 Jul 2011
\n
Affected Packages:
\n
\nlibapache2-mod-authnz-external\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 633637.
In Mitre's CVE dictionary: CVE-2011-2688.
\n
More information:
\n
\n

It was discovered that libapache2-mod-authnz-external, an apache\nauthentication module, is prone to an SQL injection via the $user\nparameter.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.4-2+squeeze1.

\n

The oldstable distribution (lenny) does not contain\nlibapache2-mod-authnz-external.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.4-2.1.

\n

We recommend that you upgrade your libapache2-mod-authnz-external packages.

\n
\n
\n
\n
", "2280": "
\n

Debian Security Advisory

\n

DSA-2280-1 libvirt -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jul 2011
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 633630, Bug 623222.
In Mitre's CVE dictionary: CVE-2011-2511, CVE-2011-1486.
\n
More information:
\n
\n

It was discovered that libvirt, a library for interfacing with different\nvirtualization systems, is prone to an integer overflow (CVE-2011-2511).\nAdditionally, the stable version is prone to a denial of service,\nbecause its error reporting is not thread-safe (CVE-2011-1486).

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.8.3-5+squeeze2.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.4.6-10+lenny2.

\n

For the testing distribution (wheezy), these problems will fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.9.2-7).

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "2281": "
\n

Debian Security Advisory

\n

DSA-2281-1 opie -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Jul 2011
\n
Affected Packages:
\n
\nopie\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631344, Bug 631345, Bug 584932.
In Mitre's CVE dictionary: CVE-2011-2489, CVE-2011-2490, CVE-2010-1938.
\n
More information:
\n
\n

Sebastian Krahmer discovered that opie, a system that makes it simple to use\nOne-Time passwords in applications, is prone to a privilege escalation\n(CVE-2011-2490)\nand an off-by-one error, which can lead to the execution of arbitrary code\n(CVE-2011-2489).\nAdam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one\nerror\n(CVE-2010-1938),\nwhich only affects the lenny version as the fix was already included in\nsqueeze.

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 2.32-10.2+lenny2.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.32.dfsg.1-0.2+squeeze1

\n

The testing distribution (wheezy) and the unstable distribution (sid) do\nnot contain opie.

\n

We recommend that you upgrade your opie packages.

\n
\n
\n
\n
", "2282": "
\n

Debian Security Advisory

\n

DSA-2282-1 qemu-kvm -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Jul 2011
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2212, CVE-2011-2527.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in KVM, a solution for full\nvirtualization on x86 hardware:

\n
    \n
  • CVE-2011-2212\n

    Nelson Elhage discovered a buffer overflow in the virtio subsystem,\n which could lead to denial of service or privilege escalation.

    • \n
  • CVE-2011-2527\n

    Andrew Griffiths discovered that group privileges were\n insufficiently dropped when started with -runas option, resulting\n in privilege escalation.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.14.1+dfsg-3.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2283": "
\n

Debian Security Advisory

\n

DSA-2283-1 krb5-appl -- programming error

\n
\n
Date Reported:
\n
25 Jul 2011
\n
Affected Packages:
\n
\nkrb5-appl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1526.
\n
More information:
\n
\n

Tim Zingelmann discovered that due an incorrect configure script the\nkerborised FTP server failed to set the effective GID correctly,\nresulting in privilege escalation.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.1-1.1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your krb5-appl packages.

\n
\n
\n
\n
", "2284": "
\n

Debian Security Advisory

\n

DSA-2284-1 opensaml2 -- implementation error

\n
\n
Date Reported:
\n
25 Jul 2011
\n
Affected Packages:
\n
\nopensaml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1411.
\n
More information:
\n
\n

Juraj Somorovsky, Andreas Mayer, Meiko Jensen, Florian Kohlar, Marco\nKampmann and Joerg Schwenk discovered that Shibboleth, a federated web\nsingle sign-on system is vulnerable to XML signature wrapping attacks.\nMore details can be found in the\nShibboleth\nadvisory.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.0-2+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3-2+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n
\n
\n
\n
", "2285": "
\n

Debian Security Advisory

\n

DSA-2285-1 mapserver -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jul 2011
\n
Affected Packages:
\n
\nmapserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2703, CVE-2011-2704.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in mapserver, a CGI-based\nweb framework to publish spatial data and interactive mapping applications.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2011-2703\n

    Several instances of insufficient escaping of user input, leading to\n SQL injection attacks via OGC filter encoding (in WMS, WFS, and SOS\n filters).

    • \n
  • CVE-2011-2704\n

    Missing length checks in the processing of OGC filter encoding that can\n lead to stack-based buffer overflows and the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 5.0.3-3+lenny7.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 5.6.5-2+squeeze2.

\n

For the testing (squeeze) and unstable (sid) distributions, these problems\nwill be fixed soon.

\n

We recommend that you upgrade your mapserver packages.

\n
\n
\n
\n
", "2286": "
\n

Debian Security Advisory

\n

DSA-2286-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jul 2011
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2505, CVE-2011-2506, CVE-2011-2507, CVE-2011-2508, CVE-2011-2642.
\n
More information:
\n
\n

Several vulnerabilities were discovered in phpMyAdmin, a tool to\nadministrate MySQL over the web. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-2505\n

    Possible session manipulation in Swekey authentication.

    • \n
  • CVE-2011-2506\n

    Possible code injection in setup script, in case session\n variables are compromised.

    • \n
  • CVE-2011-2507\n

    Regular expression quoting issue in Synchronize code.

    • \n
  • CVE-2011-2508\n

    Possible directory traversal in MIME-type transformation.

    • \n
  • CVE-2011-2642\n

    Cross site scripting in table Print view when the attacker can\n create crafted table names.

    • \n
  • No CVE name yet\n

    Possible superglobal and local variables manipulation in\n Swekey authentication. (PMASA-2011-12)

    • \n
\n

The oldstable distribution (lenny) is only affected by\nCVE-2011-2642, which has been fixed in version 2.11.8.1-5+lenny9.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.3.7-6.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 3.4.3.2-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "2287": "
\n

Debian Security Advisory

\n

DSA-2287-1 libpng -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jul 2011
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 632786, Bug 633871.
In Mitre's CVE dictionary: CVE-2011-2501, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692.
\n
More information:
\n
\n

The PNG library libpng has been affected by several vulnerabilities. The most\ncritical one is the identified as\nCVE-2011-2690. Using this vulnerability, an attacker is able to overwrite\nmemory with an arbitrary amount of data controlled by her via a crafted PNG\nimage.

\n

The other vulnerabilities are less critical and allow an attacker to\ncause a crash in the program (denial of service) via a crafted PNG\nimage.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.27-2+lenny5. Due to a technical limitation in the Debian\narchive processing scripts, the updated packages cannot be released\nin parallel with the packages for Squeeze. They will appear shortly.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.46-1.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "2288": "
\n

Debian Security Advisory

\n

DSA-2288-1 libsndfile -- integer overflow

\n
\n
Date Reported:
\n
28 Jul 2011
\n
Affected Packages:
\n
\nlibsndfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2696.
\n
More information:
\n
\n

Hossein Lotfi discovered an integer overflow in libsndfile's code to\nparse Paris Audio files, which could potentially lead to the execution\nof arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.17-4+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.21-3+squeeze1

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.25-1.

\n

We recommend that you upgrade your libsndfile packages.

\n
\n
\n
\n
", "2289": "
\n

Debian Security Advisory

\n

DSA-2289-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Aug 2011
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 635937.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework: cross-site scripting, information\ndisclosure, authentication delay bypass, and arbitrary file deletion.\nMore details can be found in the Typo3 security advisory:\nTYPO3-CORE-SA-2011-001.

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 4.2.5-1+lenny8.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.3.9+dfsg1-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.4+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2290": "
\n

Debian Security Advisory

\n

DSA-2290-1 samba -- cross-site scripting

\n
\n
Date Reported:
\n
07 Aug 2011
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2522, CVE-2011-2694.
\n
More information:
\n
\n

The Samba Web Administration Tool (SWAT) contains several cross-site request\nforgery (CSRF) vulnerabilities\n(CVE-2011-2522) and a cross-site scripting vulnerability\n(CVE-2011-2694).

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 2:3.2.5-4lenny15.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 2:3.5.6~dfsg-3squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2:3.5.10~dfsg-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2291": "
\n

Debian Security Advisory

\n

DSA-2291-1 squirrelmail -- various vulnerabilities

\n
\n
Date Reported:
\n
08 Aug 2011
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753.
\n
More information:
\n
\n

Various vulnerabilities have been found in SquirrelMail, a webmail\napplication. The Common Vulnerabilities and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2010-4554\n

    SquirrelMail did not prevent page rendering inside a third-party\n HTML frame, which makes it easier for remote attackers to conduct\n clickjacking attacks via a crafted web site.

    • \n
  • CVE-2010-4555,\n CVE-2011-2752,\n CVE-2011-2753\n

    Multiple small bugs in SquirrelMail allowed an attacker to inject\n malicious script into various pages or alter the contents of user\n preferences.

    • \n
  • CVE-2011-2023\n

    It was possible to inject arbitrary web script or HTML via a\n crafted STYLE element in an HTML part of an e-mail message.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1.4.15-4+lenny5.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.21-2.

\n

For the testing (wheezy) and unstable distribution (sid), these problems\nhave been fixed in version 1.4.22-1.

\n

We recommend that you upgrade your squirrelmail packages.

\n
\n
\n
\n
", "2292": "
\n

Debian Security Advisory

\n

DSA-2292-1 isc-dhcp -- denial of service

\n
\n
Date Reported:
\n
11 Aug 2011
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2748, CVE-2011-2749.
\n
More information:
\n
\n

David Zych discovered that the ISC DHCP crashes when processing\ncertain packets, leading to a denial of service.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.1.1-6+lenny6 of the dhcp3 package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze3 of the isc-dhcp package.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your ISC DHCP packages.

\n
\n
\n
\n
", "2293": "
\n

Debian Security Advisory

\n

DSA-2293-1 libxfont -- buffer overflow

\n
\n
Date Reported:
\n
12 Aug 2011
\n
Affected Packages:
\n
\nlibxfont\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2895.
\n
More information:
\n
\n

Tomas Hoger found a buffer overflow in the X.Org libXfont library,\nwhich may allow for a local privilege escalation through crafted\nfont files.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.3-2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.1-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.

\n

We recommend that you upgrade your libxfont packages.

\n
\n
\n
\n
", "2294": "
\n

Debian Security Advisory

\n

DSA-2294-1 freetype -- missing input sanitising

\n
\n
Date Reported:
\n
14 Aug 2011
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 635871.
In Mitre's CVE dictionary: CVE-2011-0226.
\n
More information:
\n
\n

It was discovered that insufficient input sanitising in Freetype's code to\nparse Type1 could lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.6-1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "2295": "
\n

Debian Security Advisory

\n

DSA-2295-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Aug 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n
    \n
  • CVE-2011-0084\n

    regenrecht discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2378\n

    regenrecht discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2981\n

    moz_bug_r_a_4 discovered a Chrome privilege escalation\n vulnerability in the event handler code.

    • \n
  • CVE-2011-2982\n

    Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2983\n

    shutdown discovered an information leak in the handling of\n RegExp.input.

    • \n
  • CVE-2011-2984\n

    moz_bug_r_a4 discovered a Chrome privilege escalation\n vulnerability.

    • \n
\n

The oldstable distribution (lenny) is not affected. The iceape\npackage only provides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-5.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2296": "
\n

Debian Security Advisory

\n

DSA-2296-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Aug 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.

\n
    \n
  • CVE-2011-0084\n

    regenrecht discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2378\n

    regenrecht discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2981\n

    moz_bug_r_a_4 discovered a Chrome privilege escalation\n vulnerability in the event handler code.

    • \n
  • CVE-2011-2982\n

    Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2983\n

    shutdown discovered an information leak in the handling of\n RegExp.input.

    • \n
  • CVE-2011-2984\n

    moz_bug_r_a4 discovered a Chrome privilege escalation\n vulnerability.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-13 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.0-1

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2297": "
\n

Debian Security Advisory

\n

DSA-2297-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Aug 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n
    \n
  • CVE-2011-0084\n

    regenrecht discovered that incorrect pointer handling in the SVG\n processing code could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2378\n

    regenrecht discovered that incorrect memory management in DOM\n processing could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2981\n

    moz_bug_r_a_4 discovered a Chrome privilege escalation\n vulnerability in the event handler code.

    • \n
  • CVE-2011-2982\n

    Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory\n corruption bugs, which may lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2983\n

    shutdown discovered an information leak in the handling of\n RegExp.input.

    • \n
  • CVE-2011-2984\n

    moz_bug_r_a4 discovered a Chrome privilege escalation\n vulnerability.

    • \n
\n

As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.12-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2298": "
\n

Debian Security Advisory

\n

DSA-2298-2 apache2 -- denial of service

\n
\n
Date Reported:
\n
05 Sep 2011
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1452, CVE-2011-3192.
\n
More information:
\n
\n

Two issues have been found in the Apache HTTPD web server:

\n
    \n
  • CVE-2011-3192\n

    A vulnerability has been found in the way the multiple overlapping\nranges are handled by the Apache HTTPD server. This vulnerability\nallows an attacker to cause Apache HTTPD to use an excessive amount of\nmemory, causing a denial of service.

    • \n
  • CVE-2010-1452\n

    A vulnerability has been found in mod_dav that allows an attacker to\ncause a daemon crash, causing a denial of service. This issue only\naffects the Debian 5.0 oldstable/lenny distribution.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 2.2.9-10+lenny11.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.2.19-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.19-3.

\n

We recommend that you upgrade your apache2 packages.

\n

This update also contains updated apache2-mpm-itk packages which have\nbeen recompiled against the updated apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny6. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2.

\n
\n
\n
\n
", "2299": "
\n

Debian Security Advisory

\n

DSA-2299-1 ca-certificates -- compromised certificate authority

\n
\n
Date Reported:
\n
31 Aug 2011
\n
Affected Packages:
\n
\nca-certificates\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 639744.
\n
More information:
\n
\n

An unauthorized SSL certificate has been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company. Debian, like other software\ndistributors, has as a precaution decided to disable the DigiNotar\nRoot CA by default in its ca-certificates bundle.

\n

For other software in Debian that ships a CA bundle, like the\nMozilla suite, updates are forthcoming.

\n

For the oldstable distribution (lenny), the ca-certificates package\ndoes not contain this root CA.

\n

For the stable distribution (squeeze), the root CA has been\ndisabled starting ca-certificates version 20090814+nmu3.

\n

For the testing distribution (wheezy) and unstable distribution\n(sid), the root CA has been disabled starting ca-certificates\nversion 20110502+nmu1.

\n

We recommend that you upgrade your ca-certificates packages.

\n
\n
\n
\n
", "2300": "
\n

Debian Security Advisory

\n

DSA-2300-2 nss -- compromised certificate authority

\n
\n
Date Reported:
\n
05 Sep 2011
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company. Debian, like other software\ndistributors, has as a precaution decided to disable the DigiNotar\nRoot CA by default in the NSS crypto libraries.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.12.3.1-0lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.12.11-2.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2301": "
\n

Debian Security Advisory

\n

DSA-2301-2 rails -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2012
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2930, CVE-2011-2931, CVE-2011-3186, CVE-2009-4214.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Rails, the Ruby web\napplication framework. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2009-4214\n

    A cross-site scripting (XSS) vulnerability had been found in the\n strip_tags function. An attacker may inject non-printable characters\n that certain browsers will then evaluate. This vulnerability only\n affects the oldstable distribution (lenny).

    • \n
  • CVE-2011-2930\n

    A SQL injection vulnerability had been found in the quote_table_name\n method that could allow malicious users to inject arbitrary SQL into a\n query.

    • \n
  • CVE-2011-2931\n

    A cross-site scripting (XSS) vulnerability had been found in the\n strip_tags helper. An parsing error can be exploited by an attacker,\n who can confuse the parser and may inject HTML tags into the output\n document.

    • \n
  • CVE-2011-3186\n

    A newline (CRLF) injection vulnerability had been found in\n response.rb. This vulnerability allows an attacker to inject arbitrary\n HTTP headers and conduct HTTP response splitting attacks via the\n Content-Type header.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.14.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2302": "
\n

Debian Security Advisory

\n

DSA-2302-1 bcfg2 -- missing input sanitization

\n
\n
Date Reported:
\n
07 Sep 2011
\n
Affected Packages:
\n
\nbcfg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 640028.
In Mitre's CVE dictionary: CVE-2011-3211.
\n
More information:
\n
\n

It has been discovered that the Bcfg2 server, a configuration management\nserver for Bcfg2 clients, is not properly sanitizing input from Bcfg2\nclients before passing it to various shell commands. This enables an\nattacker in control of a Bcfg2 client to execute arbitrary commands on\nthe server with root privileges.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.5.7-1.1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.1-3+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.1.2-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2-2.

\n

We recommend that you upgrade your bcfg2 packages.

\n
\n
\n
\n
", "2303": "
\n

Debian Security Advisory

\n

DSA-2303-2 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
10 Sep 2011
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1020, CVE-2011-1576, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2918, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-1020\n

    Kees Cook discovered an issue in the /proc filesystem that allows local\n users to gain access to sensitive process information after execution of a\n setuid binary.

    • \n
  • CVE-2011-1576\n

    Ryan Sweat discovered an issue in the VLAN implementation. Local users may\n be able to cause a kernel memory leak, resulting in a denial of service.

    • \n
  • CVE-2011-2484\n

    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that\n a process can register is not capped, resulting in local denial of service\n through resource exhaustion (CPU time and memory).

    • \n
  • CVE-2011-2491\n

    Vasily Averin discovered an issue with the NFS locking implementation. A\n malicious NFS server can cause a client to hang indefinitely in an unlock\n call.

    • \n
  • CVE-2011-2492\n

    Marek Kroemeke and Filip Palian discovered that uninitialized struct\n elements in the Bluetooth subsystem could lead to a leak of sensitive kernel\n memory through leaked stack memory.

    • \n
  • CVE-2011-2495\n

    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc\n directory was world-readable, resulting in local information disclosure of\n information such as password lengths.

    • \n
  • CVE-2011-2496\n

    Robert Swiecki discovered that mremap() could be abused for local denial of\n service by triggering a BUG_ON assert.

    • \n
  • CVE-2011-2497\n

    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,\n which could lead to denial of service or privilege escalation.

    • \n
  • CVE-2011-2517\n

    It was discovered that the netlink-based wireless configuration interface\n performed insufficient length validation when parsing SSIDs, resulting in\n buffer overflows. Local users with the CAP_NET_ADMIN capability can cause a\n denial of service.

    • \n
  • CVE-2011-2525\n

    Ben Pfaff reported an issue in the network scheduling code. A local user\n could cause a denial of service (NULL pointer dereference) by sending a\n specially crafted netlink message.

    • \n
  • CVE-2011-2700\n

    Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the\n driver for the Si4713 FM Radio Transmitter driver used by N900 devices.\n Local users could exploit this issue to cause a denial of service or\n potentially gain elevated privileges.

    • \n
  • CVE-2011-2723\n

    Brent Meshier reported an issue in the GRO (generic receive offload)\n implementation. This can be exploited by remote users to create a denial of\n service (system crash) in certain network device configurations.

    • \n
  • CVE-2011-2905\n

    Christian Ohm discovered that the perf analysis tool searches for its\n config files in the current working directory. This could lead to denial of\n service or potential privilege escalation if a user with elevated privileges\n is tricked into running perf in a directory under the control of the\n attacker.

    • \n
  • CVE-2011-2909\n

    Vasiliy Kulikov of Openwall discovered that a programming error in\n the Comedi driver could lead to the information disclosure through\n leaked stack memory.

    • \n
  • CVE-2011-2918\n

    Vince Weaver discovered that incorrect handling of software event overflows\n in the perf analysis tool could lead to local denial of service.

    • \n
  • CVE-2011-2928\n

    Timo Warns discovered that insufficient validation of Be filesystem images\n could lead to local denial of service if a malformed filesystem image is\n mounted.

    • \n
  • CVE-2011-3188\n

    Dan Kaminsky reported a weakness of the sequence number generation in the\n TCP protocol implementation. This can be used by remote attackers to inject\n packets into an active session.

    • \n
  • CVE-2011-3191\n

    Darren Lavender reported an issue in the Common Internet File System (CIFS).\n A malicious file server could cause memory corruption leading to a denial of\n service.

    • \n
\n

This update also includes a fix for a regression introduced with the previous\nsecurity fix for CVE-2011-1768\n(Debian bug #633738).\n

\n

For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-35squeeze2. Updates for issues impacting the oldstable distribution\n(lenny) will be available soon.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+35squeeze2
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n
\n
\n
\n
", "2304": "
\n

Debian Security Advisory

\n

DSA-2304-1 squid3 -- buffer overflow

\n
\n
Date Reported:
\n
11 Sep 2011
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 639755.
In Mitre's CVE dictionary: CVE-2011-3205.
\n
More information:
\n
\n

Ben Hawkes discovered that Squid\u00a03, a full featured Web Proxy cache\n(HTTP proxy), is vulnerable to a buffer overflow when processing Gopher\nserver replies. An attacker can exploit this flaw by connecting to a\nGopher server that returns lines longer than 4096 bytes. This may result\nin denial of service conditions (daemon crash) or the possibly the\nexecution of arbitrary code with rights of the squid daemon.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.STABLE8-3+lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.1.15-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "2305": "
\n

Debian Security Advisory

\n

DSA-2305-1 vsftpd -- denial of service

\n
\n
Date Reported:
\n
19 Sep 2011
\n
Affected Packages:
\n
\nvsftpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 622741, Bug 629373.
In Mitre's CVE dictionary: CVE-2011-0762, CVE-2011-2189.
\n
More information:
\n
\n

Two security issue have been discovered that affect vsftpd, a lightweight,\nefficient FTP server written for security.

\n
    \n
  • CVE-2011-2189\n

    It was discovered that Linux kernels < 2.6.35 are considerably slower in\n releasing than in the creation of network namespaces. As a result of this\n and because vsftpd is using this feature as a security enhancement to\n provide network isolation for connections, it is possible to cause denial\n of service conditions due to excessive memory allocations by the kernel.\n This is technically no vsftpd flaw, but a kernel issue. However, this\n feature has legitimate use cases and backporting the specific kernel patch\n is too intrusive. Additionally, a local attacker requires the CAP_SYS_ADMIN\n capability to abuse this functionality. Therefore, as a fix, a kernel\n version check has been added to vsftpd in order to disable this feature\n for kernels < 2.6.35.

    • \n
  • CVE-2011-0762\n

    Maksymilian Arciemowicz discovered that vsftpd is incorrectly handling\n certain glob expressions in STAT commands. This allows a remote authenticated\n attacker to conduct denial of service attacks (excessive CPU and process\n slot exhaustion) via crafted STAT commands.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.0.7-1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-3+squeeze2. Please note that\nCVE-2011-2189 does not affect the lenny version.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.4-1.

\n

We recommend that you upgrade your vsftpd packages.

\n
\n
\n
\n
", "2306": "
\n

Debian Security Advisory

\n

DSA-2306-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Sep 2011
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 611495.
In Mitre's CVE dictionary: CVE-2010-3908, CVE-2010-4704, CVE-2011-0480, CVE-2011-0722, CVE-2011-0723.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg, a multimedia player,\nserver and encoder.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2010-3908\n

    FFmpeg before 0.5.4, allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute arbitrary code\n via a malformed WMV file.

    • \n
  • CVE-2010-4704\n

    libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg allows remote\n attackers to cause a denial of service (application crash) via a crafted\n Ogg file, related to the vorbis_floor0_decode function.

    • \n
  • CVE-2011-0480\n

    Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg\n allow remote attackers to cause a denial of service (memory corruption and\n application crash) or possibly have unspecified other impact via a crafted\n WebM file, related to buffers for the channel floor and the channel residue.

    • \n
  • CVE-2011-0722\n

    FFmpeg allows remote attackers to cause a denial of service (heap memory\n corruption and application crash) or possibly execute arbitrary code via a\n malformed RealMedia file.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4:0.5.4-1.

\n

Security support for ffmpeg has been discontinued for the oldstable\ndistribution (lenny).\nThe current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for these\nand any future issues has become unfeasible and therefore we need to\ndrop our security support for the version in oldstable.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2307": "
\n

Debian Security Advisory

\n

DSA-2307-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Sep 2011
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2359, CVE-2011-2800, CVE-2011-2818.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Chromium browser.\nThe Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2011-2818\n

    Use-after-free vulnerability in Google Chrome allows remote attackers to\n cause a denial of service or possibly have unspecified other impact via\n vectors related to display box rendering.

    \n
  • CVE-2011-2800\n

    Google Chrome allows remote attackers to obtain potentially sensitive\n information about client-side redirect targets via a crafted web site.

    • \n
  • CVE-2011-2359\n

    Google Chrome does not properly track line boxes during rendering, which\n allows remote attackers to cause a denial of service or possibly have\n unspecified other impact via unknown vectors that lead to a stale pointer.

    • \n
\n

Several unauthorised SSL certificates have been found in the wild issued\nfor the DigiNotar Certificate Authority, obtained through a security\ncompromise with said company.\nThis update blacklists SSL certificates issued by DigiNotar-controlled\nintermediate CAs used by the Dutch PKIoverheid program.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.472.63~r59945-5+squeeze6.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 13.0.782.220~r99552-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 13.0.782.220~r99552-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2308": "
\n

Debian Security Advisory

\n

DSA-2308-1 mantis -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Sep 2011
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 640297.
In Mitre's CVE dictionary: CVE-2011-3357, CVE-2011-3358.
\n
More information:
\n
\n

Several vulnerabilities were found in Mantis, a web-based bug\ntracking system: Insufficient input validation could result in local\nfile inclusion and cross-site scripting.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.1.6+dfsg-2lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.8+dfsg-10squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.7-1.

\n

We recommend that you upgrade your mantis packages.

\n
\n
\n
\n
", "2309": "
\n

Debian Security Advisory

\n

DSA-2309-1 openssl -- compromised certificate authority

\n
\n
Date Reported:
\n
13 Sep 2011
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1945.
\n
More information:
\n
\n

Several fraudulent SSL certificates have been found in the wild issued\nby the DigiNotar Certificate Authority, obtained through a security\ncompromise of said company. After further updates on this incident, it\nhas been determined that all of DigiNotar's signing certificates can no\nlonger be trusted.\nDebian, like other software distributors and vendors, has decided to\ndistrust all of DigiNotar's CAs. In this update, this is done in the\ncrypto library (a component of the OpenSSL toolkit) by marking such\ncertificates as revoked.\nAny application that uses said component should now reject certificates\nsigned by DigiNotar. Individual applications may allow users to override\nthe validation failure. However, making exceptions is highly\ndiscouraged and should be carefully verified.

\n

Additionally, a vulnerability has been found in the ECDHE_ECDS cipher\nwhere timing attacks make it easier to determine private keys. The\nCommon Vulnerabilities and Exposures project identifies it as\nCVE-2011-1945.

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 0.9.8g-15+lenny12.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze2.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.0e-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2310": "
\n

Debian Security Advisory

\n

DSA-2310-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
22 Sep 2011
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 633738.
In Mitre's CVE dictionary: CVE-2009-4067, CVE-2011-0712, CVE-2011-1020, CVE-2011-2209, CVE-2011-2211, CVE-2011-2213, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2525, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a privilege escalation, denial of service or information leak. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2009-4067\n

    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the auerswald\n module, a driver for Auerswald PBX/System Telephone USB devices. Attackers\n with physical access to a system's USB ports could obtain elevated\n privileges using a specially crafted USB device.

    • \n
  • CVE-2011-0712\n

    Rafael Dominguez Vega of MWR InfoSecurity reported an issue in the caiaq\n module, a USB driver for Native Instruments USB audio devices. Attackers\n with physical access to a system's USB ports could obtain elevated\n privileges using a specially crafted USB device.

    • \n
  • CVE-2011-1020\n

    Kees Cook discovered an issue in the /proc filesystem that allows local\n users to gain access to sensitive process information after execution of a\n setuid binary.

    • \n
  • CVE-2011-2209\n

    Dan Rosenberg discovered an issue in the osf_sysinfo() system call on the\n alpha architecture. Local users could obtain access to sensitive kernel\n memory.

    • \n
  • CVE-2011-2211\n

    Dan Rosenberg discovered an issue in the osf_wait4() system call on the\n alpha architecture permitting local users to gain elevated privileges.

    • \n
  • CVE-2011-2213\n

    Dan Rosenberg discovered an issue in the INET socket monitoring interface.\n Local users could cause a denial of service by injecting code and causing\n the kernel to execute an infinite loop.

    • \n
  • CVE-2011-2484\n

    Vasiliy Kulikov of Openwall discovered that the number of exit handlers that\n a process can register is not capped, resulting in local denial of service\n through resource exhaustion (CPU time and memory).

    • \n
  • CVE-2011-2491\n

    Vasily Averin discovered an issue with the NFS locking implementation. A\n malicious NFS server can cause a client to hang indefinitely in an unlock\n call.

    • \n
  • CVE-2011-2492\n

    Marek Kroemeke and Filip Palian discovered that uninitialized struct\n elements in the Bluetooth subsystem could lead to a leak of sensitive kernel\n memory through leaked stack memory.

    • \n
  • CVE-2011-2495\n

    Vasiliy Kulikov of Openwall discovered that the io file of a process' proc\n directory was world-readable, resulting in local information disclosure of\n information such as password lengths.

    • \n
  • CVE-2011-2496\n

    Robert Swiecki discovered that mremap() could be abused for local denial of\n service by triggering a BUG_ON assert.

    • \n
  • CVE-2011-2497\n

    Dan Rosenberg discovered an integer underflow in the Bluetooth subsystem,\n which could lead to denial of service or privilege escalation.

    • \n
  • CVE-2011-2525\n

    Ben Pfaff reported an issue in the network scheduling code. A local user\n could cause a denial of service (NULL pointer dereference) by sending a\n specially crafted netlink message.

    • \n
  • CVE-2011-2928\n

    Timo Warns discovered that insufficient validation of Be filesystem images\n could lead to local denial of service if a malformed filesystem image is\n mounted.

    • \n
  • CVE-2011-3188\n

    Dan Kaminsky reported a weakness of the sequence number generation in the\n TCP protocol implementation. This can be used by remote attackers to inject\n packets into an active session.

    • \n
  • CVE-2011-3191\n

    Darren Lavender reported an issue in the Common Internet File System (CIFS).\n A malicious file server could cause memory corruption leading to a denial of\n service.

    • \n
\n

This update also includes a fix for a regression introduced with the previous\nsecurity fix for CVE-2011-1768\n(Debian bug #633738).\n

\n

For the oldstable distribution (lenny), this problem has been fixed in version\n2.6.26-26lenny4. Updates for arm and alpha are not yet available, but will be\nreleased as soon as possible. Updates for the hppa and ia64 architectures will\nbe included in the upcoming 5.0.9 point release.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n
\u00a0 Debian 5.0 (lenny)
user-mode-linux2.6.26-1um-2+26lenny4
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\nThese updates will not become active until after your system is rebooted.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
\n
\n
", "2311": "
\n

Debian Security Advisory

\n

DSA-2311-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Sep 2011
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 629852.
In Mitre's CVE dictionary: CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java SE platform. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2011-0862\n

    Integer overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges.

    • \n
  • CVE-2011-0864\n

    Hotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine.

    • \n
  • CVE-2011-0865\n

    A race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact.

    • \n
  • CVE-2011-0867\n

    Untrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public.\n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)

    • \n
  • CVE-2011-0868\n

    A float-to-long conversion could overflow, allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine.

    • \n
  • CVE-2011-0869\n

    Untrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection.

    • \n
  • CVE-2011-0871\n

    Untrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code.

    • \n
\n

In addition, this update removes support for the Zero/Shark and Cacao\nHotspot variants from the i386 and amd64 due to stability issues.\nThese Hotspot variants are included in the openjdk-6-jre-zero and\nicedtea-6-jre-cacao packages, and these packages must be removed\nduring this update.

\n

For the oldstable distribution (lenny), these problems will be fixed\nin a separate DSA for technical reasons.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 6b18-1.8.9-0.1~squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 6b18-1.8.9-0.1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2312": "
\n

Debian Security Advisory

\n

DSA-2312-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Sep 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey:

\n
    \n
  • CVE-2011-2372\n

    Mariusz Mlynski discovered that websites could open a download\n dialog \u2014\u00a0which has open as the default action\u00a0\u2014, while a user\n presses the ENTER key.

    • \n
  • CVE-2011-2995\n

    Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.

    • \n
  • CVE-2011-2998\n

    Mark Kaplan discovered an integer underflow in the JavaScript\n engine, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2999\n

    Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.

    • \n
  • CVE-2011-3000\n

    Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.

    • \n
\n

The oldstable distribution (lenny) is not affected. The iceape package\nonly provides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-8. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-8.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2313": "
\n

Debian Security Advisory

\n

DSA-2313-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Sep 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000.
\n
More information:
\n
\n

Several vulnerabilities have been found in Iceweasel, a web browser\nbased on Firefox:

\n
    \n
  • CVE-2011-2372\n

    Mariusz Mlynski discovered that websites could open a download\n dialog \u2014\u00a0which has open as the default action\u00a0\u2014, while a user\n presses the ENTER key.

    • \n
  • CVE-2011-2995\n

    Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.

    • \n
  • CVE-2011-2998\n

    Mark Kaplan discovered an integer underflow in the JavaScript\n engine, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2999\n

    Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.

    • \n
  • CVE-2011-3000\n

    Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-14 of the xulrunner source package. This update also\nmarks the compromised DigiNotar root certs as revoked rather then\nuntrusted.

\n

For the stable distribution (squeeze), this problem has been fixed\nin version 3.5.16-10. This update also marks the compromised DigiNotar\nroot certs as revoked rather then untrusted.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2314": "
\n

Debian Security Advisory

\n

DSA-2314-1 puppet -- multiple vulnerabilities

\n
\n
Date Reported:
\n
03 Oct 2011
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3848, CVE-2011-3870, CVE-2011-3869, CVE-2011-3871.
\n
More information:
\n
\n

Multiple security issues have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2011-3848\n

    Kristian Erik Hermansen reported that an unauthenticated\n directory traversal could drop any valid X.509 Certificate Signing\n Request at any location on disk, with the privileges of the Puppet\n Master application.

    • \n
  • CVE-2011-3870\n

    Ricky Zhou discovered a potential local privilege escalation in the\n ssh_authorized_keys resource and theoretically in the Solaris and\n AIX providers, where file ownership was given away before it was\n written, leading to a possibility for a user to overwrite arbitrary\n files as root, if their authorized_keys file was managed.

    • \n
  • CVE-2011-3869\n

    A predictable file name in the k5login type leads to the possibility\n of symlink attacks which would allow the owner of the home directory\n to symlink to anything on the system, and have it replaced with the\n correct content of the file, which can lead to a privilege escalation\n on puppet runs.

    • \n
  • CVE-2011-3871\n

    A potential local privilege escalation was found in the --edit mode\n of puppet resource due to a persistent, predictable file name,\n which can result in editing an arbitrary target file, and thus be\n be tricked into running that arbitrary file as the invoking\n user. This command is most commonly run as root, this leads to a\n potential privilege escalation.

    • \n
\n

Additionally, this update hardens the indirector file backed terminus base\nclass against injection attacks based on trusted path names.

\n

For the oldstable distribution (lenny), this problem will be fixed soon.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.3-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.3-3.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2315": "
\n

Debian Security Advisory

\n

DSA-2315-1 openoffice.org -- multiple vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2011
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2713.
\n
More information:
\n
\n

Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple\nvulnerabilities in the binary Microsoft Word (doc) file format importer\nof OpenOffice.org, a full-featured office productivity suite that\nprovides a near drop-in replacement for Microsoft Office.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:2.4.1+dfsg-1+lenny12.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze4.

\n

For the testing distribution (wheezy), and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2316": "
\n

Debian Security Advisory

\n

DSA-2316-1 quagga -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2011
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327.
\n
More information:
\n
\n

Riku Hietamaki, Tuomo Untinen and Jukka Taimisto discovered several\nvulnerabilities in Quagga, an Internet routing daemon:

\n
    \n
  • CVE-2011-3323\n

    A stack-based buffer overflow while decoding Link State Update\n packets with a malformed Inter Area Prefix LSA can cause the\n ospf6d process to crash or (potentially) execute arbitrary\n code.

    • \n
  • CVE-2011-3324\n

    The ospf6d process can crash while processing a Database\n Description packet with a crafted Link-State-Advertisement.

    • \n
  • CVE-2011-3325\n

    The ospfd process can crash while processing a crafted Hello\n packet.

    • \n
  • CVE-2011-3326\n

    The ospfd process crashes while processing\n Link-State-Advertisements of a type not known to Quagga.

    • \n
  • CVE-2011-3327\n

    A heap-based buffer overflow while processing BGP UPDATE\n messages containing an Extended Communities path attribute\n can cause the bgpd process to crash or (potentially) execute\n arbitrary code.

    • \n
\n

The OSPF-related vulnerabilities require that potential attackers send\npackets to a vulnerable Quagga router; the packets are not distributed\nover OSPF. In contrast, the BGP UPDATE messages could be propagated\nby some routers.

\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 0.99.10-1lenny6.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 0.99.17-2+squeeze3.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.19-1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "2317": "
\n

Debian Security Advisory

\n

DSA-2317-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000.
\n
More information:
\n
\n
    \n
  • CVE-2011-2372\n

    Mariusz Mlynski discovered that websites could open a download\n dialog \u2014\u00a0which has open as the default action\u00a0\u2014, while a user\n presses the ENTER key.

    • \n
  • CVE-2011-2995\n

    Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes\n in the rendering engine, which could lead to the execution of\n arbitrary code.

    • \n
  • CVE-2011-2998\n

    Mark Kaplan discovered an integer underflow in the JavaScript\n engine, which could lead to the execution of arbitrary code.

    • \n
  • CVE-2011-2999\n

    Boris Zbarsky discovered that incorrect handling of the\n window.location object could lead to bypasses of the same-origin\n policy.

    • \n
  • CVE-2011-3000\n

    Ian Graham discovered that multiple Location headers might lead to\n CRLF injection.

    • \n
\n

As indicated in the Lenny (oldstable) release notes, security support for\nthe Icedove packages in the oldstable needed to be stopped before the end\nof the regular Lenny security maintenance life cycle.\nYou are strongly encouraged to upgrade to stable or switch to a different\nmail client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.15-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2318": "
\n

Debian Security Advisory

\n

DSA-2318-1 cyrus-imapd-2.2 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
06 Oct 2011
\n
Affected Packages:
\n
\ncyrus-imapd-2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3372, CVE-2011-3208.
\n
More information:
\n
\n

Multiple security issues have been discovered in cyrus-imapd, a highly scalable\nmail system designed for use in enterprise environments. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2011-3208\n

    Coverity discovered a stack-based buffer overflow in the NNTP server\n implementation (nttpd) of cyrus-imapd. An attacker can exploit this\n flaw via several crafted NNTP commands to execute arbitrary code.

    • \n
  • CVE-2011-3372\n

    Stefan Cornelius of Secunia Research discovered that the command processing\n of the NNTP server implementation (nttpd) of cyrus-imapd is not properly\n implementing access restrictions for certain commands and is not checking\n for a complete, successful authentication. An attacker can use this flaw\n to bypass access restrictions for some commands and, e.g. exploit\n CVE-2011-3208 without proper authentication.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2_2.2.13-14+lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2_2.2.13-19+squeeze2.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\ncyrus-imapd-2.4 version 2.4.12-1.

\n

We recommend that you upgrade your cyrus-imapd-2.2 packages.

\n
\n
\n
\n
", "2319": "
\n

Debian Security Advisory

\n

DSA-2319-1 policykit-1 -- race condition

\n
\n
Date Reported:
\n
08 Oct 2011
\n
Affected Packages:
\n
\npolicykit-1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 644500.
In Mitre's CVE dictionary: CVE-2011-1485.
\n
More information:
\n
\n

Neel Mehta discovered that a race condition in Policykit, a framework\nfor managing administrative policies and privileges, allowed local\nusers to elevate privileges by executing a setuid program from pkexec.

\n

The oldstable distribution (lenny) does not contain the policykit-1\npackage.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.96-4+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 0.101-4.

\n

We recommend that you upgrade your policykit-1 packages.

\n
\n
\n
\n
", "2320": "
\n

Debian Security Advisory

\n

DSA-2320-1 dokuwiki -- regression fix

\n
\n
Date Reported:
\n
08 Oct 2011
\n
Affected Packages:
\n
\ndokuwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 644145.
In Mitre's CVE dictionary: CVE-2011-2510.
\n
More information:
\n
\n

The DokuWiki update included in Debian Lenny 5.0.9 to address a cross\nsite scripting issue (CVE-2011-2510) had a regression rendering links\nto external websites broken. This update corrects that regression.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.0.20080505-4+lenny4.

\n

We recommend that you upgrade your dokuwiki packages.

\n
\n
\n
\n
", "2321": "
\n

Debian Security Advisory

\n

DSA-2321-1 moin -- cross-site scripting

\n
\n
Date Reported:
\n
10 Oct 2011
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1058.
\n
More information:
\n
\n

A cross-site scripting vulnerability was discovered in the\nreStructuredText parser of Moin, a Python clone of WikiWiki.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.7.1-3+lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.3-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-3.

\n

We recommend that you upgrade your moin packages.

\n
\n
\n
\n
", "2322": "
\n

Debian Security Advisory

\n

DSA-2322-1 bugzilla -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Oct 2011
\n
Affected Packages:
\n
\nbugzilla\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4567, CVE-2010-4568, CVE-2010-4572, CVE-2011-0046, CVE-2011-0048, CVE-2011-2379, CVE-2011-2380, CVE-2011-2381, CVE-2011-2978, CVE-2011-2979.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Bugzilla, a web-based bug\ntracking system.

\n
    \n
  • CVE-2010-4572\n

    By inserting particular strings into certain URLs, it was\n possible to inject both headers and content to any\n browser.

    • \n
  • CVE-2010-4567, CVE-2011-0048\n

    Bugzilla has a URL field that can contain several types\n of URL, including javascript: and data: URLs. However,\n it does not make javascript: and data: URLs into\n clickable links, to protect against cross-site scripting\n attacks or other attacks. It was possible to bypass this\n protection by adding spaces into the URL in places that\n Bugzilla did not expect them. Also, javascript: and\n data: links were always shown as clickable to\n logged-out users.

    • \n
  • CVE-2010-4568\n

    It was possible for a user to gain unauthorized access to\n any Bugzilla account in a very short amount of time (short\n enough that the attack is highly effective).

    • \n
  • CVE-2011-0046\n

    Various pages were vulnerable to Cross-Site Request\n Forgery attacks. Most of these issues are not as serious\n as previous CSRF vulnerabilities.

    • \n
  • CVE-2011-2978\n

    When a user changes his email address, Bugzilla trusts\n a user-modifiable field for obtaining the current e-mail\n address to send a confirmation message to. If an attacker\n has access to the session of another user (for example,\n if that user left their browser window open in a public\n place), the attacker could alter this field to cause\n the email-change notification to go to their own address.\n This means that the user would not be notified that his\n account had its email address changed by the attacker.

    • \n
  • CVE-2011-2381\n

    For flagmails only, attachment descriptions with a newline\n in them could lead to the injection of crafted headers in\n email notifications when an attachment flag is edited.

    • \n
  • CVE-2011-2379\n

    Bugzilla uses an alternate host for attachments when\n viewing them in raw format to prevent cross-site scripting\n attacks. This alternate host is now also used when viewing\n patches in Raw Unified mode because Internet Explorer 8\n and older, and Safari before 5.0.6 do content sniffing,\n which could lead to the execution of malicious code.

    • \n
  • CVE-2011-2380, CVE-2011-2979\n

    Normally, a group name is confidential and is only visible\n to members of the group, and to non-members if the group\n is used in bugs. By crafting the URL when creating or\n editing a bug, it was possible to guess if a group existed\n or not, even for groups which weren't used in bugs and so\n which were supposed to remain confidential.

    • \n
\n

For the oldstable distribution (lenny), it has not been practical to\nbackport patches to fix these bugs. Users of bugzilla on lenny are\nstrongly advised to upgrade to the version in the squeeze distribution.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.6.2.0-4.4.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthe bugzilla packages have been removed.

\n

We recommend that you upgrade your bugzilla packages.

\n
\n
\n
\n
", "2323": "
\n

Debian Security Advisory

\n

DSA-2323-1 radvd -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Oct 2011
\n
Affected Packages:
\n
\nradvd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 644614.
In Mitre's CVE dictionary: CVE-2011-3602, CVE-2011-3604, CVE-2011-3605.
\n
More information:
\n
\n

Multiple security issues were discovered by Vasiliy Kulikov in radvd, an\nIPv6 Router Advertisement daemon:

\n
    \n
  • CVE-2011-3602\n

    set_interface_var() function doesn't check the interface name, which is\n chosen by an unprivileged user. This could lead to an arbitrary file\n overwrite if the attacker has local access, or specific files overwrites\n otherwise.

    • \n
  • CVE-2011-3604\n

    process_ra() function lacks multiple buffer length checks which could\n lead to memory reads outside the stack, causing a crash of the daemon.

    • \n
  • CVE-2011-3605\n

    process_rs() function calls mdelay() (a function to wait for a defined\n time) unconditionnally when running in unicast-only mode. As this call\n is in the main thread, that means all request processing is delayed (for\n a time up to MAX_RA_DELAY_TIME, 500 ms by default). An attacker could\n flood the daemon with router solicitations in order to fill the input\n queue, causing a temporary denial of service (processing would be\n stopped during all the mdelay() calls).\n
    \n Note: upstream and Debian default is to use anycast mode.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:1.1-3.1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6-1.1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:1.8-1.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8-1.2.

\n

We recommend that you upgrade your radvd packages.

\n
\n
\n
\n
", "2324": "
\n

Debian Security Advisory

\n

DSA-2324-1 wireshark -- programming error

\n
\n
Date Reported:
\n
20 Oct 2011
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3360.
\n
More information:
\n
\n

The Microsoft Vulnerability Research group discovered that insecure\nload path handling could lead to execution of arbitrary Lua script code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny15. This build will be released shortly.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2325": "
\n

Debian Security Advisory

\n

DSA-2325-1 kfreebsd-8 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
23 Oct 2011
\n
Affected Packages:
\n
\nkfreebsd-8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4062.
\n
More information:
\n
\n

Buffer overflow in the Linux emulation support in FreeBSD kernel\nallows local users to cause a denial of service (panic) and possibly\nexecute arbitrary code by calling the bind system call with a long path\nfor a UNIX-domain socket, which is not properly handled when the\naddress is used by other unspecified system calls.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.2-9.

\n

We recommend that you upgrade your kfreebsd-8 packages.

\n
\n
\n
\n
", "2326": "
\n

Debian Security Advisory

\n

DSA-2326-1 pam -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Oct 2011
\n
Affected Packages:
\n
\npam\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3148, CVE-2011-3149.
\n
More information:
\n
\n

Kees Cook of the ChromeOS security team discovered a buffer overflow\nin pam_env, a PAM module to set environment variables through the\nPAM stack, which allowed the execution of arbitrary code. An additional\nissue in argument parsing allows denial of service.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.1-6.1+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon\n(the impact in sid is limited to denial of service for both issues).

\n

We recommend that you upgrade your pam packages.

\n
\n
\n
\n
", "2327": "
\n

Debian Security Advisory

\n

DSA-2327-1 libfcgi-perl -- authentication bypass

\n
\n
Date Reported:
\n
24 Oct 2011
\n
Affected Packages:
\n
\nlibfcgi-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 607479.
In Mitre's CVE dictionary: CVE-2011-2766.
\n
More information:
\n
\n

Ferdinand Smit discovered that FCGI, a Perl module for writing\nFastCGI applications, is incorrectly restoring environment variables of\na prior request in subsequent requests. In some cases this may lead\nto authentication bypasses or worse.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.71-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.73-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.73-2.

\n

We recommend that you upgrade your libfcgi-perl packages.

\n
\n
\n
\n
", "2328": "
\n

Debian Security Advisory

\n

DSA-2328-1 freetype -- missing input sanitising

\n
\n
Date Reported:
\n
24 Oct 2011
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 646120.
In Mitre's CVE dictionary: CVE-2011-3256.
\n
More information:
\n
\n

It was discovered that missing input sanitising in Freetype's glyph\nhandling could lead to memory corruption, resulting in denial of service\nor the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny7.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.7-1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "2329": "
\n

Debian Security Advisory

\n

DSA-2329-1 torque -- buffer overflow

\n
\n
Date Reported:
\n
27 Oct 2011
\n
Affected Packages:
\n
\ntorque\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2193.
\n
More information:
\n
\n

Bartlomiej Balcerek discovered several buffer overflows in TORQUE server,\na PBS-derived batch processing server. This allows an attacker to crash the\nservice or execute arbitrary code with privileges of the server via crafted\njob or host names.

\n

The oldstable distribution (lenny) does not contain torque.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.4.15+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.15+dfsg-1.

\n

We recommend that you upgrade your torque packages.

\n
\n
\n
\n
", "2330": "
\n

Debian Security Advisory

\n

DSA-2330-1 simplesamlphp -- XML encryption weakness

\n
\n
Date Reported:
\n
27 Oct 2011
\n
Affected Packages:
\n
\nsimplesamlphp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Issues were found in the handling of XML encryption in simpleSAMLphp,\nan application for federated authentication. The following two issues\nhave been addressed:

\n

It may be possible to use an SP as an oracle to decrypt encrypted\nmessages sent to that SP.

\n

It may be possible to use the SP as a key oracle which can be used\nto forge messages from that SP by issuing 300000-2000000 queries to\nthe SP.

\n

The oldstable distribution (lenny) does not contain simplesamlphp.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.3-2.

\n

The testing distribution (wheezy) will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2-1.

\n

We recommend that you upgrade your simplesamlphp packages.

\n
\n
\n
\n
", "2331": "
\n

Debian Security Advisory

\n

DSA-2331-1 tor -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Oct 2011
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2768, CVE-2011-2769.
\n
More information:
\n
\n

It has been discovered by frosty_un that a design flaw in Tor, an online\nprivacy tool, allows malicious relay servers to learn certain information\nthat they should not be able to learn. Specifically, a relay that a user\nconnects to directly could learn which other relays that user is\nconnected to directly. In combination with other attacks, this issue\ncan lead to deanonymizing the user. The Common Vulnerabilities and\nExposures project has assigned CVE-2011-2768 to this issue.

\n

In addition to fixing the above mentioned issues, the updates to oldstable\nand stable fix a number of less critical issues (CVE-2011-2769). Please\nsee the posting from the Tor blog for more information.\n

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.2.1.31-1~lenny+1. Due to technical limitations in the Debian\narchive scripts, the update cannot be released synchronously with the\npackages for stable. It will be released shortly.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.2.1.31-1.

\n

For the unstable (sid) and testing (wheezy) distributions, this problem has been fixed in\nversion 0.2.2.34-1.

\n

For the experimental distribution, this problem have has been fixed in version\n0.2.3.6-alpha-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "2332": "
\n

Debian Security Advisory

\n

DSA-2332-1 python-django -- several issues

\n
\n
Date Reported:
\n
29 Oct 2011
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 641405.
In Mitre's CVE dictionary: CVE-2011-4136, CVE-2011-4137, CVE-2011-4138, CVE-2011-4139, CVE-2011-4140.
\n
More information:
\n
\n

Paul McMillan, Mozilla and the Django core team discovered several\nvulnerabilities in Django, a Python web framework:

\n
    \n
  • CVE-2011-4136\n

    When using memory-based sessions and caching, Django sessions are\n stored directly in the root namespace of the cache. When user data is\n stored in the same cache, a remote user may take over a session.

    • \n
  • CVE-2011-4137, CVE-2011-4138\n

    Django's field type URLfield by default checks supplied URL's by\n issuing a request to it, which doesn't time out. A Denial of Service\n is possible by supplying specially prepared URL's that keep the\n connection open indefinately or fill the Django's server memory.

    • \n
  • CVE-2011-4139\n

    Django used X-Forwarded-Host headers to construct full URL's. This\n header may not contain trusted input and could be used to poison the\n cache.

    • \n
  • CVE-2011-4140\n

    The CSRF protection mechanism in Django does not properly handle\n web-server configurations supporting arbitrary HTTP Host headers,\n which allows remote attackers to trigger unauthenticated forged\n requests.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-1+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze2.

\n

For the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 1.3.1-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2333": "
\n

Debian Security Advisory

\n

DSA-2333-1 phpldapadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Oct 2011
\n
Affected Packages:
\n
\nphpldapadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 646754.
In Mitre's CVE dictionary: CVE-2011-4075, CVE-2011-4074.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in phpLDAPadmin, a web based\ninterface for administering LDAP servers. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-4074\n

    Input appended to the URL in cmd.php (when cmd is set to _debug) is\n not properly sanitised before being returned to the user. This can be\n exploited to execute arbitrary HTML and script code in a user's browser\n session in context of an affected site.

    • \n
  • CVE-2011-4075\n

    Input passed to the orderby parameter in cmd.php (when cmd is set to\n query_engine, query is set to none, and search is set to e.g.\n 1) is not properly sanitised in lib/functions.php before being used in a\n create_function() function call. This can be exploited to inject and\n execute arbitrary PHP code.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1.1.0.5-6+lenny2.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.0.5-2+squeeze1.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.0.5-2.1.

\n

We recommend that you upgrade your phpldapadmin packages.

\n
\n
\n
\n
", "2334": "
\n

Debian Security Advisory

\n

DSA-2334-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Nov 2011
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2771, CVE-2011-2772, CVE-2011-2773.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Mahara, an electronic portfolio,\nweblog, and resume builder:

\n
    \n
  • CVE-2011-2771\n

    Teemu Vesala discovered that missing input sanitising of RSS\n feeds could lead to cross-site scripting.

    • \n
  • CVE-2011-2772\n

    Richard Mansfield discovered that insufficient upload restrictions\n allowed denial of service.

    • \n
  • CVE-2011-2773\n

    Richard Mansfield discovered that the management of institutions was prone to\n cross-site request forgery.

    • \n
  • (no CVE ID available yet)\n

    Andrew Nichols discovered a privilege escalation vulnerability\n in MNet handling.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.4-4+lenny11.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
\n
\n
", "2335": "
\n

Debian Security Advisory

\n

DSA-2335-1 man2html -- missing input sanitization

\n
\n
Date Reported:
\n
05 Nov 2011
\n
Affected Packages:
\n
\nman2html\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2770.
\n
More information:
\n
\n

Tim Starling discovered that the Debian-native CGI wrapper for man2html,\na program to convert UNIX man pages to HTML, is not properly escaping\nuser-supplied input when displaying various error messages. A remote\nattacker can exploit this flaw to conduct cross-site scripting (XSS)\nattacks.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.6f-3+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6f+repack-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.6g-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6g-6.

\n

We recommend that you upgrade your man2html packages.

\n
\n
\n
\n
", "2336": "
\n

Debian Security Advisory

\n

DSA-2336-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2011
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 641478.
In Mitre's CVE dictionary: CVE-2011-3362, CVE-2011-3973, CVE-2011-3974, CVE-2011-3504.
\n
More information:
\n
\n

Multiple vulnerabilities were found in FFmpeg, a multimedia player,\nserver and encoder:

\n
    \n
  • CVE-2011-3362\n

    An integer signedness error in decode_residual_block function of\n the Chinese AVS video (CAVS) decoder in libavcodec can lead to\n denial of service (memory corruption and application crash) or\n possible code execution via a crafted CAVS file.

    • \n
  • CVE-2011-3973/CVE-2011-3974\n

    Multiple errors in the Chinese AVS video (CAVS) decoder can lead to\n denial of service (memory corruption and application crash) via an\n invalid bitstream.

    • \n
  • CVE-2011-3504\n

    A memory allocation problem in the Matroska format decoder can lead\n to code execution via a crafted file.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4:0.5.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:0.7.2-1 of the libav source package.

\n

Security support for ffmpeg has been discontinued for the oldstable\ndistribution (lenny) before in DSA 2306.\nThe current version in oldstable is not supported by upstream anymore\nand is affected by several security issues. Backporting fixes for these\nand any future issues has become unfeasible and therefore we needed to\ndrop our security support for the version in oldstable.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2337": "
\n

Debian Security Advisory

\n

DSA-2337-1 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Nov 2011
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1166, CVE-2011-1583, CVE-2011-1898, CVE-2011-3262.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Xen virtual machine\nhypervisor.

\n
    \n
  • CVE-2011-1166\n

    A 64-bit guest can get one of its vCPUs into non-kernel\n mode without first providing a valid non-kernel pagetable,\n thereby locking up the host system.

    • \n
  • CVE-2011-1583, CVE-2011-3262\n

    Local users can cause a denial of service and possibly execute\n arbitrary code via a crafted paravirtualised guest kernel image.

    • \n
  • CVE-2011-1898\n

    When using PCI passthrough on Intel VT-d chipsets that do not\n have interrupt remapping, guest OS users can gain host OS\n privileges by writing to the interrupt injection registers.

    • \n
\n

The oldstable distribution (lenny) contains a different version of Xen\nnot affected by these problems.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-4.

\n

For the testing (wheezy) and unstable distribution (sid), this problem\nhas been fixed in version 4.1.1-1.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2338": "
\n

Debian Security Advisory

\n

DSA-2338-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2011
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several cross-site scripting and information disclosure issues have\nbeen fixed in Moodle, a course management system for online learning:

\n
    \n
  • MSA-11-0020\n

    \nContinue links in error messages can lead offsite\n

    • \n
  • MSA-11-0024\n

    \nreCAPTCHA images were being authenticated from an older\nserver\n

    • \n
  • MSA-11-0025\n

    \nGroup names in user upload CSV not escaped\n

    • \n
  • MSA-11-0026\n

    \nFields in user upload CSV not escaped\n

    • \n
  • MSA-11-0031\n

    \nForms API constant issue\n

    • \n
  • MSA-11-0032\n

    \nMNET SSL validation issue\n

    • \n
  • MSA-11-0036\n

    \nMessaging refresh vulnerability\n

    • \n
  • MSA-11-0037\n

    \nCourse section editing injection vulnerability\n

    • \n
  • MSA-11-0038\n

    \nDatabase injection protection strengthened\n

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.9.dfsg2-2.1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.9.dfsg2-4.

\n

We recommend that you upgrade your moodle packages.

\n
\n
\n
\n
", "2339": "
\n

Debian Security Advisory

\n

DSA-2339-1 nss -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Nov 2011
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 647614.
In Mitre's CVE dictionary: CVE-2011-3640.
\n
More information:
\n
\n

This update to the NSS cryptographic libraries revokes the trust in the\nDigiCert Sdn. Bhd certificate authority. More information can be found\nin the\nMozilla Security Blog.

\n

This update also fixes an insecure load path for pkcs11.txt configuration\nfile (CVE-2011-3640).

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.12.3.1-0lenny7.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.13.1.with.ckbi.1.88-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2340": "
\n

Debian Security Advisory

\n

DSA-2340-1 postgresql-8.3, postgresql-8.4, postgresql-9.0 -- weak password hashing

\n
\n
Date Reported:
\n
07 Nov 2011
\n
Affected Packages:
\n
\npostgresql-8.3
postgresql-8.4
postgresql-9.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631285.
In Mitre's CVE dictionary: CVE-2011-2483.
\n
More information:
\n
\n

magnum discovered that the blowfish password hashing used amongst\nothers in PostgreSQL contained a weakness that would give passwords\nwith 8 bit characters the same hash as weaker equivalents.

\n

For the oldstable distribution (lenny), this problem has been fixed in\npostgresql-8.3 version 8.3.16-0lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\npostgresql-8.4 version 8.4.9-0squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in postgresql-8.4 version 8.4.9-1,\npostgresql-9.0 9.0.5-1 and postgresql-9.1 9.1~rc1-1.

\n

The updates also include reliability improvements, originally scheduled\nfor inclusion into the next point release; for details see the respective\nchangelogs.

\n

We recommend that you upgrade your postgresql packages.

\n
\n
\n
\n
", "2341": "
\n

Debian Security Advisory

\n

DSA-2341-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2011
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.

\n
    \n
  • CVE-2011-3647\n

    moz_bug_r_a4 discovered a privilege escalation vulnerability in\n addon handling.

    • \n
  • CVE-2011-3648\n

    Yosuke Hasegawa discovered that incorrect handling of Shift-JIS\n encodings could lead to cross-site scripting.

    • \n
  • CVE-2011-3650\n

    Marc Schoenefeld discovered that profiling the JavaScript code\n could lead to memory corruption.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-15 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-11.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2342": "
\n

Debian Security Advisory

\n

DSA-2342-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2011
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n
    \n
  • CVE-2011-3647\n

    moz_bug_r_a4 discovered a privilege escalation vulnerability in\n addon handling.

    • \n
  • CVE-2011-3648\n

    Yosuke Hasegawa discovered that incorrect handling of Shift-JIS\n encodings could lead to cross-site scripting.

    • \n
  • CVE-2011-3650\n

    Marc Schoenefeld discovered that profiling the JavaScript code\n could lead to memory corruption.

    • \n
\n

The oldstable distribution (lenny) is not affected. The iceape package only\nprovides the XPCOM code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-9.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2343": "
\n

Debian Security Advisory

\n

DSA-2343-1 openssl -- CA trust revocation

\n
\n
Date Reported:
\n
09 Nov 2011
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several weak certificates were issued by Malaysian intermediate CA\nDigicert Sdn. Bhd. This event, along with other issues, has lead to\nEntrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed\ncertificates.

\n

This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this\ndecision by marking Digicert Sdn. Bhd.'s certificates as revoked.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny14.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze4.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.0e-2.1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2344": "
\n

Debian Security Advisory

\n

DSA-2344-1 python-django-piston -- deserialization vulnerability

\n
\n
Date Reported:
\n
11 Nov 2011
\n
Affected Packages:
\n
\npython-django-piston\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 647315.
In Mitre's CVE dictionary: CVE-2011-4103.
\n
More information:
\n
\n

It was discovered that the Piston framework can deserializes untrusted\nYAML and Pickle data, leading to remote code execution (CVE-2011-4103).\n

\n

The old stable distribution (lenny) does not contain a\npython-django-piston package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.2.2-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.2.2-2.

\n

We recommend that you upgrade your python-django-piston packages.

\n
\n
\n
\n
", "2345": "
\n

Debian Security Advisory

\n

DSA-2345-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Nov 2011
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3647, CVE-2011-3648, CVE-2011-3650.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, a mail client\nbased on Thunderbird.

\n
    \n
  • CVE-2011-3647\n

    The JSSubScriptLoader does not properly handle\n XPCNativeWrappers during calls to the loadSubScript method in\n an add-on, which makes it easier for remote attackers to gain\n privileges via a crafted web site that leverages certain\n unwrapping behavior.

    • \n
  • CVE-2011-3648\n

    A cross-site scripting (XSS) vulnerability allows remote\n\tattackers to inject arbitrary web script or HTML via crafted\n\ttext with Shift JIS encoding.

    • \n
  • CVE-2011-3650\n

    Iceweasel does not properly handle JavaScript files that\n\tcontain many functions, which allows user-assisted remote\n\tattackers to cause a denial of service (memory corruption and\n\tapplication crash) or possibly have unspecified other impact\n\tvia a crafted file that is accessed by debugging APIs, as\n\tdemonstrated by Firebug.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze6.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 3.1.15-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2346": "
\n

Debian Security Advisory

\n

DSA-2346-2 proftpd-dfsg -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Nov 2011
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 648373.
In Mitre's CVE dictionary: CVE-2011-4130.
\n
More information:
\n
\n

Several vulnerabilities were discovered in ProFTPD, an FTP server:

\n
    \n
  • (No CVE id)\n

    ProFTPD incorrectly uses data from an unencrypted input buffer\n after encryption has been enabled with STARTTLS, an issue\n similar to\n CVE-2011-0411.

    • \n
  • CVE-2011-4130\n

    ProFTPD uses a response pool after freeing it under\n exceptional conditions, possibly leading to remote code\n execution. (The version in lenny is not affected by this\n problem.)

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.1-17lenny9.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze4.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.3.4~rc3-2.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "2347": "
\n

Debian Security Advisory

\n

DSA-2347-1 bind9 -- improper assert

\n
\n
Date Reported:
\n
16 Nov 2011
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4313.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, crashes while processing\ncertain sequences of recursive DNS queries, leading to a denial of\nservice. Authoritative-only server configurations are not affected by\nthis issue.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:9.6.ESV.R4+dfsg-0+lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze4.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2348": "
\n

Debian Security Advisory

\n

DSA-2348-1 systemtap -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Nov 2011
\n
Affected Packages:
\n
\nsystemtap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4170, CVE-2010-4171, CVE-2011-2503.
\n
More information:
\n
\n

Several vulnerabilities were discovered in SystemTap, an instrumentation\nsystem for Linux:

\n
    \n
  • CVE-2011-2503\n

    It was discovered that a race condition in staprun could lead to\n privilege escalation.

    • \n
  • CVE-2010-4170\n

    It was discovered that insufficient validation of environment\n variables in staprun could lead to privilege escalation.

    • \n
  • CVE-2010-4171\n

    It was discovered that insufficient validation of module unloading\n could lead to denial of service.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2-5+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6-1.

\n

We recommend that you upgrade your systemtap packages.

\n
\n
\n
\n
", "2349": "
\n

Debian Security Advisory

\n

DSA-2349-1 spip -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Nov 2011
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Two vulnerabilities have been found in SPIP, a website engine for\npublishing, which allow privilege escalation to site administrator\nprivileges and cross-site scripting.

\n

The oldstable distribution (lenny) doesn't include spip.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.12-1.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "2350": "
\n

Debian Security Advisory

\n

DSA-2350-1 freetype -- missing input sanitising

\n
\n
Date Reported:
\n
20 Nov 2011
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 649122.
In Mitre's CVE dictionary: CVE-2011-3439.
\n
More information:
\n
\n

It was discovered that missing input sanitising in Freetype's processing\nof CID-keyed fonts could lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.3.7-2+lenny8.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.8-1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "2351": "
\n

Debian Security Advisory

\n

DSA-2351-1 wireshark -- buffer overflow

\n
\n
Date Reported:
\n
21 Nov 2011
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4102.
\n
More information:
\n
\n

Huzaifa Sidhpurwala discovered a buffer overflow in Wireshark's ERF\ndissector, which could lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.2-3+lenny16.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.3-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2352": "
\n

Debian Security Advisory

\n

DSA-2352-1 puppet -- programming error

\n
\n
Date Reported:
\n
22 Nov 2011
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3872.
\n
More information:
\n
\n

It was discovered that Puppet, a centralized configuration management\nsolution, misgenerated certificates if the certdnsnames option was\nused. This could lead to man in the middle attacks. More details are\navailable on the Puppet web site.\n

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.24.5-3+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.6-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2353": "
\n

Debian Security Advisory

\n

DSA-2353-1 ldns -- buffer overflow

\n
\n
Date Reported:
\n
24 Nov 2011
\n
Affected Packages:
\n
\nldns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3581.
\n
More information:
\n
\n

David Wheeler discovered a buffer overflow in ldns's code to parse\nRR records, which could lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.0-1+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.6-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.11-1.

\n

We recommend that you upgrade your ldns packages.

\n
\n
\n
\n
", "2354": "
\n

Debian Security Advisory

\n

DSA-2354-1 cups -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Nov 2011
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2896, CVE-2011-3170.
\n
More information:
\n
\n

Petr Sklenar and Tomas Hoger discovered that missing input sanitising in\nthe GIF decoder inside the CUPS printing system could lead to denial\nof service or potentially arbitrary code execution through crafted GIF\nfiles.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.3.8-1+lenny10.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze1.

\n

For the testing (wheezy) and unstable distributions (sid), this problem has been\nfixed in version 1.5.0-8.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "2355": "
\n

Debian Security Advisory

\n

DSA-2355-1 clearsilver -- format string vulnerability

\n
\n
Date Reported:
\n
30 Nov 2011
\n
Affected Packages:
\n
\nclearsilver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4357.
\n
More information:
\n
\n

Leo Iannacone and Colin Watson discovered a format string vulnerability\nin the Python bindings for the Clearsilver HTML template system, which\nmay lead to denial of service or the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.10.4-1.3+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.10.5-1+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your clearsilver packages.

\n
\n
\n
\n
", "2356": "
\n

Debian Security Advisory

\n

DSA-2356-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Dec 2011
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java platform:

\n
    \n
  • CVE-2011-3389\n

    The TLS implementation does not guard properly against certain\n\tchosen-plaintext attacks when block ciphers are used in CBC\n\tmode.

    • \n
  • CVE-2011-3521\n

    The CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges.

    • \n
  • CVE-2011-3544\n

    The Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges.

    • \n
  • CVE-2011-3547\n

    The skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code.

    • \n
  • CVE-2011-3548\n

    The java.awt.AWTKeyStroke class contains a flaw which allows\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.

    • \n
  • CVE-2011-3551\n

    The Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.

    • \n
  • CVE-2011-3552\n

    Malicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service.

    • \n
  • CVE-2011-3553\n

    JAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information.

    • \n
  • CVE-2011-3554\n

    JAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files.

    • \n
  • CVE-2011-3556\n

    The RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code.

    • \n
  • CVE-2011-3557\n

    The RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server.

    • \n
  • CVE-2011-3560\n

    The com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.10-0+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 6b23~pre11-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2357": "
\n

Debian Security Advisory

\n

DSA-2357-1 evince -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Dec 2011
\n
Affected Packages:
\n
\nevince\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 609534.
In Mitre's CVE dictionary: CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-26432.
\n
More information:
\n
\n

Jon Larimer from IBM X-Force Advanced Research discovered multiple\nvulnerabilities in the DVI backend of the Evince document viewer:

\n
    \n
  • CVE-2010-2640\n

    Insufficient array bounds checks in the PK fonts parser could lead\n to function pointer overwrite, causing arbitrary code execution.

    • \n
  • CVE-2010-2641\n

    Insufficient array bounds checks in the VF fonts parser could lead\n to function pointer overwrite, causing arbitrary code execution.

    • \n
  • CVE-2010-2642\n

    Insufficient bounds checks in the AFM fonts parser when writing\n data to a memory buffer allocated on heap could lead to arbitrary\n memory overwrite and arbitrary code execution.

    • \n
  • CVE-2010-2643\n

    Insufficient check on an integer used as a size for memory\n allocation can lead to arbitrary write outside the allocated range\n and cause arbitrary code execution.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.22.2-4~lenny2.

\n

For the stable distribution (squeeze), CVE-2010-2640, CVE-2010-2641\nand CVE-2010-2643 have been fixed in version 2.30.3-2 but the fix for\nCVE-2010-2642 was incomplete. The final fix is present in version\n2.30.3-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.0.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.2-1.

\n

We recommend that you upgrade your evince packages.

\n
\n
\n
\n
", "2358": "
\n

Debian Security Advisory

\n

DSA-2358-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Dec 2011
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Java platform. This combines the two previous\nopenjdk-6 advisories, DSA-2311-1 and\nDSA-2356-1.

\n
    \n
  • CVE-2011-0862\n

    Integer overflow errors in the JPEG and font parser allow\n\tuntrusted code (including applets) to elevate its privileges.

    • \n
  • CVE-2011-0864\n

    Hotspot, the just-in-time compiler in OpenJDK, mishandled\n\tcertain byte code instructions, allowing untrusted code\n\t(including applets) to crash the virtual machine.

    • \n
  • CVE-2011-0865\n

    A race condition in signed object deserialization could\n\tallow untrusted code to modify signed content, apparently\n\tleaving its signature intact.

    • \n
  • CVE-2011-0867\n

    Untrusted code (including applets) could access information\n\tabout network interfaces which was not intended to be public.\n\t(Note that the interface MAC address is still available to\n\tuntrusted code.)

    • \n
  • CVE-2011-0868\n

    A float-to-long conversion could overflow, allowing\n\tuntrusted code (including applets) to crash the virtual\n\tmachine.

    • \n
  • CVE-2011-0869\n

    Untrusted code (including applets) could intercept HTTP\n\trequests by reconfiguring proxy settings through a SOAP\n\tconnection.

    • \n
  • CVE-2011-0871\n

    Untrusted code (including applets) could elevate its\n\tprivileges through the Swing MediaTracker code.

    • \n
  • CVE-2011-3389\n

    The TLS implementation does not guard properly against certain\n\tchosen-plaintext attacks when block ciphers are used in CBC\n\tmode.

    • \n
  • CVE-2011-3521\n

    The CORBA implementation contains a deserialization\n\tvulnerability in the IIOP implementation, allowing untrusted\n\tJava code (such as applets) to elevate its privileges.

    • \n
  • CVE-2011-3544\n

    The Java scripting engine lacks necessary security manager\n\tchecks, allowing untrusted Java code (such as applets) to\n\televate its privileges.

    • \n
  • CVE-2011-3547\n

    The skip() method in java.io.InputStream uses a shared buffer,\n\tallowing untrusted Java code (such as applets) to access data\n\tthat is skipped by other code.

    • \n
  • CVE-2011-3548\n

    The java.awt.AWTKeyStroke class contains a flaw which allows\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.

    • \n
  • CVE-2011-3551\n

    The Java2D C code contains an integer overflow which results\n\tin a heap-based buffer overflow, potentially allowing\n\tuntrusted Java code (such as applets) to elevate its\n\tprivileges.

    • \n
  • CVE-2011-3552\n

    Malicous Java code can use up an excessive amount of UDP\n\tports, leading to a denial of service.

    • \n
  • CVE-2011-3553\n

    JAX-WS enables stack traces for certain server responses by\n\tdefault, potentially leaking sensitive information.

    • \n
  • CVE-2011-3554\n

    JAR files in pack200 format are not properly checked for\n\terrors, potentially leading to arbitrary code execution when\n\tunpacking crafted pack200 files.

    • \n
  • CVE-2011-3556\n

    The RMI Registry server lacks access restrictions on certain\n\tmethods, allowing a remote client to execute arbitary code.

    • \n
  • CVE-2011-3557\n

    The RMI Registry server fails to properly restrict privileges\n\tof untrusted Java code, allowing RMI clients to elevate their\n\tprivileges on the RMI Registry server.

    • \n
  • CVE-2011-3560\n

    The com.sun.net.ssl.HttpsURLConnection class does not perform\n\tproper security manager checks in the setSSLSocketFactory()\n\tmethod, allowing untrusted Java code to bypass security policy\n\trestrictions.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 6b18-1.8.10-0~lenny2.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2359": "
\n

Debian Security Advisory

\n

DSA-2359-1 mojarra -- EL injection

\n
\n
Date Reported:
\n
06 Dec 2011
\n
Affected Packages:
\n
\nmojarra\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4358.
\n
More information:
\n
\n

It was discovered that Mojarra, an implementation of JavaServer Faces,\nevaluates untrusted values as EL expressions if includeViewParameters\nis set to true.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.3-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 2.0.3-2.

\n

We recommend that you upgrade your mojarra packages.

\n
\n
\n
\n
", "2361": "
\n

Debian Security Advisory

\n

DSA-2361-1 chasen -- buffer overflow

\n
\n
Date Reported:
\n
07 Dec 2011
\n
Affected Packages:
\n
\nchasen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4000.
\n
More information:
\n
\n

It was discovered that ChaSen, a Japanese morphological analysis\nsystem, contains a buffer overflow, potentially leading to arbitrary\ncode execution in programs using the library.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.4-2+lenny2.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.4-11+squeeze2.

\n

We recommend that you upgrade your chasen packages.

\n
\n
\n
\n
", "2362": "
\n

Debian Security Advisory

\n

DSA-2362-1 acpid -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Dec 2011
\n
Affected Packages:
\n
\nacpid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1159, CVE-2011-2777, CVE-2011-4578.
\n
More information:
\n
\n

Multiple vulnerabilities were found in the ACPI Daemon, the Advanced\nConfiguration and Power Interface event daemon:

\n
    \n
  • CVE-2011-1159\n

    Vasiliy Kulikov of OpenWall discovered that the socket handling\n is vulnerable to denial of service.

    • \n
  • CVE-2011-2777\n

    Oliver-Tobias Ripka discovered that incorrect process handling in\n the Debian-specific powerbtn.sh script could lead to local\n privilege escalation. This issue doesn't affect oldstable. The\n script is only shipped as an example in /usr/share/doc/acpid/examples.\n See /usr/share/doc/acpid/README.Debian for details.

    • \n
  • CVE-2011-4578\n

    Helmut Grohne and Michael Biebl discovered that acpid sets a umask\n of 0 when executing scripts, which could result in local privilege\n escalation.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.0.8-1lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.0.7-1squeeze3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your acpid packages.

\n
\n
\n
\n
", "2363": "
\n

Debian Security Advisory

\n

DSA-2363-1 tor -- buffer overflow

\n
\n
Date Reported:
\n
16 Dec 2011
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2778.
\n
More information:
\n
\n

It was discovered that Tor, an online privacy tool, incorrectly computes\nbuffer sizes in certain cases involving SOCKS connections. Malicious\nparties could use this to cause a heap-based buffer overflow, potentially\nallowing execution of arbitrary code.

\n

In Tor's default configuration this issue can only be triggered by\nclients that can connect to Tor's SOCKS port, which listens only on\nlocalhost by default.

\n

In non-default configurations where Tor's SocksPort listens not only on\nlocalhost or where Tor was configured to use another SOCKS server for all of\nits outgoing connections, Tor is vulnerable to a larger set of malicious\nparties.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.2.1.32-1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.2.2.35-1~squeeze+1.

\n

For the unstable (sid) and testing (wheezy) distributions, this problem has been fixed in\nversion 0.2.2.35-1.

\n

For the experimental distribution, this problem has has fixed in\nversion 0.2.3.10-alpha-1.

\n

We recommend that you upgrade your tor packages.

\n

Please note that the update for stable (squeeze) updates this package\nfrom 0.2.1.31 to 0.2.2.35, a new major release of Tor, as upstream has\nannounced end-of-life for the 0.2.1.x tree for the near future. Please\ncheck your Tor runs as expected after the upgrade.

\n
\n
\n
\n
", "2364": "
\n

Debian Security Advisory

\n

DSA-2364-1 xorg -- incorrect permission check

\n
\n
Date Reported:
\n
18 Dec 2011
\n
Affected Packages:
\n
\nxorg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 652249.
In Mitre's CVE dictionary: CVE-2011-4613.
\n
More information:
\n
\n

The Debian X wrapper enforces that the X server can only be started from\na console. vladz discovered that this wrapper could be bypassed.

\n

The oldstable distribution (lenny) is not affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.5+8+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:7.6+10.

\n

We recommend that you upgrade your xorg packages.

\n
\n
\n
\n
", "2365": "
\n

Debian Security Advisory

\n

DSA-2365-1 dtc -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Dec 2011
\n
Affected Packages:
\n
\ndtc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 637469, Bug 637477, Bug 637485, Bug 637584, Bug 637629, Bug 637630, Bug 637618, Bug 637537, Bug 637487, Bug 637632, Bug 637669.
In Mitre's CVE dictionary: CVE-2011-3195, CVE-2011-3196, CVE-2011-3197, CVE-2011-3198, CVE-2011-3199.
\n
More information:
\n
\n

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple\nvulnerabilities in DTC, a web control panel for admin and accounting\nhosting services:

\n
    \n
  • CVE-2011-3195\n

    A possible shell insertion has been found in the mailing list\n handling.

    • \n
  • CVE-2011-3196\n

    Unix rights for the apache2.conf were set incorrectly (world\n readable).

    • \n
  • CVE-2011-3197\n

    Incorrect input sanitising for the $_SERVER[\"addrlink\"] parameter\n could lead to SQL insertion.

    • \n
  • CVE-2011-3198\n

    DTC was using the -b option of htpasswd, possibly revealing\n password in clear text using ps or reading /proc.

    • \n
  • CVE-2011-3199\n

    A possible HTML/JavaScript insertion vulnerability has been found\n in the DNS & MX section of the user panel.

    • \n
\n

This update also fixes several vulnerabilities, for which no CVE ID\nhas been assigned:

\n

It has been discovered that DTC performs insufficient input sanitising\nin the package installer, leading to possible unwanted destination\ndirectory for installed packages if some DTC application packages\nare installed (note that these aren't available in Debian main).

\n

DTC was setting-up /etc/sudoers with permissive sudo rights to\nchrootuid.

\n

Incorrect input sanitizing in the package installer could lead to\nSQL insertion.

\n

A malicious user could enter a specially crafted support ticket\nsubject leading to an SQL injection in the draw_user_admin.php.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.29.18-1+lenny2.

\n

The stable distribution (squeeze) doesn't include dtc.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.34.1-1.

\n

We recommend that you upgrade your dtc packages.

\n
\n
\n
\n
", "2366": "
\n

Debian Security Advisory

\n

DSA-2366-1 mediawiki -- multiple vulnerabilities

\n
\n
Date Reported:
\n
18 Dec 2011
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 650434.
In Mitre's CVE dictionary: CVE-2011-1578, CVE-2011-1579, CVE-2011-1580, CVE-2011-1587, CVE-2011-4360, CVE-2011-4361.
\n
More information:
\n
\n

Several problems have been discovered in MediaWiki, a website engine for\ncollaborative work.

\n
    \n
  • CVE-2011-1578 CVE-2011-1587\n

    Masato Kinugawa discovered a cross-site scripting (XSS) issue, which\n affects Internet Explorer clients only, and only version 6 and\n earlier. Web server configuration changes are required to fix this\n issue. Upgrading MediaWiki will only be sufficient for people who use\n Apache with AllowOverride enabled.

    \n

    For details of the required configuration changes, see the upstream\nannouncements.\n

    • \n
  • CVE-2011-1579\n

    Wikipedia user Suffusion of Yellow discovered a CSS validation error\n in the wikitext parser. This is an XSS issue for Internet Explorer\n clients, and a privacy loss issue for other clients since it allows\n the embedding of arbitrary remote images.

    • \n
  • CVE-2011-1580\n

    MediaWiki developer Happy-Melon discovered that the transwiki import\n feature neglected to perform access control checks on form submission.\n The transwiki import feature is disabled by default. If it is enabled,\n it allows wiki pages to be copied from a remote wiki listed in\n $wgImportSources. The issue means that any user can trigger such an\n import to occur.

    • \n
  • CVE-2011-4360\n

    Alexandre Emsenhuber discovered an issue where page titles on private\n wikis could be exposed bypassing different page ids to index.php. In the\n case of the user not having correct permissions, they will now be redirected\n to Special:BadTitle.

    • \n
  • CVE-2011-4361\n

    Tim Starling discovered that action=ajax requests were dispatched to the\n relevant function without any read permission checks being done. This could\n have led to data leakage on private wikis.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1:1.12.0-2lenny9.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.15.5-2squeeze2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.15.5-5.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "2367": "
\n

Debian Security Advisory

\n

DSA-2367-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Dec 2011
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4597, CVE-2011-4598.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Asterisk, an Open\nSource PBX and telephony toolkit:

\n
    \n
  • CVE-2011-4597\n

    Ben Williams discovered that it was possible to enumerate SIP\n user names in some configurations. Please see the upstream\n advisory for details.

    \n

    This update only modifies the sample sip.conf configuration\n file. Please see README.Debian for more information on how\n to update your installation.

    • \n
  • CVE-2011-4598\n

    Kristijan Vrban discovered that Asterisk can be crashed with\n malformed SIP packets if the automon feature is enabled.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:1.4.21.2~dfsg-3+lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8.8.0~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2368": "
\n

Debian Security Advisory

\n

DSA-2368-1 lighttpd -- multiple vulnerabilities

\n
\n
Date Reported:
\n
20 Dec 2011
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 652726.
In Mitre's CVE dictionary: CVE-2011-4362, CVE-2011-3389.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in lighttpd, a small and fast\nwebserver with minimal memory footprint.

\n
    \n
  • CVE-2011-4362\n

    Xi Wang discovered that the base64 decoding routine which is used to\n decode user input during an HTTP authentication, suffers of a signedness\n issue when processing user input. As a result it is possible to force\n lighttpd to perform an out-of-bounds read which results in Denial of\n Service conditions.

    • \n
  • CVE-2011-3389\n

    When using CBC ciphers on an SSL enabled virtual host to communicate with\n certain client, a so called BEAST attack allows man-in-the-middle\n attackers to obtain plaintext HTTP traffic via a blockwise\n chosen-boundary attack (BCBA) on an HTTPS session. Technically this is\n no lighttpd vulnerability. However, lighttpd offers a workaround to\n mitigate this problem by providing a possibility to disable CBC ciphers.

    \n

    This updates includes this option by default. System administrators\n are advised to read the NEWS file of this update (as this may break older\n clients).

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.4.19-5+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.30-1.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "2369": "
\n

Debian Security Advisory

\n

DSA-2369-1 libsoup2.4 -- insufficient input sanitization

\n
\n
Date Reported:
\n
21 Dec 2011
\n
Affected Packages:
\n
\nlibsoup2.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 635837.
In Mitre's CVE dictionary: CVE-2011-2524.
\n
More information:
\n
\n

It was discovered that libsoup, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.34.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.

\n

We recommend that you upgrade your libsoup2.4 packages.

\n
\n
\n
\n
", "2370": "
\n

Debian Security Advisory

\n

DSA-2370-1 unbound -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Dec 2011
\n
Affected Packages:
\n
\nunbound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4528, CVE-2011-4869.
\n
More information:
\n
\n

It was discovered that Unbound, a recursive DNS resolver, would crash\nwhen processing certain malformed DNS responses from authoritative DNS\nservers, leading to denial of service.

\n
    \n
  • CVE-2011-4528\n

    Unbound attempts to free unallocated memory during processing\n\tof duplicate CNAME records in a signed zone.

    • \n
  • CVE-2011-4869\n

    Unbound does not properly process malformed responses which\n\tlack expected NSEC3 records.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 1.4.6-1~lenny2.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.6-1+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.4.14-1.

\n

We recommend that you upgrade your unbound packages.

\n
\n
\n
\n
", "2371": "
\n

Debian Security Advisory

\n

DSA-2371-1 jasper -- buffer overflows

\n
\n
Date Reported:
\n
24 Dec 2011
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4516, CVE-2011-4517.
\n
More information:
\n
\n

Two buffer overflows were discovered in JasPer, a library for handling\nJPEG-2000 images, which could lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem will be fixed in\nversion 1.900.1-5.1+lenny2. Due to technical limitations of the Debian\narchive software, the oldstable update cannot be released synchronously\nwith the stable update.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.900.1-7+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "2372": "
\n

Debian Security Advisory

\n

DSA-2372-1 heimdal -- buffer overflow

\n
\n
Date Reported:
\n
25 Dec 2011
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4862.
\n
More information:
\n
\n

It was discovered that the Kerberos support for telnetd contains a\npre-authentication buffer overflow, which may enable remote attackers\nwho can connect to TELNET to execute arbitrary code with root\nprivileges.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.2.dfsg.1-2.1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.0~git20100726.dfsg.1-2+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your heimdal packages.

\n
\n
\n
\n
", "2373": "
\n

Debian Security Advisory

\n

DSA-2373-1 inetutils -- buffer overflow

\n
\n
Date Reported:
\n
25 Dec 2011
\n
Affected Packages:
\n
\ninetutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4862.
\n
More information:
\n
\n

It was discovered that the Kerberos support for telnetd contains a\npre-authentication buffer overflow, which may enable remote attackers\nwho can connect to TELNET to execute arbitrary code with root\nprivileges.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2:1.5.dfsg.1-9+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2:1.6-3.1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your inetutils packages.

\n
\n
\n
\n
", "2374": "
\n

Debian Security Advisory

\n

DSA-2374-1 openswan -- implementation error

\n
\n
Date Reported:
\n
26 Dec 2011
\n
Affected Packages:
\n
\nopenswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 650674.
In Mitre's CVE dictionary: CVE-2011-4073.
\n
More information:
\n
\n

The information security group at ETH Zurich discovered a denial of\nservice vulnerability in the crypto helper handler of the IKE daemon\npluto. More information can be found in the upstream advisory.\n

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1:2.4.12+dfsg-1.3+lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.6.28+dfsg-5+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.37-1.

\n

We recommend that you upgrade your openswan packages.

\n
\n
\n
\n
", "2375": "
\n

Debian Security Advisory

\n

DSA-2375-1 krb5, krb5-appl -- buffer overflow

\n
\n
Date Reported:
\n
26 Dec 2011
\n
Affected Packages:
\n
\nkrb5, krb5-appl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4862.
\n
More information:
\n
\n

It was discovered that the encryption support for BSD telnetd contains\na pre-authentication buffer overflow, which may enable remote\nattackers who can connect to the Telnet port to execute arbitrary code\nwith root privileges.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.6.dfsg.4~beta1-5lenny7 of the krb5 package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.0.1-1.2 of the krb5-appl package.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your krb5 and krb5-appl packages.

\n
\n
\n
\n
", "2376": "
\n

Debian Security Advisory

\n

DSA-2376-2 ipmitool -- insecure PID file

\n
\n
Date Reported:
\n
30 Dec 2011
\n
Affected Packages:
\n
\nipmitool\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 651917.
In Mitre's CVE dictionary: CVE-2011-4339.
\n
More information:
\n
\n

It was discovered that OpenIPMI, the Intelligent Platform Management\nInterface library and tools, used too wide permissions PID file,\nwhich allows local users to kill arbitrary processes by writing to\nthis file.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.8.9-2+squeeze1. (Although the version number contains the\nstring squeeze, this is in fact an update for lenny.)

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.11-2+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.11-5.

\n

We recommend that you upgrade your ipmitool packages.

\n
\n
\n
\n
", "2377": "
\n

Debian Security Advisory

\n

DSA-2377-1 cyrus-imapd-2.2 -- NULL pointer dereference

\n
\n
Date Reported:
\n
01 Jan 2012
\n
Affected Packages:
\n
\ncyrus-imapd-2.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3481.
\n
More information:
\n
\n

It was discovered that cyrus-imapd, a highly scalable mail system designed\nfor use in enterprise environments, is not properly parsing mail headers\nwhen a client makes use of the IMAP threading feature. As a result, a NULL\npointer is dereferenced which crashes the daemon. An attacker can trigger\nthis by sending a mail containing crafted reference headers and access the\nmail with a client that uses the server threading feature of IMAP.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.2.13-14+lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.13-19+squeeze3.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem has been\nfixed in cyrus-imapd-2.4 version 2.4.11-1.

\n

We recommend that you upgrade your cyrus-imapd-2.2 packages.

\n
\n
\n
\n
", "2378": "
\n

Debian Security Advisory

\n

DSA-2378-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Jan 2012
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4351, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the decoders\nfor QDM2, VP5, VP6, VMD and SVQ1 files could lead to the execution of\narbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4:0.5.6-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:0.7.3-1 of the libav source package.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2379": "
\n

Debian Security Advisory

\n

DSA-2379-1 krb5 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Jan 2012
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1528, CVE-2011-1529.
\n
More information:
\n
\n

It was discovered that the Key Distribution Center (KDC) in Kerberos 5\ncrashes when processing certain crafted requests:

\n
    \n
  • CVE-2011-1528\n

    When the LDAP backend is used, remote users can trigger\n\ta KDC daemon crash and denial of service.

    • \n
  • CVE-2011-1529\n

    When the LDAP or Berkeley DB backend is used, remote users\n\tcan trigger a NULL pointer dereference in the KDC daemon\n\tand a denial of service.

    • \n
\n

The oldstable distribution (lenny) is not affected by these problems.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 1.8.3+dfsg-4squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.10+dfsg~alpha1-1.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "2380": "
\n

Debian Security Advisory

\n

DSA-2380-1 foomatic-filters -- shell command injection

\n
\n
Date Reported:
\n
04 Jan 2012
\n
Affected Packages:
\n
\nfoomatic-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 635549.
In Mitre's CVE dictionary: CVE-2011-2697, CVE-2011-2964.
\n
More information:
\n
\n

It was discovered that the foomatic-filters, a support package for\nsetting up printers, allowed authenticated users to submit crafted\nprint jobs which would execute shell commands on the print servers.

\n

\nCVE-2011-2697\nwas assigned to the vulnerability in the Perl\nimplementation included in lenny, and CVE-2011-2964\nto the vulnerability affecting the C reimplementation part of squeeze.\n

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.0.2-20080211-3.2+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.5-6+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.9-1.

\n

We recommend that you upgrade your foomatic-filters packages.

\n
\n
\n
\n
", "2381": "
\n

Debian Security Advisory

\n

DSA-2381-1 squid3 -- invalid memory deallocation

\n
\n
Date Reported:
\n
06 Jan 2012
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4096.
\n
More information:
\n
\n

It was discovered that the IPv6 support code in Squid does not\nproperly handle certain DNS responses, resulting in deallocation of an\ninvalid pointer and a daemon crash.

\n

The squid package and the version of Squid\u00a03 shipped in lenny lack IPv6\nsupport and are not affected by this issue.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.6-1.2+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 3.1.18-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "2382": "
\n

Debian Security Advisory

\n

DSA-2382-1 ecryptfs-utils -- multiple vulnerabilities

\n
\n
Date Reported:
\n
07 Jan 2012
\n
Affected Packages:
\n
\necryptfs-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1831, CVE-2011-1832, CVE-2011-1834, CVE-2011-1835, CVE-2011-1837, CVE-2011-3145.
\n
More information:
\n
\n

Several problems have been discovered in eCryptfs, a cryptographic\nfilesystem for Linux.

\n
    \n
  • CVE-2011-1831\n

    Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\n incorrectly validated permissions on the requested mountpoint. A local\n attacker could use this flaw to mount to arbitrary locations, leading\n to privilege escalation.

    • \n
  • CVE-2011-1832\n

    Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs\n incorrectly validated permissions on the requested mountpoint. A local\n attacker could use this flaw to unmount to arbitrary locations, leading\n to a denial of service.

    • \n
  • CVE-2011-1834\n

    Dan Rosenberg and Marc Deslauriers discovered that eCryptfs incorrectly\n handled modifications to the mtab file when an error occurs. A local\n attacker could use this flaw to corrupt the mtab file, and possibly\n unmount arbitrary locations, leading to a denial of service.

    • \n
  • CVE-2011-1835\n

    Marc Deslauriers discovered that eCryptfs incorrectly handled keys when\n setting up an encrypted private directory. A local attacker could use\n this flaw to manipulate keys during creation of a new user.

    • \n
  • CVE-2011-1837\n

    Vasiliy Kulikov of Openwall discovered that eCryptfs incorrectly handled\n lock counters. A local attacker could use this flaw to possibly overwrite\n arbitrary files.

    • \n
\n

We acknowledge the work of the Ubuntu distribution in preparing patches\nsuitable for near-direct inclusion in the Debian package.

\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion 68-1+lenny1.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 83-4+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 95-1.

\n

We recommend that you upgrade your ecryptfs-utils packages.

\n
\n
\n
\n
", "2383": "
\n

Debian Security Advisory

\n

DSA-2383-1 super -- buffer overflow

\n
\n
Date Reported:
\n
08 Jan 2012
\n
Affected Packages:
\n
\nsuper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2776.
\n
More information:
\n
\n

Robert Luberda discovered a buffer overflow in the syslog logging code of\nSuper, a tool to execute scripts (or other commands) as if they were root.\nThe default Debian configuration is not affected.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.30.0-2+lenny1. Due to a technical limitation in the Debian\narchive scripts this update cannot be released synchronously with the\nstable update. It will be available shortly.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.30.0-3+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your super packages.

\n
\n
\n
\n
", "2384": "
\n

Debian Security Advisory

\n

DSA-2384-2 cacti -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Feb 2012
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-1644, CVE-2010-1645, CVE-2010-2543, CVE-2010-2545, CVE-2011-4824.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Cacti, a graphing tool\nfor monitoring data. Multiple cross site scripting issues allow remote\nattackers to inject arbitrary web script or HTML. An SQL injection\nvulnerability allows remote attackers to execute arbitrary SQL commands.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.8.7b-2.1+lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.7g-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7i-2.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "2385": "
\n

Debian Security Advisory

\n

DSA-2385-1 pdns -- packet loop

\n
\n
Date Reported:
\n
10 Jan 2012
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0206.
\n
More information:
\n
\n

Ray Morris discovered that the PowerDNS authoritative server responds\nto response packets. An attacker who can spoof the source address of\nIP packets can cause an endless packet loop between a PowerDNS\nauthoritative server and another DNS server, leading to a denial of\nservice.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.9.21.2-1+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.9.22-8+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your pdns packages.

\n
\n
\n
\n
", "2386": "
\n

Debian Security Advisory

\n

DSA-2386-1 openttd -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Jan 2012
\n
Affected Packages:
\n
\nopenttd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3341, CVE-2011-3342, CVE-2011-3343.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenTTD, a transport\nbusiness simulation game. Multiple buffer overflows and off-by-one\nerrors allow remote attackers to cause denial of service.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.6.2-1+lenny4.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.4-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.4-1.

\n

We recommend that you upgrade your openttd packages.

\n
\n
\n
\n
", "2387": "
\n

Debian Security Advisory

\n

DSA-2387-1 simplesamlphp -- insufficient input sanitation

\n
\n
Date Reported:
\n
11 Jan 2012
\n
Affected Packages:
\n
\nsimplesamlphp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

timtai1 discovered that simpleSAMLphp, an authentication and federation\nplatform, is vulnerable to a cross site scripting attack, allowing a\nremote attacker to access sensitive client data.

\n

The oldstable distribution (lenny) does not contain a simplesamlphp\npackage.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.3-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.2-1.

\n

We recommend that you upgrade your simplesamlphp packages.

\n
\n
\n
\n
", "2388": "
\n

Debian Security Advisory

\n

DSA-2388-1 t1lib -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jan 2012
\n
Affected Packages:
\n
\nt1lib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 652996.
In Mitre's CVE dictionary: CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554.
\n
More information:
\n
\n

Several vulnerabilities were discovered in t1lib, a Postscript Type 1\nfont rasterizer library, some of which might lead to code execution\nthrough the opening of files embedding bad fonts.

\n
    \n
  • CVE-2010-2642\n

    A heap-based buffer overflow in the AFM font metrics parser\n\tpotentially leads to the execution of arbitrary code.

    • \n
  • CVE-2011-0433\n

    Another heap-based buffer overflow in the AFM font metrics\n\tparser potentially leads to the execution of arbitrary code.

    • \n
  • CVE-2011-0764\n

    An invalid pointer dereference allows execution of arbitrary\n\tcode using crafted Type 1 fonts.

    • \n
  • CVE-2011-1552\n

    Another invalid pointer dereference results in an application\n\tcrash, triggered by crafted Type 1 fonts.

    • \n
  • CVE-2011-1553\n

    A use-after-free vulnerability results in an application\n\tcrash, triggered by crafted Type 1 fonts.

    • \n
  • CVE-2011-1554\n

    An off-by-one error results in an invalid memory read and\n\tapplication crash, triggered by crafted Type 1 fonts.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.1.2-3+lenny1.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.1.2-3+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 5.1.2-3.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.2-3.4.

\n

We recommend that you upgrade your t1lib packages.

\n
\n
\n
\n
", "2389": "
\n

Debian Security Advisory

\n

DSA-2389-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
15 Jan 2012
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2183, CVE-2011-2213, CVE-2011-2898, CVE-2011-3353, CVE-2011-4077, CVE-2011-4110, CVE-2011-4127, CVE-2011-4611, CVE-2011-4622, CVE-2011-4914.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-2183\n

    Andrea Righi reported an issue in KSM, a memory-saving de-duplication\n feature. By exploiting a race with exiting tasks, local users can cause\n a kernel oops, resulting in a denial of service.

    • \n
  • CVE-2011-2213\n

    Dan Rosenberg discovered an issue in the INET socket monitoring interface.\n Local users could cause a denial of service by injecting code and causing\n the kernel to execute an infinite loop.

    • \n
  • CVE-2011-2898\n

    Eric Dumazet reported an information leak in the raw packet socket\n implementation.

    • \n
  • CVE-2011-3353\n

    Han-Wen Nienhuys reported a local denial of service issue in the FUSE\n (Filesystem in Userspace) support in the Linux kernel. Local users could\n cause a buffer overflow, leading to a kernel oops and resulting in a denial\n of service.

    • \n
  • CVE-2011-4077\n

    Carlos Maiolino reported an issue in the XFS filesystem. A local user\n with the ability to mount a filesystem could corrupt memory resulting\n in a denial of service or possibly gain elevated privileges.

    • \n
  • CVE-2011-4110\n

    David Howells reported an issue in the kernel's access key retention\n system which allow local users to cause a kernel oops leading to a denial\n of service.

    • \n
  • CVE-2011-4127\n

    Paolo Bonzini of Red Hat reported an issue in the ioctl passthrough\n support for SCSI devices. Users with permission to access restricted\n portions of a device (e.g. a partition or a logical volume) can obtain\n access to the entire device by way of the SG_IO ioctl. This could be\n exploited by a local user or privileged VM guest to achieve a privilege\n escalation.

    • \n
  • CVE-2011-4611\n

    Maynard Johnson reported an issue with the perf support on POWER7 systems\n that allows local users to cause a denial of service.

    • \n
  • CVE-2011-4622\n

    Jan Kiszka reported an issue in the KVM PIT timer support. Local users\n with the permission to use KVM can cause a denial of service by starting\n a PIT timer without first setting up the irqchip.

    • \n
  • CVE-2011-4914\n

    Ben Hutchings reported various bounds checking issues within the ROSE\n protocol support in the kernel. Remote users could possibly use this\n to gain access to sensitive memory or cause a denial of service.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-39squeeze1. Updates for issues impacting the oldstable distribution\n(lenny) will be available soon.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+39squeeze1
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n
\n
\n
\n
", "2390": "
\n

Debian Security Advisory

\n

DSA-2390-1 openssl -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jan 2012
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4108, CVE-2011-4109, CVE-2011-4354, CVE-2011-4576, CVE-2011-4619.
\n
More information:
\n
\n

Several vulnerabilities were discovered in OpenSSL, an implementation\nof TLS and related protocols. The Common Vulnerabilities and\nExposures project identifies the following vulnerabilities:

\n
    \n
  • CVE-2011-4108\n

    The DTLS implementation performs a MAC check only if certain\n\tpadding is valid, which makes it easier for remote attackers\n\tto recover plaintext via a padding oracle attack.

    • \n
  • CVE-2011-4109\n

    A double free vulnerability when X509_V_FLAG_POLICY_CHECK is\n\tenabled, allows remote attackers to cause applications crashes\n\tand potentially allow execution of arbitrary code by\n\ttriggering failure of a policy check.

    • \n
  • CVE-2011-4354\n

    On 32-bit systems, the operations on NIST elliptic curves\n\tP-256 and P-384 are not correctly implemented, potentially\n\tleaking the private ECC key of a TLS server. (Regular\n\tRSA-based keys are not affected by this vulnerability.)

    • \n
  • CVE-2011-4576\n

    The SSL 3.0 implementation does not properly initialize data\n\tstructures for block cipher padding, which might allow remote\n\tattackers to obtain sensitive information by decrypting the\n\tpadding data sent by an SSL peer.

    • \n
  • CVE-2011-4619\n

    The Server Gated Cryptography (SGC) implementation in OpenSSL\n\tdoes not properly handle handshake restarts, unnecessarily\n\tsimplifying CPU exhaustion attacks.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 0.9.8g-15+lenny15.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 0.9.8o-4squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.0.0f-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2391": "
\n

Debian Security Advisory

\n

DSA-2391-1 phpmyadmin -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2012
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 656247.
In Mitre's CVE dictionary: CVE-2011-1940, CVE-2011-3181, CVE-2011-4107.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpMyAdmin, a tool\nto administer MySQL over the web. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-4107\n

    The XML import plugin allowed a remote attacker to read arbitrary\n files via XML data containing external entity references.

    • \n
  • CVE-2011-1940, CVE-2011-3181\n

    Cross site scripting was possible in the table tracking feature,\n allowing a remote attacker to inject arbitrary web script or HTML.

    • \n
\n

The oldstable distribution (lenny) is not affected by these problems.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 4:3.3.7-7.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 4:3.4.7.1-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "2392": "
\n

Debian Security Advisory

\n

DSA-2392-1 openssl -- out-of-bounds read

\n
\n
Date Reported:
\n
23 Jan 2012
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0050.
\n
More information:
\n
\n

Antonio Martin discovered a denial-of-service vulnerability in\nOpenSSL, an implementation of TLS and related protocols. A malicious\nclient can cause the DTLS server implementation to crash. Regular,\nTCP-based TLS is not affected by this issue.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny16.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze7.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.0.0g-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2393": "
\n

Debian Security Advisory

\n

DSA-2393-1 bip -- buffer overflow

\n
\n
Date Reported:
\n
25 Jan 2012
\n
Affected Packages:
\n
\nbip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 657217.
In Mitre's CVE dictionary: CVE-2012-0806.
\n
More information:
\n
\n

Julien Tinnes reported a buffer overflow in the Bip multiuser IRC proxy\nwhich may allow arbitrary code execution by remote users.

\n

The oldstable distribution (lenny) is not affected by this problem.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.2-1squeeze4.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your bip packages.

\n
\n
\n
\n
", "2394": "
\n

Debian Security Advisory

\n

DSA-2394-1 libxml2 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Jan 2012
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 652352, Bug 643648, Bug 656377.
In Mitre's CVE dictionary: CVE-2011-0216, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919.
\n
More information:
\n
\n

Many security problems have been fixed in libxml2, a popular library to handle\nXML data files.

\n
    \n
  • CVE-2011-3919:\n

    J\u00fcri Aedla discovered a heap-based buffer overflow that allows remote attackers\nto cause a denial of service or possibly have unspecified other impact via\nunknown vectors.

    • \n
  • CVE-2011-0216:\n

    An Off-by-one error have been discovered that allows remote attackers to\nexecute arbitrary code or cause a denial of service.

    • \n
  • CVE-2011-2821:\n

    A memory corruption (double free) bug has been identified in libxml2's XPath\nengine. Through it, it is possible for an attacker to cause a denial of\nservice or possibly have unspecified other impact. This vulnerability does not\naffect the oldstable distribution (lenny).

    • \n
  • CVE-2011-2834:\n

    Yang Dingning discovered a double free vulnerability related to XPath handling.

    • \n
  • CVE-2011-3905:\n

    An out-of-bounds read vulnerability had been discovered, which allows remote\nattackers to cause a denial of service.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 2.6.32.dfsg-5+lenny5.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.8.dfsg-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-7.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2395": "
\n

Debian Security Advisory

\n

DSA-2395-1 wireshark -- buffer underflow

\n
\n
Date Reported:
\n
27 Jan 2012
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3483, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-0068.
\n
More information:
\n
\n

Laurent Butti discovered a buffer underflow in the LANalyzer dissector\nof the Wireshark network traffic analyzer, which could lead to the\nexecution of arbitrary code (CVE-2012-0068).\n

\n

This update also addresses several bugs, which can lead to crashes of\nWireshark. These are not treated as security issues, but are fixed\nnonetheless if security updates are scheduled: CVE-2011-3483,\nCVE-2012-0041,\nCVE-2012-0042,\nCVE-2012-0066 and\nCVE-2012-0067.\n

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+squeeze6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2396": "
\n

Debian Security Advisory

\n

DSA-2396-1 qemu-kvm -- buffer underflow

\n
\n
Date Reported:
\n
27 Jan 2012
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0029.
\n
More information:
\n
\n

Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e\nnetwork interface card of KVM, a solution for full virtualization on\nx86 hardware, which could result in denial of service or privilege\nescalation.

\n

This update also fixes a guest-triggerable memory corruption in\nVNC handling.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0+dfsg-5.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2397": "
\n

Debian Security Advisory

\n

DSA-2397-1 icu -- buffer underflow

\n
\n
Date Reported:
\n
29 Jan 2012
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4599.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the Unicode library ICU\ncould lead to the execution of arbitrary code.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 3.8.1-3+lenny3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.8.1.1-3.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "2398": "
\n

Debian Security Advisory

\n

DSA-2398-2 curl -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Mar 2012
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 658276.
In Mitre's CVE dictionary: CVE-2011-3389, CVE-2012-0036.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2011-3389\n

    This update enables OpenSSL workarounds against the BEAST attack.\n Additional information can be found in the cURL advisory\n

    • \n
  • CVE-2012-0036\n

    Dan Fandrich discovered that cURL performs insufficient sanitising\n when extracting the file path part of an URL.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 7.18.2-8lenny6.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.24.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2399": "
\n

Debian Security Advisory

\n

DSA-2399-2 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Jan 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1938, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0057.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:

\n
    \n
  • CVE-2011-1938\n

    The UNIX socket handling allowed attackers to trigger a buffer overflow\n via a long path name.

    • \n
  • CVE-2011-2483\n

    The crypt_blowfish function did not properly handle 8-bit characters,\n which made it easier for attackers to determine a cleartext password\n by using knowledge of a password hash.

    • \n
  • CVE-2011-4566\n

    When used on 32 bit platforms, the exif extension could be used to\n trigger an integer overflow in the exif_process_IFD_TAG function\n when processing a JPEG file.

    • \n
  • CVE-2011-4885\n

    It was possible to trigger hash collisions predictably when parsing\n form parameters, which allows remote attackers to cause a denial of\n service by sending many crafted parameters.

    • \n
  • CVE-2012-0057\n

    When applying a crafted XSLT transform, an attacker could write files\n to arbitrary places in the filesystem.

    • \n
\n

NOTE: the fix for\nCVE-2011-2483\nrequired changing the behaviour of this function: it is now incompatible with\nsome old (wrongly) generated hashes for passwords containing 8-bit characters.\nSee the package NEWS entry for details. This change has not been applied to the\nLenny version of PHP.

\n

For the oldstable distribution (lenny), these problems have been fixed\nin version 5.2.6.dfsg.1-1+lenny15.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 5.3.3-7+squeeze6.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthese problems have been fixed in version 5.3.9-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2400": "
\n

Debian Security Advisory

\n

DSA-2400-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Feb 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.

\n
    \n
  • CVE-2011-3670\n

    Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,\n resulting in potential information disclosure.

    • \n
  • CVE-2012-0442\n

    Jesse Ruderman and Bob Clary discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0444\n

    regenrecht discovered that missing input sanitising in the Ogg Vorbis\n parser may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0449\n

    Nicolas Gregoire and Aki Helin discovered that missing input\n sanitising in XSLT processing may lead to the execution of arbitrary\n code.

    • \n
\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 1.9.0.19-13 of the xulrunner source package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-12.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2401": "
\n

Debian Security Advisory

\n

DSA-2401-1 tomcat6 -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Feb 2012
\n
Affected Packages:
\n
\ntomcat6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-3375, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022.
\n
More information:
\n
\n

Several vulnerabilities have been found in Tomcat, a servlet and JSP\nengine:

\n
    \n
  • CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064\n

    The HTTP Digest Access Authentication implementation performed\n insufficient countermeasures against replay attacks.

    • \n
  • CVE-2011-2204\n

    In rare setups passwords were written into a logfile.

    • \n
  • CVE-2011-2526\n

    Missing input sanitising in the HTTP APR or HTTP NIO connectors\n could lead to denial of service.

    • \n
  • CVE-2011-3190\n

    AJP requests could be spoofed in some setups.

    • \n
  • CVE-2011-3375\n

    Incorrect request caching could lead to information disclosure.

    • \n
  • CVE-2011-4858 CVE-2012-0022\n

    This update adds countermeasures against a collision denial of\n service vulnerability in the Java hashtable implementation and\n addresses denial of service potentials when processing large\n amounts of requests.

    • \n
\n

Additional information can be\nfound at http://tomcat.apache.org/security-6.html

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.35-1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.0.35-1.

\n

We recommend that you upgrade your tomcat6 packages.

\n
\n
\n
\n
", "2402": "
\n

Debian Security Advisory

\n

DSA-2402-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Feb 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite, an\nunbranded version of Seamonkey:

\n
    \n
  • CVE-2011-3670\n

    Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed,\n resulting in potential information disclosure.

    • \n
  • CVE-2012-0442\n

    Jesse Ruderman and Bob Clary discovered memory corruption bugs, which\n may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0444\n

    regenrecht discovered that missing input sanitising in the Ogg Vorbis\n parser may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0449\n

    Nicolas Gregoire and Aki Helin discovered that missing input\n sanitising in XSLT processing may lead to the execution of arbitrary\n code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.14-10.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2403": "
\n

Debian Security Advisory

\n

DSA-2403-2 php5 -- code injection

\n
\n
Date Reported:
\n
06 Feb 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0830.
\n
More information:
\n
\n

Stefan Esser discovered that the implementation of the max_input_vars\nconfiguration variable in a recent PHP security update was flawed such\nthat it allows remote attackers to crash PHP or potentially execute\ncode.

\n

For the oldstable distribution (lenny), this problem has been fixed in\nversion 5.2.6.dfsg.1-1+lenny16.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.10-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2404": "
\n

Debian Security Advisory

\n

DSA-2404-1 xen-qemu-dm-4.0 -- buffer overflow

\n
\n
Date Reported:
\n
05 Feb 2012
\n
Affected Packages:
\n
\nxen-qemu-dm-4.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0029.
\n
More information:
\n
\n

Nicolae Mogoreanu discovered a heap overflow in the emulated e1000e\nnetwork interface card of QEMU, which is used in the xen-qemu-dm-4.0\npackages. This vulnerability might enable to malicious guest systems\nto crash the host system or escalate their privileges.

\n

The old stable distribution (lenny) does not contain the\nxen-qemu-dm-4.0 package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-2+squeeze1.

\n

The testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed soon.

\n
\n
\n
\n
", "2405": "
\n

Debian Security Advisory

\n

DSA-2405-1 apache2 -- multiple issues

\n
\n
Date Reported:
\n
06 Feb 2012
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3607, CVE-2011-3368, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Apache HTTPD Server:

\n
    \n
  • CVE-2011-3607:\n

    An integer overflow in ap_pregsub() could allow local attackers to\n execute arbitrary code at elevated privileges via crafted .htaccess\n files.

    • \n
  • CVE-2011-3368 CVE-2011-3639 CVE-2011-4317:\n

    The Apache HTTP Server did not properly validate the request URI for\n proxied requests. In certain reverse proxy configurations using the\n ProxyPassMatch directive or using the RewriteRule directive with the\n [P] flag, a remote attacker could make the proxy connect to an\n arbitrary server. This could allow the attacker to access internal\n servers that are not otherwise accessible from the outside.

    \n

    The three CVE ids denote slightly different variants of the same\n issue.

    \n

    Note that, even with this issue fixed, it is the responsibility of\n the administrator to ensure that the regular expression replacement\n pattern for the target URI does not allow a client to append arbitrary\n strings to the host or port parts of the target URI. For example, the\n configuration

    \n
    \n  ProxyPassMatch ^/mail(.*)  http://internal-host$1\n
    \n

    is still insecure and should be replaced by one of the following\n configurations:

    \n
    \n  ProxyPassMatch ^/mail(/.*)  http://internal-host$1\n  ProxyPassMatch ^/mail/(.*)  http://internal-host/$1\n
    \n
    • \n
  • CVE-2012-0031:\n

    An apache2 child process could cause the parent process to crash\n during shutdown. This is a violation of the privilege separation\n between the apache2 processes and could potentially be used to worsen\n the impact of other vulnerabilities.

    • \n
  • CVE-2012-0053:\n

    The response message for error code 400 (bad request) could be used to\n expose httpOnly cookies. This could allow a remote attacker using\n cross site scripting to steal authentication cookies.

    • \n
\n

For the oldstable distribution (lenny), these problems have been fixed in\nversion apache2 2.2.9-10+lenny12.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion apache2 2.2.16-6+squeeze6

\n

For the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-1.

\n

We recommend that you upgrade your apache2 packages.

\n

This update also contains updated apache2-mpm-itk packages which have\nbeen recompiled against the updated apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny7. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2.

\n
\n
\n
\n
", "2406": "
\n

Debian Security Advisory

\n

DSA-2406-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Feb 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, Debian's\nvariant of the Mozilla Thunderbird code base.

\n
    \n
  • CVE-2011-3670\n

    Icedove does not not properly enforce the IPv6 literal address\n syntax, which allows remote attackers to obtain sensitive\n information by making XMLHttpRequest calls through a proxy and\n reading the error messages.

    • \n
  • CVE-2012-0442\n

    Memory corruption bugs could cause Icedove to crash or\n possibly execute arbitrary code.

    • \n
  • CVE-2012-0444\n

    Icedove does not properly initialize nsChildView data\n structures, which allows remote attackers to cause a denial of\n service (memory corruption and application crash) or possibly\n execute arbitrary code via a crafted Ogg Vorbis file.

    • \n
  • CVE-2012-0449\n

    Icedove allows remote attackers to cause a denial of service\n (memory corruption and application crash) or possibly execute\n arbitrary code via a malformed XSLT stylesheet that is\n embedded in a document.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze7.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2407": "
\n

Debian Security Advisory

\n

DSA-2407-1 cvs -- heap overflow

\n
\n
Date Reported:
\n
09 Feb 2012
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0804.
\n
More information:
\n
\n

It was discovered that a malicious CVS server could cause a heap\noverflow in the CVS client, potentially allowing the server to execute\narbitrary code on the client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.12.13-12+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.12.13+real-7.

\n

We recommend that you upgrade your cvs packages.

\n
\n
\n
\n
", "2408": "
\n

Debian Security Advisory

\n

DSA-2408-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Feb 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1072, CVE-2011-4153, CVE-2012-0781, CVE-2012-0788, CVE-2012-0831, CVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182, CVE-2011-3267.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:

\n
    \n
  • CVE-2011-1072\n

    It was discovered that insecure handling of temporary files in the PEAR\n installer could lead to denial of service.

    • \n
  • CVE-2011-4153\n

    Maksymilian Arciemowicz discovered that a NULL pointer dereference in\n the zend_strndup() function could lead to denial of service.

    • \n
  • CVE-2012-0781\n

    Maksymilian Arciemowicz discovered that a NULL pointer dereference in\n the tidy_diagnose() function could lead to denial of service.

    • \n
  • CVE-2012-0788\n

    It was discovered that missing checks in the handling of PDORow\n objects could lead to denial of service.

    • \n
  • CVE-2012-0831\n

    It was discovered that the magic_quotes_gpc setting could be disabled\n remotely.

    • \n
\n

This update also addresses PHP bugs, which are not treated as security issues\nin Debian (see README.Debian.security), but which were fixed nonetheless:\nCVE-2010-4697, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1467\nCVE-2011-1468, CVE-2011-1469, CVE-2011-1470, CVE-2011-1657, CVE-2011-3182\nCVE-2011-3267

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.10-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2409": "
\n

Debian Security Advisory

\n

DSA-2409-1 devscripts -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Feb 2012
\n
Affected Packages:
\n
\ndevscripts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0210, CVE-2012-0211, CVE-2012-0212.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in debdiff, a script used\nto compare two Debian packages, which is part of the devscripts package.\nThe following Common Vulnerabilities and Exposures project ids have been\nassigned to identify them:

\n
    \n
  • CVE-2012-0210:\n

    Paul Wise discovered that due to insufficient input sanitising when\n processing .dsc and .changes files, it is possible to execute\n arbitrary code and disclose system information.

    • \n
  • CVE-2012-0211:\n

    Raphael Geissert discovered that it is possible to inject or modify\n arguments of external commands when processing source packages with\n specially-named tarballs in the top-level directory of the .orig\n tarball, allowing arbitrary code execution.

    • \n
  • CVE-2012-0212:\n

    Raphael Geissert discovered that it is possible to inject or modify\n arguments of external commands when passing as argument to debdiff\n a specially-named file, allowing arbitrary code execution.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze2.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems will be fixed in\nversion 2.11.4.

\n

We recommend that you upgrade your devscripts packages.

\n
\n
\n
\n
", "2410": "
\n

Debian Security Advisory

\n

DSA-2410-1 libpng -- integer overflow

\n
\n
Date Reported:
\n
15 Feb 2012
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3026.
\n
More information:
\n
\n

Jueri Aedla discovered an integer overflow in the libpng PNG library,\nwhich could lead to the execution of arbitrary code if a malformed\nimage is processed.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "2411": "
\n

Debian Security Advisory

\n

DSA-2411-1 mumble -- information disclosure

\n
\n
Date Reported:
\n
19 Feb 2012
\n
Affected Packages:
\n
\nmumble\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 659039.
In Mitre's CVE dictionary: CVE-2012-0863.
\n
More information:
\n
\n

It was discovered that Mumble, a VoIP client, does not properly manage\npermissions on its user-specific configuration files, allowing other\nlocal users on the system to access them.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-6+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.3-3.

\n

We recommend that you upgrade your mumble packages.

\n
\n
\n
\n
", "2412": "
\n

Debian Security Advisory

\n

DSA-2412-1 libvorbis -- buffer overflow

\n
\n
Date Reported:
\n
19 Feb 2012
\n
Affected Packages:
\n
\nlibvorbis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0444.
\n
More information:
\n
\n

It was discovered that a heap overflow in the Vorbis audio compression\nlibrary could lead to the execution of arbitrary code if a malformed\nOgg Vorbis file is processed.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.1-1+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libvorbis packages.

\n
\n
\n
\n
", "2413": "
\n

Debian Security Advisory

\n

DSA-2413-1 libarchive -- buffer overflows

\n
\n
Date Reported:
\n
20 Feb 2012
\n
Affected Packages:
\n
\nlibarchive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1777, CVE-2011-1778.
\n
More information:
\n
\n

Two buffer overflows have been discovered in libarchive, a library\nproviding a flexible interface for reading and writing archives in\nvarious formats. The possible buffer overflows while reading ISO 9660\nor tar streams allow remote attackers to execute arbitrary\ncode depending on the application that makes use of this functionality.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.4-1+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions,\nthis problem has been fixed in version 2.8.5-5.

\n

We recommend that you upgrade your libarchive packages.

\n
\n
\n
\n
", "2414": "
\n

Debian Security Advisory

\n

DSA-2414-2 fex -- insufficient input sanitization

\n
\n
Date Reported:
\n
25 Feb 2012
\n
Affected Packages:
\n
\nfex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0869.
\n
More information:
\n
\n

Nicola Fioravanti discovered that F*X, a web service for transferring\nvery large files, is not properly sanitizing input parameters of the fup\nscript. An attacker can use this flaw to conduct reflected cross-site\nscripting attacks via various script parameters.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 20100208+debian1-1+squeeze3.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed\nin version 20120215-1.

\n

We recommend that you upgrade your fex packages.

\n
\n
\n
\n
", "2415": "
\n

Debian Security Advisory

\n

DSA-2415-1 libmodplug -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Feb 2012
\n
Affected Packages:
\n
\nlibmodplug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1761, CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915.
\n
More information:
\n
\n

Several vulnerabilities that can lead to the execution of arbitrary code\nhave been discovered in libmodplug, a library for MOD music based on\nModPlug. The Common Vulnerabilities and Exposures project identifies\nthe following issues:

\n
    \n
  • CVE-2011-1761\n

    epiphant discovered that the abc file parser is vulnerable to several\n stack-based buffer overflows that potentially lead to the execution\n of arbitrary code.

    • \n
  • CVE-2011-2911\n

    Hossein Lotfi of Secunia discovered that the CSoundFile::ReadWav\n function is vulnerable to an integer overflow which leads to a\n heap-based buffer overflow. An attacker can exploit this flaw to\n potentially execute arbitrary code by tricking a victim into opening\n crafted WAV files.

    • \n
  • CVE-2011-2912\n

    Hossein Lotfi of Secunia discovered that the CSoundFile::ReadS3M\n function is vulnerable to a stack-based buffer overflow. An attacker\n can exploit this flaw to potentially execute arbitrary code by\n tricking a victim into opening crafted S3M files.

    • \n
  • CVE-2011-2913\n

    Hossein Lotfi of Secunia discovered that the CSoundFile::ReadAMS\n function suffers from an off-by-one vulnerability that leads to\n memory corruption. An attacker can exploit this flaw to potentially\n execute arbitrary code by tricking a victim into opening crafted AMS\n files.

    • \n
  • CVE-2011-2914\n

    It was discovered that the CSoundFile::ReadDSM function suffers\n from an off-by-one vulnerability that leads to memory corruption.\n An attacker can exploit this flaw to potentially execute arbitrary\n code by tricking a victim into opening crafted DSM files.

    • \n
  • CVE-2011-2915\n

    It was discovered that the CSoundFile::ReadAMS2 function suffers\n from an off-by-one vulnerability that leads to memory corruption.\n An attacker can exploit this flaw to potentially execute arbitrary\n code by tricking a victim into opening crafted AMS files.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:0.8.8.1-1+squeeze2.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nhas been fixed in version 1:0.8.8.4-1.

\n

We recommend that you upgrade your libmodplug packages.

\n
\n
\n
\n
", "2416": "
\n

Debian Security Advisory

\n

DSA-2416-1 notmuch -- information disclosure

\n
\n
Date Reported:
\n
22 Feb 2012
\n
Affected Packages:
\n
\nnotmuch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that Notmuch, an email indexer, did not sufficiently\nescape Emacs MML tags. When using the Emacs interface, a user could\nbe tricked into replying to a maliciously formatted message which could\nlead to files from the local machine being attached to the outgoing\nmessage.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.3.1+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 0.11.1-1.

\n

We recommend that you upgrade your notmuch packages.

\n
\n
\n
\n
", "2417": "
\n

Debian Security Advisory

\n

DSA-2417-1 libxml2 -- computational denial of service

\n
\n
Date Reported:
\n
22 Feb 2012
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0841.
\n
More information:
\n
\n

It was discovered that the internal hashing routine of libxml2,\na library providing an extensive API to handle XML data, is vulnerable to\npredictable hash collisions. Given an attacker with knowledge of the\nhashing algorithm, it is possible to craft input that creates a large\namount of collisions. As a result it is possible to perform denial of\nservice attacks against applications using libxml2 functionality because\nof the computational overhead.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze3.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2418": "
\n

Debian Security Advisory

\n

DSA-2418-1 postgresql-8.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Feb 2012
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0866, CVE-2012-0867, CVE-2012-0868.
\n
More information:
\n
\n

Several local vulnerabilities have been discovered in PostgreSQL, an\nobject-relational SQL database. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2012-0866\n

    It was discovered that the permissions of a function called by a\n trigger are not checked. This could result in privilege escalation.

    • \n
  • CVE-2012-0867\n

    It was discovered that only the first 32 characters of a host name\n are checked when validating host names through SSL certificates.\n This could result in spoofing the connection in limited\n circumstances.

    • \n
  • CVE-2012-0868\n

    It was discovered that pg_dump did not sanitise object names.\n This could result in arbitrary SQL command execution if a\n malformed dump file is opened.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.4.11-0squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.11-1.

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2419": "
\n

Debian Security Advisory

\n

DSA-2419-1 puppet -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Feb 2012
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1053, CVE-2012-1054.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Puppet, a centralized\nconfiguration management tool.

\n
    \n
  • CVE-2012-1053\n

    Puppet runs execs with an unintended group privileges,\n\tpotentially leading to privilege escalation.

    • \n
  • CVE-2012-1054\n

    The k5login type writes to untrusted locations,\n\tenabling local users to escalate their privileges\n\tif the k5login type is used.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 2.6.2-5+squeeze4.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.7.11-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2420": "
\n

Debian Security Advisory

\n

DSA-2420-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Feb 2012
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3377, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform.

\n
    \n
  • CVE-2011-3377\n

    The IcedTea browser plugin included in the openjdk-6 package\n\tdoes not properly enforce the Same Origin Policy on web content\n\tserved under a domain name which has a common suffix with the\n\trequired domain name.

    • \n
  • CVE-2011-3563\n

    The Java Sound component did not properly check for array\n\tboundaries. A malicious input or an untrusted Java application\n\tor applet could use this flaw to cause Java Virtual Machine to\n\tcrash or disclose portion of its memory.

    • \n
  • CVE-2011-5035\n

    The OpenJDK embedded web server did not guard against an\n\texcessive number of a request parameters, leading to a denial\n\tof service vulnerability involving hash collisions.

    • \n
  • CVE-2012-0497\n

    It was discovered that Java2D did not properly check graphics\n\trendering objects before passing them to the native renderer.\n\tThis could lead to JVM crash or Java sandbox bypass.

    • \n
  • CVE-2012-0501\n

    The ZIP central directory parser used by java.util.zip.ZipFile\n\tentered an infinite recursion in native code when processing a\n\tcrafted ZIP file, leading to a denial of service.

    • \n
  • CVE-2012-0502\n

    A flaw was found in the AWT KeyboardFocusManager class that\n\tcould allow untrusted Java applets to acquire keyboard focus\n\tand possibly steal sensitive information.

    • \n
  • CVE-2012-0503\n

    The java.util.TimeZone.setDefault() method lacked a security\n\tmanager invocation, allowing an untrusted Java application or\n\tapplet to set a new default time zone.

    • \n
  • CVE-2012-0505\n

    The Java serialization code leaked references to serialization\n\texceptions, possibly leaking critical objects to untrusted\n\tcode in Java applets and applications.

    • \n
  • CVE-2012-0506\n

    It was discovered that CORBA implementation in Java did not\n\tproperly protect repository identifiers (that can be obtained\n\tusing _ids() method) on certain Corba objects. This could\n\thave been used to perform modification of the data that should\n\thave been immutable.

    • \n
  • CVE-2012-0507\n

    The AtomicReferenceArray class implementation did not properly\n\tcheck if the array is of an expected Object[] type. A\n\tmalicious Java application or applet could use this flaw to\n\tcause Java Virtual Machine to crash or bypass Java sandbox\n\trestrictions.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 6b18-1.8.13-0+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 6b24-1.11.1-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2421": "
\n

Debian Security Advisory

\n

DSA-2421-1 moodle -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Feb 2012
\n
Affected Packages:
\n
\nmoodle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4308, CVE-2011-4584, CVE-2011-4585, CVE-2011-4586, CVE-2011-4587, CVE-2011-4588, CVE-2012-0792, CVE-2012-0793, CVE-2012-0794, CVE-2012-0795, CVE-2012-0796.
\n
More information:
\n
\n

Several security issues have been fixed in Moodle, a course management\nsystem for online learning:

\n
    \n
  • CVE-2011-4308 / CVE-2012-0792\n

    Rossiani Wijaya discovered an information leak in\n mod/forum/user.php.

    • \n
  • CVE-2011-4584\n

    MNet authentication didn't prevent a user using Login as from\n jumping to a remove MNet SSO.

    • \n
  • CVE-2011-4585\n

    Darragh Enright discovered that the change password form was send in\n over plain HTTP even if httpslogin was set to true.

    • \n
  • CVE-2011-4586\n

    David Michael Evans and German Sanchez Gances discovered CRLF\n injection/HTTP response splitting vulnerabilities in the Calendar\n module.

    • \n
  • CVE-2011-4587\n

    Stephen Mc Guiness discovered empty passwords could be entered in\n some circumstances.

    • \n
  • CVE-2011-4588\n

    Patrick McNeill discovered that IP address restrictions could be bypassed in\n MNet.

    • \n
  • CVE-2012-0796\n

    Simon Coggins discovered that additional information could be\n injected into mail headers.

    • \n
  • CVE-2012-0795\n

    John Ehringer discovered that email addresses were insufficiently\n validated.

    • \n
  • CVE-2012-0794\n

    Rajesh Taneja discovered that cookie encryption used a fixed key.

    • \n
  • CVE-2012-0793\n

    Eloy Lafuente discovered that profile images were insufficiently\n protected. A new configuration option forceloginforprofileimages\n was introduced for that.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.9.dfsg2-2.1+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.9.dfsg2-5.

\n

We recommend that you upgrade your moodle packages.

\n
\n
\n
\n
", "2422": "
\n

Debian Security Advisory

\n

DSA-2422-2 file -- missing bounds checks

\n
\n
Date Reported:
\n
09 May 2012
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1571.
\n
More information:
\n
\n

The file type identification tool, file, and its associated library,\nlibmagic, do not properly process malformed files in the Composite\nDocument File (CDF) format, leading to crashes.

\n

Note that after this update, file may return different detection\nresults for CDF files (well-formed or not). The new detections are\nbelieved to be more accurate.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.04-5+squeeze2.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "2423": "
\n

Debian Security Advisory

\n

DSA-2423-1 movabletype-opensource -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Mar 2012
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 631437, Bug 661064.
In Mitre's CVE dictionary: CVE-2012-1497, CVE-2012-1262, CVE-2012-0320, CVE-2012-0319, CVE-2012-0318, CVE-2012-0317, CVE-2011-5085, CVE-2011-5084.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Movable Type, a blogging\nsystem:

\n

Under certain circumstances, a user who has Create Entries or\nManage Blog permissions may be able to read known files on the local\nfile system.

\n

The file management system contains shell command injection\nvulnerabilities, the most serious of which may lead to arbitrary OS\ncommand execution by a user who has a permission to sign-in to the\nadmin script and also has a permission to upload files.

\n

Session hijack and cross-site request forgery vulnerabilities exist in\nthe commenting and the community script. A remote attacker could\nhijack the user session or could execute arbitrary script code on\nvictim's browser under the certain circumstances.

\n

Templates which do not escape variable properly and mt-wizard.cgi\ncontain cross-site scripting vulnerabilities.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 4.3.8+dfsg-0+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 5.1.3+dfsg-1.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "2424": "
\n

Debian Security Advisory

\n

DSA-2424-1 libxml-atom-perl -- XML external entity expansion

\n
\n
Date Reported:
\n
04 Mar 2012
\n
Affected Packages:
\n
\nlibxml-atom-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that the XML::Atom Perl module did not disable\nexternal entities when parsing XML from potentially untrusted sources.\nThis may allow attackers to gain read access to otherwise protected\nresources, depending on how the library is used.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.37-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.39-1.

\n

We recommend that you upgrade your libxml-atom-perl packages.

\n
\n
\n
\n
", "2425": "
\n

Debian Security Advisory

\n

DSA-2425-1 plib -- buffer overflow

\n
\n
Date Reported:
\n
04 Mar 2012
\n
Affected Packages:
\n
\nplib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 654785.
In Mitre's CVE dictionary: CVE-2011-4620.
\n
More information:
\n
\n

It was discovered that PLIB, a library used by TORCS, contains a\nbuffer overflow in error message processing, which could allow remote\nattackers to execute arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.5-5+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.8.5-5.1.

\n

We recommend that you upgrade your plib packages.

\n
\n
\n
\n
", "2426": "
\n

Debian Security Advisory

\n

DSA-2426-1 gimp -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Mar 2012
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1782, CVE-2011-2896.
\n
More information:
\n
\n

Several vulnerabilities have been identified in GIMP, the GNU Image\nManipulation Program.

\n
    \n
  • CVE-2010-4540\n

    Stack-based buffer overflow in the load_preset_response\n\tfunction in plug-ins/lighting/lighting-ui.c in the LIGHTING\n\tEFFECTS & LIGHT plugin allows user-assisted remote attackers\n\tto cause a denial of service (application crash) or possibly\n\texecute arbitrary code via a long Position field in a plugin\n\tconfiguration file.

    • \n
  • CVE-2010-4541\n

    Stack-based buffer overflow in the loadit function in\n\tplug-ins/common/sphere-designer.c in the SPHERE DESIGNER\n\tplugin allows user-assisted remote attackers to cause a denial\n\tof service (application crash) or possibly execute arbitrary\n\tcode via a long Number of lights field in a plugin\n\tconfiguration file.

    • \n
  • CVE-2010-4542\n

    Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb\n\tfunction in the GFIG plugin allows user-assisted remote\n\tattackers to cause a denial of service (application crash) or\n\tpossibly execute arbitrary code via a long Foreground field in a\n\tplugin configuration file.

    • \n
  • CVE-2010-4543\n

    Heap-based buffer overflow in the read_channel_data function in\n\tfile-psp.c in the Paint Shop Pro (PSP) plugin allows remote\n\tattackers to cause a denial of service (application crash) or\n\tpossibly execute arbitrary code via a PSP_COMP_RLE (aka RLE\n\tcompression) image file that begins a long run count at the end\n\tof the image.

    • \n
  • CVE-2011-1782\n

    The correction for CVE-2010-4543 was incomplete.

    • \n
  • CVE-2011-2896\n

    The LZW decompressor in the LZWReadByte function in\n\tplug-ins/common/file-gif-load.c does not properly handle code\n\twords that are absent from the decompression table when\n\tencountered, which allows remote attackers to trigger an\n\tinfinite loop or a heap-based buffer overflow, and possibly\n\texecute arbitrary code, via a crafted compressed stream.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.6.10-1+squeeze3.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 2.6.11-5.

\n

We recommend that you upgrade your gimp packages.

\n
\n
\n
\n
", "2427": "
\n

Debian Security Advisory

\n

DSA-2427-1 imagemagick -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Mar 2012
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0247, CVE-2012-0248.
\n
More information:
\n
\n

Two security vulnerabilities related to EXIF processing were\ndiscovered in ImageMagick, a suite of programs to manipulate images.

\n
    \n
  • CVE-2012-0247\n

    When parsing a maliciously crafted image with incorrect offset\n\tand count in the ResolutionUnit tag in EXIF IFD0, ImageMagick\n\twrites two bytes to an invalid address.

    • \n
  • CVE-2012-0248\n

    Parsing a maliciously crafted image with an IFD whose all IOP\n\ttags value offsets point to the beginning of the IFD itself\n\tresults in an endless loop and a denial of service.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 8:6.6.0.4-3+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 8:6.6.9.7-6.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "2428": "
\n

Debian Security Advisory

\n

DSA-2428-1 freetype -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Mar 2012
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1133, CVE-2012-1134, CVE-2012-1136, CVE-2012-1142, CVE-2012-1144.
\n
More information:
\n
\n

Mateusz Jurczyk from the Google Security Team discovered several\nvulnerabilties in Freetype's parsing of BDF, Type1 and TrueType fonts,\nwhich could result in the execution of arbitrary code if a malformed\nfont file is processed.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-2.1+squeeze4. The updated packages are already available\nsince yesterday, but the advisory text couldn't be send earlier.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "2429": "
\n

Debian Security Advisory

\n

DSA-2429-1 mysql-5.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Mar 2012
\n
Affected Packages:
\n
\nmysql-5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 659687.
In Mitre's CVE dictionary: CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492.
\n
More information:
\n
\n

\n Due to the non-disclosure of security patch information from Oracle,\n we are forced to ship an upstream version update of MySQL 5.1.\n There are several known incompatible\n changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.\n

\n

Several security vulnerabilities were discovered in MySQL, a database\nmanagement system. The vulnerabilities are addressed by upgrading\nMySQL to a new upstream version, 5.1.61, which includes additional\nchanges, such as performance improvements and corrections for data\nloss defects. These changes are described in the MySQL release notes\nat: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 5.1.61-0+squeeze1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.1.61-2.

\n

We recommend that you upgrade your mysql-5.1 packages.

\n
\n
\n
\n
", "2430": "
\n

Debian Security Advisory

\n

DSA-2430-1 python-pam -- double free

\n
\n
Date Reported:
\n
10 Mar 2012
\n
Affected Packages:
\n
\npython-pam\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1502.
\n
More information:
\n
\n

Markus Vervier discovered a double free in the Python interface to the\nPAM library, which could lead to denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.4.2-12.2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.2-13.

\n

We recommend that you upgrade your python-pam packages.

\n
\n
\n
\n
", "2431": "
\n

Debian Security Advisory

\n

DSA-2431-1 libdbd-pg-perl -- format string vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2012
\n
Affected Packages:
\n
\nlibdbd-pg-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 661536.
In Mitre's CVE dictionary: CVE-2012-1151.
\n
More information:
\n
\n

Niko Tyni discovered two format string vulnerabilities in DBD::Pg, a Perl\nDBI driver for the PostgreSQL database server, which can be exploited\nby a rogue database server.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.17.1-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.19.0-1.

\n

We recommend that you upgrade your libdbd-pg-perl packages.

\n
\n
\n
\n
", "2432": "
\n

Debian Security Advisory

\n

DSA-2432-1 libyaml-libyaml-perl -- format string vulnerabilities

\n
\n
Date Reported:
\n
12 Mar 2012
\n
Affected Packages:
\n
\nlibyaml-libyaml-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 661548.
In Mitre's CVE dictionary: CVE-2012-1152.
\n
More information:
\n
\n

Dominic Hargreaves and Niko Tyni discovered two format string\nvulnerabilities in YAML::LibYAML, a Perl interface to the libyaml\nlibrary.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.33-1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.38-2.

\n

We recommend that you upgrade your libyaml-libyaml-perl packages.

\n
\n
\n
\n
", "2433": "
\n

Debian Security Advisory

\n

DSA-2433-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Mar 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering\nservices for several other applications included in Debian.

\n
    \n
  • CVE-2012-0455\n

    Soroush Dalili discovered that a cross-site scripting countermeasure\n related to JavaScript URLs could be bypassed.

    • \n
  • CVE-2012-0456\n

    Atte Kettunen discovered an out of bounds read in the SVG Filters,\n resulting in memory disclosure.

    • \n
  • CVE-2012-0458\n

    Mariusz Mlynski discovered that privileges could be escalated through\n a JavaScript URL as the home page.

    • \n
  • CVE-2012-0461\n

    Bob Clary discovered memory corruption bugs, which may lead to the\n execution of arbitrary code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-13.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0.3esr-1.

\n

For the experimental distribution, this problem has been fixed in\nversion 11.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2434": "
\n

Debian Security Advisory

\n

DSA-2434-1 nginx -- sensitive information leak

\n
\n
Date Reported:
\n
19 Mar 2012
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 664137.
In Mitre's CVE dictionary: CVE-2012-1180.
\n
More information:
\n
\n

Matthew Daley discovered a memory disclosure vulnerability in nginx. In\nprevious versions of this web server, an attacker can receive the content of\npreviously freed memory if an upstream server returned a specially crafted HTTP\nresponse, potentially exposing sensitive information.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.67-3+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.17-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "2435": "
\n

Debian Security Advisory

\n

DSA-2435-1 gnash -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Mar 2012
\n
Affected Packages:
\n
\ngnash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 605419, Bug 649384, Bug 664023.
In Mitre's CVE dictionary: CVE-2010-4337, CVE-2011-4328, CVE-2012-1175.
\n
More information:
\n
\n

Several vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.

\n
    \n
  • CVE-2012-1175\n

    Tielei Wang from Georgia Tech Information Security Center discovered a\n vulnerability in GNU Gnash which is caused due to an integer overflow\n error and can be exploited to cause a heap-based buffer overflow by\n tricking a user into opening a specially crafted SWF file.

    • \n
  • CVE-2011-4328\n

    Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\n files are stored under /tmp and have predictable names, and the vulnerability\n allows a local attacker to overwrite arbitrary files the users has\n write permissions for, and are also world-readable which may cause\n information leak.

    • \n
  • CVE-2010-4337\n

    Jakub Wilk discovered an unsafe management of temporary files during the\n build process. Files are stored under /tmp and have predictable names, and the\n vulnerability allows a local attacker to overwrite arbitrary files\n the users has write permissions for.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-5.

\n

We recommend that you upgrade your gnash packages.

\n
\n
\n
\n
", "2436": "
\n

Debian Security Advisory

\n

DSA-2436-1 libapache2-mod-fcgid -- inactive resource limits

\n
\n
Date Reported:
\n
19 Mar 2012
\n
Affected Packages:
\n
\nlibapache2-mod-fcgid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 615814.
In Mitre's CVE dictionary: CVE-2012-1181.
\n
More information:
\n
\n

It was discovered that the Apache FCGID module, a FastCGI implementation,\ndid not properly enforce the FcgidMaxProcessesPerClass resource limit,\nrendering this control ineffective and potentially allowing a virtual\nhost to consume excessive resources.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.3.6-1+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.3.6-1.1.

\n

We recommend that you upgrade your libapache2-mod-fcgid packages.

\n
\n
\n
\n
", "2437": "
\n

Debian Security Advisory

\n

DSA-2437-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Mar 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n
    \n
  • CVE-2012-0455\n

    Soroush Dalili discovered that a cross-site scripting countermeasure\n related to Javascript URLs could be bypassed.

    • \n
  • CVE-2012-0456\n

    Atte Kettunen discovered an out of bounds read in the SVG Filters,\n resulting in memory disclosure.

    • \n
  • CVE-2012-0458\n

    Mariusz Mlynski discovered that privileges could be escalated through\n a Javascript URL as the home page.

    • \n
  • CVE-2012-0461\n

    Bob Clary discovered memory corruption bugs, which may lead to the\n execution of arbitrary code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze8.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2438": "
\n

Debian Security Advisory

\n

DSA-2438-1 raptor -- programming error

\n
\n
Date Reported:
\n
22 Mar 2012
\n
Affected Packages:
\n
\nraptor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0037.
\n
More information:
\n
\n

It was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your raptor packages.

\n
\n
\n
\n
", "2439": "
\n

Debian Security Advisory

\n

DSA-2439-1 libpng -- buffer overflow

\n
\n
Date Reported:
\n
22 Mar 2012
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3045.
\n
More information:
\n
\n

Glenn-Randers Pehrson discovered an buffer overflow in the libpng PNG\nlibrary, which could lead to the execution of arbitrary code if a\nmalformed image is processed.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.44-1+squeeze3. Packages for i386 are not yet available,\nbut will be provided shortly.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "2440": "
\n

Debian Security Advisory

\n

DSA-2440-1 libtasn1-3 -- missing bounds check

\n
\n
Date Reported:
\n
24 Mar 2012
\n
Affected Packages:
\n
\nlibtasn1-3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1569.
\n
More information:
\n
\n

Matthew Hall discovered that many callers of the asn1_get_length_der\nfunction did not check the result against the overall buffer length\nbefore processing it further. This could result in out-of-bounds\nmemory accesses and application crashes. Applications using GNUTLS\nare exposed to this issue.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7-1+squeeze+1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12-1.

\n

We recommend that you upgrade your libtasn1-3 packages.

\n
\n
\n
\n
", "2441": "
\n

Debian Security Advisory

\n

DSA-2441-1 gnutls26 -- missing bounds check

\n
\n
Date Reported:
\n
25 Mar 2012
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1573.
\n
More information:
\n
\n

Matthew Hall discovered that GNUTLS does not properly handle truncated\nGenericBlockCipher structures nested inside TLS records, leading to\ncrashes in applications using the GNUTLS library.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.18-1 of the gnutls26 package and version 3.0.17-2 of the\ngnutls28 package.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "2442": "
\n

Debian Security Advisory

\n

DSA-2442-2 openarena -- UDP traffic amplification

\n
\n
Date Reported:
\n
31 Mar 2012
\n
Affected Packages:
\n
\nopenarena\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 665656.
In Mitre's CVE dictionary: CVE-2010-5077.
\n
More information:
\n
\n

It has been discovered that spoofed getstatus UDP requests are being\nsent by attackers to servers for use with games derived from the\nQuake 3 engine (such as openarena). These servers respond with a\npacket flood to the victim whose IP address was impersonated by the\nattackers, causing a denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.5-5+squeeze3.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.8.5-6.

\n

We recommend that you upgrade your openarena packages.

\n
\n
\n
\n
", "2443": "
\n

Debian Security Advisory

\n

DSA-2443-1 linux-2.6 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
26 Mar 2012
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-4307, CVE-2011-1833, CVE-2011-4347, CVE-2012-0045, CVE-2012-1090, CVE-2012-1097.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2009-4307\n

    Nageswara R Sastry reported an issue in the ext4 filesystem. Local users\n with the privileges to mount a filesystem can cause a denial of service\n (BUG) by providing a s_log_groups_per_flex value greater than 31.

    • \n
  • CVE-2011-1833\n

    Vasiliy Kulikov of Openwall and Dan Rosenberg discovered an information\n leak in the eCryptfs filesystem. Local users were able to mount arbitrary\n directories.

    • \n
  • CVE-2011-4347\n

    Sasha Levin reported an issue in the device assignment functionality in\n KVM. Local users with permission to access /dev/kvm could assign unused pci\n devices to a guest and cause a denial of service (crash).

    • \n
  • CVE-2012-0045\n

    Stephan Barwolf reported an issue in KVM. Local users in a 32-bit guest\n running on a 64-bit system can crash the guest with a syscall instruction.

    • \n
  • CVE-2012-1090\n

    CAI Qian reported an issue in the CIFS filesystem. A reference count leak\n can occur during the lookup of special files, resulting in a denial of\n service (oops) on umount.

    • \n
  • CVE-2012-1097\n

    H. Peter Anvin reported an issue in the regset infrastructure. Local users\n can cause a denial of service (NULL pointer dereference) by triggering the\n write methods of readonly regsets.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-41squeeze2.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+41squeeze2
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n

Thanks to Micah Anderson for proof reading this text.

\n
\n
\n
\n
", "2444": "
\n

Debian Security Advisory

\n

DSA-2444-1 tryton-server -- privilege escalation

\n
\n
Date Reported:
\n
29 Mar 2012
\n
Affected Packages:
\n
\ntryton-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0215.
\n
More information:
\n
\n

It was discovered that the Tryton application framework for Python\nallows authenticated users to escalate their privileges by editing the\nMany2Many field.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-1.

\n

We recommend that you upgrade your tryton-server packages.

\n
\n
\n
\n
", "2445": "
\n

Debian Security Advisory

\n

DSA-2445-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Mar 2012
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1606, CVE-2012-1607, CVE-2012-1608.
\n
More information:
\n
\n

Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework:

\n
    \n
  • CVE-2012-1606\n

    Failing to properly HTML-encode user input in several places,\n\tthe TYPO3 backend is susceptible to Cross-Site Scripting. A\n\tvalid backend user is required to exploit these\n\tvulnerabilities.

    • \n
  • CVE-2012-1607\n

    Accessing a CLI Script directly with a browser may disclose\n\tthe database name used for the TYPO3 installation.

    • \n
  • CVE-2012-1608\n

    By not removing non printable characters, the API method\n\tt3lib_div::RemoveXSS() fails to filter specially crafted HTML\n\tinjections, thus is susceptible to Cross-Site Scripting.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.3.9+dfsg1-1+squeeze3.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.14+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2446": "
\n

Debian Security Advisory

\n

DSA-2446-1 libpng -- incorrect memory handling

\n
\n
Date Reported:
\n
04 Apr 2012
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3048.
\n
More information:
\n
\n

It was discovered that incorrect memory handling in the png_set_text2()\nfunction of the PNG library could lead to the execution of arbitrary\ncode.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion libpng_1.2.44-1+squeeze4.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "2447": "
\n

Debian Security Advisory

\n

DSA-2447-1 tiff -- integer overflow

\n
\n
Date Reported:
\n
04 Apr 2012
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1173.
\n
More information:
\n
\n

Alexander Gavrun discovered an integer overflow in the TIFF library\nin the parsing of the TileSize entry, which could result in the execution\nof arbitrary code if a malformed image is opened.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze4.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2448": "
\n

Debian Security Advisory

\n

DSA-2448-1 inspircd -- buffer overflow

\n
\n
Date Reported:
\n
10 Apr 2012
\n
Affected Packages:
\n
\ninspircd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 667914.
In Mitre's CVE dictionary: CVE-2012-1836.
\n
More information:
\n
\n

It was discovered that a heap-based buffer overflow in InspIRCd could allow\nremote attackers to execute arbitrary code via a crafted DNS query.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.22+dfsg-4+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.1.22+dfsg-4+wheezy1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.5-0.1.

\n

We recommend that you upgrade your inspircd packages.

\n
\n
\n
\n
", "2449": "
\n

Debian Security Advisory

\n

DSA-2449-1 sqlalchemy -- missing input sanitization

\n
\n
Date Reported:
\n
12 Apr 2012
\n
Affected Packages:
\n
\nsqlalchemy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0805.
\n
More information:
\n
\n

It was discovered that SQLAlchemy, an SQL toolkit and object relational\nmapper for Python, is not sanitizing input passed to the limit/offset\nkeywords to select() as well as the value passed to select.limit()/offset().\nThis allows an attacker to perform SQL injection attacks against\napplications using SQLAlchemy that do not implement their own filtering.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.6.3-3+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.6.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.7-1.

\n

We recommend that you upgrade your sqlalchemy packages.

\n
\n
\n
\n
", "2450": "
\n

Debian Security Advisory

\n

DSA-2450-1 samba -- privilege escalation

\n
\n
Date Reported:
\n
12 Apr 2012
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 668309.
In Mitre's CVE dictionary: CVE-2012-1182.
\n
More information:
\n
\n

It was discovered that Samba, the SMB/CIFS file, print, and login server,\ncontained a flaw in the remote procedure call (RPC) code which allowed\nremote code execution as the super user from an unauthenticated\nconnection.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2:3.5.6~dfsg-3squeeze7.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.6.4-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2451": "
\n

Debian Security Advisory

\n

DSA-2451-1 puppet -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Apr 2012
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2012-1906\n

    Puppet is using predictable temporary file names when downloading\n Mac OS X package files. This allows a local attacker to either\n overwrite arbitrary files on the system or to install an arbitrary\n package.

    • \n
  • CVE-2012-1986\n

    When handling requests for a file from a remote filebucket, Puppet\n can be tricked into overwriting its defined location for filebucket\n storage. This allows an authorized attacker with access to the Puppet\n master to read arbitrary files.

    • \n
  • CVE-2012-1987\n

    Puppet is incorrectly handling filebucket store requests. This allows\n an attacker to perform denial of service attacks against Puppet by\n resource exhaustion.

    • \n
  • CVE-2012-1988\n

    Puppet is incorrectly handling filebucket requests. This allows an\n attacker with access to the certificate on the agent and an unprivileged\n account on Puppet master to execute arbitrary code via crafted file\n path names and making a filebucket request.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze5.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.7.13-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.13-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2452": "
\n

Debian Security Advisory

\n

DSA-2452-1 apache2 -- insecure default configuration

\n
\n
Date Reported:
\n
15 Apr 2012
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0216.
\n
More information:
\n
\n

Niels Heinen noticed a security issue with the default Apache\nconfiguration on Debian if certain scripting modules like mod_php or\nmod_rivet are installed. The problem arises because the directory\n/usr/share/doc, which is mapped to the URL /doc, may contain example\nscripts that can be executed by requests to this URL. Although access\nto the URL /doc is restricted to connections from localhost, this still\ncreates security issues in two specific configurations:

\n
    \n
  • \nif some front-end server on the same host forwards connections to an\napache2 backend server on the localhost address, or\n
    • \n
  • \nif the machine running apache2 is also used for web browsing.\n
    • \n
\n

Systems not meeting one of these two conditions are not known to be\nvulnerable. The actual security impact depends on which packages (and\naccordingly which example scripts) are installed on the system.\nPossible issues include cross site scripting, code execution, or\nleakage of sensitive data.

\n

This updates removes the problematic configuration sections from the\nfiles /etc/apache2/sites-available/default and .../default-ssl. When\nupgrading, you should not blindly allow dpkg to replace those files,\nthough. Rather you should merge the changes, namely the removal of the\nAlias /doc \"/usr/share/doc\" line and the related <Directory\n\"/usr/share/doc/\"> block, into your versions of these config files.\nYou may also want to check if you have copied these sections to any\nadditional virtual host configurations.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze7.

\n

For the testing distribution (wheezy), this problem will be fixed in\nversion 2.2.22-4.

\n

For the unstable distribution (sid), this problem will be fixed in\nversion 2.2.22-4.

\n

For the experimental distribution, this problem has been fixed in\nversion 2.4.1-3.

\n

We recommend that you upgrade your apache2 packages and adjust your\nconfiguration.

\n
\n
\n
\n
", "2453": "
\n

Debian Security Advisory

\n

DSA-2453-1 gajim -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Apr 2012
\n
Affected Packages:
\n
\ngajim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 668038.
In Mitre's CVE dictionary: CVE-2012-2093, CVE-2012-2086, CVE-2012-2085.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Gajim, a feature-rich\nJabber client. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2012-1987\n

    Gajim is not properly sanitizing input before passing it to shell\n commands. An attacker can use this flaw to execute arbitrary code\n on behalf of the victim if the user e.g. clicks on a specially crafted\n URL in an instant message.

    • \n
  • CVE-2012-2093\n

    Gajim is using predictable temporary files in an insecure manner when\n converting instant messages containing LaTeX to images. A local\n attacker can use this flaw to conduct symlink attacks and overwrite\n files the victim has write access to.

    • \n
  • CVE-2012-2086\n

    Gajim is not properly sanitizing input when logging conversations\n which results in the possibility to conduct SQL injection attacks.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.13.4-3+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.15-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.15-1.

\n

We recommend that you upgrade your gajim packages.

\n
\n
\n
\n
", "2454": "
\n

Debian Security Advisory

\n

DSA-2454-2 openssl -- multiple vulnerabilities

\n
\n
Date Reported:
\n
24 Apr 2012
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0884, CVE-2012-1165, CVE-2012-2110, CVE-2012-2131.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:

\n
    \n
  • CVE-2012-0884\n

    Ivan Nestlerode discovered a weakness in the CMS and PKCS #7\n\timplementations that could allow an attacker to decrypt data\n\tvia a Million Message Attack (MMA).

    • \n
  • CVE-2012-1165\n

    It was discovered that a NULL pointer could be dereferenced\n\twhen parsing certain S/MIME messages, leading to denial of\n\tservice.

    • \n
  • CVE-2012-2110\n

    Tavis Ormandy, Google Security Team, discovered a vulnerability\n\tin the way DER-encoded ASN.1 data is parsed that can result in\n\ta heap overflow.

    • \n
\n

Additionally, the fix for CVE-2011-4619 has been updated to address an\nissue with SGC handshakes.

\n

\nTomas Hoger, Red Hat, discovered that the fix for\nCVE-2012-2110\nfor the 0.9.8 series of OpenSSL was incomplete. It has been assigned the\nCVE-2012-2131\nidentifier.\n

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze12.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1a-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2455": "
\n

Debian Security Advisory

\n

DSA-2455-1 typo3-src -- missing input sanitization

\n
\n
Date Reported:
\n
20 Apr 2012
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 669158.
In Mitre's CVE dictionary: CVE-2012-2112.
\n
More information:
\n
\n

Helmut Hummel of the TYPO3 security team discovered that TYPO3, a web\ncontent management system, is not properly sanitizing output of the\nexception handler. This allows an attacker to conduct cross-site\nscripting attacks if either third-party extensions are installed that do\nnot sanitize this output on their own or in the presence of extensions\nusing the extbase MVC framework which accept objects to controller actions.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.9+dfsg1-1+squeeze4.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2456": "
\n

Debian Security Advisory

\n

DSA-2456-1 dropbear -- use after free

\n
\n
Date Reported:
\n
23 Apr 2012
\n
Affected Packages:
\n
\ndropbear\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0920.
\n
More information:
\n
\n

Danny Fullerton discovered a use-after-free in the Dropbear SSH daemon,\nresulting in potential execution of arbitrary code. Exploitation is\nlimited to users, who have been authenticated through public key\nauthentication and for which command restrictions are in place.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.52-5+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2012.55-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2012.55-1.

\n

We recommend that you upgrade your dropbear packages.

\n
\n
\n
\n
", "2457": "
\n

Debian Security Advisory

\n

DSA-2457-2 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
13 May 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.

\n
    \n
  • CVE-2012-0467\n

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.

    • \n
  • CVE-2012-0470\n

    Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0471\n

    Anne van Kesteren discovered that incorrect multibyte character\n encoding may lead to cross-site scripting.

    • \n
  • CVE-2012-0477\n

    Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.

    • \n
  • CVE-2012-0479\n

    Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-15.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0.4esr-1.

\n

For the experimental distribution, this problem will be fixed soon.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2458": "
\n

Debian Security Advisory

\n

DSA-2458-2 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
13 May 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461, CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey:

\n
    \n
  • CVE-2012-0455\n

    Soroush Dalili discovered that a cross-site scripting countermeasure\n related to JavaScript URLs could be bypassed.

    • \n
  • CVE-2012-0456\n

    Atte Kettunen discovered an out of bounds read in the SVG Filters,\n resulting in memory disclosure.

    • \n
  • CVE-2012-0458\n

    Mariusz Mlynski discovered that privileges could be escalated through\n a JavaScript URL as the home page.

    • \n
  • CVE-2012-0461\n

    Bob Clary discovered memory corruption bugs, which may lead to the\n execution of arbitrary code.

    • \n
  • CVE-2012-0467\n

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.

    • \n
  • CVE-2012-0470\n

    Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0471\n

    Anne van Kesteren discovered that incorrect multibyte character\n encoding may lead to cross-site scripting.

    • \n
  • CVE-2012-0477\n

    Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.

    • \n
  • CVE-2012-0479\n

    Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-12

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2459": "
\n

Debian Security Advisory

\n

DSA-2459-2 quagga -- several vulnerabilities

\n
\n
Date Reported:
\n
04 May 2012
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0249, CVE-2012-0250, CVE-2012-0255.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Quagga, a routing\ndaemon.

\n
    \n
  • CVE-2012-0249\n

    A buffer overflow in the ospf_ls_upd_list_lsa function in the\n OSPFv2 implementation allows remote attackers to cause a\n denial of service (assertion failure and daemon exit) via a\n Link State Update (aka LS Update) packet that is smaller than\n the length specified in its header.

    • \n
  • CVE-2012-0250\n

    A buffer overflow in the OSPFv2 implementation allows remote\n attackers to cause a denial of service (daemon crash) via a\n Link State Update (aka LS Update) packet containing a\n network-LSA link-state advertisement for which the\n data-structure length is smaller than the value in the Length\n header field.

    • \n
  • CVE-2012-0255\n

    The BGP implementation does not properly use message buffers\n for OPEN messages, which allows remote attackers impersonating\n a configured BGP peer to cause a denial of service (assertion\n failure and daemon exit) via a message associated with a\n malformed AS4 capability.

    • \n
\n

This security update upgrades the quagga package to the most recent\nupstream release. This release includes other corrections, such as\nhardening against unknown BGP path attributes.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 0.99.20.1-0+squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 0.99.20.1-1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "2460": "
\n

Debian Security Advisory

\n

DSA-2460-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Apr 2012
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1183, CVE-2012-2414, CVE-2012-2415.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Asterisk PBX and telephony\ntoolkit:

\n
    \n
  • CVE-2012-1183\n

    Russell Bryant discovered a buffer overflow in the Milliwatt\n application.

    • \n
  • CVE-2012-2414\n

    David Woolley discovered a privilege escalation in the Asterisk\n manager interface.

    • \n
  • CVE-2012-2415\n

    Russell Bryant discovered a buffer overflow in the Skinny\n driver.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze5.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2461": "
\n

Debian Security Advisory

\n

DSA-2461-1 spip -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Apr 2012
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2151.
\n
More information:
\n
\n

Several vulnerabilities have been found in SPIP, a website engine for\npublishing, resulting in cross-site scripting, script code injection\nand bypass of restrictions.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.13-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.13-1.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "2462": "
\n

Debian Security Advisory

\n

DSA-2462-2 imagemagick -- several vulnerabilities

\n
\n
Date Reported:
\n
03 May 2012
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0259, CVE-2012-0260, CVE-2012-1185, CVE-2012-1186, CVE-2012-1610, CVE-2012-1798.
\n
More information:
\n
\n

Several integer overflows and missing input validations were discovered\nin the ImageMagick image manipulation suite, resulting in the execution\nof arbitrary code or denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6.6.0.4-3+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.4.0-5.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "2463": "
\n

Debian Security Advisory

\n

DSA-2463-1 samba -- missing permission checks

\n
\n
Date Reported:
\n
02 May 2012
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2111.
\n
More information:
\n
\n

Ivano Cristofolini discovered that insufficient security checks in\nSamba's handling of LSA RPC calls could lead to privilege escalation\nby gaining the take ownership privilege.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.6~dfsg-3squeeze8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.6.5-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2464": "
\n

Debian Security Advisory

\n

DSA-2464-2 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
08 May 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 671408, Bug 671410.
In Mitre's CVE dictionary: CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, an unbranded\nversion of the Thunderbird mail/news client.

\n
    \n
  • CVE-2012-0467\n

    Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary\n Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward,\n and Olli Pettay discovered memory corruption bugs, which may lead\n to the execution of arbitrary code.

    • \n
  • CVE-2012-0470\n

    Atte Kettunen discovered that a memory corruption bug in\n gfxImageSurface may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-0471\n

    Anne van Kesteren discovered that incorrect multibyte character\n encoding may lead to cross-site scripting.

    • \n
  • CVE-2012-0477\n

    Masato Kinugawa discovered that incorrect encoding of\n Korean and Chinese character sets may lead to cross-site scripting.

    • \n
  • CVE-2012-0479\n

    Jeroen van der Gun discovered a spoofing vulnerability in the\n presentation of Atom and RSS feeds over HTTPS.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze10.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2465": "
\n

Debian Security Advisory

\n

DSA-2465-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 May 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1172, CVE-2012-1823, CVE-2012-2311.
\n
More information:
\n
\n

De Eindbazen discovered that PHP, when run with mod_cgi, will\ninterpret a query string as command line parameters, allowing to\nexecute arbitrary code.

\n

Additionally, this update fixes insufficient validation of upload\nname which lead to corrupted $_FILES indices.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze9.

\n

The testing distribution (wheezy) will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.4.3-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2466": "
\n

Debian Security Advisory

\n

DSA-2466-1 rails -- cross site scripting

\n
\n
Date Reported:
\n
09 May 2012
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 668607.
In Mitre's CVE dictionary: CVE-2012-1099.
\n
More information:
\n
\n

Sergey Nartimov discovered that in Rails, a Ruby based framework for\nweb development, when developers generate html options tags manually,\nuser input concatenated with manually built tags may not be escaped\nand an attacker can inject arbitrary HTML into the document.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze3.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2.3.14.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2467": "
\n

Debian Security Advisory

\n

DSA-2467-1 mahara -- insecure defaults

\n
\n
Date Reported:
\n
09 May 2012
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2351.
\n
More information:
\n
\n

It was discovered that Mahara, the portfolio, weblog, and resume builder,\nhad an insecure default with regards to SAML-based authentication used\nwith more than one SAML identity provider. Someone with control over one\nIdP could impersonate users from other IdP's.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.6-2+squeeze4.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.4.2-1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
\n
\n
", "2468": "
\n

Debian Security Advisory

\n

DSA-2468-1 libjakarta-poi-java -- unbounded memory allocation

\n
\n
Date Reported:
\n
09 May 2012
\n
Affected Packages:
\n
\nlibjakarta-poi-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0213.
\n
More information:
\n
\n

It was discovered that Apache POI, a Java implementation of the\nMicrosoft Office file formats, would allocate arbitrary amounts of\nmemory when processing crafted documents. This could impact the\nstability of the Java virtual machine.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.6+dfsg-1+squeeze1.

\n

We recommend that you upgrade your libjakarta-poi-java packages.

\n
\n
\n
\n
", "2469": "
\n

Debian Security Advisory

\n

DSA-2469-1 linux-2.6 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
10 May 2012
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4086, CVE-2012-0879, CVE-2012-1601, CVE-2012-2123, CVE-2012-2133.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2011-4086\n

    Eric Sandeen reported an issue in the journaling layer for ext4 filesystems\n (jbd2). Local users can cause buffers to be accessed after they have been\n torn down, resulting in a denial of service (DoS) due to a system crash.

    • \n
  • CVE-2012-0879\n

    Louis Rilling reported two reference counting issues in the CLONE_IO\n feature of the kernel. Local users can prevent io context structures\n from being freed, resulting in a denial of service.

    • \n
  • CVE-2012-1601\n

    Michael Ellerman reported an issue in the KVM subsystem. Local users could\n cause a denial of service (NULL pointer dereference) by creating VCPUs\n before a call to KVM_CREATE_IRQCHIP.

    • \n
  • CVE-2012-2123\n

    Steve Grubb reported an issue in fcaps, a filesystem-based capabilities\n system. Personality flags set using this mechanism, such as the disabling\n of address space randomization, may persist across suid calls.

    • \n
  • CVE-2012-2133\n

    Shachar Raindel discovered a use-after-free bug in the hugepages\n quota implementation. Local users with permission to use hugepages\n via the hugetlbfs implementation may be able to cause a denial of\n service (system crash).

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-44. Updates are currently only available for the amd64, i386 and sparc\nports.

\n

\nNote: updated linux-2.6 packages will also be made available in the release\nof Debian 6.0.5, scheduled to take place the weekend of 2012.05.12. This\npending update will be version 2.6.32-45, and provides an additional fix for\nbuild failures on some architectures. Users for whom this update is not\ncritical, and who may wish to avoid multiple reboots, should consider waiting\nfor the 6.0.5 release before updating, or installing the 2.6.32-45 version\nahead of time from proposed-updates.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+44
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n
\n
\n
\n
", "2470": "
\n

Debian Security Advisory

\n

DSA-2470-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
11 May 2012
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 670124.
In Mitre's CVE dictionary: CVE-2011-3122, CVE-2011-3125, CVE-2011-3126, CVE-2011-3127, CVE-2011-3128, CVE-2011-3129, CVE-2011-3130, CVE-2011-4956, CVE-2011-4957, CVE-2012-2399, CVE-2012-2400, CVE-2012-2401, CVE-2012-2402, CVE-2012-2403, CVE-2012-2404.
\n
More information:
\n
\n

Several vulnerabilities were identified in WordPress, a web blogging\ntool. As the CVEs were allocated from releases announcements and\nspecific fixes are usually not identified, it has been decided to\nupgrade the wordpress package to the latest upstream version instead\nof backporting the patches.

\n

This means extra care should be taken when upgrading, especially when\nusing third-party plugins or themes, since compatibility may have been\nimpacted along the way. We recommend that users check their install\nbefore doing the upgrade.

\n

For the stable distribution (squeeze), those problems have been fixed in\nversion 3.3.2+dfsg-1~squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), those problems have been fixed in version 3.3.2+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "2471": "
\n

Debian Security Advisory

\n

DSA-2471-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
13 May 2012
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3940, CVE-2011-3947, CVE-2012-0853, CVE-2012-0947.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the decoders/\ndemuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska,\nVorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of\narbitrary code.

\n

These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael\nColdwind, and Michael Niedermayer.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4:0.5.8-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6:0.8.2-1 of libav.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2472": "
\n

Debian Security Advisory

\n

DSA-2472-1 gridengine -- privilege escalation

\n
\n
Date Reported:
\n
15 May 2012
\n
Affected Packages:
\n
\ngridengine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0208.
\n
More information:
\n
\n

Dave Love discovered that users who are allowed to submit jobs to a\nGrid Engine installation can escalate their privileges to root because\nthe environment is not properly sanitized before creating processes.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6.2u5-1squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.2u5-6.

\n

We recommend that you upgrade your gridengine packages.

\n
\n
\n
\n
", "2473": "
\n

Debian Security Advisory

\n

DSA-2473-1 openoffice.org -- buffer overflow

\n
\n
Date Reported:
\n
16 May 2012
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1149.
\n
More information:
\n
\n

Tielei Wang discovered that OpenOffice.org does not allocate a large\nenough memory region when processing a specially crafted JPEG object,\nleading to a heap-based buffer overflow and potentially arbitrary code\nexecution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:3.4.5-1 of the\nlibreoffice package.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2474": "
\n

Debian Security Advisory

\n

DSA-2474-1 ikiwiki -- cross-site scripting

\n
\n
Date Reported:
\n
16 May 2012
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0220.
\n
More information:
\n
\n

Ra\u00fal Benencia discovered that ikiwiki, a wiki compiler, does not\nproperly escape the author (and its URL) of certain metadata, such as\ncomments. This might be used to conduct cross-site scripting attacks.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.20100815.9.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.20120516.

\n

We recommend that you upgrade your ikiwiki packages.

\n
\n
\n
\n
", "2475": "
\n

Debian Security Advisory

\n

DSA-2475-1 openssl -- integer underflow

\n
\n
Date Reported:
\n
17 May 2012
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2333.
\n
More information:
\n
\n

It was discovered that openssl did not correctly handle explicit\nInitialization Vectors for CBC encryption modes, as used in TLS 1.1,\n1.2, and DTLS. An incorrect calculation would lead to an integer\nunderflow and incorrect memory access, causing denial of service\n(application crash.)

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.9.8o-4squeeze13.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), this problem has been fixed in version 1.0.1c-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2476": "
\n

Debian Security Advisory

\n

DSA-2476-1 pidgin-otr -- format string vulnerability

\n
\n
Date Reported:
\n
19 May 2012
\n
Affected Packages:
\n
\npidgin-otr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 673154.
In Mitre's CVE dictionary: CVE-2012-2369.
\n
More information:
\n
\n

intrigeri discovered a format string error in pidgin-otr, an Off-the-Record\nMessaging plugin for Pidgin.

\n

This could be exploited by a remote attacker to cause arbitrary code to\nbe executed on the user's machine.

\n

The problem is only in pidgin-otr. Other applications which use libotr are\nnot affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-5+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.

\n

We recommend that you upgrade your pidgin-otr packages.

\n
\n
\n
\n
", "2477": "
\n

Debian Security Advisory

\n

DSA-2477-1 sympa -- authorization bypass

\n
\n
Date Reported:
\n
20 May 2012
\n
Affected Packages:
\n
\nsympa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2352.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Sympa, a mailing list\nmanager, that allow to skip the scenario-based authorization\nmechanisms. This vulnerability allows to display the archives\nmanagement page, and download and delete the list archives by\nunauthorized users.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6.0.1+dfsg-4+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed\nsoon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.1.11~dfsg-2.

\n

We recommend that you upgrade your sympa packages.

\n
\n
\n
\n
", "2478": "
\n

Debian Security Advisory

\n

DSA-2478-1 sudo -- parsing error

\n
\n
Date Reported:
\n
23 May 2012
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2337.
\n
More information:
\n
\n

It was discovered that sudo misparsed network masks used in Host and\nHost_List stanzas. This allowed the execution of commands on hosts,\nwhere the user would not be allowed to run the specified command.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.7.4p4-2.squeeze.3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your sudo packages.

\n
\n
\n
\n
", "2479": "
\n

Debian Security Advisory

\n

DSA-2479-1 libxml2 -- off-by-one

\n
\n
Date Reported:
\n
23 May 2012
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3102.
\n
More information:
\n
\n

Jueri Aedla discovered an off-by-one in libxml2, which could result in\nthe execution of arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.8.dfsg-9.1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2480": "
\n

Debian Security Advisory

\n

DSA-2480-4 request-tracker3.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Sep 2012
\n
Affected Packages:
\n
\nrequest-tracker3.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 674924, Bug 675369.
In Mitre's CVE dictionary: CVE-2011-2082, CVE-2011-2083, CVE-2011-2084, CVE-2011-2085, CVE-2011-4458, CVE-2011-4459, CVE-2011-4460.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Request Tracker, an issue\ntracking system:

\n
    \n
  • CVE-2011-2082\n

    The vulnerable-passwords scripts introduced for\n CVE-2011-0009\n failed to correct the password hashes of disabled users.

    • \n
  • CVE-2011-2083\n

    Several cross-site scripting issues have been discovered.

    • \n
  • CVE-2011-2084\n

    Password hashes could be disclosed by privileged users.

    • \n
  • CVE-2011-2085\n

    Several cross-site request forgery vulnerabilities have been\n found. If this update breaks your setup, you can restore the old\n behaviour by setting $RestrictReferrer to 0.

    • \n
  • CVE-2011-4458\n

    The code to support variable envelope return paths allowed the\n execution of arbitrary code.

    • \n
  • CVE-2011-4459\n

    Disabled groups were not fully accounted as disabled.

    • \n
  • CVE-2011-4460\n

    SQL injection vulnerability, only exploitable by privileged\n users.

    • \n
\n

Please note that if you run request-tracker3.8 under the Apache web server,\nyou must stop and start Apache manually. The restart mechanism is not\nrecommended, especially when using mod_perl.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.8.8-7+squeeze5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.5-3.

\n

We recommend that you upgrade your request-tracker3.8 packages.

\n
\n
\n
\n
", "2481": "
\n

Debian Security Advisory

\n

DSA-2481-1 arpwatch -- fails to drop supplementary groups

\n
\n
Date Reported:
\n
02 Jun 2012
\n
Affected Packages:
\n
\narpwatch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 674715.
In Mitre's CVE dictionary: CVE-2012-2653.
\n
More information:
\n
\n

Steve Grubb from Red Hat discovered that a patch for arpwatch (as shipped at\nleast in Red Hat and Debian distributions) in order to make it drop root\nprivileges would fail to do so and instead add the root group to the list of\nthe daemon uses.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1a15-1.1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.1a15-1.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1a15-1.2.

\n

We recommend that you upgrade your arpwatch packages.

\n
\n
\n
\n
", "2482": "
\n

Debian Security Advisory

\n

DSA-2482-1 libgdata -- insufficient certificate validation

\n
\n
Date Reported:
\n
02 Jun 2012
\n
Affected Packages:
\n
\nlibgdata\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 664032.
In Mitre's CVE dictionary: CVE-2012-1177.
\n
More information:
\n
\n

Vreixo Formoso discovered that libgdata, a library used to access various\nGoogle services, wasn't validating certificates against trusted system\nroot CAs when using an HTTPS connection.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.6.4-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.10.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.10.2-1.

\n

We recommend that you upgrade your libgdata packages.

\n
\n
\n
\n
", "2483": "
\n

Debian Security Advisory

\n

DSA-2483-1 strongswan -- authentication bypass

\n
\n
Date Reported:
\n
31 May 2012
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2388.
\n
More information:
\n
\n

An authentication bypass issue was discovered by the Codenomicon CROSS\nproject in strongSwan, an IPsec-based VPN solution. When using\nRSA-based setups, a missing check in the gmp plugin could allow an\nattacker presenting a forged signature to successfully authenticate\nagainst a strongSwan responder.

\n

The default configuration in Debian does not use the gmp plugin for\nRSA operations but rather the OpenSSL plugin, so the packages as\nshipped by Debian are not vulnerable.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-5.2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5.2-1.4.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "2484": "
\n

Debian Security Advisory

\n

DSA-2484-1 nut -- denial of service

\n
\n
Date Reported:
\n
02 Jun 2012
\n
Affected Packages:
\n
\nnut\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 675203.
In Mitre's CVE dictionary: CVE-2012-2944.
\n
More information:
\n
\n

Sebastian Pohle discovered that UPSD, the server of Network UPS Tools\n(NUT) is vulnerable to a remote denial of service attack.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.3-1.1squeeze2.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your nut packages.

\n
\n
\n
\n
", "2485": "
\n

Debian Security Advisory

\n

DSA-2485-1 imp4 -- cross site scripting

\n
\n
Date Reported:
\n
03 Jun 2012
\n
Affected Packages:
\n
\nimp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 659392.
In Mitre's CVE dictionary: CVE-2012-0791.
\n
More information:
\n
\n

Multiple cross-site scripting (XSS) vulnerabilities were discovered in\nIMP, the webmail component in the Horde framework. The vulnerabilities\nallow remote attackers to inject arbitrary web script or HTML via various\ncrafted parameters.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.7+debian0-2.2.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your imp4 packages.

\n
\n
\n
\n
", "2486": "
\n

Debian Security Advisory

\n

DSA-2486-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
05 Jun 2012
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1667.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, can crash while processing\nresource records containing no data bytes. Both authoritative servers\nand resolvers are affected.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze5.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2487": "
\n

Debian Security Advisory

\n

DSA-2487-1 openoffice.org -- buffer overflow

\n
\n
Date Reported:
\n
07 Jun 2012
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1149, CVE-2012-2334.
\n
More information:
\n
\n

It was discovered that OpenOffice.org would not properly process\ncrafted document files, possibly leading to arbitrary code execution.

\n
    \n
  • CVE-2012-1149\n

    Integer overflows in PNG image handling.

    • \n
  • CVE-2012-2334\n

    Integer overflow in operator new[] invocation and heap-based\n\tbuffer overflow inside the MS-ODRAW parser.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:3.5.2~rc2-1 of the libreoffice package.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2488": "
\n

Debian Security Advisory

\n

DSA-2488-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jun 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1940, CVE-2012-1947.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.

\n
    \n
  • CVE-2012-1937\n

    Mozilla developers discovered several memory corruption bugs,\n which may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-1940\n

    Abhishek Arya discovered a use-after-free problem when working\n with column layout with absolute positioning in a container that\n changes size, which may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-1947\n

    Abhishek Arya discovered a heap buffer overflow in utf16 to latin1\n character set conversion, allowing to execute arbitrary code.

    • \n
\n

Note: We'd like to advise users of Iceweasel's 3.5 branch in Debian\nstable to consider to upgrade to the Iceweasel 10.0 ESR (Extended\nSupport Release) which is now available in Debian Backports.\nAlthough Debian will continue to support Iceweasel 3.5 in stable with\nsecurity updates, this can only be done on a best effort base as\nupstream provides no such support anymore. On top of that, the 10.0\nbranch adds proactive security features to the browser.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-16.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0.5esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2489": "
\n

Debian Security Advisory

\n

DSA-2489-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Jun 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1940, CVE-2012-1947.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey.

\n
    \n
  • CVE-2012-1937\n

    Mozilla developers discovered several memory corruption bugs,\n which may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-1940\n

    Abhishek Arya discovered a use-after-free problem when working\n with column layout with absolute positioning in a container that\n changes size, which may lead to the execution of arbitrary code.

    • \n
  • CVE-2012-1947\n

    Abhishek Arya discovered a heap buffer overflow in utf16 to latin1\n character set conversion, allowing to execute arbitrary code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-13.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2490": "
\n

Debian Security Advisory

\n

DSA-2490-1 nss -- denial of service

\n
\n
Date Reported:
\n
07 Jun 2012
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0441.
\n
More information:
\n
\n

Kaspar Brand discovered that Mozilla's Network Security Services (NSS)\nlibraries did insufficient length checking in the QuickDER decoder,\nallowing to crash a program using the libraries.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze5.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 2:3.13.4-3.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2491": "
\n

Debian Security Advisory

\n

DSA-2491-1 postgresql-8.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Jun 2012
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2143, CVE-2012-2655.
\n
More information:
\n
\n

Two vulnerabilities were discovered in PostgreSQL, an SQL database\nserver:

\n
    \n
  • CVE-2012-2143\n

    The crypt(text, text) function in the pgcrypto contrib module\n\tdid not handle certain passwords correctly when producing\n\ttraditional DES-based hashes. Characters after the first\n\t0x80 byte were ignored.

    \n
    • \n
  • CVE-2012-2655\n

    SECURITY DEFINER and SET attributes for a call handler of a\n\tprocedural language could crash the database server.

    \n
    • \n
\n

In addition, this update contains reliability and stability fixes from\nthe 8.4.12 upstream release.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.4.12-0squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.12-1.

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2492": "
\n

Debian Security Advisory

\n

DSA-2492-1 php5 -- buffer overflow

\n
\n
Date Reported:
\n
10 Jun 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2386.
\n
More information:
\n
\n

The Phar extension for PHP does not properly handle crafted tar files,\nleading to a heap-based buffer overflow. PHP applications processing\ntar files could crash or, potentially, execute arbitrary code.

\n

In addition, this update addresses a regression which caused a crash\nwhen accessing a global object that is returned as $this from __get.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze13.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 5.4.4~rc1-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2493": "
\n

Debian Security Advisory

\n

DSA-2493-1 asterisk -- denial of service

\n
\n
Date Reported:
\n
12 Jun 2012
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 675204, Bug 675210.
In Mitre's CVE dictionary: CVE-2012-2947, CVE-2012-2948.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Asterisk, a PBX and\ntelephony toolkit.

\n
    \n
  • CVE-2012-2947\n

    The IAX2 channel driver allows remote attackers to cause a\n\tdenial of service (daemon crash) by placing a call on hold\n\t(when a certain mohinterpret setting is enabled).

    • \n
  • CVE-2012-2948\n

    The Skinny channel driver allows remote authenticated users to\n\tcause a denial of service (NULL pointer dereference and daemon\n\tcrash) by closing a connection in off-hook mode.

    • \n
\n

In addition, it was discovered that Asterisk does not set the\nalwaysauthreject option by default in the SIP channel driver. This\nallows remote attackers to observe a difference in response behavior\nand check for the presence of account names. (CVE-2011-2666) System\nadministrators concerned by this user enumerating vulnerability should\nenable the alwaysauthreject option in the configuration. We do not\nplan to change the default setting in the stable version\n(Asterisk 1.6) in order to preserve backwards compatibility.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze6.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:1.8.13.0~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2494": "
\n

Debian Security Advisory

\n

DSA-2494-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Jun 2012
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3951, CVE-2011-3952, CVE-2012-0851, CVE-2012-0852.
\n
More information:
\n
\n

It was discovered that FFmpeg, Debian's version of the Libav media\ncodec suite, contains vulnerabilities in the DPCM codecs\n(CVE-2011-3951),\nH.264 (CVE-2012-0851),\nADPCM (CVE-2012-0852), and the\nKMVC decoder (CVE-2011-3952).

\n

In addition, this update contains bug fixes from the Libav 0.5.9\nupstream release.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 4:0.5.9-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6:0.8.3-1.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2495": "
\n

Debian Security Advisory

\n

DSA-2495-1 openconnect -- buffer overflow

\n
\n
Date Reported:
\n
16 Jun 2012
\n
Affected Packages:
\n
\nopenconnect\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3291.
\n
More information:
\n
\n

A buffer overflow was discovered in OpenConnect, a client for the Cisco\nAnyConnect VPN, which could result in denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.25-0.1+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.18-1.

\n

We recommend that you upgrade your openconnect packages.

\n
\n
\n
\n
", "2496": "
\n

Debian Security Advisory

\n

DSA-2496-1 mysql-5.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jun 2012
\n
Affected Packages:
\n
\nmysql-5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 670636, Bug 677018.
In Mitre's CVE dictionary: CVE-2012-0540, CVE-2012-0583, CVE-2012-1688, CVE-2012-1689, CVE-2012-1690, CVE-2012-1703, CVE-2012-1734, CVE-2012-2102, CVE-2012-2122, CVE-2012-2749.
\n
More information:
\n
\n

\n Due to the non-disclosure of security patch information from Oracle,\n we are forced to ship an upstream version update of MySQL 5.1.\n There are several known incompatible\n changes, which are listed in /usr/share/doc/mysql-server/NEWS.Debian.gz.\n

\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to a new upstream\nversion, 5.1.63, which includes additional changes, such as performance\nimprovements and corrections for data loss defects. These changes are\ndescribed in the MySQL\nrelease notes.\n

\n

\nCVE-2012-2122,\nan authentication bypass vulnerability, occurs only when\nMySQL has been built in with certain optimisations enabled. The packages\nin Debian stable (squeeze) are not known to be affected by this\nvulnerability. It is addressed in this update nonetheless, so future\nrebuilds will not become vulnerable to this issue.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 5.1.63-0+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed\nin version 5.1.62-1 of the mysql-5.1 package and version 5.5.24+dfsg-1\nof the mysql-5.5 package.

\n

We recommend that you upgrade your MySQL packages.

\n
\n
\n
\n
", "2497": "
\n

Debian Security Advisory

\n

DSA-2497-1 quagga -- denial of service

\n
\n
Date Reported:
\n
20 Jun 2012
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 676510.
In Mitre's CVE dictionary: CVE-2012-1820.
\n
More information:
\n
\n

It was discovered that Quagga, a routing daemon, contains a\nvulnerability in processing the ORF capability in BGP OPEN messages.\nA malformed OPEN message from a previously configured BGP peer could\ncause bgpd to crash, causing a denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.99.20.1-0+squeeze3.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 0.99.21-3.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "2498": "
\n

Debian Security Advisory

\n

DSA-2498-1 dhcpcd -- remote stack overflow

\n
\n
Date Reported:
\n
23 Jun 2012
\n
Affected Packages:
\n
\ndhcpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2152.
\n
More information:
\n
\n

It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack\noverflow. A malformed DHCP message could crash the client, causing a denial of\nservice, and potentially remote code execution through properly designed\nmalicous DHCP packets.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.3-5+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:3.2.3-11.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.2.3-11.

\n

We recommend that you upgrade your dhcpcd package.

\n
\n
\n
\n
", "2499": "
\n

Debian Security Advisory

\n

DSA-2499-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jun 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1937, CVE-2012-1939, CVE-2012-1940.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Icedove, the Debian\nversion of the Mozilla Thunderbird mail/news client. There were\nmiscellaneous memory safety hazards\n(CVE-2012-1937,\nCVE-2012-1939) and\na use-after-free issue\n(CVE-2012-1940).

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze11.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2500": "
\n

Debian Security Advisory

\n

DSA-2500-1 mantis -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jun 2012
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1118, CVE-2012-1119, CVE-2012-1120, CVE-2012-1122, CVE-2012-1123, CVE-2012-2692.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Mantis, an issue tracking\nsystem.

\n
    \n
  • CVE-2012-1118\n

    Mantis installation in which the private_bug_view_threshold\n\tconfiguration option has been set to an array value do not\n\tproperly enforce bug viewing restrictions.

    • \n
  • CVE-2012-1119\n

    Copy/clone bug report actions fail to leave an audit trail.

    • \n
  • CVE-2012-1120\n

    The delete_bug_threshold/bugnote_allow_user_edit_delete\n\taccess check can be bypassed by users who have write\n\taccess to the SOAP API.

    • \n
  • CVE-2012-1122\n

    Mantis performed access checks incorrectly when moving bugs\n\tbetween projects.

    • \n
  • CVE-2012-1123\n

    A SOAP client sending a null password field can authenticate\n\tas the Mantis administrator.

    • \n
  • CVE-2012-2692\n

    Mantis does not check the delete_attachments_threshold\n\tpermission when a user attempts to delete an attachment from\n\tan issue.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 1.1.8+dfsg-10squeeze2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 1.2.11-1.

\n

We recommend that you upgrade your mantis packages.

\n
\n
\n
\n
", "2501": "
\n

Debian Security Advisory

\n

DSA-2501-1 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Jun 2012
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0217, CVE-2012-0218, CVE-2012-2934.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Xen, a hypervisor.

\n
    \n
  • CVE-2012-0217\n

    Xen does not properly handle uncanonical return addresses on\n\tIntel amd64 CPUs, allowing amd64 PV guests to elevate to\n\thypervisor privileges. AMD processors, HVM and i386 guests\n\tare not affected.

    • \n
  • CVE-2012-0218\n

    Xen does not properly handle SYSCALL and SYSENTER instructions\n\tin PV guests, allowing unprivileged users inside a guest\n\tsystem to crash the guest system.

    • \n
  • CVE-2012-2934\n

    Xen does not detect old AMD CPUs affected by AMD Erratum #121.

    • \n
\n

For CVE-2012-2934,\nXen refuses to start domUs on affected systems\nunless the allow_unsafe option is passed.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 4.0.1-5.2.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version\n4.1.3~rc1+hg-20120614.a9c0a89c08f2-1.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2502": "
\n

Debian Security Advisory

\n

DSA-2502-1 python-crypto -- programming error

\n
\n
Date Reported:
\n
24 Jun 2012
\n
Affected Packages:
\n
\npython-crypto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2417.
\n
More information:
\n
\n

It was discovered that that the ElGamal code in PythonCrypto, a\ncollection of cryptographic algorithms and protocols for Python used\ninsecure insufficient prime numbers in key generation, which lead to a\nweakened signature or public key space, allowing easier brute force\nattacks on such keys.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6-1.

\n

We recommend that you upgrade your python-crypto packages. After\ninstalling this update, previously generated keys need to be regenerated.

\n
\n
\n
\n
", "2503": "
\n

Debian Security Advisory

\n

DSA-2503-1 bcfg2 -- shell command injection

\n
\n
Date Reported:
\n
28 Jun 2012
\n
Affected Packages:
\n
\nbcfg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 679272.
In Mitre's CVE dictionary: CVE-2012-3366.
\n
More information:
\n
\n

It was discovered that malicious clients can trick the server\ncomponent of the Bcfg2 configuration management system to execute\ncommands with root privileges.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.1-3+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.2-2.

\n

We recommend that you upgrade your bcfg2 packages.

\n
\n
\n
\n
", "2504": "
\n

Debian Security Advisory

\n

DSA-2504-1 libspring-2.5-java -- information disclosure

\n
\n
Date Reported:
\n
28 Jun 2012
\n
Affected Packages:
\n
\nlibspring-2.5-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 677814.
In Mitre's CVE dictionary: CVE-2011-2730.
\n
More information:
\n
\n

It was discovered that the Spring Framework contains an information\ndisclosure vulnerability in the processing of certain Expression\nLanguage (EL) patterns, allowing attackers to access sensitive\ninformation using HTTP requests.

\n

NOTE: This update adds a springJspExpressionSupport context parameter\nwhich must be manually set to false when the Spring Framework runs\nunder a container which provides EL support itself.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.6.SEC02-2+squeeze1.

\n

We recommend that you upgrade your libspring-2.5-java packages.

\n
\n
\n
\n
", "2505": "
\n

Debian Security Advisory

\n

DSA-2505-1 zendframework -- information disclosure

\n
\n
Date Reported:
\n
29 Jun 2012
\n
Affected Packages:
\n
\nzendframework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 679215.
In Mitre's CVE dictionary: CVE-2012-3363.
\n
More information:
\n
\n

An XML External Entities inclusion vulnerability was discovered in\nZend Framework, a PHP library. This vulnerability may allow attackers\nto access to local files, depending on how the framework is used.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.10.6-1squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.11.12-1.

\n

We recommend that you upgrade your zendframework packages.

\n
\n
\n
\n
", "2506": "
\n

Debian Security Advisory

\n

DSA-2506-1 libapache-mod-security -- ModSecurity bypass

\n
\n
Date Reported:
\n
02 Jul 2012
\n
Affected Packages:
\n
\nlibapache-mod-security\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 678529.
In Mitre's CVE dictionary: CVE-2012-2751.
\n
More information:
\n
\n

Qualys Vulnerability & Malware Research Labs discovered a vulnerability in\nModSecurity, a security module for the Apache webserver. In situations where\nboth Content:Disposition: attachment and Content-Type: multipart were\npresent in HTTP headers, the vulnerability could allow an attacker to bypass\npolicy and execute cross-site script (XSS) attacks through properly crafted\nHTML documents.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.12-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.6-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.6-1.

\n

In testing and unstable distribution, the source package has been renamed to\nmodsecurity-apache.

\n

We recommend that you upgrade your libapache-mod-security packages.

\n
\n
\n
\n
", "2507": "
\n

Debian Security Advisory

\n

DSA-2507-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Jul 2012
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform.

\n
    \n
  • CVE-2012-1711\nCVE-2012-1719\n

    Multiple errors in the CORBA implementation could lead to\n breakouts of the Java sandbox.

    • \n
  • CVE-2012-1713\n

    Missing input sanitising in the font manager could lead to\n the execution of arbitrary code.

    • \n
  • CVE-2012-1716\n

    The SynthLookAndFeel Swing class could be abused to break\n out of the Java sandbox.

    • \n
  • CVE-2012-1717\n

    Several temporary files were created insecurely, resulting in\n local information disclosure.

    • \n
  • CVE-2012-1718\n

    Certificate revocation lists were incorrectly implemented.

    • \n
  • CVE-2012-1723\nCVE-2012-1725\n

    Validation errors in the bytecode verifier of the Hotspot VM\n could lead to breakouts of the Java sandbox.

    • \n
  • CVE-2012-1724\n

    Missing input sanitising in the XML parser could lead to denial\n of service through an infinite loop.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 6b18-1.8.13-0+squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6b24-1.11.3-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2508": "
\n

Debian Security Advisory

\n

DSA-2508-1 kfreebsd-8 -- privilege escalation

\n
\n
Date Reported:
\n
22 Jul 2012
\n
Affected Packages:
\n
\nkfreebsd-8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 677297.
In Mitre's CVE dictionary: CVE-2012-0217.
\n
More information:
\n
\n

Rafal Wojtczuk from Bromium discovered that FreeBSD wasn't handling correctly\nuncanonical return addresses on Intel amd64 CPUs, allowing privilege escalation\nto kernel for local users.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.1+dfsg-8+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 8.3-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.3-4.

\n

We recommend that you upgrade your kfreebsd-8 packages.

\n
\n
\n
\n
", "2509": "
\n

Debian Security Advisory

\n

DSA-2509-1 pidgin -- remote code execution

\n
\n
Date Reported:
\n
08 Jul 2012
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3374.
\n
More information:
\n
\n

Ulf H\u00e4rnhammar found a buffer overflow in Pidgin, a multi protocol instant\nmessaging client. The vulnerability can be exploited by an incoming\nmessage in the MXit protocol plugin. A remote attacker may cause a crash,\nand in some circumstances can lead to remote code execution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.3-1+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.10.6-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.10.6-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
\n
\n
", "2510": "
\n

Debian Security Advisory

\n

DSA-2510-1 extplorer -- Cross-site request forgery

\n
\n
Date Reported:
\n
12 Jul 2012
\n
Affected Packages:
\n
\nextplorer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 678737.
In Mitre's CVE dictionary: CVE-2012-3362.
\n
More information:
\n
\n

John Leitch has discovered a vulnerability in eXtplorer, a very feature\nrich web server file manager, which can be exploited by malicious people\nto conduct cross-site request forgery attacks.

\n

The vulnerability allows users to perform certain actions via HTTP requests\nwithout performing any validity checks to verify the request. This can be\nexploited for example, to create an administrative user account by tricking\nan logged administrator to visiting an attacker-defined web link.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0b6+dfsg.2-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0b6+dfsg.3-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0b6+dfsg.3-3.

\n

We recommend that you upgrade your extplorer packages.

\n
\n
\n
\n
", "2511": "
\n

Debian Security Advisory

\n

DSA-2511-1 puppet -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Jul 2012
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3864, CVE-2012-3865, CVE-2012-3866, CVE-2012-3867.
\n
More information:
\n
\n

Several security vulnerabilities have been found in Puppet, a\ncentralized configuration management:

\n
    \n
  • CVE-2012-3864\n

    Authenticated clients could read arbitrary files on the puppet\n master.

    • \n
  • CVE-2012-3865\n

    Authenticated clients could delete arbitrary files on the puppet\n master.

    • \n
  • CVE-2012-3866\n

    The report of the most recent Puppet run was stored with world readable\n permissions, resulting in information disclosure.

    • \n
  • CVE-2012-3867\n

    Agent hostnames were insufficiently validated.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.18-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2512": "
\n

Debian Security Advisory

\n

DSA-2512-1 mono -- missing input sanitising

\n
\n
Date Reported:
\n
12 Jul 2012
\n
Affected Packages:
\n
\nmono\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3382.
\n
More information:
\n
\n

Marcus Meissner discovered that the web server included in Mono performed\ninsufficient sanitising of requests, resulting in cross-site scripting.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.6.7-5.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.10.8.1-5.

\n

We recommend that you upgrade your mono packages.

\n
\n
\n
\n
", "2513": "
\n

Debian Security Advisory

\n

DSA-2513-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jul 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1948, CVE-2012-1954, CVE-2012-1967.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Iceape internet suite,\nan unbranded version of Seamonkey:

\n
    \n
  • CVE-2012-1948\n

    Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey\n identified several memory safety problems that may lead to the execution of\n arbitrary code.

    • \n
  • CVE-2012-1954\n

    Abhishek Arya discovered a use-after-free problem in\n nsDocument::AdoptNode that may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2012-1967\n

    moz_bug_r_a4 discovered that in certain cases, javascript: URLs\n can be executed so that scripts can escape the JavaScript sandbox and run\n with elevated privileges. This can lead to arbitrary code\n execution.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.11-14.

\n

For the unstable (sid) and testing (wheezy) distribution, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2514": "
\n

Debian Security Advisory

\n

DSA-2514-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jul 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1948, CVE-2012-1950, CVE-2012-1954, CVE-2012-1966, CVE-2012-1967.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web browser\nbased on Firefox. The included XULRunner library provides rendering services for\nseveral other applications included in Debian.

\n
    \n
  • CVE-2012-1948\n

    Benoit Jacob, Jesse Ruderman, Christian Holler, and Bill McCloskey\n identified several memory safety problems that may lead to the execution of\n arbitrary code.

    • \n
  • CVE-2012-1950\n

    Mario Gomes and Code Audit Labs discovered that it is possible to force\n Iceweasel to display the URL of the previous entered site through drag and\n drop actions to the address bar. This can be abused to perform phishing\n attacks.

    • \n
  • CVE-2012-1954\n

    Abhishek Arya discovered a use-after-free problem in\n nsDocument::AdoptNode that may lead to the execution of arbitrary\n code.

    • \n
  • CVE-2012-1966\n

    moz_bug_r_a4 discovered that it is possible to perform cross-site\n scripting attacks through the context menu when using data: URLs.

    • \n
  • CVE-2012-1967\n

    moz_bug_r_a4 discovered that in certain cases, javascript: URLs can\n be executed so that scripts can escape the JavaScript sandbox and run\n with elevated privileges.

    • \n
\n

Note: We'd like to advise users of Iceweasel's 3.5 branch in Debian stable to\nconsider to upgrade to the Iceweasel 10.0 ESR (Extended Support Release) which\nis now available in Debian Backports. Although Debian will continue to support\nIceweasel 3.5 in stable with security updates, this can only be done on a best\neffort basis as upstream provides no such support anymore. On top of that, the\n10.0 branch adds proactive security features to the browser.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.5.16-17.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0.6esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2515": "
\n

Debian Security Advisory

\n

DSA-2515-1 nsd3 -- null pointer dereference

\n
\n
Date Reported:
\n
19 Jul 2012
\n
Affected Packages:
\n
\nnsd3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2978.
\n
More information:
\n
\n

Marek Vavru\u0161a and Lubos Slovak discovered that NSD, an authoritative\ndomain name server, is not properly handling non-standard DNS packets.\nThis can result in a NULL pointer dereference and crash the handling\nprocess. A remote attacker can abuse this flaw to perform denial of\nservice attacks.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.5-1.squeeze2.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.12-1.

\n

We recommend that you upgrade your nsd3 packages.

\n
\n
\n
\n
", "2516": "
\n

Debian Security Advisory

\n

DSA-2516-1 isc-dhcp -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jul 2012
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3571, CVE-2012-3954.
\n
More information:
\n
\n

Two security vulnerabilities affecting ISC dhcpd, a server for automatic\nIP address assignment, in Debian have been discovered.

\n
    \n
  • CVE-2012-3571\n

    Markus Hietava of the Codenomicon CROSS project discovered that it is\n possible to force the server to enter an infinite loop via messages with\n malformed client identifiers.

    • \n
  • CVE-2012-3954\n

    Glen Eustace discovered that DHCP servers running in DHCPv6 mode\n and possibly DHCPv4 mode suffer of memory leaks while processing messages.\n An attacker can use this flaw to exhaust resources and perform denial\n of service attacks.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze4.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "2517": "
\n

Debian Security Advisory

\n

DSA-2517-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
30 Jul 2012
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3817.
\n
More information:
\n
\n

Einar Lonn discovered that under certain conditions bind9, a DNS server,\nmay use cached data before initialization. As a result, an attacker can\ntrigger an assertion failure on servers under high query load that do\nDNSSEC validation.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze6.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:9.8.1.dfsg.P1-4.2.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2518": "
\n

Debian Security Advisory

\n

DSA-2518-1 krb5 -- denial of service and remote code execution

\n
\n
Date Reported:
\n
31 Jul 2012
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683429.
In Mitre's CVE dictionary: CVE-2012-1014, CVE-2012-1015.
\n
More information:
\n
\n

Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT\nKerberos, a daemon implementing the network authentication protocol.

\n
    \n
  • CVE-2012-1014\n

    By sending specially crafted AS-REQ (Authentication Service Request) to a KDC\n\t(Key Distribution Center), an attacker could make it free an uninitialized\n\tpointer, corrupting the heap. This can lead to process crash or even arbitrary\n\tcode execution.

    \n

    This CVE only affects testing (wheezy) and unstable (sid) distributions.

    • \n
  • CVE-2012-1015\n

    By sending specially crafted AS-REQ to a KDC, an attacker could make it\n\tdereference an uninitialized pointer, leading to process crash or even\n\tarbitrary code execution

    • \n
\n

In both cases, arbitrary code execution is believed to be difficult to achieve,\nbut might not be impossible.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.3+dfsg-4squeeze6.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.10.1+dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1+dfsg-2.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "2519": "
\n

Debian Security Advisory

\n

DSA-2519-2 isc-dhcp -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Aug 2012
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-4539, CVE-2012-3571, CVE-2012-3954.
\n
More information:
\n
\n

Several security vulnerabilities affecting ISC dhcpd, a server for\nautomatic IP address assignment, have been discovered. Additionally, the\nlatest security update for isc-dhcp, DSA-2516-1,\ndid not properly apply the patches for\nCVE-2012-3571\nand\nCVE-2012-3954.\nThis has been addressed\nin this additional update.

\n
    \n
  • CVE-2011-4539\n

    BlueCat Networks discovered that it is possible to crash DHCP servers\n configured to evaluate requests with regular expressions via crafted\n DHCP request packets.

    • \n
  • CVE-2012-3571\n

    Markus Hietava of the Codenomicon CROSS project discovered that it is\n possible to force the server to enter an infinite loop via messages with\n malformed client identifiers.

    • \n
  • CVE-2012-3954\n

    Glen Eustace discovered that DHCP servers running in DHCPv6 mode\n and possibly DHCPv4 mode suffer of memory leaks while processing messages.\n An attacker can use this flaw to exhaust resources and perform denial\n of service attacks.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze6.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "2520": "
\n

Debian Security Advisory

\n

DSA-2520-1 openoffice.org -- Multiple heap-based buffer overflows

\n
\n
Date Reported:
\n
01 Aug 2012
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2665.
\n
More information:
\n
\n

Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in\nOpenOffice.org, an office productivity suite. The issues lies in the XML\nmanifest encryption tag parsing code. Using specially crafted files, an\nattacker can cause application crash and could cause arbitrary code execution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze7.

\n

openoffice.org package has been replaced by libreoffice in testing (wheezy) and\nunstable (sid) distributions.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.5.4-7.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2521": "
\n

Debian Security Advisory

\n

DSA-2521-1 libxml2 -- integer overflows

\n
\n
Date Reported:
\n
04 Aug 2012
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2807.
\n
More information:
\n
\n

Jueri Aedla discovered several integer overflows in libxml, which could\nlead to the execution of arbitrary code or denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthis problem has been fixed in version 2.8.0+dfsg1-5.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2522": "
\n

Debian Security Advisory

\n

DSA-2522-1 fckeditor -- cross site scripting

\n
\n
Date Reported:
\n
05 Aug 2012
\n
Affected Packages:
\n
\nfckeditor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683418.
In Mitre's CVE dictionary: CVE-2012-4000.
\n
More information:
\n
\n

Emilio Pinna discovered a cross site scripting vulnerability in the\nspellchecker.php page of FCKeditor, a popular HTML/DHTML editor for the web.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:2.6.6-1squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:2.6.6-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.6-3.

\n

We recommend that you upgrade your fckeditor packages.

\n
\n
\n
\n
", "2523": "
\n

Debian Security Advisory

\n

DSA-2523-1 globus-gridftp-server -- programming error

\n
\n
Date Reported:
\n
06 Aug 2012
\n
Affected Packages:
\n
\nglobus-gridftp-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3292.
\n
More information:
\n
\n

It was discovered that the GridFTP component from the Globus Toolkit, a\ntoolkit used for building Grid systems and applications, performed\ninsufficient validation of a name lookup, which could lead to privilege\nescalation.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.23-1+squeeze1 of the globus-gridftp-server source package\nand in version 0.43-1+squeeze1 of the globus-gridftp-server-control\nsource package.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthis problem has been fixed in version 6.5-1.

\n

We recommend that you upgrade your globus-gridftp-server packages.

\n
\n
\n
\n
", "2524": "
\n

Debian Security Advisory

\n

DSA-2524-1 openttd -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Aug 2012
\n
Affected Packages:
\n
\nopenttd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0049, CVE-2012-3436.
\n
More information:
\n
\n

Two denial of service vulnerabilities have been discovered in the server\ncomponent of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.4-6.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your openttd packages.

\n
\n
\n
\n
", "2525": "
\n

Debian Security Advisory

\n

DSA-2525-1 expat -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Aug 2012
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0876, CVE-2012-1148.
\n
More information:
\n
\n

It was discovered that Expat, a C library to parse XML, is vulnerable\nto denial of service through hash collisions and a memory leak in\npool handling.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.0.1-7+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.1.0~beta3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0~beta3-1.

\n

We recommend that you upgrade your expat packages.

\n
\n
\n
\n
", "2526": "
\n

Debian Security Advisory

\n

DSA-2526-1 libotr -- heap-based buffer overflows

\n
\n
Date Reported:
\n
12 Aug 2012
\n
Affected Packages:
\n
\nlibotr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 684121.
In Mitre's CVE dictionary: CVE-2012-3461.
\n
More information:
\n
\n

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging\nlibrary, can be forced to perform zero-length allocations for heap buffers\nthat are used in base64 decoding routines. An attacker can exploit this\nflaw by sending crafted messages to an application that is using libotr to\nperform denial of service attacks or potentially execute arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.0-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.2.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-1.

\n

We recommend that you upgrade your libotr packages.

\n
\n
\n
\n
", "2527": "
\n

Debian Security Advisory

\n

DSA-2527-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Aug 2012
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2688, CVE-2012-3450.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:

\n
    \n
  • CVE-2012-2688\n

    A buffer overflow in the scandir() function could lead to denial of\n service or the execution of arbitrary code.

    • \n
  • CVE-2012-3450\n

    It was discovered that inconsistent parsing of PDO prepared\n statements could lead to denial of service.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze14.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.4.4-4.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2528": "
\n

Debian Security Advisory

\n

DSA-2528-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Aug 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1948, CVE-2012-1950, CVE-2012-1954, CVE-2012-1967.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client.

\n
    \n
  • CVE-2012-1948\n

    Multiple unspecified vulnerabilities in the browser engine\n\twere fixed.

    • \n
  • CVE-2012-1950\n

    The underlying browser engine allows address bar spoofing\n\tthrough drag-and-drop.

    • \n
  • CVE-2012-1954\n

    A use-after-free vulnerability in the nsDocument::AdoptNode\n\tfunction allows remote attackers to cause a denial of service\n\t(heap memory corruption) or possibly execute arbitrary code.

    • \n
  • CVE-2012-1967\n

    An error in the implementation of the JavaScript sandbox\n\tallows execution of JavaScript code with improper privileges\n\tusing javascript: URLs.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze12.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 10.0.6-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2529": "
\n

Debian Security Advisory

\n

DSA-2529-1 python-django -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Aug 2012
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683364.
In Mitre's CVE dictionary: CVE-2012-3442, CVE-2012-3443, CVE-2012-3444.
\n
More information:
\n
\n

Jeroen Dekkers and others reported several vulnerabilities in Django,\na Python Web framework. The Common Vulnerabilities and Exposures\nproject defines the following issues:

\n
    \n
  • CVE-2012-3442\n

    Two functions do not validate the scheme of a redirect target,\n which might allow remote attackers to conduct cross-site scripting\n (XSS) attacks via a data: URL.

    • \n
  • CVE-2012-3443\n

    The ImageField class completely decompresses image data during image\n validation, which allows remote attackers to cause a denial of service\n (memory consumption) by uploading an image file.

    • \n
  • CVE-2012-3444\n

    The get_image_dimensions function in the image-handling functionality\n uses a constant chunk size in all attempts to determine dimensions,\n which allows remote attackers to cause a denial of service (process\n or thread consumption) via a large TIFF image.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2530": "
\n

Debian Security Advisory

\n

DSA-2530-1 rssh -- shell command injection

\n
\n
Date Reported:
\n
15 Aug 2012
\n
Affected Packages:
\n
\nrssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3478.
\n
More information:
\n
\n

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does\nnot properly restrict shell access.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-5.

\n

We recommend that you upgrade your rssh packages.

\n
\n
\n
\n
", "2531": "
\n

Debian Security Advisory

\n

DSA-2531-1 xen -- Denial of Service

\n
\n
Date Reported:
\n
18 Aug 2012
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683279.
In Mitre's CVE dictionary: CVE-2012-3432, CVE-2012-3433.
\n
More information:
\n
\n

Several denial-of-service vulnerabilities have been discovered in Xen,\nthe popular virtualization software. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2012-3432\n

    Guest mode unprivileged code, which has been granted the privilege to\n access MMIO regions, may leverage that access to crash the whole guest.\n Since this can be used to crash a client from within, this vulnerability is\n considered to have low impact.

    • \n
  • CVE-2012-3433\n

    A guest kernel can cause the host to become unresponsive for a period\n of time, potentially leading to a DoS. Since an attacker with full\n control in the guest can impact the host, this vulnerability is\n considered to have high impact.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-5.3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.1.3-1.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2532": "
\n

Debian Security Advisory

\n

DSA-2532-1 libapache2-mod-rpaf -- denial of service

\n
\n
Date Reported:
\n
22 Aug 2012
\n
Affected Packages:
\n
\nlibapache2-mod-rpaf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683984.
\n
More information:
\n
\n

S\u00e9bastien Bocahu discovered that the reverse proxy add forward module\nfor the Apache webserver is vulnerable to a denial of service attack\nthrough a single crafted request with many headers.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.5-3+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 0.6-1.

\n

We recommend that you upgrade your libapache2-mod-rpaf packages.

\n
\n
\n
\n
", "2533": "
\n

Debian Security Advisory

\n

DSA-2533-1 pcp -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Aug 2012
\n
Affected Packages:
\n
\npcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3418, CVE-2012-3419, CVE-2012-3420, CVE-2012-3421.
\n
More information:
\n
\n

It was discovered that Performance Co-Pilot (pcp), a framework for\nperformance monitoring, contains several vulnerabilities.

\n
    \n
  • CVE-2012-3418\n

    Multiple buffer overflows in the PCP protocol decoders can\n\tcause PCP clients and servers to crash or, potentially,\n\texecute arbitrary code while processing crafted PDUs.

    • \n
  • CVE-2012-3419\n

    The linux PMDA used by the pmcd daemon discloses sensitive\n\tinformation from the /proc file system to unauthenticated\n\tclients.

    • \n
  • CVE-2012-3420\n

    Multiple memory leaks processing crafted requests can cause\n\tpmcd to consume large amounts of memory and eventually crash.

    • \n
  • CVE-2012-3421\n

    Incorrect event-driven programming allows malicious clients to\n\tprevent other clients from accessing the pmcd daemon.

    • \n
\n

To address the information disclosure vulnerability,\nCVE-2012-3419, a\nnew proc PMDA was introduced, which is disabled by default. If you\nneed access to this information, you need to enable the proc PMDA.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.3.3-squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.6.5.

\n

We recommend that you upgrade your pcp packages.

\n
\n
\n
\n
", "2534": "
\n

Debian Security Advisory

\n

DSA-2534-1 postgresql-8.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Aug 2012
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3488, CVE-2012-3489.
\n
More information:
\n
\n

Two vulnerabilities related to XML processing were discovered in\nPostgreSQL, an SQL database.

\n
    \n
  • CVE-2012-3488\n

    contrib/xml2's xslt_process() can be used to read and write\n\texternal files and URLs.

    • \n
  • CVE-2012-3489\n

    xml_parse() fetches external files or URLs to resolve DTD and\n\tentity references in XML values.

    • \n
\n

This update removes the problematic functionality, potentially\nbreaking applications which use it in a legitimate way.

\n

Due to the nature of these vulnerabilities, it is possible that\nattackers who have only indirect access to the database can supply\ncrafted XML data which exploits this vulnerability.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 8.4.13-0squeeze1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.1.5-1 of the postgresql-9.1 package.

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2535": "
\n

Debian Security Advisory

\n

DSA-2535-1 rtfm -- cross-site scripting

\n
\n
Date Reported:
\n
29 Aug 2012
\n
Affected Packages:
\n
\nrtfm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2768.
\n
More information:
\n
\n

It was discovered that rtfm, the Request Tracker FAQ Manager, contains\nmultiple cross-site scripting vulnerabilities in the topic\nadministration page.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-4+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.6-4 of the\nrequest-tracker4 package.

\n

We recommend that you upgrade your rtfm packages.

\n
\n
\n
\n
", "2536": "
\n

Debian Security Advisory

\n

DSA-2536-1 otrs2 -- cross-site scripting

\n
\n
Date Reported:
\n
30 Aug 2012
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2582, CVE-2012-4600.
\n
More information:
\n
\n

It was discovered that Open Ticket Request System (OTRS),\na ticket request system, contains a\ncross-site scripting vulnerability when email messages are viewed\nusing Internet Explorer. This update also improves the HTML security\nfilter to detect tag nesting.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.9+dfsg1-3+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.7+dfsg1-5.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2537": "
\n

Debian Security Advisory

\n

DSA-2537-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
30 Aug 2012
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3527, CVE-2012-3528, CVE-2012-3529, CVE-2012-3530, CVE-2012-3531.
\n
More information:
\n
\n

Several vulnerabilities were discovered in TYPO3, a content management\nsystem.

\n
    \n
  • CVE-2012-3527\n

    An insecure call to unserialize in the help system enables\n\tarbitrary code execution by authenticated users.

    • \n
  • CVE-2012-3528\n

    The TYPO3 backend contains several cross-site scripting\n\tvulnerabilities.

    • \n
  • CVE-2012-3529\n

    Authenticated users who can access the configuration module\n\tcan obtain the encryption key, allowing them to escalate their\n\tprivileges.

    • \n
  • CVE-2012-3530\n

    The RemoveXSS HTML sanitizer did not remove several HTML5\n\tJavaScript, thus failing to mitigate the impact of cross-site\n\tscripting vulnerabilities.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 4.3.9+dfsg1-1+squeeze5.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 4.5.19+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2538": "
\n

Debian Security Advisory

\n

DSA-2538-1 moin -- privilege escalation

\n
\n
Date Reported:
\n
05 Sep 2012
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4404.
\n
More information:
\n
\n

It was discovered that Moin, a Python clone of WikiWiki, incorrectly\nevaluates ACLs when virtual groups are involved. This may allow certain\nusers to have additional permissions (privilege escalation) or lack\nexpected permissions.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.3-1+squeeze2.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.4-8.

\n

We recommend that you upgrade your moin packages.

\n
\n
\n
\n
", "2539": "
\n

Debian Security Advisory

\n

DSA-2539-1 zabbix -- SQL injection

\n
\n
Date Reported:
\n
06 Sep 2012
\n
Affected Packages:
\n
\nzabbix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683273.
In Mitre's CVE dictionary: CVE-2012-3435.
\n
More information:
\n
\n

It was discovered that Zabbix, a network monitoring solution, does not\nproperly validate user input used as a part of an SQL query. This may\nallow unauthenticated attackers to execute arbitrary SQL commands (SQL\ninjection) and possibly escalate privileges.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:1.8.2-1squeeze4.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.0.2+dfsg-1.

\n

We recommend that you upgrade your zabbix packages.

\n
\n
\n
\n
", "2540": "
\n

Debian Security Advisory

\n

DSA-2540-1 mahara -- cross-site scripting

\n
\n
Date Reported:
\n
07 Sep 2012
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2237.
\n
More information:
\n
\n

Emanuel Bronshtein discovered that Mahara, an electronic portfolio,\nweblog, and resume builder, contains multiple cross-site scripting\nvulnerabilities due to missing sanitization and insufficient encoding\nof user-supplied data.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.6-2+squeeze5.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.5.1-2.

\n

We recommend that you upgrade your mahara packages.

\n
\n
\n
\n
", "2541": "
\n

Debian Security Advisory

\n

DSA-2541-1 beaker -- information disclosure

\n
\n
Date Reported:
\n
07 Sep 2012
\n
Affected Packages:
\n
\nbeaker\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 684890.
In Mitre's CVE dictionary: CVE-2012-3458.
\n
More information:
\n
\n

It was discovered that Beaker, a cache and session library for Python,\nwhen using the python-crypto backend, is vulnerable to information\ndisclosure due to a cryptographic weakness related to the use of the\nAES cipher in ECB mode.

\n

Systems that have the python-pycryptopp package should not be\nvulnerable, as this backend is preferred over python-crypto.

\n

After applying this update, existing sessions will be invalidated.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.5.4-4+squeeze1.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), this problem has been fixed in version 1.6.3-1.1.

\n

We recommend that you upgrade your beaker packages.

\n
\n
\n
\n
", "2542": "
\n

Debian Security Advisory

\n

DSA-2542-1 qemu-kvm -- multiple vulnerabilities

\n
\n
Date Reported:
\n
08 Sep 2012
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2652, CVE-2012-3515.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in KVM, a full\nvirtualization solution on x86 hardware. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2012-2652:\n

    The snapshot mode of QEMU (-snapshot) incorrectly handles temporary\n files used to store the current state, making it vulnerable to\n symlink attacks (including arbitrary file overwriting and guest\n information disclosure) due to a race condition.

    • \n
  • CVE-2012-3515:\n

    QEMU does not properly handle VT100 escape sequences when emulating\n certain devices with a virtual console backend. An attacker within a\n guest with access to the vulnerable virtual console could overwrite\n memory of QEMU and escalate privileges to that of the qemu process.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.12.5+dfsg-5+squeeze9.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), these problems will been fixed soon.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2543": "
\n

Debian Security Advisory

\n

DSA-2543-1 xen-qemu-dm-4.0 -- multiple vulnerabilities

\n
\n
Date Reported:
\n
08 Sep 2012
\n
Affected Packages:
\n
\nxen-qemu-dm-4.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3515, CVE-2012-4411.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in xen-qemu-dm-4.0, the Xen\nQEMU Device Model virtual machine hardware emulator. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2012-3515:\n

    The device model for HVM domains does not properly handle VT100\n escape sequences when emulating certain devices with a virtual\n console backend. An attacker within a guest with access to the\n vulnerable virtual console could overwrite memory of the device\n model and escalate privileges to that of the device model process.

    • \n
  • CVE-2012-4411:\n

    The QEMU monitor was enabled by default, allowing administrators of\n a guest to access resources of the host, possibly escalate privileges\n or access resources belonging to another guest.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-2+squeeze2.

\n

The testing distribution (wheezy), and the unstable distribution (sid),\nno longer contain this package.

\n

We recommend that you upgrade your xen-qemu-dm-4.0 packages.

\n
\n
\n
\n
", "2544": "
\n

Debian Security Advisory

\n

DSA-2544-1 xen -- denial of service

\n
\n
Date Reported:
\n
08 Sep 2012
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3494, CVE-2012-3496.
\n
More information:
\n
\n

Multiple denial of service vulnerabilities have been discovered in Xen,\nan hypervisor. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2012-3494:\n

    It was discovered that set_debugreg allows writes to reserved bits\n of the DR7 debug control register on amd64 (x86-64) paravirtualised\n guests, allowing a guest to crash the host.

    • \n
  • CVE-2012-3496:\n

    Matthew Daley discovered that XENMEM_populate_physmap, when called\n with the MEMF_populate_on_demand flag set, a BUG (detection routine)\n can be triggered if a translating paging mode is not being used,\n allowing a guest to crash the host.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.4.

\n

For the testing distribution (wheezy), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.3-2.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2545": "
\n

Debian Security Advisory

\n

DSA-2545-1 qemu -- multiple vulnerabilities

\n
\n
Date Reported:
\n
08 Sep 2012
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2652, CVE-2012-3515.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in QEMU, a fast processor\nemulator. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2012-2652:\n

    The snapshot mode of QEMU (-snapshot) incorrectly handles temporary\n files used to store the current state, making it vulnerable to\n symlink attacks (including arbitrary file overwriting and guest\n information disclosure) due to a race condition.

    • \n
  • CVE-2012-3515:\n

    QEMU does not properly handle VT100 escape sequences when emulating\n certain devices with a virtual console backend. An attacker within a\n guest with access to the vulnerable virtual console could overwrite\n memory of QEMU and escalate privileges to that of the qemu process.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.12.5+dfsg-3squeeze2.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), these problems will been fixed soon.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "2546": "
\n

Debian Security Advisory

\n

DSA-2546-1 freeradius -- stack-based buffer overflows

\n
\n
Date Reported:
\n
11 Sep 2012
\n
Affected Packages:
\n
\nfreeradius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 687175.
In Mitre's CVE dictionary: CVE-2012-3547.
\n
More information:
\n
\n

Timo Warns discovered that the EAP-TLS handling of FreeRADIUS, a\nhigh-performance and highly configurable RADIUS server, is not properly\nperforming length checks on user-supplied input before copying to a local\nstack buffer. As a result, an unauthenticated attacker can exploit this\nflaw to crash the daemon or execute arbitrary code via crafted\ncertificates.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.10+dfsg-2+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.12+dfsg-1.1.

\n

We recommend that you upgrade your freeradius packages.

\n
\n
\n
\n
", "2547": "
\n

Debian Security Advisory

\n

DSA-2547-1 bind9 -- improper assert

\n
\n
Date Reported:
\n
12 Sep 2012
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4244.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, does not handle DNS records\nproperly which approach size limits inherent to the DNS protocol. An\nattacker could use crafted DNS records to crash the BIND server\nprocess, leading to a denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze7.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2548": "
\n

Debian Security Advisory

\n

DSA-2548-1 tor -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Sep 2012
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3518, CVE-2012-3519, CVE-2012-4419.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Tor, an online privacy\ntool.

\n
    \n
  • CVE-2012-3518\n

    Avoid an uninitialised memory read when reading a vote or consensus\n document that has an unrecognized flavour name. This could lead to\n a remote crash, resulting in denial of service.

    • \n
  • CVE-2012-3519\n

    Try to leak less information about what relays a client is choosing to\n a side-channel attacker.

    • \n
  • CVE-2012-4419\n

    By providing specially crafted date strings to a victim tor instance,\n an attacker can cause it to run into an assertion and shut down.

    • \n
\n

Additionally the update to stable includes the following fixes:\n when waiting for a client to renegotiate, don't allow it to add any\n bytes to the input buffer. This fixes a potential DoS issue\n[tor-5934,\ntor-6007].\n

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.2.2.39-1.

\n

For the unstable distribution, these problems have been fixed in version\n0.2.3.22-rc-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "2549": "
\n

Debian Security Advisory

\n

DSA-2549-1 devscripts -- multiple vulnerabilities

\n
\n
Date Reported:
\n
15 Sep 2012
\n
Affected Packages:
\n
\ndevscripts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2240, CVE-2012-2241, CVE-2012-2242, CVE-2012-3500.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier.\nThe following Common Vulnerabilities and Exposures project ids have\nbeen assigned to identify them:

\n
    \n
  • CVE-2012-2240:\n

    Raphael Geissert discovered that dscverify does not perform\n sufficient validation and does not properly escape arguments to\n external commands, allowing a remote attacker (as when dscverify is\n used by dget) to execute arbitrary code.

    • \n
  • CVE-2012-2241:\n

    Raphael Geissert discovered that dget allows an attacker to delete\n arbitrary files when processing a specially-crafted .dsc or\n .changes file, due to insuficient input validation.

    • \n
  • CVE-2012-2242:\n

    Raphael Geissert discovered that dget does not properly escape\n arguments to external commands when processing .dsc and .changes\n files, allowing an attacker to execute arbitrary code.\n This issue is limited with the fix for CVE-2012-2241, and had\n already been fixed in version 2.10.73 due to changes to the code,\n without considering its security implications.

    • \n
  • CVE-2012-3500:\n

    Jim Meyering, Red Hat, discovered that annotate-output determines\n the name of temporary named pipes in a way that allows a local\n attacker to make it abort, leading to denial of service.

    • \n
\n

Additionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze4.

\n

For the testing distribution (wheezy), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems will be fixed in\nversion 2.12.3.

\n

We recommend that you upgrade your devscripts packages.

\n
\n
\n
\n
", "2550": "
\n

Debian Security Advisory

\n

DSA-2550-2 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Sep 2012
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2186, CVE-2012-3812, CVE-2012-3863, CVE-2012-4737.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, allowing privilege escalation in the Asterisk Manager, denial of\nservice or privilege escalation.

\n

More detailed information can be found in the Asterisk advisories:\nAST-2012-010,\nAST-2012-011,\nAST-2012-012, and\nAST-2012-013.\n

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze8.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 1:1.8.13.1~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2551": "
\n

Debian Security Advisory

\n

DSA-2551-1 isc-dhcp -- denial of service

\n
\n
Date Reported:
\n
23 Sep 2012
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3955.
\n
More information:
\n
\n

Glen Eustace discovered that the ISC DHCP server, a server for automatic\nIP address assignment, is not properly handling changes in the expiration\ntimes of a lease. An attacker may use this flaw to crash the service\nand cause denial of service conditions, by reducing the expiration time\nof an active IPv6 lease.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.1.1-P1-15+squeeze8.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 4.2.2.dfsg.1-5+deb70u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.2.4-2.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "2552": "
\n

Debian Security Advisory

\n

DSA-2552-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Sep 2012
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 678140.
In Mitre's CVE dictionary: CVE-2010-2482, CVE-2010-2595, CVE-2010-2597, CVE-2010-2630, CVE-2010-4665, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401.
\n
More information:
\n
\n

Several vulnerabilities were discovered in TIFF, a library set and tools\nto support the Tag Image File Format (TIFF), allowing denial of service and\npotential privilege escalation.

\n

These vulnerabilities can be exploited via a specially crafted TIFF image.

\n
    \n
  • CVE-2012-2113\n

    The tiff2pdf utility has an integer overflow error when parsing images.

    • \n
  • CVE-2012-3401\n

    Huzaifa Sidhpurwala discovered heap-based buffer overflow in the\n t2p_read_tiff_init() function.

    • \n
  • CVE-2010-2482\n

    An invalid td_stripbytecount field is not properly handle and can trigger a\n NULL pointer dereference.

    • \n
  • CVE-2010-2595\n

    An array index error, related to downsampled OJPEG input in the\n TIFFYCbCrtoRGB function causes an unexpected crash.

    • \n
  • CVE-2010-2597\n

    Also related to downsampled OJPEG input, the TIFFVStripSize function crash\n unexpectly.

    • \n
  • CVE-2010-2630\n

    The TIFFReadDirectory function does not properly validate the data types of\n codec-specific tags that have an out-of-order position in a TIFF file.

    • \n
  • CVE-2010-4665\n

    The tiffdump utility has an integer overflow in the ReadDirectory function.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze5.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 4.0.2-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-2.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2553": "
\n

Debian Security Advisory

\n

DSA-2553-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
24 Sep 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceweasel, a web\nbrowser based on Firefox. The included XULRunner library provides\nrendering services for several other applications included in Debian.

\n

The reported vulnerabilities could lead to the execution of arbitrary\ncode or the bypass of content-loading restrictions via the location\nobject.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.5.16-18.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 10.0.7esr-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.7esr-2.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2554": "
\n

Debian Security Advisory

\n

DSA-2554-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Sep 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceape, an internet suite based\non Seamonkey.

\n

The reported vulnerabilities could lead to the execution of arbitrary\ncode or the bypass of content-loading restrictions via the location\nobject.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.0.11-15.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 2.7.7-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.7.7-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2555": "
\n

Debian Security Advisory

\n

DSA-2555-1 libxslt -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Oct 2012
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2870, CVE-2012-2871, CVE-2012-2893.
\n
More information:
\n
\n

Nicholas Gregoire and Cris Neckar discovered several memory handling\nbugs in libxslt, which could lead to denial of service or the execution\nof arbitrary code if a malformed document is processed.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.1.26-6+squeeze2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.26-14.

\n

We recommend that you upgrade your libxslt packages.

\n
\n
\n
\n
", "2556": "
\n

Debian Security Advisory

\n

DSA-2556-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Oct 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3959, CVE-2012-3962, CVE-2012-3969, CVE-2012-3972, CVE-2012-3978.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client.

\n

This includes several instances of use-after-free and buffer overflow\nissues. The reported vulnerabilities could lead to the execution of\narbitrary code, and additionally to the bypass of content-loading\nrestrictions via the location object.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.11-1+squeeze13.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 10.0.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 10.0.7-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2557": "
\n

Debian Security Advisory

\n

DSA-2557-1 hostapd -- buffer overflow

\n
\n
Date Reported:
\n
08 Oct 2012
\n
Affected Packages:
\n
\nhostapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4445.
\n
More information:
\n
\n

Timo Warns discovered that the internal authentication server of hostapd,\na user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,\nis vulnerable to a buffer overflow when processing fragmented EAP-TLS\nmessages. As a result, an internal overflow checking routine terminates\nthe process. An attacker can abuse this flaw to conduct denial of service\nattacks via crafted EAP-TLS messages prior to any authentication.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:0.6.10-2+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions, this problem\nwill be fixed soon.

\n

We recommend that you upgrade your hostapd packages.

\n
\n
\n
\n
", "2558": "
\n

Debian Security Advisory

\n

DSA-2558-1 bacula -- information disclosure

\n
\n
Date Reported:
\n
08 Oct 2012
\n
Affected Packages:
\n
\nbacula\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4430.
\n
More information:
\n
\n

It was discovered that bacula, a network backup service, does not\nproperly enforce console ACLs. This could allow information about\nresources to be dumped by an otherwise-restricted client.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.0.2-2.2+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.6+dfsg-4.

\n

We recommend that you upgrade your bacula packages.

\n
\n
\n
\n
", "2559": "
\n

Debian Security Advisory

\n

DSA-2559-1 libexif -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Oct 2012
\n
Affected Packages:
\n
\nlibexif\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 681454.
In Mitre's CVE dictionary: CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841.
\n
More information:
\n
\n

Several vulnerabilities were found in libexif, a library used to parse EXIF\nmeta-data on camera files.

\n
    \n
  • CVE-2012-2812:\n

    A heap-based out-of-bounds array read in the exif_entry_get_value\n function allows remote attackers to cause a denial of service or possibly\n obtain potentially sensitive information from process memory via an image\n with crafted EXIF tags.

    • \n
  • CVE-2012-2813:\n

    A heap-based out-of-bounds array read in the exif_convert_utf16_to_utf8\n function allows remote attackers to cause a denial of service or possibly\n obtain potentially sensitive information from process memory via an image\n with crafted EXIF tags.

    • \n
  • CVE-2012-2814:\n

    A buffer overflow in the exif_entry_format_value function allows remote\n attackers to cause a denial of service or possibly execute arbitrary code\n via an image with crafted EXIF tags.

    • \n
  • CVE-2012-2836:\n

    A heap-based out-of-bounds array read in the exif_data_load_data function\n allows remote attackers to cause a denial of service or possibly obtain\n potentially sensitive information from process memory via an image with\n crafted EXIF tags.

    • \n
  • CVE-2012-2837:\n

    A divide-by-zero error in the mnote_olympus_entry_get_value function\n while formatting EXIF maker note tags allows remote attackers to cause a\n denial of service via an image with crafted EXIF tags.

    • \n
  • CVE-2012-2840:\n

    An off-by-one error in the exif_convert_utf16_to_utf8 function allows\n remote attackers to cause a denial of service or possibly execute\n arbitrary code via an image with crafted EXIF tags.

    • \n
  • CVE-2012-2841:\n

    An integer underflow in the exif_entry_get_value function can cause a\n heap overflow and potentially arbitrary code execution while formatting an\n EXIF tag, if the function is called with a buffer size parameter equal to\n zero or one.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.6.19-1+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 0.6.20-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.6.20-3.

\n

We recommend that you upgrade your libexif packages.

\n
\n
\n
\n
", "2560": "
\n

Debian Security Advisory

\n

DSA-2560-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
20 Oct 2012
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 690118.
In Mitre's CVE dictionary: CVE-2012-5166.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, hangs while constructing\nthe additional section of a DNS reply, when certain combinations of\nresource records are present. This vulnerability affects both\nrecursive and authoritative servers.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze8.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2561": "
\n

Debian Security Advisory

\n

DSA-2561-1 tiff -- buffer overflow

\n
\n
Date Reported:
\n
21 Oct 2012
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4447.
\n
More information:
\n
\n

It was discovered that a buffer overflow in libtiff's parsing of files\nusing PixarLog compression could lead to the execution of arbitrary\ncode.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze6.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 3.9.6-9 of the tiff3\nsource package and in version 4.0.2-4 of the tiff source package.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2562": "
\n

Debian Security Advisory

\n

DSA-2562-1 cups-pk-helper -- privilege escalation

\n
\n
Date Reported:
\n
23 Oct 2012
\n
Affected Packages:
\n
\ncups-pk-helper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4510.
\n
More information:
\n
\n

cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained\nprivileges, wraps CUPS function calls in an insecure way. This could\nlead to uploading sensitive data to a CUPS resource, or overwriting\nspecific files with the content of a CUPS resource. The user would have\nto explicitly approve the action.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.1.0-3.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.3-1.

\n

We recommend that you upgrade your cups-pk-helper packages.

\n
\n
\n
\n
", "2563": "
\n

Debian Security Advisory

\n

DSA-2563-1 viewvc -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Oct 2012
\n
Affected Packages:
\n
\nviewvc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2009-5024, CVE-2012-3356, CVE-2012-3357, CVE-2012-4533.
\n
More information:
\n
\n

Several vulnerabilities were found in ViewVC, a web interface for CVS\nand Subversion repositories.

\n
    \n
  • CVE-2009-5024\n

    \nRemote attackers can bypass the cvsdb row_limit\nconfiguration setting, and consequently conduct resource-consumption\nattacks via the limit parameter.

    • \n
  • CVE-2012-3356\n

    \nThe remote Subversion views functionality does not properly\nperform authorization, which allows remote attackers to bypass intended\naccess restrictions.

    • \n
  • CVE-2012-3357\n

    \nThe Subversion revision view does not properly handle log\nmessages when a readable path is copied from an unreadable path, which\nallows remote attackers to obtain sensitive information.

    • \n
  • CVE-2012-4533\n

    \nfunction name lines returned by diff are not properly\nescaped, allowing attackers with commit access to perform cross site\nscripting.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.1.5-1.1+squeeze2.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.5-1.4.

\n

We recommend that you upgrade your viewvc packages.

\n
\n
\n
\n
", "2564": "
\n

Debian Security Advisory

\n

DSA-2564-1 tinyproxy -- denial of service

\n
\n
Date Reported:
\n
23 Oct 2012
\n
Affected Packages:
\n
\ntinyproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 685281.
In Mitre's CVE dictionary: CVE-2012-3505.
\n
More information:
\n
\n

gpernot discovered that Tinyproxy, a HTTP proxy, is vulnerable to a\ndenial of service by remote attackers by sending crafted request\nheaders.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.8.2-1squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.8.3-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.3-3.

\n

We recommend that you upgrade your tinyproxy packages.

\n
\n
\n
\n
", "2565": "
\n

Debian Security Advisory

\n

DSA-2565-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Oct 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Iceweasel, Debian's\nversion of the Mozilla Firefox web browser. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2012-3982:\n\t

    Multiple unspecified vulnerabilities in the browser engine\n\tallow remote attackers to cause a denial of service (memory\n\tcorruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.

    • \n
  • CVE-2012-3986:\n\t

    Iceweasel does not properly restrict calls to DOMWindowUtils\n\tmethods, which allows remote attackers to bypass intended\n\taccess restrictions via crafted JavaScript code.

    • \n
  • CVE-2012-3990:\n\t

    A Use-after-free vulnerability in the IME State Manager\n\timplementation allows remote attackers to execute arbitrary\n\tcode via unspecified vectors, related to the\n\tnsIContent::GetNameSpaceID function.

    • \n
  • CVE-2012-3991:\n\t

    Iceweasel does not properly restrict JSAPI access to the\n\tGetProperty function, which allows remote attackers to bypass\n\tthe Same Origin Policy and possibly have unspecified other\n\timpact via a crafted web site.

    • \n
  • CVE-2012-4179:\n\t

    A use-after-free vulnerability in the\n\tnsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote\n\tattackers to execute arbitrary code or cause a denial of\n\tservice (heap memory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4180:\n\t

    A heap-based buffer overflow in the\n\tnsHTMLEditor::IsPrevCharInNodeWhitespace function allows\n\tremote attackers to execute arbitrary code via unspecified\n\tvectors.

    • \n
  • CVE-2012-4182:\n\t

    A use-after-free vulnerability in the\n\tnsTextEditRules::WillInsert function allows remote attackers\n\tto execute arbitrary code or cause a denial of service (heap\n\tmemory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4186:\n\t

    A heap-based buffer overflow in the\n\tnsWav-eReader::DecodeAudioData function allows remote attackers\n\tto execute arbitrary code via unspecified vectors.

    • \n
  • CVE-2012-4188:\n\t

    A heap-based buffer overflow in the Convolve3x3 function\n\tallows remote attackers to execute arbitrary code via\n\tunspecified vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.5.16-19.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 10.0.8esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2566": "
\n

Debian Security Advisory

\n

DSA-2566-1 exim4 -- heap-based buffer overflow

\n
\n
Date Reported:
\n
25 Oct 2012
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-5671.
\n
More information:
\n
\n

It was discovered that Exim, a mail transport agent, is not properly\nhandling the decoding of DNS records for DKIM. Specifically, crafted\nrecords can yield to a heap-based buffer overflow. An attacker can\nexploit this flaw to execute arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.72-6+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 4.80-5.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.80-5.1.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "2567": "
\n

Debian Security Advisory

\n

DSA-2567-1 request-tracker3.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Oct 2012
\n
Affected Packages:
\n
\nrequest-tracker3.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4730, CVE-2012-4732, CVE-2012-4734, CVE-2012-4884, CVE-2012-6578, CVE-2012-6579, CVE-2012-6580, CVE-2012-6581.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Request Tracker (RT), an issue\ntracking system.

\n
    \n
  • CVE-2012-4730\n

    Authenticated users can add arbitrary headers or content to\n\tmail generated by RT.\t

    • \n
  • CVE-2012-4732\n

    A CSRF vulnerability may allow attackers to toggle ticket\n\tbookmarks.

    • \n
  • CVE-2012-4734\n

    If users follow a crafted URI and log in to RT, they may\n\ttrigger actions which would ordinarily blocked by the CSRF\n\tprevention logic.

    • \n
  • CVE-2012-6578,\n CVE-2012-6579,\n CVE-2012-6580,\n CVE-2012-6581\n

    Several different vulnerabilities in GnuPG processing allow\n\tattackers to cause RT to improperly sign outgoing email.

    • \n
  • CVE-2012-4884\n

    If GnuPG support is enabled, authenticated users can\n\tcreate arbitrary files as the web server user, which may\n\tenable arbitrary code execution.

    • \n
\n

Please note that if you run request-tracker3.8 under the Apache web\n\tserver, you must stop and start Apache manually. The restart\n\tmechanism is not recommended, especially when using mod_perl.

\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.8.8-7+squeeze6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-2 of the request-tracker4 package.

\n

We recommend that you upgrade your request-tracker3.8 packages.

\n
\n
\n
\n
", "2568": "
\n

Debian Security Advisory

\n

DSA-2568-1 rtfm -- privilege escalation

\n
\n
Date Reported:
\n
26 Oct 2012
\n
Affected Packages:
\n
\nrtfm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4731.
\n
More information:
\n
\n

It was discovered that RTFM, the FAQ manager for Request Tracker,\nallows authenticated users to create articles in any class.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.4.2-4+squeeze2.

\n

We recommend that you upgrade your rtfm packages.

\n
\n
\n
\n
", "2569": "
\n

Debian Security Advisory

\n

DSA-2569-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Oct 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Icedove, Debian's\nversion of the Mozilla Thunderbird mail client. The Common\nVulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2012-3982\n

    Multiple unspecified vulnerabilities in the browser engine\n\tallow remote attackers to cause a denial of service (memory\n\tcorruption and application crash) or possibly execute\n\tarbitrary code via unknown vectors.

    • \n
  • CVE-2012-3986\n

    Icedove does not properly restrict calls to DOMWindowUtils\n\tmethods, which allows remote attackers to bypass intended\n\taccess restrictions via crafted JavaScript code.

    • \n
  • CVE-2012-3990\n

    A Use-after-free vulnerability in the IME State Manager\n\timplementation allows remote attackers to execute arbitrary\n\tcode via unspecified vectors, related to the\n\tnsIContent::GetNameSpaceID function.

    • \n
  • CVE-2012-3991\n

    Icedove does not properly restrict JSAPI access to the\n\tGetProperty function, which allows remote attackers to bypass\n\tthe Same Origin Policy and possibly have unspecified other\n\timpact via a crafted web site.

    • \n
  • CVE-2012-4179\n

    A use-after-free vulnerability in the\n\tnsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote\n\tattackers to execute arbitrary code or cause a denial of\n\tservice (heap memory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4180\n

    A heap-based buffer overflow in the\n\tnsHTMLEditor::IsPrevCharInNodeWhitespace function allows\n\tremote attackers to execute arbitrary code via unspecified\n\tvectors.

    • \n
  • CVE-2012-4182\n

    A use-after-free vulnerability in the\n\tnsTextEditRules::WillInsert function allows remote attackers\n\tto execute arbitrary code or cause a denial of service (heap\n\tmemory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4186\n

    A heap-based buffer overflow in the\n\tnsWav-eReader::DecodeAudioData function allows remote attackers\n\tto execute arbitrary code via unspecified vectors.

    • \n
  • CVE-2012-4188\n

    A heap-based buffer overflow in the Convolve3x3 function\n\tallows remote attackers to execute arbitrary code via\n\tunspecified vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 3.0.11-1+squeeze14.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems have been fixed in version 10.0.9-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2570": "
\n

Debian Security Advisory

\n

DSA-2570-1 openoffice.org -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Oct 2012
\n
Affected Packages:
\n
\nopenoffice.org\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4233.
\n
More information:
\n
\n

High-Tech Bridge SA Security Research Lab discovered multiple null-pointer\ndereferences based vulnerabilities in OpenOffice.org which could cause\napplication crash or even arbitrary code execution using specially crafted\nfiles. Affected file types are LWP (Lotus Word Pro), ODG, PPT (PowerPoint\n2003) and XLS (Excel 2003).

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:3.2.1-11+squeeze8.

\n

openoffice.org package has been replaced by libreoffice in testing (wheezy)\nand unstable (sid) distributions.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4+dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.5.4+dfsg-3.

\n

We recommend that you upgrade your openoffice.org packages.

\n
\n
\n
\n
", "2571": "
\n

Debian Security Advisory

\n

DSA-2571-1 libproxy -- buffer overflow

\n
\n
Date Reported:
\n
04 Nov 2012
\n
Affected Packages:
\n
\nlibproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4505.
\n
More information:
\n
\n

The Red Hat Security Response Team discovered that libproxy, a library\nfor automatic proxy configuration management, applied insufficient\nvalidation to the Content-Length header sent by a server providing a\nproxy.pac file. Such remote server could trigger an integer overflow\nand consequently overflow an in-memory buffer.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.3.1-2+squeeze1.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), this problem has been fixed in version 0.3.1-5.1.

\n

We recommend that you upgrade your libproxy packages.

\n
\n
\n
\n
", "2572": "
\n

Debian Security Advisory

\n

DSA-2572-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Nov 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3982, CVE-2012-3986, CVE-2012-3990, CVE-2012-3991, CVE-2012-4179, CVE-2012-4180, CVE-2012-4182, CVE-2012-4186, CVE-2012-4188.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Iceape, an internet\nsuite based on Seamonkey:

\n
    \n
  • CVE-2012-3982\n

    Multiple unspecified vulnerabilities in the browser engine\n allow remote attackers to cause a denial of service (memory\n corruption and application crash) or possibly execute\n arbitrary code via unknown vectors.

    • \n
  • CVE-2012-3986\n

    Icedove does not properly restrict calls to DOMWindowUtils\n methods, which allows remote attackers to bypass intended\n access restrictions via crafted JavaScript code.

    • \n
  • CVE-2012-3990\n

    A Use-after-free vulnerability in the IME State Manager\n implementation allows remote attackers to execute arbitrary\n code via unspecified vectors, related to the\n nsIContent::GetNameSpaceID function.

    • \n
  • CVE-2012-3991\n

    Icedove does not properly restrict JSAPI access to the\n GetProperty function, which allows remote attackers to bypass\n the Same Origin Policy and possibly have unspecified other\n impact via a crafted web site.

    • \n
  • CVE-2012-4179\n

    A use-after-free vulnerability in the\n nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote\n attackers to execute arbitrary code or cause a denial of\n service (heap memory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4180\n

    A heap-based buffer overflow in the\n nsHTMLEditor::IsPrevCharInNodeWhitespace function allows\n remote attackers to execute arbitrary code via unspecified\n vectors.

    • \n
  • CVE-2012-4182\n

    A use-after-free vulnerability in the\n nsTextEditRules::WillInsert function allows remote attackers\n to execute arbitrary code or cause a denial of service (heap\n memory corruption) via unspecified vectors.

    • \n
  • CVE-2012-4186\n

    A heap-based buffer overflow in the\n nsWav-eReader::DecodeAudioData function allows remote attackers\n to execute arbitrary code via unspecified vectors.

    • \n
  • CVE-2012-4188\n

    A heap-based buffer overflow in the Convolve3x3 function\n allows remote attackers to execute arbitrary code via\n unspecified vectors.

    • \n
\n

Additionally, this update fixes a regression in the patch for\nCVE-2012-3959,\nreleased in DSA-2554-1.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.0.11-16.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 10.0.10esr-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.10esr-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2573": "
\n

Debian Security Advisory

\n

DSA-2573-1 radsecproxy -- SSL certificate verification weakness

\n
\n
Date Reported:
\n
10 Nov 2012
\n
Affected Packages:
\n
\nradsecproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4523, CVE-2012-4566.
\n
More information:
\n
\n

Ralf Paffrath reported that Radsecproxy, a RADIUS protocol proxy, mixed up\npre- and post-handshake verification of clients. This vulnerability may\nwrongly accept clients without checking their certificate chain under\ncertain configurations.

\n

Raphael Geissert spotted that the fix for CVE-2012-4523 was incomplete,\ngiving origin to CVE-2012-4566. Both vulnerabilities are fixed with this\nupdate.

\n

Notice that this fix may make Radsecproxy reject some clients that are\ncurrently (erroneously) being accepted.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.4-1+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 1.6.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.2-1.

\n

We recommend that you upgrade your radsecproxy packages.

\n
\n
\n
\n
", "2574": "
\n

Debian Security Advisory

\n

DSA-2574-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Nov 2012
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6144, CVE-2012-6145, CVE-2012-6146, CVE-2012-6147.
\n
More information:
\n
\n

Several vulnerabilities were discovered in TYPO3, a content management\nsystem. This update addresses cross-site scripting, SQL injection,\nand information disclosure vulnerabilities and corresponds to\nTYPO3-CORE-SA-2012-005.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.9+dfsg1-1+squeeze7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5.19+dfsg1-4.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2575": "
\n

Debian Security Advisory

\n

DSA-2575-1 tiff -- heap-based buffer overflow

\n
\n
Date Reported:
\n
18 Nov 2012
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4564.
\n
More information:
\n
\n

It was discovered that ppm2tiff of the TIFF tools, a set of utilities\nfor TIFF manipulation and conversion, is not properly checking the return\nvalue of an internal function used in order to detect integer overflows.\nAs a consequence, ppm2tiff suffers of a heap-based buffer overflow.\nThis allows attacker to potentially execute arbitrary code via a crafted\nPPM image, especially in scenarios in which images are automatically\nprocessed.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze7.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.0.2-5.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2576": "
\n

Debian Security Advisory

\n

DSA-2576-1 trousers -- denial of service

\n
\n
Date Reported:
\n
23 Nov 2012
\n
Affected Packages:
\n
\ntrousers\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 692649.
In Mitre's CVE dictionary: CVE-2012-0698.
\n
More information:
\n
\n

Andy Lutomirski discovered that tcsd (the TPM userspace daemon) was missing\ninput validation. Using carefully crafted input, it can lead to a denial of\nservice by making the daemon crash with a segmentation fault.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.3.5-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.3.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.3.9-1.

\n

We recommend that you upgrade your trousers packages.

\n
\n
\n
\n
", "2577": "
\n

Debian Security Advisory

\n

DSA-2577-1 libssh -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Dec 2012
\n
Affected Packages:
\n
\nlibssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4559, CVE-2012-4561, CVE-2012-4562, CVE-2012-6063.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in libssh by Florian Weimer and Xi\nWang:

\n\n

Those could lead to a denial of service by making an SSH client linked to\nlibssh crash, and maybe even arbitrary code execution.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.4.5-3+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 0.5.3-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.5.3-1.

\n

We recommend that you upgrade your libssh packages.

\n
\n
\n
\n
", "2578": "
\n

Debian Security Advisory

\n

DSA-2578-1 rssh -- insufficient filtering of rsync command line

\n
\n
Date Reported:
\n
28 Nov 2012
\n
Affected Packages:
\n
\nrssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2251, CVE-2012-2252.
\n
More information:
\n
\n

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used\nwith scp, sftp, rdist and cvs, was not correctly filtering command line options.\nThis could be used to force the execution of a remote script and thus allow\narbitrary command execution. Two CVE were assigned:

\n
    \n
  • CVE-2012-2251\n

    Incorrect filtering of command line when using rsync protocol. It was\n\tfor example possible to pass dangerous options after a -- switch. The rsync\n\tprotocol support has been added in a Debian (and Fedora/Red Hat) specific\n\tpatch, so this vulnerability doesn't affect upstream.

    • \n
  • CVE-2012-2252\n

    Incorrect filtering of the --rsh option: the filter preventing usage of the\n\t--rsh= option would not prevent passing --rsh. This vulnerability affects\n\tupstream code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.2-13squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.3.3-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-6.

\n

We recommend that you upgrade your rssh packages.

\n
\n
\n
\n
", "2579": "
\n

Debian Security Advisory

\n

DSA-2579-1 apache2 -- Multiple issues

\n
\n
Date Reported:
\n
30 Nov 2012
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 689936.
In Mitre's CVE dictionary: CVE-2012-4557, CVE-2012-4929.
\n
More information:
\n
\n

A vulnerability has been found in the Apache HTTPD Server:

\n
    \n
  • CVE-2012-4557\n

    A flaw was found when mod_proxy_ajp connects to a backend\n\tserver that takes too long to respond. Given a specific\n\tconfiguration, a remote attacker could send certain requests,\n\tputting a backend server into an error state until the retry\n\ttimeout expired. This could lead to a temporary denial of\n\tservice.

    • \n
\n

In addition, this update also adds a server side mitigation for the\nfollowing issue:

\n
    \n
  • CVE-2012-4929\n

    If using SSL/TLS data compression with HTTPS in an connection\n\tto a web browser, man-in-the-middle attackers may obtain\n\tplaintext HTTP headers. This issue is known as the CRIME\n\tattack. This update of apache2 disables SSL compression by\n\tdefault. A new SSLCompression directive has been backported\n\tthat may be used to re-enable SSL data compression in\n\tenvironments where the CRIME attack is not an issue.\n\tFor more information, please refer to the SSLCompression\n\tDirective documentation.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.2.16-6+squeeze10.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 2.2.22-12.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.22-12.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "2580": "
\n

Debian Security Advisory

\n

DSA-2580-1 libxml2 -- buffer overflow

\n
\n
Date Reported:
\n
02 Dec 2012
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-5134.
\n
More information:
\n
\n

Jueri Aedla discovered a buffer overflow in the libxml XML library, which\ncould result in the execution of arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.8.0+dfsg1-7.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2581": "
\n

Debian Security Advisory

\n

DSA-2581-1 mysql-5.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Dec 2012
\n
Affected Packages:
\n
\nmysql-5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 690778, Bug 695001.
In Mitre's CVE dictionary: CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197, CVE-2012-5611.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to a new upstream version,\n5.1.66, which includes additional changes, such as performance improvements and\ncorrections for data loss defects. These changes are described in the\nMySQL release notes.\n

\n

For the testing distribution (wheezy) and unstable distribution (sid), these\nproblems have been fixed in version 5.5.28+dfsg-1.

\n

Additionally, CVE-2012-5611\nhas been fixed in this upload. The vulnerability\n(discovered independently by Tomas Hoger from the Red Hat Security Response\nTeam and king cope) is a stack-based buffer overflow in acl_get() when\nchecking user access to a database. Using a carefully crafted database name, an\nalready authenticated MySQL user could make the server crash or even execute\narbitrary code as the mysql system user.

\n

For the stable distribution (squeeze), this problem has been fixed in version\n5.1.66-0+squeeze1.

\n

For the testing distribution (wheezy) and unstable distribution (sid), this\nproblem will be fixed soon.

\n

We recommend that you upgrade your mysql-5.1 packages.

\n
\n
\n
\n
", "2582": "
\n

Debian Security Advisory

\n

DSA-2582-1 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Dec 2012
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3131, CVE-2012-4535, CVE-2012-4537, CVE-2012-4538, CVE-2012-4539, CVE-2012-5510, CVE-2012-5513, CVE-2012-5514, CVE-2012-5515.
\n
More information:
\n
\n

Multiple denial of service vulnerabilities have been discovered\nin the Xen Hypervisor. One of the issue\n(CVE-2012-5513)\ncould even lead to privilege escalation from guest to host.

\n

Some of the recently published Xen Security Advisories\n(XSA 25\nand 28)\nare not fixed by this update and should be fixed in a future release.

\n
    \n
  • CVE-2011-3131\n\t(XSA 5):\n\tDoS using I/OMMU faults from PCI-passthrough guest\n\t

    A VM that controls a PCI[E] device directly can cause it to issue DMA\n\trequests to invalid addresses. Although these requests are denied by the\n\tI/OMMU, the hypervisor needs to handle the interrupt and clear the error from\n\tthe I/OMMU, and this can be used to live-lock a CPU and potentially hang the\n\thost.

    • \n
  • CVE-2012-4535\n\t(XSA 20):\n\tTimer overflow DoS vulnerability\n\t

    A guest which sets a VCPU with an inappropriate deadline can cause an\n\tinfinite loop in Xen, blocking the affected physical CPU indefinitely.

    • \n
  • CVE-2012-4537\n\t(XSA 22):\n\tMemory mapping failure DoS vulnerability\n\t

    When set_p2m_entry fails, Xen's internal data structures (the p2m and m2p\n\ttables) can get out of sync. This failure can be triggered by unusual guest\n\tbehaviour exhausting the memory reserved for the p2m table. If it happens,\n\tsubsequent guest-invoked memory operations can cause Xen to fail an assertion\n\tand crash.

    • \n
  • CVE-2012-4538\n\t(XSA 23):\n\tUnhooking empty PAE entries DoS vulnerability\n\t

    The HVMOP_pagetable_dying hypercall does not correctly check the\n\tcaller's pagetable state, leading to a hypervisor crash.

    • \n
  • CVE-2012-4539\n\t(XSA 24):\n\tGrant table hypercall infinite loop DoS vulnerability\n\t

    Due to inappropriate duplicate use of the same loop control variable,\n\tpassing bad arguments to GNTTABOP_get_status_frames can cause an\n\tinfinite loop in the compat hypercall handler.

    • \n
  • CVE-2012-5510\n\t(XSA 26):\n\tGrant table version switch list corruption vulnerability\n\t

    Downgrading the grant table version of a guest involves freeing its status\n\tpages. This freeing was incomplete - the page(s) are freed back to the\n\tallocator, but not removed from the domain's tracking list. This would cause\n\tlist corruption, eventually leading to a hypervisor crash.

    • \n
  • CVE-2012-5513\n\t(XSA 29):\n\tXENMEM_exchange may overwrite hypervisor memory\n\t

    The handler for XENMEM_exchange accesses guest memory without range checking\n\tthe guest provided addresses, thus allowing these accesses to include the\n\thypervisor reserved range.

    \n

    A malicious guest administrator can cause Xen to crash. If the out of address\n\tspace bounds access does not lead to a crash, a carefully crafted privilege\n\tescalation cannot be excluded, even though the guest doesn't itself control\n\tthe values written.

    • \n
  • CVE-2012-5514\n\t(XSA 30):\n\tBroken error handling in guest_physmap_mark_populate_on_demand()\n\t

    guest_physmap_mark_populate_on_demand(), before carrying out its actual\n\toperation, checks that the subject GFNs are not in use. If that check fails,\n\tthe code prints a message and bypasses the gfn_unlock() matching the\n\tgfn_lock() carried out before entering the loop.\n\tA malicious guest administrator can then use it to cause Xen to hang.

    • \n
  • CVE-2012-5515\n\t(XSA 31):\n\tSeveral memory hypercall operations allow invalid extent order values\n\t

    Allowing arbitrary extent_order input values for XENMEM_decrease_reservation,\n\tXENMEM_populate_physmap, and XENMEM_exchange can cause arbitrarily long time\n\tbeing spent in loops without allowing vital other code to get a chance to\n\texecute. This may also cause inconsistent state resulting at the completion\n\tof these hypercalls.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.5.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 4.1.3-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.3-6.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2583": "
\n

Debian Security Advisory

\n

DSA-2583-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Dec 2012
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4201, CVE-2012-4207, CVE-2012-4216, CVE-2012-5829, CVE-2012-5842.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in Iceweasel, the Debian web browser\nbased on Mozilla Firefox:

\n
    \n
  • CVE-2012-5829\n

    Heap-based buffer overflow in the nsWindow::OnExposeEvent function could\n allow remote attackers to execute arbitrary code.

    • \n
  • CVE-2012-5842\n

    Multiple unspecified vulnerabilities in the browser engine could allow remote\n attackers to cause a denial of service (memory corruption and application\n crash) or possibly execute arbitrary code.

    • \n
  • CVE-2012-4207\n

    The HZ-GB-2312 character-set implementation does not properly handle a ~\n (tilde) character in proximity to a chunk delimiter, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks via a crafted\n document.

    • \n
  • CVE-2012-4201\n

    The evalInSandbox implementation uses an incorrect context during the\n handling of JavaScript code that sets the location.href property, which\n allows remote attackers to conduct cross-site scripting (XSS) attacks or read\n arbitrary files by leveraging a sandboxed add-on.

    • \n
  • CVE-2012-4216\n

    Use-after-free vulnerability in the gfxFont::GetFontEntry function allows\n remote attackers to execute arbitrary code or cause a denial of service (heap\n memory corruption) via unspecified vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.5.16-20.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 10.0.11esr-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.11esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2584": "
\n

Debian Security Advisory

\n

DSA-2584-1 iceape -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Dec 2012
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4201, CVE-2012-4207, CVE-2012-4216, CVE-2012-5829, CVE-2012-5842.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in Iceape, the Debian Internet suite\nbased on Mozilla Seamonkey:

\n
    \n
  • CVE-2012-5829\n

    Heap-based buffer overflow in the nsWindow::OnExposeEvent function could\n allow remote attackers to execute arbitrary code.

    • \n
  • CVE-2012-5842\n

    Multiple unspecified vulnerabilities in the browser engine could allow remote\n attackers to cause a denial of service (memory corruption and application\n crash) or possibly execute arbitrary code.

    • \n
  • CVE-2012-4207\n

    The HZ-GB-2312 character-set implementation does not properly handle a ~\n (tilde) character in proximity to a chunk delimiter, which allows remote\n attackers to conduct cross-site scripting (XSS) attacks via a crafted\n document.

    • \n
  • CVE-2012-4201\n

    The evalInSandbox implementation uses an incorrect context during the\n handling of JavaScript code that sets the location.href property, which\n allows remote attackers to conduct cross-site scripting (XSS) attacks or read\n arbitrary files by leveraging a sandboxed add-on.

    • \n
  • CVE-2012-4216\n

    Use-after-free vulnerability in the gfxFont::GetFontEntry function allows\n remote attackers to execute arbitrary code or cause a denial of service (heap\n memory corruption) via unspecified vectors.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.0.11-17.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 2.7.11-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.7.11-1.

\n

We recommend that you upgrade your iceape packages.

\n
\n
\n
\n
", "2585": "
\n

Debian Security Advisory

\n

DSA-2585-1 bogofilter -- buffer overflow

\n
\n
Date Reported:
\n
11 Dec 2012
\n
Affected Packages:
\n
\nbogofilter\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 695139.
In Mitre's CVE dictionary: CVE-2012-5468.
\n
More information:
\n
\n

A heap-based buffer overflow was discovered in bogofilter, a software\npackage for classifying mail messages as spam or non-spam. Crafted\nmail messages with invalid base64 data could lead to heap corruption\nand, potentially, arbitrary code execution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-2+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1.2.2+dfsg1-2.

\n

We recommend that you upgrade your bogofilter packages.

\n
\n
\n
\n
", "2586": "
\n

Debian Security Advisory

\n

DSA-2586-1 perl -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Dec 2012
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 689314, Bug 693420, Bug 695223.
In Mitre's CVE dictionary: CVE-2012-5195, CVE-2012-5526.
\n
More information:
\n
\n

Two vulnerabilities were discovered in the implementation of the Perl\nprogramming language:

\n
    \n
  • CVE-2012-5195\n

    The x operator could cause the Perl interpreter to crash\n if very long strings were created.

    • \n
  • CVE-2012-5526\n

    The CGI module does not properly escape LF characters\n in the Set-Cookie and P3P headers.

    • \n
\n

In addition, this update adds a warning to the Storable documentation\nthat this package is not suitable for deserializing untrusted data.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 5.10.1-17squeeze4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.14.2-16.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "2587": "
\n

Debian Security Advisory

\n

DSA-2587-1 libcgi-pm-perl -- HTTP header injection

\n
\n
Date Reported:
\n
11 Dec 2012
\n
Affected Packages:
\n
\nlibcgi-pm-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 693421.
In Mitre's CVE dictionary: CVE-2012-5526.
\n
More information:
\n
\n

It was discovered that the CGI module for Perl does not filter LF\ncharacters in the Set-Cookie and P3P headers, potentially allowing\nattackers to inject HTTP headers.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.49-1squeeze2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.61-2.

\n

We recommend that you upgrade your libcgi-pm-perl packages.

\n
\n
\n
\n
", "2588": "
\n

Debian Security Advisory

\n

DSA-2588-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Dec 2012
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4201, CVE-2012-4207, CVE-2012-4216, CVE-2012-5829, CVE-2012-5842.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client.

\n
    \n
  • CVE-2012-4201\n

    The evalInSandbox implementation uses an incorrect context during\n the handling of JavaScript code that sets the location.href\n property, which allows remote attackers to conduct cross-site\n scripting (XSS) attacks or read arbitrary files by leveraging a\n sandboxed add-on.

    • \n
  • CVE-2012-4207\n

    The HZ-GB-2312 character-set implementation does not properly handle\n a ~ (tilde) character in proximity to a chunk delimiter, which\n allows remote attackers to conduct cross-site scripting (XSS)\n attacks via a crafted document.

    • \n
  • CVE-2012-4216\n

    Use-after-free vulnerability in the gfxFont::GetFontEntry function\n allows remote attackers to execute arbitrary code or cause a denial\n of service (heap memory corruption) via unspecified vectors.

    • \n
  • CVE-2012-5829\n

    Heap-based buffer overflow in the nsWindow::OnExposeEvent function could\n allow remote attackers to execute arbitrary code.

    • \n
  • CVE-2012-5842\n

    Multiple unspecified vulnerabilities in the browser engine could\n allow remote attackers to cause a denial of service (memory\n corruption and application crash) or possibly execute arbitrary\n code.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.0.11-1+squeeze15.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.11-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2589": "
\n

Debian Security Advisory

\n

DSA-2589-1 tiff -- buffer overflow

\n
\n
Date Reported:
\n
16 Dec 2012
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 694693.
In Mitre's CVE dictionary: CVE-2012-5581.
\n
More information:
\n
\n

The tiff library for handling TIFF image files contained a stack-based\nbuffer overflow, potentially allowing attackers who can submit such\nfiles to a vulnerable system to execute arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.9.4-5+squeeze8.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.0.2-1 of the tiff\npackage, and version 3.9.6-10 of the tiff3 package.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2590": "
\n

Debian Security Advisory

\n

DSA-2590-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Dec 2012
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4048, CVE-2012-4296.
\n
More information:
\n
\n

Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2\ndissectors, which could potentially result in the execution of arbitrary\ncode.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.2-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2591": "
\n

Debian Security Advisory

\n

DSA-2591-1 mahara -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Dec 2012
\n
Affected Packages:
\n
\nmahara\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2239, CVE-2012-2243, CVE-2012-2244, CVE-2012-2246, CVE-2012-2247, CVE-2012-2253, CVE-2012-6037.
\n
More information:
\n
\n

Multiple security issues have been found in Mahara, an electronic\nportfolio, weblog, and resume builder, which can result in cross-site\nscripting, clickjacking or arbitrary file execution.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.6-2+squeeze6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.5.1-3.1.

\n

We recommend that you upgrade your mahara packages.

\n
\n
\n
\n
", "2592": "
\n

Debian Security Advisory

\n

DSA-2592-1 elinks -- programming error

\n
\n
Date Reported:
\n
28 Dec 2012
\n
Affected Packages:
\n
\nelinks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4545.
\n
More information:
\n
\n

Marko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12~pre5-2+squeeze1. Since the initial Squeeze release,\nXULRunner needed to be updated and the version currently in the archive\nis incompatible with ELinks. As such, JavaScript support needed to be\ndisabled (only a small subset of typical functionality was supported\nanyway). It will likely be re-enabled in a later point update.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.12~pre5-9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.12~pre5-9.

\n

We recommend that you upgrade your elinks packages.

\n
\n
\n
\n
", "2593": "
\n

Debian Security Advisory

\n

DSA-2593-1 moin -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Dec 2012
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6080, CVE-2012-6081, CVE-2012-6082, CVE-2012-6495.
\n
More information:
\n
\n

It was discovered that missing input validation in the twikidraw and\nanywikidraw actions can result in the execution of arbitrary code.\nThis security issue is being actively exploited.

\n

This update also addresses path traversal in AttachFile.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.9.3-1+squeeze4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.5-4.

\n

We recommend that you upgrade your moin packages.

\n
\n
\n
\n
", "2594": "
\n

Debian Security Advisory

\n

DSA-2594-1 virtualbox-ose -- programming error

\n
\n
Date Reported:
\n
30 Dec 2012
\n
Affected Packages:
\n
\nvirtualbox-ose\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3221.
\n
More information:
\n
\n

halfdog discovered that incorrect interrupt handling in VirtualBox,\na x86 virtualization solution, can lead to denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.10-dfsg-1+squeeze1.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 4.1.18-dfsg-1.1 of\nthe virtualbox source package.

\n

We recommend that you upgrade your virtualbox-ose packages.

\n
\n
\n
\n
", "2595": "
\n

Debian Security Advisory

\n

DSA-2595-1 ghostscript -- integer overflow

\n
\n
Date Reported:
\n
30 Dec 2012
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4405.
\n
More information:
\n
\n

Marc Schoenefeld discovered that an integer overflow in the ICC parsing\ncode of Ghostscript can lead to the execution of arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.71~dfsg2-9+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 9.05~dfsg-6.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 9.05~dfsg-6.1.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
\n
\n
", "2596": "
\n

Debian Security Advisory

\n

DSA-2596-1 mediawiki-extensions -- cross-site scripting

\n
\n
Date Reported:
\n
30 Dec 2012
\n
Affected Packages:
\n
\nmediawiki-extensions\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 696179.
\n
More information:
\n
\n

Thorsten Glaser discovered that the RSSReader extension for MediaWiki, a\nwebsite engine for collaborative work, does not properly escape tags in\nfeeds. This could allow a malicious feed to inject JavaScript into the\nMediaWiki pages.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3squeeze2.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.11.

\n

We recommend that you upgrade your mediawiki-extensions packages.

\n
\n
\n
\n
", "2597": "
\n

Debian Security Advisory

\n

DSA-2597-1 rails -- input validation error

\n
\n
Date Reported:
\n
04 Jan 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6496, CVE-2012-6497.
\n
More information:
\n
\n

joernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_* methods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nruby-activerecord-2.3 version 2.3.14-3.

\n

We recommend that you upgrade your rails/ruby-activerecord-2.3 packages.

\n
\n
\n
\n
", "2598": "
\n

Debian Security Advisory

\n

DSA-2598-1 weechat -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Jan 2013
\n
Affected Packages:
\n
\nweechat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-1428, CVE-2012-5534.
\n
More information:
\n
\n

Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client:

\n
    \n
  • CVE-2011-1428\n

    X.509 certificates were incorrectly validated.

    • \n
  • CVE-2012-5534\n

    The hook_process function in the plugin API allowed the execution\n of arbitrary shell commands.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.3.2-1+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 0.3.8-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.3.9.2-1.

\n

We recommend that you upgrade your weechat packages.

\n
\n
\n
\n
", "2599": "
\n

Debian Security Advisory

\n

DSA-2599-1 nss -- mis-issued intermediates

\n
\n
Date Reported:
\n
06 Jan 2013
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0743.
\n
More information:
\n
\n

Google, Inc. discovered that the TurkTrust certification authority\nincluded in the Network Security Service libraries (nss) mis-issued\ntwo intermediate CAs which could be used to generate rogue end-entity\ncertificates. This update explicitly distrusts those two intermediate\nCAs. The two existing TurkTrust root CAs remain active.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze6.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2:3.13.6-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.14.1.with.ckbi.1.93-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2600": "
\n

Debian Security Advisory

\n

DSA-2600-1 cups -- privilege escalation

\n
\n
Date Reported:
\n
06 Jan 2013
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 692791.
In Mitre's CVE dictionary: CVE-2012-5519.
\n
More information:
\n
\n

Jann Horn discovered that users of the CUPS printing system who are part\nof the lpadmin group could modify several configuration parameters with\nsecurity impact. Specifically, this allows an attacker to read or write\narbitrary files as root which can be used to elevate privileges.

\n

This update splits the configuration file /etc/cups/cupsd.conf into two\nfiles: cupsd.conf and cups-files.conf. While the first stays configurable\nvia the web interface, the latter can only be configured by the root user.\nPlease see the updated documentation that comes with the new package\nfor more information on these files.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.4-7+squeeze2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.5.3-2.7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.3-2.7.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "2601": "
\n

Debian Security Advisory

\n

DSA-2601-1 gnupg, gnupg2 -- missing input sanitation

\n
\n
Date Reported:
\n
06 Jan 2013
\n
Affected Packages:
\n
\ngnupg, gnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697108, Bug 697251.
In Mitre's CVE dictionary: CVE-2012-6085.
\n
More information:
\n
\n

KB Sriram discovered that GnuPG, the GNU Privacy Guard did not\nsufficiently sanitise public keys on import, which could lead to\nmemory and keyring corruption.

\n

The problem affects both version 1, in the gnupg package, and\nversion two, in the gnupg2 package.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.10-4+squeeze1 of gnupg and version 2.0.14-2+squeeze1 of\ngnupg2.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem has been fixed in version 1.4.12-7 of gnupg and\nversion 2.0.19-2 of gnupg2.

\n

We recommend that you upgrade your gnupg and/or gnupg2 packages.

\n
\n
\n
\n
", "2602": "
\n

Debian Security Advisory

\n

DSA-2602-1 zendframework -- XML external entity inclusion

\n
\n
Date Reported:
\n
08 Jan 2013
\n
Affected Packages:
\n
\nzendframework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 696483.
In Mitre's CVE dictionary: CVE-2012-5657.
\n
More information:
\n
\n

Yury Dyachenko discovered that Zend Framework uses the PHP XML parser\nin an insecure way, allowing attackers to open files and trigger HTTP\nrequests, potentially accessing restricted information.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.10.6-1squeeze2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.11.13-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.11.13-1.1.

\n

We recommend that you upgrade your zendframework packages.

\n
\n
\n
\n
", "2603": "
\n

Debian Security Advisory

\n

DSA-2603-1 emacs23 -- programming error

\n
\n
Date Reported:
\n
09 Jan 2013
\n
Affected Packages:
\n
\nemacs23\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3479.
\n
More information:
\n
\n

Paul Ling discovered that Emacs insufficiently restricted the evaluation\nof Lisp code if enable-local-variables is set to safe.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 23.2+1-7+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 23.4+1-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 23.4+1-4.

\n

We recommend that you upgrade your emacs23 packages.

\n
\n
\n
\n
", "2604": "
\n

Debian Security Advisory

\n

DSA-2604-1 rails -- insufficient input validation

\n
\n
Date Reported:
\n
09 Jan 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697722.
In Mitre's CVE dictionary: CVE-2013-0156.
\n
More information:
\n
\n

It was discovered that Rails, the Ruby web application development\nframework, performed insufficient validation on input parameters,\nallowing unintended type conversions. An attacker may use this to\nbypass authentication systems, inject arbitrary SQL, inject and\nexecute arbitrary code, or perform a DoS attack on the application.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.1.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2605": "
\n

Debian Security Advisory

\n

DSA-2605-2 asterisk -- several issues

\n
\n
Date Reported:
\n
19 Jan 2013
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697230, Bug 698112, Bug 698118.
In Mitre's CVE dictionary: CVE-2012-5976, CVE-2012-5977.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Asterisk, a PBX and telephony\ntoolkit, that allow remote attackers to perform denial of service\nattacks.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze10.

\n

For the testing distribution (wheezy) and unstable distribution (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2606": "
\n

Debian Security Advisory

\n

DSA-2606-1 proftpd-dfsg -- symlink race

\n
\n
Date Reported:
\n
13 Jan 2013
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697524.
In Mitre's CVE dictionary: CVE-2012-6095.
\n
More information:
\n
\n

It has been discovered that in ProFTPd, an FTP server, an attacker on\nthe same physical host as the server may be able to perform a symlink\nattack allowing to elevate privileges in some configurations.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze6.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.4a-3.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "2607": "
\n

Debian Security Advisory

\n

DSA-2607-1 qemu-kvm -- buffer overflow

\n
\n
Date Reported:
\n
15 Jan 2013
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 696051.
In Mitre's CVE dictionary: CVE-2012-6075.
\n
More information:
\n
\n

It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2+dfsg-4.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2608": "
\n

Debian Security Advisory

\n

DSA-2608-1 qemu -- buffer overflow

\n
\n
Date Reported:
\n
15 Jan 2013
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 696051.
In Mitre's CVE dictionary: CVE-2012-6075.
\n
More information:
\n
\n

It was discovered that the e1000 emulation code in QEMU does not\nenforce frame size limits in the same way as the real hardware does.\nThis could trigger buffer overflows in the guest operating system\ndriver for that network card, assuming that the host system does not\ndiscard such frames (which it will by default).

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-3squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.2+dfsg-4.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "2609": "
\n

Debian Security Advisory

\n

DSA-2609-1 rails -- SQL query manipulation

\n
\n
Date Reported:
\n
16 Jan 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0155.
\n
More information:
\n
\n

An interpretation conflict can cause the Active Record component of\nRails, a web framework for the Ruby programming language, to truncate\nqueries in unexpected ways. This may allow attackers to elevate their\nprivileges.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze5.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2610": "
\n

Debian Security Advisory

\n

DSA-2610-1 ganglia -- arbitrary script execution

\n
\n
Date Reported:
\n
21 Jan 2013
\n
Affected Packages:
\n
\nganglia\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 683584.
In Mitre's CVE dictionary: CVE-2012-3448.
\n
More information:
\n
\n

Insufficient input sanitization in Ganglia, a web based monitoring system,\ncould lead to remote PHP script execution with permissions of the user running\nthe web server.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.1.7-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.3.8-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.8-1.

\n

We recommend that you upgrade your ganglia packages.

\n
\n
\n
\n
", "2611": "
\n

Debian Security Advisory

\n

DSA-2611-1 movabletype-opensource -- several vulnerabilities

\n
\n
Date Reported:
\n
22 Jan 2013
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697666.
In Mitre's CVE dictionary: CVE-2013-0209.
\n
More information:
\n
\n

An input sanitation problem has been found in upgrade functions of\nmovabletype-opensource, a web-based publishing platform. Using carefully\ncrafted requests to the mt-upgrade.cgi file, it would be possible to inject OS\ncommand and SQL queries.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.3.8+dfsg-0+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 5.1.2+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.2+dfsg-1.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "2612": "
\n

Debian Security Advisory

\n

DSA-2612-2 ircd-ratbox -- programming error

\n
\n
Date Reported:
\n
10 Feb 2013
\n
Affected Packages:
\n
\nircd-ratbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6084.
\n
More information:
\n
\n

It was discovered that a bug in the server capability negotiation code of\nircd-ratbox could result in denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.0.6.dfsg-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3.0.7.dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.7.dfsg-3.

\n

We recommend that you upgrade your ircd-ratbox packages.

\n
\n
\n
\n
", "2613": "
\n

Debian Security Advisory

\n

DSA-2613-1 rails -- insufficient input validation

\n
\n
Date Reported:
\n
29 Jan 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699226.
In Mitre's CVE dictionary: CVE-2013-0333.
\n
More information:
\n
\n

Lawrence Pit discovered that Ruby on Rails, a web development framework,\nis vulnerable to a flaw in the parsing of JSON to YAML. Using a specially\ncrafted payload attackers can trick the backend into decoding a subset of\nYAML.

\n

The vulnerability has been addressed by removing the YAML backend and\nadding the OkJson backend.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze6.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.14-6 of the ruby-activesupport-2.3 package.

\n

The 3.2 version of rails as found in Debian wheezy and sid is not\naffected by the problem.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2614": "
\n

Debian Security Advisory

\n

DSA-2614-1 libupnp -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Feb 2013
\n
Affected Packages:
\n
\nlibupnp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699316.
In Mitre's CVE dictionary: CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965.
\n
More information:
\n
\n

Multiple stack-based buffer overflows were discovered in libupnp, a library\nused for handling the Universal Plug and Play protocol. HD Moore from Rapid7\ndiscovered that SSDP queries where not correctly handled by the\nunique_service_name() function.

\n

An attacker sending carefully crafted SSDP queries to a daemon built on libupnp\ncould generate a buffer overflow, overwriting the stack, leading to the daemon\ncrash and possible remote code execution.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.6-5+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 1:1.6.17-1.2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.6.17-1.2.

\n

We recommend that you upgrade your libupnp packages.

\n
\n
\n
\n
", "2615": "
\n

Debian Security Advisory

\n

DSA-2615-1 libupnp4 -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Feb 2013
\n
Affected Packages:
\n
\nlibupnp4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699459.
In Mitre's CVE dictionary: CVE-2012-5958, CVE-2012-5959, CVE-2012-5960, CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965.
\n
More information:
\n
\n

Multiple stack-based buffer overflows were discovered in libupnp4, a library\nused for handling the Universal Plug and Play protocol. HD Moore from Rapid7\ndiscovered that SSDP queries where not correctly handled by the\nunique_service_name() function.

\n

An attacker sending carefully crafted SSDP queries to a daemon built on\nlibupnp4 could generate a buffer overflow, overwriting the stack, leading to\nthe daemon crash and possible remote code execution.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.8.0~svn20100507-1+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 1.8.0~svn20100507-1.2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.0~svn20100507-1.2.

\n

We recommend that you upgrade your libupnp4 packages.

\n
\n
\n
\n
", "2616": "
\n

Debian Security Advisory

\n

DSA-2616-1 nagios3 -- buffer overflow in CGI scripts

\n
\n
Date Reported:
\n
03 Feb 2013
\n
Affected Packages:
\n
\nnagios3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697930.
In Mitre's CVE dictionary: CVE-2012-6096.
\n
More information:
\n
\n

A buffer overflow problem has been found in nagios3, a host/service/network\nmonitoring and management system. A malicious client could craft a\nrequest to history.cgi and cause application crashes.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3.2.1-2+squeeze1.

\n

For the testing distribution (wheezy), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.4.1-3.

\n

We recommend that you upgrade your nagios3 packages.

\n
\n
\n
\n
", "2617": "
\n

Debian Security Advisory

\n

DSA-2617-1 samba -- several issues

\n
\n
Date Reported:
\n
02 Feb 2013
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0213, CVE-2013-0214.
\n
More information:
\n
\n

Jann Horn had reported two vulnerabilities in Samba, a popular\ncross-platform network file and printer sharing suite. In particular,\nthese vulnerabilities affect to SWAT, the Samba Web Administration Tool.

\n
    \n
  • \nCVE-2013-0213:\nClickjacking issue in SWAT\n

    \n An attacker can integrate a SWAT page into a malicious web page via a\n frame or iframe and then overlaid by other content. If an\n authenticated valid user interacts with this malicious web page, she\n might perform unintended changes in the Samba settings.

    • \n
  • \nCVE-2013-0214:\nPotential Cross-site request forgery\n

    \n An attacker can persuade a valid SWAT user, who is logged in as root,\n to click in a malicious link and trigger arbitrary unintended changes\n in the Samba settings. In order to be vulnerable, the attacker needs\n to know the victim's password.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2:3.5.6~dfsg-3squeeze9.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 2:3.6.6-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:3.6.6-5.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2618": "
\n

Debian Security Advisory

\n

DSA-2618-1 ircd-hybrid -- denial of service

\n
\n
Date Reported:
\n
07 Feb 2013
\n
Affected Packages:
\n
\nircd-hybrid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699267.
In Mitre's CVE dictionary: CVE-2013-0238.
\n
More information:
\n
\n

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid,\nan Internet Relay Chat server. A remote attacker may use an error in\nthe masks validation and crash the server.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-6.2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:7.2.2.dfsg.2-10.

\n

We recommend that you upgrade your ircd-hybrid packages.

\n
\n
\n
\n
", "2619": "
\n

Debian Security Advisory

\n

DSA-2619-1 xen-qemu-dm-4.0 -- buffer overflow

\n
\n
Date Reported:
\n
10 Feb 2013
\n
Affected Packages:
\n
\nxen-qemu-dm-4.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6075.
\n
More information:
\n
\n

A buffer overflow was found in the e1000 emulation, which could be\ntriggered when processing jumbo frames.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.0.1-2+squeeze3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.1.3-8 of the xen source package.

\n

We recommend that you upgrade your xen-qemu-dm-4.0 packages.

\n
\n
\n
\n
", "2620": "
\n

Debian Security Advisory

\n

DSA-2620-1 rails -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Feb 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0276, CVE-2013-0277.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Ruby on Rails, a Ruby framework\nfor web application development.

\n
    \n
  • CVE-2013-0276\n

    The blacklist provided by the attr_protected method could be\n\tbypassed with crafted requests, having an application-specific\n\timpact.

    • \n
  • CVE-2013-0277\n

    In some applications, the +serialize+ helper in ActiveRecord\n\tcould be tricked into deserializing arbitrary YAML data,\n\tpossibly leading to remote code execution.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed\nin version 2.3.5-1.2+squeeze7.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2621": "
\n

Debian Security Advisory

\n

DSA-2621-1 openssl -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Feb 2013
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699889.
In Mitre's CVE dictionary: CVE-2013-0166, CVE-2013-0169.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in OpenSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:

\n
    \n
  • CVE-2013-0166\n

    OpenSSL does not properly perform signature verification for OCSP\n responses, which allows remote attackers to cause a denial of\n service via an invalid key.

    • \n
  • CVE-2013-0169\n

    A timing side channel attack has been found in CBC padding\n allowing an attacker to recover pieces of plaintext via statistical\n analysis of crafted packages, known as the Lucky Thirteen issue.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.9.8o-4squeeze14.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1e-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2622": "
\n

Debian Security Advisory

\n

DSA-2622-1 polarssl -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Feb 2013
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 699887.
In Mitre's CVE dictionary: CVE-2013-0169, CVE-2013-1621, CVE-2013-1622.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in PolarSSL. The Common\nVulnerabilities and Exposures project identifies the following issues:

\n
    \n
  • CVE-2013-0169\n

    A timing side channel attack has been found in CBC padding\n allowing an attacker to recover pieces of plaintext via statistical\n analysis of crafted packages, known as the Lucky Thirteen issue.

    • \n
  • CVE-2013-1621\n

    An array index error might allow remote attackers to cause a denial\n of service via vectors involving a crafted padding-length value\n during validation of CBC padding in a TLS session.

    • \n
  • CVE-2013-1622\n

    Malformed CBC data in a TLS session could allow remote attackers to\n conduct distinguishing attacks via statistical analysis of timing\n side-channel data for crafted packets.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 0.12.1-1squeeze1.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), these problems have been fixed in version 1.1.4-2.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "2623": "
\n

Debian Security Advisory

\n

DSA-2623-1 openconnect -- buffer overflow

\n
\n
Date Reported:
\n
14 Feb 2013
\n
Affected Packages:
\n
\nopenconnect\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6128.
\n
More information:
\n
\n

Kevin Cernekee discovered that a malicious VPN gateway can send\ncrafted responses which trigger stack-based buffer overflows.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.25-0.1+squeeze2.

\n

We recommend that you upgrade your openconnect packages.

\n
\n
\n
\n
", "2624": "
\n

Debian Security Advisory

\n

DSA-2624-1 ffmpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2013
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0858, CVE-2012-2777, CVE-2012-2783, CVE-2012-2784, CVE-2012-2788, CVE-2012-2801, CVE-2012-2803.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. Multiple input validations in the\ndecoders/demuxers for Shorten, Chinese AVS video, VP5, VP6, AVI, AVS and\nMPEG-1/2 files could lead to the execution of arbitrary code.

\n

Most of these issues were discovered by Mateusz Jurczyk and Gynvael\nColdwind.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4:0.5.10-1.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in version 6:0.8.5-1 of the source package\nlibav.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "2625": "
\n

Debian Security Advisory

\n

DSA-2625-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Feb 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1582, CVE-2013-1586, CVE-2013-1588, CVE-2013-1590.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for the CLNP,\nDTLS, DCP-ETSI and NTLMSSP protocols, which could result in denial of\nservice or the execution of arbitrary code.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze9.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2626": "
\n

Debian Security Advisory

\n

DSA-2626-1 lighttpd -- several issues

\n
\n
Date Reported:
\n
17 Feb 2013
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 700399.
In Mitre's CVE dictionary: CVE-2009-3555, CVE-2012-4929.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the TLS/SSL protocol. This\nupdate addresses these protocol vulnerabilities in lighttpd.

\n
    \n
  • CVE-2009-3555\n

    Marsh Ray, Steve Dispensa, and Martin Rex discovered that the TLS\n and SSLv3 protocols do not properly associate renegotiation\n handshakes with an existing connection, which allows man-in-the-middle\n attackers to insert data into HTTPS sessions. This issue is solved\n in lighttpd by disabling client initiated renegotiation by default.\n

    \n

    \n Those users that do actually need such renegotiations, can reenable\n them via the new ssl.disable-client-renegotiation parameter.

    • \n
  • CVE-2012-4929\n

    Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\n protocol when using compression. This side channel attack, dubbed\n CRIME, allows eavesdroppers to gather information to recover the\n original plaintext in the protocol. This update disables compression.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.2.

\n

For the testing distribution (wheezy), and the unstable distribution (sid)\nthese problems have been fixed in version 1.4.30-1.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "2627": "
\n

Debian Security Advisory

\n

DSA-2627-1 nginx -- information leak

\n
\n
Date Reported:
\n
17 Feb 2013
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 700426.
In Mitre's CVE dictionary: CVE-2012-4929.
\n
More information:
\n
\n

Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL\nprotocol when using compression. This side channel attack, dubbed\nCRIME, allows eavesdroppers to gather information to recover the\noriginal plaintext in the protocol. This update to nginx disables\nSSL compression.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.7.67-3+squeeze3.

\n

For the testing distribution (wheezy), and unstable distribution (sid),\nthis problem has been fixed in version 1.1.16-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "2628": "
\n

Debian Security Advisory

\n

DSA-2628-1 nss-pam-ldapd -- buffer overflow

\n
\n
Date Reported:
\n
18 Jun 2013
\n
Affected Packages:
\n
\nnss-pam-ldapd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 690319.
In Mitre's CVE dictionary: CVE-2013-0288.
\n
More information:
\n
\n

Garth Mollett discovered that a file descriptor overflow issue in the\nuse of FD_SET() in nss-pam-ldapd, which provides NSS and PAM modules for\nusing LDAP as a naming service, can lead to a stack-based buffer\noverflow. An attacker could, under some circumstances, use this flaw to\ncause a process that has the NSS or PAM module loaded to crash or\npotentially execute arbitrary code.

\n

For the stable distribution (squeeze) this problem has been fixed in\nversion 0.7.15+squeeze4.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.8.10-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-3.

\n

We recommend that you upgrade your nss-pam-ldapd packages.

\n
\n
\n
\n
", "2629": "
\n

Debian Security Advisory

\n

DSA-2629-1 openjpeg -- several issues

\n
\n
Date Reported:
\n
25 Feb 2013
\n
Affected Packages:
\n
\nopenjpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 672455, Bug 681075, Bug 685970.
In Mitre's CVE dictionary: CVE-2009-5030, CVE-2012-3358, CVE-2012-3535.
\n
More information:
\n
\n
    \n
  • CVE-2009-5030\n

    Heap memory corruption leading to invalid free when processing certain\n Gray16 TIFF images.

    • \n
  • CVE-2012-3358\n

    Huzaifa Sidhpurwala of the Red Hat Security Response Team found a\n heap-based buffer overflow in JPEG2000 image parsing.

    • \n
  • CVE-2012-3535\n

    Huzaifa Sidhpurwala of the Red Hat Security Response Team found a\n heap-based buffer overflow when decoding JPEG2000 images.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.3+dfsg-4+squeeze1.

\n

For the testing (wheezy) and unstable (sid) distributions, these problems\nhave been fixed in version 1.3+dfsg-4.6.

\n

We recommend that you upgrade your openjpeg packages.

\n
\n
\n
\n
", "2630": "
\n

Debian Security Advisory

\n

DSA-2630-1 postgresql-8.4 -- programming error

\n
\n
Date Reported:
\n
20 Feb 2013
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0255.
\n
More information:
\n
\n

Sumit Soni discovered that PostgreSQL, an object-relational SQL database,\ncould be forced to crash when an internal function was called with\ninvalid arguments, resulting in denial of service.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.4.16-0squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 8.4.16-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.16-1.

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2631": "
\n

Debian Security Advisory

\n

DSA-2631-1 squid3 -- denial of service

\n
\n
Date Reported:
\n
24 Feb 2013
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 696187.
In Mitre's CVE dictionary: CVE-2012-5643, CVE-2013-0189.
\n
More information:
\n
\n

Squid3, a fully featured Web proxy cache, is prone to a denial of\nservice attack due to memory consumption caused by memory leaks in\ncachemgr.cgi:

\n
    \n
  • CVE-2012-5643\n

    squid's cachemgr.cgi was vulnerable to excessive resource use.\n A remote attacker could exploit this flaw to perform a denial of\n service attack on the server and other hosted services.

    • \n
  • CVE-2013-0189\n

    The original patch for CVE-2012-5643\n was incomplete. A remote attacker still could exploit this flaw\n to perform a denial of service attack.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 3.1.6-1.2+squeeze3.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 3.1.20-2.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.1.20-2.1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "2632": "
\n

Debian Security Advisory

\n

DSA-2632-1 linux-2.6 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
25 Feb 2013
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0231, CVE-2013-0871.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service or privilege escalation. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2013-0231\n

    Jan Beulich provided a fix for an issue in the Xen PCI backend drivers.\n Users of guests on a system using passed-through PCI devices can create\n a denial of service of the host system due to the use of non-ratelimited\n kernel log messages.

    • \n
  • CVE-2013-0871\n

    Suleiman Souhlal and Salman Qazi of Google, with help from Aaron Durbin\n and Michael Davidson of Google, discovered an issue in the\n ptrace subsystem. Due to a race condition with PTRACE_SETREGS, local users\n can cause kernel stack corruption and execution of arbitrary code.

    • \n
\n

For the stable distribution (squeeze), this problem has been fixed in version\n2.6.32-48squeeze1.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze1
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.

\n
\n
\n
\n
", "2633": "
\n

Debian Security Advisory

\n

DSA-2633-1 fusionforge -- privilege escalation

\n
\n
Date Reported:
\n
26 Feb 2013
\n
Affected Packages:
\n
\nfusionforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1423.
\n
More information:
\n
\n

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a\nweb-based project-management and collaboration software. Most of the\nvulnerabilities are related to the bad handling of privileged operations on\nuser-controlled files or directories.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.0.2-5+squeeze2.

\n

For the testing (wheezy) and unstable (sid) distribution, these problems will\nbe fixed soon.

\n

We recommend that you upgrade your fusionforge packages.

\n
\n
\n
\n
", "2634": "
\n

Debian Security Advisory

\n

DSA-2634-1 python-django -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Feb 2013
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 701186, Bug 696535, Bug 691145.
In Mitre's CVE dictionary: CVE-2012-4520, CVE-2013-0305, CVE-2013-0306, CVE-2013-1665.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Django, a high-level\nPython web development framework. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2012-4520\n

    James Kettle discovered that Django did not properly filter the HTTP\n Host header when processing certain requests. An attacker could exploit\n this to generate and cause parts of Django, particularly the\n password-reset mechanism, to display arbitrary URLs to users.

    • \n
  • CVE-2013-0305\n

    Orange Tsai discovered that the bundled administrative interface\n of Django could expose supposedly-hidden information via its history\n log.

    • \n
  • CVE-2013-0306\n

    Mozilla discovered that an attacker can abuse Django's tracking of\n the number of forms in a formset to cause a denial-of-service attack\n due to extreme memory consumption.

    • \n
  • CVE-2013-1665\n

    Michael Koziarski discovered that Django's XML deserialization is\n vulnerable to entity-expansion and external-entity/DTD attacks.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.3-3+squeeze5.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.4-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2635": "
\n

Debian Security Advisory

\n

DSA-2635-1 cfingerd -- buffer overflow

\n
\n
Date Reported:
\n
01 Mar 2013
\n
Affected Packages:
\n
\ncfingerd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 700098.
In Mitre's CVE dictionary: CVE-2013-1049.
\n
More information:
\n
\n

Malcolm Scott discovered a remote-exploitable buffer overflow in the\nRFC1413 (ident) client of cfingerd, a configurable finger daemon. This\nvulnerability was introduced in a previously applied patch to the\ncfingerd package in 1.4.3-3.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.3-3+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.4.3-3.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.3-3.1.

\n

We recommend that you upgrade your cfingerd packages.

\n
\n
\n
\n
", "2636": "
\n

Debian Security Advisory

\n

DSA-2636-2 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Mar 2013
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4544, CVE-2012-5511, CVE-2012-5634, CVE-2013-0153.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor.\nThe Common Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2012-4544\n

    Insufficient validation of kernel or ramdisk sizes in the Xen PV\n domain builder could result in denial of service.

    • \n
  • CVE-2012-5511\n

    Several HVM control operations performed insufficient validation of\n input, which could result in denial of service through resource\n exhaustion.

    • \n
  • CVE-2012-5634\n

    Incorrect interrupt handling when using VT-d hardware could result\n in denial of service.

    • \n
  • CVE-2013-0153\n

    Insufficient restriction of interrupt access could result in denial\n of service.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.8.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 4.1.4-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.4-2.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2637": "
\n

Debian Security Advisory

\n

DSA-2637-1 apache2 -- several issues

\n
\n
Date Reported:
\n
04 Mar 2013
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3499, CVE-2012-4558, CVE-2013-1048.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Apache HTTPD server.

\n
    \n
  • CVE-2012-3499\n

    The modules mod_info, mod_status, mod_imagemap, mod_ldap, and\n mod_proxy_ftp did not properly escape hostnames and URIs in\n HTML output, causing cross site scripting vulnerabilities.

    • \n
  • CVE-2012-4558\n

    Mod_proxy_balancer did not properly escape hostnames and URIs\n in its balancer-manager interface, causing a cross site scripting\n vulnerability.

    • \n
  • CVE-2013-1048\n

    Hayawardh Vijayakumar noticed that the apache2ctl script created\n the lock directory in an unsafe manner, allowing a local attacker\n to gain elevated privileges via a symlink attack. This is a Debian\n specific issue.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.2.16-6+squeeze11.

\n

For the testing distribution (wheezy), these problems will be fixed in\nversion 2.2.22-13.

\n

For the unstable distribution (sid), these problems will be fixed in\nversion 2.2.22-13.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "2638": "
\n

Debian Security Advisory

\n

DSA-2638-1 openafs -- buffer overflow

\n
\n
Date Reported:
\n
04 Mar 2013
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1794, CVE-2013-1795.
\n
More information:
\n
\n

Multiple buffer overflows were discovered in OpenAFS, the implementation\nof the distributed filesystem AFS, which might result in denial of\nservice or the execution of arbitrary code. Further information is\navailable at\nhttp://www.openafs.org/security.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.12.1+dfsg-4+squeeze1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1-3.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "2639": "
\n

Debian Security Advisory

\n

DSA-2639-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Mar 2013
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702221.
In Mitre's CVE dictionary: CVE-2013-1635, CVE-2013-1643.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in PHP, the web scripting\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues:

\n
    \n
  • CVE-2013-1635\n

    If a PHP application accepted untrusted SOAP object input remotely\n from clients, an attacker could read system files readable for the\n webserver.

    • \n
  • CVE-2013-1643\n

    The soap.wsdl_cache_dir function did not take PHP open_basedir\n restrictions into account. Note that Debian advises against relying\n on open_basedir restrictions for security.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze15.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.4.4-14.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2640": "
\n

Debian Security Advisory

\n

DSA-2640-1 zoneminder -- several issues

\n
\n
Date Reported:
\n
14 Mar 2013
\n
Affected Packages:
\n
\nzoneminder\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 698910, Bug 700912.
In Mitre's CVE dictionary: CVE-2013-0232, CVE-2013-0332.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in zoneminder, a Linux video\ncamera security and surveillance solution. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-0232\n

    Brendan Coles discovered that zoneminder is prone to an arbitrary\n command execution vulnerability. Remote (authenticated) attackers\n could execute arbitrary commands as the web server user.

    • \n
  • CVE-2013-0332\n

    zoneminder is prone to a local file inclusion vulnerability. Remote\n attackers could examine files on the system running zoneminder.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.24.2-8+squeeze1.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 1.25.0-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.25.0-4.

\n

We recommend that you upgrade your zoneminder packages.

\n
\n
\n
\n
", "2641": "
\n

Debian Security Advisory

\n

DSA-2641-2 perl -- rehashing flaw

\n
\n
Date Reported:
\n
20 Mar 2013
\n
Affected Packages:
\n
\nperl, libapache2-mod-perl2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702296, Bug 702821.
In Mitre's CVE dictionary: CVE-2013-1667.
\n
More information:
\n
\n

Yves Orton discovered a flaw in the rehashing code of Perl. This flaw\ncould be exploited to carry out a denial of service attack against code\nthat uses arbitrary user input as hash keys. Specifically an attacker\ncould create a set of keys of a hash causing a denial of service via\nmemory exhaustion.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 5.10.1-17squeeze6 of perl and version\n2.0.4-7+squeeze1 of libapache2-mod-perl2.

\n

For the testing distribution (wheezy), and the unstable distribution\n(sid), this problem has been fixed in version 5.14.2-19\nof perl and version 2.0.7-3 of libapache2-mod-perl2.

\n

We recommend that you upgrade your perl and libapache2-mod-perl2 packages.

\n
\n
\n
\n
", "2642": "
\n

Debian Security Advisory

\n

DSA-2642-1 sudo -- several issues

\n
\n
Date Reported:
\n
09 Mar 2013
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 701838, Bug 701839.
In Mitre's CVE dictionary: CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in sudo, a program designed\nto allow a sysadmin to give limited root privileges to users. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-1775\n

    Marco Schoepl discovered an authentication bypass when the clock is\n set to the UNIX epoch [00:00:00 UTC on 1 January 1970].

    • \n
  • CVE-2013-1776\n

    Ryan Castellucci and James Ogden discovered aspects of an issue that\n would allow session id hijacking from another authorized tty.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.7.4p4-2.squeeze.4.

\n

For the testing (wheezy) and unstable (sid) distributions, these problems\nhave been fixed in version 1.8.5p2-1+nmu1.

\n

We recommend that you upgrade your sudo packages.

\n
\n
\n
\n
", "2643": "
\n

Debian Security Advisory

\n

DSA-2643-1 puppet -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Mar 2013
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1640, CVE-2013-1652, CVE-2013-1653, CVE-2013-1654, CVE-2013-1655, CVE-2013-2274, CVE-2013-2275.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Puppet, a centralized\nconfiguration management system.

\n
    \n
  • CVE-2013-1640\n

    An authenticated malicious client may request its catalog from the puppet\n master, and cause the puppet master to execute arbitrary code. The puppet\n master must be made to invoke the template or inline_template\n functions during catalog compilation.

    • \n
  • CVE-2013-1652\n

    An authenticated malicious client may retrieve catalogs from the puppet\n master that it is not authorized to access. Given a valid certificate and\n private key, it is possible to construct an HTTP GET request that will\n return a catalog for an arbitrary client.

    • \n
  • CVE-2013-1653\n

    An authenticated malicious client may execute arbitrary code on Puppet\n agents that accept kick connections. Puppet agents are not vulnerable in\n their default configuration. However, if the Puppet agent is configured to\n listen for incoming connections, e.g. listen = true, and the agent's\n auth.conf allows access to the run REST endpoint, then an authenticated\n client can construct an HTTP PUT request to execute arbitrary code on the\n agent. This issue is made worse by the fact that puppet agents typically\n run as root.

    • \n
  • CVE-2013-1654\n

    A bug in Puppet allows SSL connections to be downgraded to SSLv2, which is\n known to contain design flaw weaknesses. This affects SSL connections\n between puppet agents and master, as well as connections that puppet agents\n make to third party servers that accept SSLv2 connections. Note that SSLv2\n is disabled since OpenSSL 1.0.

    • \n
  • CVE-2013-1655\n

    An unauthenticated malicious client may send requests to the puppet master,\n and have the master load code in an unsafe manner. It only affects users\n whose puppet masters are running ruby 1.9.3 and above.

    • \n
  • CVE-2013-2274\n

    An authenticated malicious client may execute arbitrary code on the\n puppet master in its default configuration. Given a valid certificate and\n private key, a client can construct an HTTP PUT request that is authorized\n to save the client's own report, but the request will actually cause the\n puppet master to execute arbitrary code.

    • \n
  • CVE-2013-2275\n

    The default auth.conf allows an authenticated node to submit a report for\n any other node, which is a problem for compliance. It has been made more\n restrictive by default so that a node is only allowed to save its own\n report.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.6.2-5+squeeze7.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 2.7.18-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.7.18-3.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2644": "
\n

Debian Security Advisory

\n

DSA-2644-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Mar 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2478, CVE-2013-2480, CVE-2013-2481, CVE-2013-2483, CVE-2013-2484, CVE-2013-2488.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for the\nMS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could\nresult in denial of service or the execution of arbitrary code.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze10.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.2-5.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2645": "
\n

Debian Security Advisory

\n

DSA-2645-1 inetutils -- denial of service

\n
\n
Date Reported:
\n
14 Mar 2013
\n
Affected Packages:
\n
\ninetutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-2529.
\n
More information:
\n
\n

Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by\nsystem and network administrators. By carefully crafting ICMP responses, an\nattacker could make the ping command hangs.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2:1.6-3.1+squeeze2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2:1.9-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.9-2.

\n

We recommend that you upgrade your inetutils packages.

\n
\n
\n
\n
", "2646": "
\n

Debian Security Advisory

\n

DSA-2646-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Mar 2013
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702574.
In Mitre's CVE dictionary: CVE-2013-1842, CVE-2013-1843.
\n
More information:
\n
\n

TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.

\n
    \n
  • CVE-2013-1842\n

    Helmut Hummel and Markus Opahle discovered that the Extbase database layer\n was not correctly sanitizing user input when using the Query object model.\n This can lead to SQL injection by a malicious user inputing crafted\n relation values.

    • \n
  • CVE-2013-1843\n

    Missing user input validation in the access tracking mechanism could lead\n to arbitrary URL redirection.\n

    \n Note: the fix will break already published links. Upstream advisory\n TYPO3-CORE-SA-2013-001\n has more information on how to mitigate that.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.3.9+dfsg1-1+squeeze8.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 4.5.19+dfsg1-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.5.19+dfsg1-5.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2647": "
\n

Debian Security Advisory

\n

DSA-2647-1 firebird2.1 -- buffer overflow

\n
\n
Date Reported:
\n
15 Mar 2013
\n
Affected Packages:
\n
\nfirebird2.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702735.
In Mitre's CVE dictionary: CVE-2013-2492.
\n
More information:
\n
\n

A buffer overflow was discovered in the Firebird database server, which\ncould result in the execution of arbitrary code.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.3.18185-0.ds1-11+squeeze1.

\n

For the testing distribution (wheezy), firebird2.1 will be removed in\nfavour of firebird2.5.

\n

For the unstable distribution (sid), firebird2.1 will be removed in\nfavour of firebird2.5.

\n

We recommend that you upgrade your firebird2.1 packages.

\n
\n
\n
\n
", "2648": "
\n

Debian Security Advisory

\n

DSA-2648-1 firebird2.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Mar 2013
\n
Affected Packages:
\n
\nfirebird2.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-5529, CVE-2013-2492.
\n
More information:
\n
\n

A buffer overflow was discovered in the Firebird database server, which\ncould result in the execution of arbitrary code. In addition, a denial\nof service vulnerability was discovered in the TraceManager.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.5.0.26054~ReleaseCandidate3.ds2-1+squeeze1.

\n

For the testing distribution (wheezy), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your firebird2.5 packages.

\n
\n
\n
\n
", "2649": "
\n

Debian Security Advisory

\n

DSA-2649-1 lighttpd -- fixed socket name in world-writable directory

\n
\n
Date Reported:
\n
15 Mar 2013
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1427.
\n
More information:
\n
\n

Stefan B\u00fchler discovered that the Debian specific configuration file for\nlighttpd webserver FastCGI PHP support used a fixed socket name in the\nworld-writable /tmp directory. A symlink attack or a race condition could be\nexploited by a malicious user on the same machine to take over the PHP control\nsocket and for example force the webserver to use a different PHP version.

\n

As the fix is in a configuration file lying in /etc, the update won't be\nenforced if the file has been modified by the administrator. In that case, care\nshould be taken to manually apply the fix.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.28-2+squeeze1.3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.4.31-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.31-4.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "2650": "
\n

Debian Security Advisory

\n

DSA-2650-2 libvirt -- files and device nodes ownership change to kvm group

\n
\n
Date Reported:
\n
17 Mar 2013
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 701649.
In Mitre's CVE dictionary: CVE-2013-1766.
\n
More information:
\n
\n

Bastian Blank discovered that libvirtd, a daemon for management of virtual\nmachines, network and storage, would change ownership of devices files so they\nwould be owned by user libvirt-qemu and group kvm, which is a general\npurpose group not specific to libvirt, allowing unintended write access to\nthose devices and files for the kvm group members.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.3-5+squeeze5.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 0.9.12-11.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.12-11.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "2651": "
\n

Debian Security Advisory

\n

DSA-2651-1 smokeping -- cross-site scripting vulnerability

\n
\n
Date Reported:
\n
20 Mar 2013
\n
Affected Packages:
\n
\nsmokeping\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 659899.
In Mitre's CVE dictionary: CVE-2012-0790.
\n
More information:
\n
\n

A cross-site scripting vulnerability was discovered in smokeping, a\nlatency logging and graphing system. Input passed to the displaymode\nparameter was not properly sanitized. An attacker could use this flaw to\nexecute arbitrary HTML and script code in a user's browser session in\nthe context of an affected site.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.6-5+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.7-1.

\n

We recommend that you upgrade your smokeping packages.

\n
\n
\n
\n
", "2652": "
\n

Debian Security Advisory

\n

DSA-2652-1 libxml2 -- external entity expansion

\n
\n
Date Reported:
\n
24 Mar 2013
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702260.
In Mitre's CVE dictionary: CVE-2013-0338, CVE-2013-0339.
\n
More information:
\n
\n

Brad Hill of iSEC Partners discovered that many XML implementations are\nvulnerable to external entity expansion issues, which can be used for\nvarious purposes such as firewall circumvention, disguising an IP\naddress, and denial-of-service. libxml2 was susceptible to these\nproblems when performing string substitution during entity expansion.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.7.8.dfsg-2+squeeze7.

\n

For the testing (wheezy) and unstable (sid) distributions, these problems\nhave been fixed in version 2.8.0+dfsg1-7+nmu1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2653": "
\n

Debian Security Advisory

\n

DSA-2653-1 icinga -- buffer overflow

\n
\n
Date Reported:
\n
26 Mar 2013
\n
Affected Packages:
\n
\nicinga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 697931.
In Mitre's CVE dictionary: CVE-2012-6096.
\n
More information:
\n
\n

It was discovered that Icinga, a host and network monitoring system,\ncontains several buffer overflows in the history.cgi CGI program.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.2-2+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.7.1-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.1-5.

\n

We recommend that you upgrade your icinga packages.

\n
\n
\n
\n
", "2654": "
\n

Debian Security Advisory

\n

DSA-2654-1 libxslt -- denial of service

\n
\n
Date Reported:
\n
03 Apr 2013
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 703933.
In Mitre's CVE dictionary: CVE-2012-6139.
\n
More information:
\n
\n

Nicolas Gregoire discovered that libxslt, an XSLT processing runtime\nlibrary, is prone to denial of service vulnerabilities via crafted XSL\nstylesheets.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.1.26-6+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.1.26-14.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.26-14.1.

\n

We recommend that you upgrade your libxslt packages.

\n
\n
\n
\n
", "2655": "
\n

Debian Security Advisory

\n

DSA-2655-1 rails -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Mar 2013
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-2932, CVE-2012-3464, CVE-2012-3465, CVE-2013-1854, CVE-2013-1855, CVE-2013-1857.
\n
More information:
\n
\n

Several cross-site-scripting and denial of service vulnerabilities\nwere discovered in Ruby on Rails, a Ruby framework for web application\ndevelopment.

\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 2.3.5-1.2+squeeze8.

\n

For the testing distribution (wheezy) and the unstable distribution (sid),\nthese problems have been fixed in the version 3.2.6-5 of\nruby-activerecord-3.2, version 2.3.14-6 of ruby-activerecord-2.3,\nversion 2.3.14-7 of ruby-activesupport-2.3, version 3.2.6-6 of\nruby-actionpack-3.2 and in version 2.3.14-5 of ruby-actionpack-2.3.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "2656": "
\n

Debian Security Advisory

\n

DSA-2656-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
30 Mar 2013
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 704174.
In Mitre's CVE dictionary: CVE-2013-2266.
\n
More information:
\n
\n

Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is\nprone to a denial of service vulnerability. A remote attacker could use\nthis flaw to send a specially-crafted DNS query to named that, when\nprocessed, would cause named to use an excessive amount of memory, or\npossibly crash.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze10.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2657": "
\n

Debian Security Advisory

\n

DSA-2657-1 postgresql-8.4 -- guessable random numbers

\n
\n
Date Reported:
\n
04 Apr 2013
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1900.
\n
More information:
\n
\n

A vulnerability was discovered in PostgreSQL database server.\nRandom numbers generated by contrib/pgcrypto functions may be easy\nfor another database user to guess.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 8.4.17-0squeeze1.

\n

For the testing (wheezy) and unstable distribution (sid), postgresql-8.4\npackages have been removed; in those, this problem has been fixed in\npostgresql-9.1 9.1.9-0wheezy1 (wheezy), and 9.1.9-1 (sid) respectively.

\n

Note: postgresql-8.4 in Squeeze is not affected by CVE-2013-1899\n(database files corruption) and CVE-2013-1901\n(unprivileged user can interfere with in-progress backups).

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2658": "
\n

Debian Security Advisory

\n

DSA-2658-1 postgresql-9.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Apr 2013
\n
Affected Packages:
\n
\npostgresql-9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 704479.
In Mitre's CVE dictionary: CVE-2013-1899, CVE-2013-1900, CVE-2013-1901.
\n
More information:
\n
\n

Several vulnerabilities were discovered in PostgreSQL database server.

\n
    \n
  • CVE-2013-1899\n

    Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center\n discovered that it was possible for a connection request containing a\n database name that begins with - to be crafted that can damage or\n destroy files within a server's data directory. Anyone with access to the\n port the PostgreSQL server listens on can initiate this request.

    • \n
  • CVE-2013-1900\n

    Random numbers generated by contrib/pgcrypto functions may be easy for\n another database user to guess.

    • \n
  • CVE-2013-1901\n

    An unprivileged user could run commands that could interfere with\n in-progress backups.

    • \n
\n

For the stable distribution (squeeze), postgresql-9.1 is not available.\nDSA-2657-1 has been released for CVE-2013-1900\naffecting posgresql-8.4.

\n

For the testing distribution (wheezy), these problems have been fixed in\nversion 9.1.9-0wheezy1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.1.9-1.

\n

We recommend that you upgrade your postgresql-9.1 packages.

\n
\n
\n
\n
", "2659": "
\n

Debian Security Advisory

\n

DSA-2659-1 libapache-mod-security -- XML external entity processing vulnerability

\n
\n
Date Reported:
\n
09 Apr 2013
\n
Affected Packages:
\n
\nlibapache-mod-security\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 704625.
In Mitre's CVE dictionary: CVE-2013-1915.
\n
More information:
\n
\n

Timur Yunusov and Alexey Osipov from Positive Technologies discovered\nthat the XML files parser of ModSecurity, an Apache module whose purpose\nis to tighten the Web application security, is vulnerable to XML\nexternal entities attacks. A specially-crafted XML file provided by a\nremote attacker, could lead to local file disclosure or excessive\nresources (CPU, memory) consumption when processed.

\n

This update introduces a SecXmlExternalEntity option which is Off\nby default. This will disable the ability of libxml2 to load external\nentities.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2.5.12-1+squeeze2.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2.6.6-6 of the modsecurity-apache package.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.6-6 of the modsecurity-apache package.

\n

We recommend that you upgrade your libapache-mod-security packages.

\n
\n
\n
\n
", "2660": "
\n

Debian Security Advisory

\n

DSA-2660-1 curl -- exposure of sensitive information

\n
\n
Date Reported:
\n
20 Apr 2013
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 705274.
In Mitre's CVE dictionary: CVE-2013-1944.
\n
More information:
\n
\n

Yamada Yasuharu discovered that cURL, an URL transfer library, is\nvulnerable to expose potentially sensitive information when doing\nrequests across domains with matching tails. Due to a bug in the\ntailmatch function when matching domain names, it was possible that\ncookies set for a domain ample.com could accidentally also be sent\nby libcurl when communicating with example.com.

\n

Both curl the command line tool and applications using the libcurl\nlibrary are vulnerable.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.29.0-2.1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2661": "
\n

Debian Security Advisory

\n

DSA-2661-1 xorg-server -- information disclosure

\n
\n
Date Reported:
\n
17 Apr 2013
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1940.
\n
More information:
\n
\n

David Airlie and Peter Hutterer of Red Hat discovered that xorg-server,\nthe X.Org X server was vulnerable to an information disclosure flaw\nrelated to input handling and devices hotplug.

\n

When an X server is running but not on front (for example because of a VT\nswitch), a newly plugged input device would still be recognized and\nhandled by the X server, which would actually transmit input events to\nits clients on the background.

\n

This could allow an attacker to recover some input events not intended\nfor the X clients, including sensitive information.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 2:1.7.7-16.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 2:1.12.4-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.12.4-6.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "2662": "
\n

Debian Security Advisory

\n

DSA-2662-1 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Apr 2013
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1917, CVE-2013-1919.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2013-1917\n

    The SYSENTER instruction can be used by PV guests to accelerate\n system call processing. This instruction, however, leaves the EFLAGS\n register mostly unmodified. This can be used by malicious or buggy\n user space to cause the entire host to crash.

    • \n
  • CVE-2013-1919\n

    Various IRQ related access control operations may not have the\n intended effect, potentially permitting a stub domain to grant its\n client domain access to an IRQ it doesn't have access to itself.\n This can be used by malicious or buggy stub domains kernels to mount\n a denial of service attack possibly affecting the whole system.

    • \n
\n

For the stable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.9.

\n

For the testing distribution (wheezy) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2663": "
\n

Debian Security Advisory

\n

DSA-2663-1 tinc -- stack based buffer overflow

\n
\n
Date Reported:
\n
22 Apr 2013
\n
Affected Packages:
\n
\ntinc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1428.
\n
More information:
\n
\n

Martin Schobert discovered a stack-based vulnerability in tinc, a\nVirtual Private Network (VPN) daemon.

\n

When packets are forwarded via TCP, packet length is not checked against\nthe stack buffer length. Authenticated peers could use this to crash the\ntinc daemon and maybe execute arbitrary code.

\n

Note that on Wheezy and Sid, tinc is built using hardening flags and\nespecially stack smashing protection, which should help protect against\narbitrary code execution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 1.0.13-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 1.0.19-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.19-3.

\n

We recommend that you upgrade your tinc packages.

\n
\n
\n
\n
", "2664": "
\n

Debian Security Advisory

\n

DSA-2664-1 stunnel4 -- buffer overflow

\n
\n
Date Reported:
\n
02 May 2013
\n
Affected Packages:
\n
\nstunnel4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702267.
In Mitre's CVE dictionary: CVE-2013-1762.
\n
More information:
\n
\n

Stunnel, a program designed to work as an universal SSL tunnel for\nnetwork daemons, is prone to a buffer overflow vulnerability when using\nthe Microsoft NT LAN Manager (NTLM) authentication\n(protocolAuthentication = NTLM) together with the connect\nprotocol method (protocol = connect). With these prerequisites\nand using stunnel4 in SSL client mode (client = yes) on a 64 bit\nhost, an attacker could possibly execute arbitrary code with the\nprivileges of the stunnel process, if the attacker can either control\nthe specified proxy server or perform man-in-the-middle attacks on the\ntcp session between stunnel and the proxy sever.

\n

Note that for the testing distribution (wheezy) and the unstable\ndistribution (sid), stunnel4 is compiled with stack smashing protection\nenabled, which should help protect against arbitrary code execution.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 3:4.29-1+squeeze1.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 3:4.53-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3:4.53-1.1.

\n

We recommend that you upgrade your stunnel4 packages.

\n
\n
\n
\n
", "2665": "
\n

Debian Security Advisory

\n

DSA-2665-1 strongswan -- authentication bypass

\n
\n
Date Reported:
\n
30 Apr 2013
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2944.
\n
More information:
\n
\n

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec\nbased VPN solution.

\n

When using the OpenSSL plugin for ECDSA based authentication, an empty,\nzeroed or otherwise invalid signature is handled as a legitimate one.\nAn attacker could use a forged signature to authenticate like a legitimate\nuser and gain access to the VPN (and everything protected by this).

\n

While the issue looks like CVE-2012-2388\n(RSA signature based authentication bypass), it is unrelated.

\n

For the stable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-5.3.

\n

For the testing distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.5+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.6.4-7.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "2666": "
\n

Debian Security Advisory

\n

DSA-2666-1 xen -- several vulnerabilities

\n
\n
Date Reported:
\n
12 May 2013
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1918, CVE-2013-1952, CVE-2013-1964.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2013-1918\n

    \n(XSA\n45) several long latency operations are not preemptible.\n

    \n

    Some page table manipulation operations for PV guests were not made\n preemptible, allowing a malicious or buggy PV guest kernel to mount a\n denial of service attack affecting the whole system.

    • \n
  • CVE-2013-1952\n

    \n(XSA\n49) VT-d interrupt remapping source validation flaw for bridges.\n

    \n

    Due to missing source validation on interrupt remapping table\n entries for MSI interrupts set up by bridge devices, a malicious\n domain with access to such a device can mount a denial of service\n attack affecting the whole system.

    • \n
  • CVE-2013-1964\n

    \n(XSA\n50) grant table hypercall acquire/release imbalance.\n

    \n

    When releasing a particular, non-transitive grant after doing a grant\n copy operation, Xen incorrectly releases an unrelated grant\n reference, leading possibly to a crash of the host system.\n Furthermore information leakage or privilege escalation cannot be\n ruled out.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 4.0.1-5.11.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 4.1.4-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.4-4.

\n

Note that for the stable (wheezy), testing and unstable distribution,\nCVE-2013-1964\n(XSA\n50) was already fixed in version 4.1.4-3.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "2667": "
\n

Debian Security Advisory

\n

DSA-2667-1 mysql-5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 May 2013
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544, CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to a new upstream\nversion, 5.5.31, which includes additional changes, such as performance\nimprovements and corrections for data loss defects.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.31+dfsg-0+wheezy1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.5.31+dfsg-1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "2668": "
\n

Debian Security Advisory

\n

DSA-2668-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
14 May 2013
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2121, CVE-2012-3552, CVE-2012-4461, CVE-2012-4508, CVE-2012-6537, CVE-2012-6539, CVE-2012-6540, CVE-2012-6542, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6548, CVE-2012-6549, CVE-2013-0349, CVE-2013-0914, CVE-2013-1767, CVE-2013-1773, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1798, CVE-2013-1826, CVE-2013-1860, CVE-2013-1928, CVE-2013-1929, CVE-2013-2015, CVE-2013-2634, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2012-2121\n

    Benjamin Herrenschmidt and Jason Baron discovered issues with the IOMMU\n mapping of memory slots used in KVM device assignment. Local users with\n the ability to assign devices could cause a denial of service due to a\n memory page leak.

    • \n
  • CVE-2012-3552\n

    Hafid Lin reported an issue in the IP networking subsystem. A remote user\n can cause a denial of service (system crash) on servers running\n applications that set options on sockets which are actively being\n processed.

    • \n
  • CVE-2012-4461\n

    Jon Howell reported a denial of service issue in the KVM subsystem.\n On systems that do not support the XSAVE feature, local users with\n access to the /dev/kvm interface can cause a system crash.

    • \n
  • CVE-2012-4508\n

    Dmitry Monakhov and Theodore Ts'o reported a race condition in the ext4\n filesystem. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6537\n

    Mathias Krause discovered information leak issues in the Transformation\n user configuration interface. Local users with the CAP_NET_ADMIN capability\n can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6539\n

    Mathias Krause discovered an issue in the networking subsystem. Local\n users on 64-bit systems can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6540\n

    Mathias Krause discovered an issue in the Linux virtual server subsystem.\n Local users can gain access to sensitive kernel memory. Note: this issue\n does not affect Debian provided kernels, but may affect custom kernels\n built from Debian's linux-source-2.6.32 package.

    • \n
  • CVE-2012-6542\n

    Mathias Krause discovered an issue in the LLC protocol support code.\n Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6544\n

    Mathias Krause discovered issues in the Bluetooth subsystem.\n Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6545\n

    Mathias Krause discovered issues in the Bluetooth RFCOMM protocol\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6546\n

    Mathias Krause discovered issues in the ATM networking support. Local\n users can gain access to sensitive kernel memory.

    • \n
  • CVE-2012-6548\n

    Mathias Krause discovered an issue in the UDF file system support.\n Local users can obtain access to sensitive kernel memory.

    • \n
  • CVE-2012-6549\n

    Mathias Krause discovered an issue in the isofs file system support.\n Local users can obtain access to sensitive kernel memory.

    • \n
  • CVE-2013-0349\n

    Anderson Lizardo discovered an issue in the Bluetooth Human Interface\n Device Protocol (HIDP) stack. Local users can obtain access to sensitive\n kernel memory.

    • \n
  • CVE-2013-0914\n

    Emese Revfy discovered an issue in the signal implementation. Local\n users may be able to bypass the address space layout randomization (ASLR)\n facility due to a leaking of information to child processes.

    • \n
  • CVE-2013-1767\n

    Greg Thelen reported an issue in the tmpfs virtual memory filesystem.\n Local users with sufficient privilege to mount filesystems can cause\n a denial of service or possibly elevated privileges due to a use-after free defect.

    • \n
  • CVE-2013-1773\n

    Alan Stern provided a fix for a defect in the UTF8->UTF16 string conversion\n facility used by the VFAT filesystem. A local user could cause a buffer\n overflow condition, resulting in a denial of service or potentially\n elevated privileges.

    • \n
  • CVE-2013-1774\n

    Wolfgang Frisch provided a fix for a NULL-pointer dereference defect\n in the driver for some serial USB devices from Inside Out Networks.\n Local users with permission to access these devices can create a denial\n of service (kernel oops) by causing the device to be removed while it is\n in use.

    • \n
  • CVE-2013-1792\n

    Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a race condition\n in the access key retention support in the kernel. A local user could\n cause a denial of service (NULL pointer dereference).

    • \n
  • CVE-2013-1796\n

    Andrew Honig of Google reported an issue in the KVM subsystem. A user in\n a guest operating system could corrupt kernel memory, resulting in a\n denial of service.

    • \n
  • CVE-2013-1798\n

    Andrew Honig of Google reported an issue in the KVM subsystem. A user in\n a guest operating system could cause a denial of service due to a use after-free defect.

    • \n
  • CVE-2013-1826\n

    Mathias Krause discovered an issue in the Transformation (XFRM) user\n configuration interface of the networking stack. A user with the\n CAP_NET_ADMIN capability may be able to gain elevated privileges.

    • \n
  • CVE-2013-1860\n

    Oliver Neukum discovered an issue in the USB CDC WCM Device Management\n driver. Local users with the ability to attach devices can cause a\n denial of service (kernel crash) or potentially gain elevated privileges.

    • \n
  • CVE-2013-1928\n

    Kees Cook provided a fix for an information leak in the\n VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications running on a 64-bit\n kernel. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-1929\n

    Oded Horovitz and Brad Spengler reported an issue in the device driver for\n Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach\n untrusted devices can create an overflow condition, resulting in a denial\n of service or elevated privileges.

    • \n
  • CVE-2013-2015\n

    Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local\n users with the ability to mount a specially crafted filesystem can cause\n a denial of service (infinite loop).

    • \n
  • CVE-2013-2634\n

    Mathias Krause discovered a few issues in the Data Center Bridging (DCB)\n netlink interface. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3222\n

    Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM)\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3223\n

    Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3224\n

    Mathias Krause discovered an issue in the Bluetooth subsystem. Local users\n can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3225\n

    Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3228\n

    Mathias Krause discovered an issue in the IrDA (infrared) subsystem\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3229\n

    Mathias Krause discovered an issue in the IUCV support on s390 systems.\n Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3231\n

    Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3234\n

    Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose)\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3235\n

    Mathias Krause discovered an issue in the Transparent Inter Process\n Communication (TIPC) protocol support. Local users can gain access to\n sensitive kernel memory.

    • \n
\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze3.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze3
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

\n
\n
\n
", "2669": "
\n

Debian Security Advisory

\n

DSA-2669-1 linux -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
15 May 2013
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0160, CVE-2013-1796, CVE-2013-1929, CVE-2013-1979, CVE-2013-2015, CVE-2013-2094, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3234, CVE-2013-3235, CVE-2013-3301.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-0160\n

    vladz reported a timing leak with the /dev/ptmx character device. A local\n user could use this to determine sensitive information such as password\n length.

    • \n
  • CVE-2013-1796\n

    Andrew Honig of Google reported an issue in the KVM subsystem. A user in\n a guest operating system could corrupt kernel memory, resulting in a\n denial of service.

    • \n
  • CVE-2013-1929\n

    Oded Horovitz and Brad Spengler reported an issue in the device driver for\n Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach\n untrusted devices can create an overflow condition, resulting in a denial\n of service or elevated privileges.

    • \n
  • CVE-2013-1979\n

    Andy Lutomirski reported an issue in the socket level control message\n processing subsystem. Local users may be able to gain eleveated privileges.

    • \n
  • CVE-2013-2015\n

    Theodore Ts'o provided a fix for an issue in the ext4 filesystem. Local\n users with the ability to mount a specially crafted filesystem can cause\n a denial of service (infinite loop).

    • \n
  • CVE-2013-2094\n

    Tommie Rantala discovered an issue in the perf subsystem. An out-of-bounds\n access vulnerability allows local users to gain elevated privileges.

    • \n
  • CVE-2013-3076\n

    Mathias Krause discovered an issue in the userspace interface for hash\n algorithms. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3222\n

    Mathias Krause discovered an issue in the Asynchronous Transfer Mode (ATM)\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3223\n

    Mathias Krause discovered an issue in the Amateur Radio AX.25 protocol\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3224\n

    Mathias Krause discovered an issue in the Bluetooth subsystem. Local users\n can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3225\n

    Mathias Krause discovered an issue in the Bluetooth RFCOMM protocol\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3227\n

    Mathias Krause discovered an issue in the Communication CPU to Application\n CPU Interface (CAIF). Local users can gain access to sensitive kernel\n memory.

    • \n
  • CVE-2013-3228\n

    Mathias Krause discovered an issue in the IrDA (infrared) subsystem\n support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3229\n

    Mathias Krause discovered an issue in the IUCV support on s390 systems.\n Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3231\n

    Mathias Krause discovered an issue in the ANSI/IEEE 802.2 LLC type 2\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3234\n

    Mathias Krause discovered an issue in the Amateur Radio X.25 PLP (Rose)\n protocol support. Local users can gain access to sensitive kernel memory.

    • \n
  • CVE-2013-3235\n

    Mathias Krause discovered an issue in the Transparent Inter Process\n Communication (TIPC) protocol support. Local users can gain access to\n sensitive kernel memory.

    • \n
  • CVE-2013-3301\n

    Namhyung Kim reported an issue in the tracing subsystem. A privileged\n local user could cause a denial of service (system crash). This\n vulnerabililty is not applicable to Debian systems by default.

    • \n
\n

For the stable distribution (wheezy), this problem has been fixed in version\n3.2.41-2+deb7u1.\n

Note: Updates are currently available for the amd64, i386, ia64, s390, s390x\nand sparc architectures. Updates for the remaining architectures will be\nreleased as they become available.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 7.0 (wheezy)
user-mode-linux3.2-2um-1+deb7u1
\n
\n

We recommend that you upgrade your linux and user-mode-linux packages.\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

\n
\n
\n
", "2670": "
\n

Debian Security Advisory

\n

DSA-2670-1 request-tracker3.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 May 2013
\n
Affected Packages:
\n
\nrequest-tracker3.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-3368, CVE-2013-3369, CVE-2013-3370, CVE-2013-3371, CVE-2013-3372, CVE-2013-3373, CVE-2013-3374.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Request Tracker, an\nextensible trouble-ticket tracking system. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-3368\n

    The rt command line tool uses semi-predictable temporary files. A\n malicious user can use this flaw to overwrite files with permissions\n of the user running the rt command line tool.

    • \n
  • CVE-2013-3369\n

    A malicious user who is allowed to see administration pages can run\n arbitrary Mason components (without control of arguments), which may\n have negative side-effects.

    • \n
  • CVE-2013-3370\n

    Request Tracker allows direct requests to private callback\n components, which could be used to exploit a Request Tracker\n extension or a local callback which uses the arguments passed to it\n insecurely.

    • \n
  • CVE-2013-3371\n

    Request Tracker is vulnerable to cross-site scripting attacks via\n attachment filenames.

    • \n
  • CVE-2013-3372\n

    Dominic Hargreaves discovered that Request Tracker is vulnerable to\n an HTTP header injection limited to the value of the\n Content-Disposition header.

    • \n
  • CVE-2013-3373\n

    Request Tracker is vulnerable to a MIME header injection in outgoing\n email generated by Request Tracker.

    \n

    Request Tracker stock templates are resolved by this update. But any\n custom email templates should be updated to ensure that values\n interpolated into mail headers do not contain newlines.

    • \n
  • CVE-2013-3374\n

    Request Tracker is vulnerable to limited session re-use when using\n the file-based session store, Apache::Session::File. However Request\n Tracker's default session configuration only uses\n Apache::Session::File when configured for Oracle databases.

    • \n
\n

This version of Request Tracker includes a database content upgrade. If\nyou are using a dbconfig-managed database, you will be offered the\nchoice of applying this automatically. Otherwise see the explanation in\n/usr/share/doc/request-tracker3.8/NEWS.Debian.gz for the manual steps to\nperform.

\n

Please note that if you run request-tracker3.8 under the Apache web\nserver, you must stop and start Apache manually. The restart mechanism\nis not recommended, especially when using mod_perl or any form of\npersistent Perl process such as FastCGI or SpeedyCGI.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.8.8-7+squeeze7.

\n

The stable, testing and unstable distributions do not contain anymore\nrequest-tracker3.8, which is replaced by request-tracker4.

\n

We recommend that you upgrade your request-tracker3.8 packages.

\n
\n
\n
\n
", "2671": "
\n

Debian Security Advisory

\n

DSA-2671-1 request-tracker4 -- several vulnerabilities

\n
\n
Date Reported:
\n
22 May 2013
\n
Affected Packages:
\n
\nrequest-tracker4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4733, CVE-2013-3368, CVE-2013-3369, CVE-2013-3370, CVE-2013-3371, CVE-2013-3372, CVE-2013-3373, CVE-2013-3374.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Request Tracker, an\nextensible trouble-ticket tracking system. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2012-4733\n

    A user with the ModifyTicket right can bypass the DeleteTicket right\n or any custom lifecycle transition rights and thus modify ticket data\n without authorization.

    • \n
  • CVE-2013-3368\n

    The rt command line tool uses semi-predictable temporary files. A\n malicious user can use this flaw to overwrite files with permissions\n of the user running the rt command line tool.

    • \n
  • CVE-2013-3369\n

    A malicious user who is allowed to see administration pages can run\n arbitrary Mason components (without control of arguments), which may\n have negative side-effects.

    • \n
  • CVE-2013-3370\n

    Request Tracker allows direct requests to private callback\n components, which could be used to exploit a Request Tracker\n extension or a local callback which uses the arguments passed to it\n insecurely.

    • \n
  • CVE-2013-3371\n

    Request Tracker is vulnerable to cross-site scripting attacks via\n attachment filenames.

    • \n
  • CVE-2013-3372\n

    Dominic Hargreaves discovered that Request Tracker is vulnerable to\n an HTTP header injection limited to the value of the\n Content-Disposition header.

    • \n
  • CVE-2013-3373\n

    Request Tracker is vulnerable to a MIME header injection in outgoing\n email generated by Request Tracker.

    \n

    Request Tracker stock templates are resolved by this update. But any\n custom email templates should be updated to ensure that values\n interpolated into mail headers do not contain newlines.

    • \n
  • CVE-2013-3374\n

    Request Tracker is vulnerable to limited session re-use when using\n the file-based session store, Apache::Session::File. However Request\n Tracker's default session configuration only uses\n Apache::Session::File when configured for Oracle databases.

    • \n
\n

This version of Request Tracker includes a database content upgrade. If\nyou are using a dbconfig-managed database, you will be offered the\nchoice of applying this automatically. Otherwise see the explanation in\n/usr/share/doc/request-tracker4/NEWS.Debian.gz for the manual steps to\nperform.

\n

Please note that if you run request-tracker4 under the Apache web\nserver, you must stop and start Apache manually. The restart mechanism\nis not recommended, especially when using mod_perl or any form of\npersistent Perl process such as FastCGI or SpeedyCGI.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.7-5+deb7u2.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.12-2.

\n

We recommend that you upgrade your request-tracker4 packages.

\n
\n
\n
\n
", "2672": "
\n

Debian Security Advisory

\n

DSA-2672-1 kfreebsd-9 -- interpretation conflict

\n
\n
Date Reported:
\n
22 May 2013
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 706414.
In Mitre's CVE dictionary: CVE-2013-3266.
\n
More information:
\n
\n

Adam Nowacki discovered that the new FreeBSD NFS implementation\nprocesses a crafted READDIR request which instructs to operate a file\nsystem on a file node as if it were a directory node, leading to a\nkernel crash or potentially arbitrary code execution.

\n

The kfreebsd-8 kernel in the oldstable distribution (squeeze) does not\nenable the new NFS implementation. The Linux kernel is not affected\nby this vulnerability.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 9.0-10+deb70.1.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 9.0-11.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "2673": "
\n

Debian Security Advisory

\n

DSA-2673-1 libdmx -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibdmx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1992.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.1.0-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.1.2-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.1.2-1+deb7u1.

\n

We recommend that you upgrade your libdmx packages.

\n
\n
\n
\n
", "2674": "
\n

Debian Security Advisory

\n

DSA-2674-1 libxv -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxv\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1989, CVE-2013-2066.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.0.5-1+squeeze1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.0.7-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.0.7-1+deb7u1.

\n

We recommend that you upgrade your libxv packages.

\n
\n
\n
\n
", "2675": "
\n

Debian Security Advisory

\n

DSA-2675-2 libxvmc -- several vulnerabilities

\n
\n
Date Reported:
\n
24 May 2013
\n
Affected Packages:
\n
\nlibxvmc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1990, CVE-2013-1999.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.0.5-1+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.0.7-1+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.0.7-1+deb7u2.

\n

We recommend that you upgrade your libxvmc packages.

\n
\n
\n
\n
", "2676": "
\n

Debian Security Advisory

\n

DSA-2676-1 libxfixes -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxfixes\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1983.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:4.0.5-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.0-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.0-4+deb7u1.

\n

We recommend that you upgrade your libxfixes packages.

\n
\n
\n
\n
", "2677": "
\n

Debian Security Advisory

\n

DSA-2677-1 libxrender -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxrender\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1987.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:0.9.6-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:0.9.7-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.9.7-1+deb7u1.

\n

We recommend that you upgrade your libxrender packages.

\n
\n
\n
\n
", "2678": "
\n

Debian Security Advisory

\n

DSA-2678-1 mesa -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nmesa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1993.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.7.1-6.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 8.0.5-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.0.5-6.

\n

We recommend that you upgrade your mesa packages.

\n
\n
\n
\n
", "2679": "
\n

Debian Security Advisory

\n

DSA-2679-1 xserver-xorg-video-openchrome -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nxserver-xorg-video-openchrome\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1994.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:0.2.904+svn842-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:0.2.906-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.2.906-2+deb7u1.

\n

We recommend that you upgrade your xserver-xorg-video-openchrome packages.

\n
\n
\n
\n
", "2680": "
\n

Debian Security Advisory

\n

DSA-2680-1 libxt -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2002, CVE-2013-2005.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.0.7-1+squeeze1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.1.3-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.1.3-1+deb7u1.

\n

We recommend that you upgrade your libxt packages.

\n
\n
\n
\n
", "2681": "
\n

Debian Security Advisory

\n

DSA-2681-1 libxcursor -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxcursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2003.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.1.10-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.1.13-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.1.13-1+deb7u1.

\n

We recommend that you upgrade your libxcursor packages.

\n
\n
\n
\n
", "2682": "
\n

Debian Security Advisory

\n

DSA-2682-1 libxext -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxext\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1982.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.1.2-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.3.1-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.3.1-2+deb7u1.

\n

We recommend that you upgrade your libxext packages.

\n
\n
\n
\n
", "2683": "
\n

Debian Security Advisory

\n

DSA-2683-1 libxi -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1984, CVE-2013-1995, CVE-2013-1998.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.3-8.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.6.1-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.6.1-1+deb7u1.

\n

We recommend that you upgrade your libxi packages.

\n
\n
\n
\n
", "2684": "
\n

Debian Security Advisory

\n

DSA-2684-1 libxrandr -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxrandr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1986.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.3.0-3+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.3.2-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.3.2-2+deb7u1.

\n

We recommend that you upgrade your libxrandr packages.

\n
\n
\n
\n
", "2685": "
\n

Debian Security Advisory

\n

DSA-2685-1 libxp -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2062.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.0.0.xsf1-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.0.1-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.0.1-2+deb7u1.

\n

We recommend that you upgrade your libxp packages.

\n
\n
\n
\n
", "2686": "
\n

Debian Security Advisory

\n

DSA-2686-1 libxcb -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxcb\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2064.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.6-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.1-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.1-2+deb7u1.

\n

We recommend that you upgrade your libxcb packages.

\n
\n
\n
\n
", "2687": "
\n

Debian Security Advisory

\n

DSA-2687-1 libfs -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibfs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1996.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.0.2-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.0.4-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.0.4-1+deb7u1.

\n

We recommend that you upgrade your libfs packages.

\n
\n
\n
\n
", "2688": "
\n

Debian Security Advisory

\n

DSA-2688-1 libxres -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxres\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1988.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.0.4-1+squeeze.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.0.6-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.0.6-1+deb7u1.

\n

We recommend that you upgrade your libxres packages.

\n
\n
\n
\n
", "2689": "
\n

Debian Security Advisory

\n

DSA-2689-1 libxtst -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxtst\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2063.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.1.0-3+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.2.1-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.2.1-1+deb7u1.

\n

We recommend that you upgrade your libxtst packages.

\n
\n
\n
\n
", "2690": "
\n

Debian Security Advisory

\n

DSA-2690-1 libxxf86dga -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxxf86dga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1991, CVE-2013-2000.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.1.1-2+squeeze1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.1.3-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.1.3-2+deb7u1.

\n

We recommend that you upgrade your libxxf86dga packages.

\n
\n
\n
\n
", "2691": "
\n

Debian Security Advisory

\n

DSA-2691-1 libxinerama -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxinerama\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1985.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2:1.1-3+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.1.2-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.1.2-1+deb7u1.

\n

We recommend that you upgrade your libxinerama packages.

\n
\n
\n
\n
", "2692": "
\n

Debian Security Advisory

\n

DSA-2692-1 libxxf86vm -- several vulnerabilities

\n
\n
Date Reported:
\n
23 May 2013
\n
Affected Packages:
\n
\nlibxxf86vm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2001.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), this problem will be fixed\nsoon as version 1:1.1.0-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.1.2-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.1.2-1+deb7u1.

\n

We recommend that you upgrade your libxxf86vm packages.

\n
\n
\n
\n
", "2693": "
\n

Debian Security Advisory

\n

DSA-2693-1 libx11 -- several vulnerabilities

\n
\n
Date Reported:
\n
24 May 2013
\n
Affected Packages:
\n
\nlibx11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1981, CVE-2013-1997, CVE-2013-2004.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in\nmultiple components of the X.org graphics stack and the related\nlibraries: Various integer overflows, sign handling errors in integer\nconversions, buffer overflows, memory corruption and missing input\nsanitising may lead to privilege escalation or denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2:1.3.3-4+squeeze1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:1.5.0-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.5.0-1+deb7u1.

\n

We recommend that you upgrade your libx11 packages.

\n
\n
\n
\n
", "2694": "
\n

Debian Security Advisory

\n

DSA-2694-1 spip -- privilege escalation

\n
\n
Date Reported:
\n
26 May 2013
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 709674.
In Mitre's CVE dictionary: CVE-2013-2118.
\n
More information:
\n
\n

A privilege escalation vulnerability has been found in SPIP, a website\nengine for publishing, which allows anyone to take control of the\nwebsite.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.1-3squeeze6.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.1.17-1+deb7u1.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.22-1.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "2695": "
\n

Debian Security Advisory

\n

DSA-2695-1 chromium-browser -- several issues

\n
\n
Date Reported:
\n
29 May 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Chromium web browser.\nMultiple use-after-free, out-of-bounds read, memory safety, and\ncross-site scripting issues were discovered and corrected.

\n
    \n
  • CVE-2013-2837\n

    Use-after-free vulnerability in the SVG implementation allows remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via unknown vectors.

    • \n
  • CVE-2013-2838\n

    Google V8, as used in Chromium before 27.0.1453.93, allows\n remote attackers to cause a denial of service (out-of-bounds read)\n via unspecified vectors.

    • \n
  • CVE-2013-2839\n

    Chromium before 27.0.1453.93 does not properly perform a cast\n of an unspecified variable during handling of clipboard data, which\n allows remote attackers to cause a denial of service or possibly\n have other impact via unknown vectors.

    • \n
  • CVE-2013-2840\n

    Use-after-free vulnerability in the media loader in Chromium\n before 27.0.1453.93 allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown\n vectors, a different vulnerability than CVE-2013-2846.

    • \n
  • CVE-2013-2841\n

    Use-after-free vulnerability in Chromium before 27.0.1453.93\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors related to the handling of\n Pepper resources.

    • \n
  • CVE-2013-2842\n

    Use-after-free vulnerability in Chromium before 27.0.1453.93\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors related to the handling of\n widgets.

    • \n
  • CVE-2013-2843\n

    Use-after-free vulnerability in Chromium before 27.0.1453.93\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors related to the handling of\n speech data.

    • \n
  • CVE-2013-2844\n

    Use-after-free vulnerability in the Cascading Style Sheets (CSS)\n implementation in Chromium before 27.0.1453.93 allows remote\n attackers to cause a denial of service or possibly have unspecified\n other impact via vectors related to style resolution.

    • \n
  • CVE-2013-2845\n

    The Web Audio implementation in Chromium before 27.0.1453.93\n allows remote attackers to cause a denial of service (memory\n corruption) or possibly have unspecified other impact via unknown\n vectors.

    • \n
  • CVE-2013-2846\n

    Use-after-free vulnerability in the media loader in Chromium\n before 27.0.1453.93 allows remote attackers to cause a denial of\n service or possibly have unspecified other impact via unknown\n vectors, a different vulnerability than CVE-2013-2840.

    • \n
  • CVE-2013-2847\n

    Race condition in the workers implementation in Chromium before\n 27.0.1453.93 allows remote attackers to cause a denial of service\n (use-after-free and application crash) or possibly have unspecified\n other impact via unknown vectors.

    • \n
  • CVE-2013-2848\n

    The XSS Auditor in Chromium before 27.0.1453.93 might allow\n remote attackers to obtain sensitive information via unspecified\n vectors.

    • \n
  • CVE-2013-2849\n

    Multiple cross-site scripting (XSS) vulnerabilities in Chromium\n before 27.0.1453.93 allow user-assisted remote attackers to inject\n arbitrary web script or HTML via vectors involving a (1)\n drag-and-drop or (2) copy-and-paste operation.

    • \n
\n

For the oldstable distribution (squeeze), the security support window\nfor Chromium has ended. Users of Chromium on oldstable are very highly\nencouraged to upgrade to the current stable Debian release (wheezy).\nChromium security support for wheezy will last until the next stable\nrelease (jessie), which is expected to happen sometime in 2015.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 27.0.1453.93-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 27.0.1453.93-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2696": "
\n

Debian Security Advisory

\n

DSA-2696-1 otrs2 -- privilege escalation

\n
\n
Date Reported:
\n
29 May 2013
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-3551.
\n
More information:
\n
\n

A vulnerability has been discovered in the Open Ticket Request System,\nwhich can be exploited by malicious users to disclose potentially\nsensitive information.

\n

An attacker with a valid agent login could manipulate URLs in the ticket\nsplit mechanism to see contents of tickets they are not permitted to\nsee.

\n

The oldstable distribution (squeeze) is not affected by this issue.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 3.2.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.7-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2697": "
\n

Debian Security Advisory

\n

DSA-2697-1 gnutls26 -- out-of-bounds array read

\n
\n
Date Reported:
\n
29 May 2013
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 709301.
In Mitre's CVE dictionary: CVE-2013-2116.
\n
More information:
\n
\n

It was discovered that a malicious client could crash a GNUTLS server\nand vice versa, by sending TLS records encrypted with a block cipher\nwhich contain invalid padding.

\n

The oldstable distribution (squeeze) is not affected because the\nsecurity fix that introduced this vulnerability was not applied to it.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-5.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "2698": "
\n

Debian Security Advisory

\n

DSA-2698-1 tiff -- buffer overflow

\n
\n
Date Reported:
\n
18 Jun 2013
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 706674, Bug 706675.
In Mitre's CVE dictionary: CVE-2013-1960, CVE-2013-1961.
\n
More information:
\n
\n

Multiple issues were discovered in the TIFF tools, a set of utilities for\nTIFF image file manipulation and conversion.

\n
    \n
  • CVE-2013-1960\n

    Emmanuel Bouillon discovered a heap-based buffer overflow in the\n tp_process_jpeg_strip function in the tiff2pdf tool. This could\n potentially lead to a crash or arbitrary code execution.

    • \n
  • CVE-2013-1961\n

    Emmanuel Bouillon discovered many stack-based buffer overflows in\n the TIFF tools. These issues could potentially lead to a crash or\n arbitrary code execution.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze9.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.2-6+deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-6+nmu1.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2699": "
\n

Debian Security Advisory

\n

DSA-2699-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Jun 2013
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0773, CVE-2013-0775, CVE-2013-0776, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783, CVE-2013-0787, CVE-2013-0788, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800, CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nmissing input sanitising vulnerabilities, use-after-free vulnerabilities,\nbuffer overflows and other programming errors may lead to the execution\nof arbitrary code, privilege escalation, information leaks or\ncross-site-scripting.

\n

We're changing the approach for security updates for Iceweasel, Icedove\nand Iceape in stable-security: Instead of backporting security fixes,\nwe now provide releases based on the Extended Support Release branch. As\nsuch, this update introduces packages based on Firefox 17 and at some\npoint in the future we will switch to the next ESR branch once ESR 17\nhas reached it's end of life.

\n

Some Xul extensions currently packaged in the Debian archive are not\ncompatible with the new browser engine. Up-to-date and compatible\nversions can be retrieved from http://addons.mozilla.org as a short\nterm solution. A solution to keep packaged extensions compatible with\nthe Mozilla releases is still being sorted out.

\n

We don't have the resources to backport security fixes to the Iceweasel\nrelease in oldstable-security any longer. If you're up to the task and\nwant to help, please get in touch with team@security.debian.org.\nOtherwise, we'll announce the end of security support for Iceweasel,\nIcedove and Iceape in Squeeze in the next update round.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.6esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.6esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2700": "
\n

Debian Security Advisory

\n

DSA-2700-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Jun 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-3555, CVE-2013-3557, CVE-2013-3558, CVE-2013-3559, CVE-2013-3560, CVE-2013-3562.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for GTPv2,\nASN.1 BER, PPP CCP, DCP ETSI, MPEG DSM-CC and Websocket, which could\nresult in denial of service or the execution of arbitrary code.

\n

The oldstable distribution (squeeze) is not affected.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2701": "
\n

Debian Security Advisory

\n

DSA-2701-1 krb5 -- denial of service

\n
\n
Date Reported:
\n
29 May 2013
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 708267.
In Mitre's CVE dictionary: CVE-2002-2443.
\n
More information:
\n
\n

It was discovered that the kpasswd service running on UDP port 464\ncould respond to response packets, creating a packet loop and a denial\nof service condition.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.8.3+dfsg-4squeeze7.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.10.1+dfsg-5+deb7u1.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1+dfsg-6.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "2702": "
\n

Debian Security Advisory

\n

DSA-2702-1 telepathy-gabble -- TLS verification bypass

\n
\n
Date Reported:
\n
03 Jun 2013
\n
Affected Packages:
\n
\ntelepathy-gabble\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1431.
\n
More information:
\n
\n

Maksim Otstavnov discovered that the Wocky submodule used by\ntelepathy-gabble, the Jabber/XMPP connection manager for the Telepathy\nframework, does not respect the tls-required flag on legacy Jabber\nservers. A network intermediary could use this vulnerability to bypass\nTLS verification and perform a man-in-the-middle attack.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.9.15-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.16.5-1+deb7u1.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 0.16.6-1.

\n

We recommend that you upgrade your telepathy-gabble packages.

\n
\n
\n
\n
", "2703": "
\n

Debian Security Advisory

\n

DSA-2703-1 subversion -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Jun 2013
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 711033.
In Mitre's CVE dictionary: CVE-2013-1968, CVE-2013-2112.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Subversion, a version control\nsystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2013-1968\n

    Subversion repositories with the FSFS repository data store format\n can be corrupted by newline characters in filenames. A remote\n attacker with a malicious client could use this flaw to disrupt the\n service for other users using that repository.

    • \n
  • CVE-2013-2112\n

    Subversion's svnserve server process may exit when an incoming TCP\n connection is closed early in the connection process. A remote\n attacker can cause svnserve to exit and thus deny service to users\n of the server.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.6.12dfsg-7.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "2704": "
\n

Debian Security Advisory

\n

DSA-2704-1 mesa -- out of bounds access

\n
\n
Date Reported:
\n
09 Jun 2013
\n
Affected Packages:
\n
\nmesa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1872.
\n
More information:
\n
\n

It was discovered that applications using the mesa library, a free\nimplementation of the OpenGL API, may crash or execute arbitrary code\ndue to an out of bounds memory access in the library.\nThis vulnerability only affects systems with Intel chipsets.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 8.0.5-4+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.0.5-7.

\n

We recommend that you upgrade your mesa packages.

\n
\n
\n
\n
", "2705": "
\n

Debian Security Advisory

\n

DSA-2705-1 pymongo -- denial of service

\n
\n
Date Reported:
\n
10 Jun 2013
\n
Affected Packages:
\n
\npymongo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 710597.
In Mitre's CVE dictionary: CVE-2013-2132.
\n
More information:
\n
\n

Jibbers McGee discovered that PyMongo, a high-performance schema-free\ndocument-oriented data store, is prone to a denial-of-service\nvulnerability.

\n

An attacker can remotely trigger a NULL pointer dereference causing MongoDB\nto crash.

\n

The oldstable distribution (squeeze) is not affected by this issue.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.2-4+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.5.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.2-1.

\n

We recommend that you upgrade your pymongo packages.

\n
\n
\n
\n
", "2706": "
\n

Debian Security Advisory

\n

DSA-2706-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Jun 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2855, CVE-2013-2856, CVE-2013-2857, CVE-2013-2858, CVE-2013-2859, CVE-2013-2860, CVE-2013-2861, CVE-2013-2862, CVE-2013-2863, CVE-2013-2865.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Chromium web\nbrowser.

\n
    \n
  • CVE-2013-2855\n

    The Developer Tools API in Chromium before 27.0.1453.110 allows\n remote attackers to cause a denial of service (memory corruption) or\n possibly have unspecified other impact via unknown vectors.

    • \n
  • CVE-2013-2856\n

    Use-after-free vulnerability in Chromium before 27.0.1453.110\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors related to the handling of\n input.

    • \n
  • CVE-2013-2857\n

    Use-after-free vulnerability in Chromium before 27.0.1453.110\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors related to the handling of\n images.

    • \n
  • CVE-2013-2858\n

    Use-after-free vulnerability in the HTML5 Audio implementation in\n Chromium before 27.0.1453.110 allows remote attackers to cause\n a denial of service or possibly have unspecified other impact via\n unknown vectors.

    • \n
  • CVE-2013-2859\n

    Chromium before 27.0.1453.110 allows remote attackers to bypass\n the Same Origin Policy and trigger namespace pollution via\n unspecified vectors.

    • \n
  • CVE-2013-2860\n

    Use-after-free vulnerability in Chromium before 27.0.1453.110\n allows remote attackers to cause a denial of service or possibly\n have unspecified other impact via vectors involving access to a\n database API by a worker process.

    • \n
  • CVE-2013-2861\n

    Use-after-free vulnerability in the SVG implementation in Chromium\n before 27.0.1453.110 allows remote attackers to cause a\n denial of service or possibly have unspecified other impact via\n unknown vectors.

    • \n
  • CVE-2013-2862\n

    Skia, as used in Chromium before 27.0.1453.110, does not\n properly handle GPU acceleration, which allows remote attackers to\n cause a denial of service (memory corruption) or possibly have\n unspecified other impact via unknown vectors.

    • \n
  • CVE-2013-2863\n

    Chromium before 27.0.1453.110 does not properly handle SSL\n sockets, which allows remote attackers to execute arbitrary code or\n cause a denial of service (memory corruption) via unspecified\n vectors.

    • \n
  • CVE-2013-2865\n

    Multiple unspecified vulnerabilities in Chromium before\n 27.0.1453.110 allow attackers to cause a denial of service or\n possibly have other impact via unknown vectors.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 27.0.1453.110-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 27.0.1453.110-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 27.0.1453.110-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2707": "
\n

Debian Security Advisory

\n

DSA-2707-1 dbus -- denial of service

\n
\n
Date Reported:
\n
13 Jun 2013
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2168.
\n
More information:
\n
\n

Alexandru Cornea discovered a vulnerability in libdbus caused by an\nimplementation bug in _dbus_printf_string_upper_bound(). This\nvulnerability can be exploited by a local user to crash system services\nthat use libdbus, causing denial of service. Depending on the dbus\nservices running, it could lead to complete system crash.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.8-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.6.12-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.12-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "2708": "
\n

Debian Security Advisory

\n

DSA-2708-1 fail2ban -- denial of service

\n
\n
Date Reported:
\n
16 Jun 2013
\n
Affected Packages:
\n
\nfail2ban\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2178.
\n
More information:
\n
\n

Krzysztof Katowicz-Kowalewski discovered a vulnerability in Fail2ban, a\nlog monitoring and system which can act on attack by preventing hosts to\nconnect to specified services using the local firewall.

\n

When using Fail2ban to monitor Apache logs, improper input validation in\nlog parsing could enable a remote attacker to trigger an IP ban on\narbitrary addresses, thus causing a denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.4-3+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.6-3wheezy2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.8.10-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-1.

\n

We recommend that you upgrade your fail2ban packages.

\n
\n
\n
\n
", "2709": "
\n

Debian Security Advisory

\n

DSA-2709-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jun 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4074, CVE-2013-4075, CVE-2013-4076, CVE-2013-4077, CVE-2013-4078, CVE-2013-4081, CVE-2013-4082, CVE-2013-4083.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for CAPWAP,\nGMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave\nfile parser, which could result in denial of service or the execution of\narbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2710": "
\n

Debian Security Advisory

\n

DSA-2710-1 xml-security-c -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jun 2013
\n
Affected Packages:
\n
\nxml-security-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156.
\n
More information:
\n
\n

James Forshaw from Context Information Security discovered several\nvulnerabilities in xml-security-c, an implementation of the XML Digital\nSecurity specification. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2013-2153\n

    The implementation of XML digital signatures in the Santuario-C++\n library is vulnerable to a spoofing issue allowing an attacker to\n reuse existing signatures with arbitrary content.

    • \n
  • CVE-2013-2154\n

    A stack overflow, possibly leading to arbitrary code execution,\n exists in the processing of malformed XPointer expressions in the\n XML Signature Reference processing code.

    • \n
  • CVE-2013-2155\n

    A bug in the processing of the output length of an HMAC-based XML\n Signature would cause a denial of service when processing specially\n chosen input.

    • \n
  • CVE-2013-2156\n

    A heap overflow exists in the processing of the PrefixList attribute\n optionally used in conjunction with Exclusive Canonicalization,\n potentially allowing arbitrary code execution.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.5.1-3+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.1-5+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.1-6.

\n

We recommend that you upgrade your xml-security-c packages.

\n
\n
\n
\n
", "2711": "
\n

Debian Security Advisory

\n

DSA-2711-1 haproxy -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Jun 2013
\n
Affected Packages:
\n
\nhaproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2942, CVE-2013-1912, CVE-2013-2175.
\n
More information:
\n
\n

Multiple security issues have been found in HAProxy, a load-balancing\nreverse proxy:

\n\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.8-1+squeeze1.

\n

The stable distribution (wheezy) doesn't contain haproxy.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.24-1.

\n

We recommend that you upgrade your haproxy packages.

\n
\n
\n
\n
", "2712": "
\n

Debian Security Advisory

\n

DSA-2712-1 otrs2 -- privilege escalation

\n
\n
Date Reported:
\n
19 Jun 2013
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4088.
\n
More information:
\n
\n

It was discovered that users with a valid agent login could use\ncrafted URLs to bypass access control restrictions and read tickets to\nwhich they should not have access.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.8-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2713": "
\n

Debian Security Advisory

\n

DSA-2713-1 curl -- heap overflow

\n
\n
Date Reported:
\n
24 Jun 2013
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2174.
\n
More information:
\n
\n

Timo Sirainen discovered that cURL, an URL transfer library, is prone to\na heap overflow vulnerability due to bad checking of the input data in\nthe curl_easy_unescape function.

\n

The curl command line tool is not affected by this problem as it doesn't\nuse the curl_easy_unescape function.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.31.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2714": "
\n

Debian Security Advisory

\n

DSA-2714-1 kfreebsd-9 -- programming error

\n
\n
Date Reported:
\n
25 Jun 2013
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2171.
\n
More information:
\n
\n

Konstantin Belousov and Alan Cox discovered that insufficient permission\nchecks in the memory management of the FreeBSD kernel could lead to\nprivilege escalation.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 9.0-10+deb70.2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 9.0-12.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "2715": "
\n

Debian Security Advisory

\n

DSA-2715-1 puppet -- code execution

\n
\n
Date Reported:
\n
26 Jun 2013
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-3567.
\n
More information:
\n
\n

It was discovered that puppet, a centralized configuration management\nsystem, did not correctly handle YAML payloads. A remote attacker could\nuse a specially-crafted payload to execute arbitrary code on the puppet\nmaster.

\n

For the oldstable distribution (squeeze), this problem will be fixed in\nversion 2.6.2-5+squeeze8.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.18-5.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.2-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2716": "
\n

Debian Security Advisory

\n

DSA-2716-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Jun 2013
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-free vulnerabilities, missing permission checks, incorrect\nmemory handling and other implementation errors may lead to the execution\nof arbitrary code, privilege escalation, information disclosure or\ncross-site request forgery.

\n

The Iceweasel version in the oldstable distribution (squeeze) is no\nlonger supported with security updates.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.7esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.7esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2717": "
\n

Debian Security Advisory

\n

DSA-2717-1 xml-security-c -- heap overflow

\n
\n
Date Reported:
\n
28 Jun 2013
\n
Affected Packages:
\n
\nxml-security-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 714241.
In Mitre's CVE dictionary: CVE-2013-2210.
\n
More information:
\n
\n

Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in\nxml-security-c, an implementation of the XML Digital Security\nspecification. The fix to address\nCVE-2013-2154\nintroduced the\npossibility of a heap overflow in the processing of malformed XPointer\nexpressions in the XML Signature Reference processing code, possibly\nleading to arbitrary code execution.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.5.1-3+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.1-5+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.1-7.

\n

We recommend that you upgrade your xml-security-c packages.

\n
\n
\n
\n
", "2718": "
\n

Debian Security Advisory

\n

DSA-2718-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jul 2013
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 713947.
In Mitre's CVE dictionary: CVE-2013-2173, CVE-2013-2199, CVE-2013-2200, CVE-2013-2201, CVE-2013-2202, CVE-2013-2203, CVE-2013-2204, CVE-2013-2205.
\n
More information:
\n
\n

Several vulnerabilities were identified in WordPress, a web blogging\ntool. As the CVEs were allocated from releases announcements and\nspecific fixes are usually not identified, it has been decided to\nupgrade the wordpress package to the latest upstream version instead of\nbackporting the patches.

\n

This means extra care should be taken when upgrading, especially when\nusing third-party plugins or themes, since compatibility may have been\nimpacted along the way. We recommend that users check their install\nbefore doing the upgrade.

\n
    \n
  • CVE-2013-2173\n

    A denial of service was found in the way WordPress performs hash\n computation when checking password for protected posts. An attacker\n supplying carefully crafted input as a password could make the\n platform use excessive CPU usage.

    • \n
  • CVE-2013-2199\n

    Multiple server-side requests forgery (SSRF) vulnerabilities were\n found in the HTTP API. This is related to\n CVE-2013-0235,\n which was specific to SSRF in pingback requests and was fixed in 3.5.1.

    • \n
  • CVE-2013-2200\n

    Inadequate checking of a user's capabilities could lead to a\n privilege escalation, enabling them to publish posts when their\n user role should not allow for it and to assign posts to other\n authors.

    • \n
  • CVE-2013-2201\n

    Multiple cross-side scripting (XSS) vulnerabilities due to badly\n escaped input were found in the media files and plugins upload forms.

    • \n
  • CVE-2013-2202\n

    XML External Entity Injection (XXE) vulnerability via oEmbed\n responses.

    • \n
  • CVE-2013-2203\n

    A Full path disclosure (FPD) was found in the file upload mechanism.\n If the upload directory is not writable, the error message returned\n includes the full directory path.

    • \n
  • CVE-2013-2204\n

    Content spoofing via Flash applet in the embedded tinyMCE media\n plugin.

    • \n
  • CVE-2013-2205\n

    Cross-domain XSS in the embedded SWFupload uploader.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.5.2+dfsg-1~deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.5.2+dfsg-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.5.2+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.5.2+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "2719": "
\n

Debian Security Advisory

\n

DSA-2719-1 poppler -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Jul 2013
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702071.
In Mitre's CVE dictionary: CVE-2013-1788, CVE-2013-1790.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the poppler PDF rendering\nlibrary.

\n
    \n
  • CVE-2013-1788\n

    Multiple invalid memory access issues, which could potentially lead\n to arbitrary code execution if the user were tricked into opening a\n malformed PDF document.

    • \n
  • CVE-2013-1790\n

    An uninitialized memory issue, which could potentially lead to\n arbitrary code execution if the user were tricked into opening a\n malformed PDF document.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.12.4-1.2+squeeze3.

\n

For the stable (wheezy), testing (jessie), and unstable (sid)\ndistributions, these problems have been fixed in version 0.18.4-6.

\n

We recommend that you upgrade your poppler packages.

\n
\n
\n
\n
", "2720": "
\n

Debian Security Advisory

\n

DSA-2720-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
06 Jul 2013
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0795, CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, use-after-free vulnerabilities, missing permission checks, incorrect\nmemory handling and other implementation errors may lead to the execution\nof arbitrary code, privilege escalation, information disclosure or\ncross-site request forgery.

\n

As already announced for Iceweasel: we're changing the approach for\nsecurity updates for Icedove in stable-security: instead of\nbackporting security fixes, we now provide releases based on the\nExtended Support Release branch. As such, this update introduces\npackages based on Thunderbird 17 and at some point in the future we\nwill switch to the next ESR branch once ESR 17 has reached it's end\nof life.

\n

Some Icedove extensions currently packaged in the Debian archive are\nnot compatible with the new browser engine. Up-to-date and compatible\nversions can be retrieved from http://addons.mozilla.org as a short\nterm solution.

\n

An updated and compatible version of Enigmail is included with this\nupdate.

\n

The Icedove version in the oldstable distribution (squeeze) is no\nlonger supported with full security updates. However, it should be\nnoted that almost all security issues in Icedove stem from the\nincluded browser engine. These security problems only affect Icedove\nif scripting and HTML mails are enabled. If there are security issues\nspecific to Icedove (e.g. a hypothetical buffer overflow in the IMAP\nimplementation) we'll make an effort to backport such fixes to oldstable.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.7-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.7-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2721": "
\n

Debian Security Advisory

\n

DSA-2721-1 nginx -- buffer overflow

\n
\n
Date Reported:
\n
07 Jul 2013
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 708164.
In Mitre's CVE dictionary: CVE-2013-2070.
\n
More information:
\n
\n

A buffer overflow has been identified in nginx, a small, powerful,\nscalable web/proxy server, when processing certain chunked transfer\nencoding requests if proxy_pass to untrusted upstream HTTP servers is\nused. An attacker may use this flaw to perform denial of service\nattacks, disclose worker process memory, or possibly execute arbitrary\ncode.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.1-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "2722": "
\n

Debian Security Advisory

\n

DSA-2722-1 openjdk-7 -- several vulnerabilities

\n
\n
Date Reported:
\n
15 Jul 2013
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u25-2.3.10-1~deb7u1. In addition icedtea-web needed to be\nupdated to 1.4-3~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u25-2.3.10-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "2723": "
\n

Debian Security Advisory

\n

DSA-2723-1 php5 -- heap corruption

\n
\n
Date Reported:
\n
17 Jul 2013
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 717139.
In Mitre's CVE dictionary: CVE-2013-4113.
\n
More information:
\n
\n

It was discovered that PHP could perform an invalid free request when\nprocessing crafted XML documents, corrupting the heap and potentially\nleading to arbitrary code execution. Depending on the PHP\napplication, this vulnerability could be exploited remotely.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze16.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.5.0+dfsg-15.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2724": "
\n

Debian Security Advisory

\n

DSA-2724-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jul 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2853, CVE-2013-2867, CVE-2013-2868, CVE-2013-2869, CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2875, CVE-2013-2876, CVE-2013-2877, CVE-2013-2878, CVE-2013-2879, CVE-2013-2880.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Chromium web browser.

\n
    \n
  • CVE-2013-2853\n

    The HTTPS implementation does not ensure that headers are terminated\n by \\r\\n\\r\\n (carriage return, newline, carriage return, newline).

    • \n
  • CVE-2013-2867\n

    Chrome does not properly prevent pop-under windows.

    • \n
  • CVE-2013-2868\n

    common/extensions/sync_helper.cc proceeds with sync operations for\n NPAPI extensions without checking for a certain plugin permission\n setting.

    • \n
  • CVE-2013-2869\n

    Denial of service (out-of-bounds read) via a crafted JPEG2000\n image.

    • \n
  • CVE-2013-2870\n

    Use-after-free vulnerability in network sockets.

    • \n
  • CVE-2013-2871\n

    Use-after-free vulnerability in input handling.

    • \n
  • CVE-2013-2873\n

    Use-after-free vulnerability in resource loading.

    • \n
  • CVE-2013-2875\n

    Out-of-bounds read in SVG file handling.

    • \n
  • CVE-2013-2876\n

    Chromium does not properly enforce restrictions on the capture of\n screenshots by extensions, which could lead to information\n disclosure from previous page visits.

    • \n
  • CVE-2013-2877\n

    Out-of-bounds read in XML file handling.

    • \n
  • CVE-2013-2878\n

    Out-of-bounds read in text handling.

    • \n
  • CVE-2013-2879\n

    The circumstances in which a renderer process can be considered a\n trusted process for sign-in and subsequent sync operations were\n not propertly checked.

    • \n
  • CVE-2013-2880\n

    The Chromium 28 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.71-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.71-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2725": "
\n

Debian Security Advisory

\n

DSA-2725-1 tomcat6 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Jul 2013
\n
Affected Packages:
\n
\ntomcat6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-3544, CVE-2013-2067.
\n
More information:
\n
\n

Two security issues have been found in the Tomcat servlet and JSP engine:

\n
    \n
  • CVE-2012-3544\n

    The input filter for chunked transfer encodings could trigger high\n resource consumption through malformed CRLF sequences, resulting in\n denial of service.

    • \n
  • CVE-2013-2067\n

    The FormAuthenticator module was vulnerable to session fixation.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.0.35-1+squeeze3. This update also provides fixes for\nCVE-2012-2733,\nCVE-2012-3546,\nCVE-2012-4431,\nCVE-2012-4534,\nCVE-2012-5885,\nCVE-2012-5886 and\nCVE-2012-5887,\nwhich were all fixed for stable already.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6.0.35-6+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your tomcat6 packages.

\n
\n
\n
\n
", "2726": "
\n

Debian Security Advisory

\n

DSA-2726-1 php-radius -- buffer overflow

\n
\n
Date Reported:
\n
25 Jul 2013
\n
Affected Packages:
\n
\nphp-radius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 714362.
In Mitre's CVE dictionary: CVE-2013-2220.
\n
More information:
\n
\n

A buffer overflow has been discovered in the Radius extension for PHP.\nThe function handling Vendor Specific Attributes assumed that the\nattributes given would always be of valid length. An attacker could\nuse this assumption to trigger a buffer overflow.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.5-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.5-2.3+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.5-2.4.

\n

We recommend that you upgrade your php-radius packages.

\n
\n
\n
\n
", "2727": "
\n

Debian Security Advisory

\n

DSA-2727-1 openjdk-6 -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Jul 2013
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6b27-1.12.6-1~deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b27-1.12.6-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6b27-1.12.6-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2728": "
\n

Debian Security Advisory

\n

DSA-2728-1 bind9 -- denial of service

\n
\n
Date Reported:
\n
27 Jul 2013
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 717936.
In Mitre's CVE dictionary: CVE-2013-4854.
\n
More information:
\n
\n

Maxim Shudrak and the HP Zero Day Initiative reported a denial of\nservice vulnerability in BIND, a DNS server. A specially crafted query\nthat includes malformed rdata can cause named daemon to terminate with\nan assertion failure while rejecting the malformed query.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze11.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "2729": "
\n

Debian Security Advisory

\n

DSA-2729-1 openafs -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Jul 2013
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4134, CVE-2013-4135.
\n
More information:
\n
\n

OpenAFS, the implementation of the distributed filesystem AFS, has been\nupdated to no longer use DES for the encryption of tickets. Additional\nmigration steps are needed to fully set the update into effect. For more\ninformation please see the upstream advisory:\nOPENAFS-SA-2013-003

\n

In addition the encrypt option to the vos tool was fixed.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.12.1+dfsg-4+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.1-3+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.5-1.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "2730": "
\n

Debian Security Advisory

\n

DSA-2730-1 gnupg -- information leak

\n
\n
Date Reported:
\n
29 Jul 2013
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 717880.
In Mitre's CVE dictionary: CVE-2013-4242.
\n
More information:
\n
\n

Yarom and Falkner discovered that RSA secret keys could be leaked via\na side channel attack, where a malicious local user could obtain private\nkey information from another user on the system.

\n

This update fixes this issue for the 1.4 series of GnuPG. GnuPG 2.x is\naffected through its use of the libgcrypt11 library, a fix for which\nwill be published in DSA 2731.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.10-4+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.14-1.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "2731": "
\n

Debian Security Advisory

\n

DSA-2731-1 libgcrypt11 -- information leak

\n
\n
Date Reported:
\n
29 Jul 2013
\n
Affected Packages:
\n
\nlibgcrypt11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4242.
\n
More information:
\n
\n

Yarom and Falkner discovered that RSA secret keys in applications using\nthe libgcrypt11 library, for example GnuPG 2.x, could be leaked via\na side channel attack, where a malicious local user could obtain private\nkey information from another user on the system.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.5-2+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.0-5+deb7u1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nthis problem has been fixed in version 1.5.3-1.

\n

We recommend that you upgrade your libgcrypt11 packages.

\n
\n
\n
\n
", "2732": "
\n

Debian Security Advisory

\n

DSA-2732-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Jul 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2881, CVE-2013-2882, CVE-2013-2883, CVE-2013-2884, CVE-2013-2885, CVE-2013-2886.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Chromium web browser.

\n
    \n
  • CVE-2013-2881\n

    Karthik Bhargavan discovered a way to bypass the Same Origin Policy\n in frame handling.

    • \n
  • CVE-2013-2882\n

    Cloudfuzzer discovered a type confusion issue in the V8 javascript\n library.

    • \n
  • CVE-2013-2883\n

    Cloudfuzzer discovered a use-after-free issue in MutationObserver.

    • \n
  • CVE-2013-2884\n

    Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in the DOM implementation.

    • \n
  • CVE-2013-2885\n

    Ivan Fratric of the Google Security Team discovered a use-after-free\n issue in input handling.

    • \n
  • CVE-2013-2886\n

    The chrome 28 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 28.0.1500.95-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 28.0.1500.95-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2733": "
\n

Debian Security Advisory

\n

DSA-2733-1 otrs2 -- SQL injection

\n
\n
Date Reported:
\n
02 Aug 2013
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4717.
\n
More information:
\n
\n

It was discovered that otrs2, the Open Ticket Request System, does not\nproperly sanitise user-supplied data that is used on SQL queries. An\nattacker with a valid agent login could exploit this issue to craft SQL\nqueries by injecting arbitrary SQL code through manipulated URLs.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.4.9+dfsg1-3+squeeze4. This update also provides fixes for\nCVE-2012-4751, CVE-2013-2625 and CVE-2013-4088, which were all fixed for\nstable already.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 3.2.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.9-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2734": "
\n

Debian Security Advisory

\n

DSA-2734-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Aug 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4930, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for DVB-CI,\nGSM\u00a0A Common and ASN.1 PER and in the Netmon file parser.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze11.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2735": "
\n

Debian Security Advisory

\n

DSA-2735-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Aug 2013
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: multiple memory safety errors,\nmissing permission checks and other implementation errors may lead to\nthe execution of arbitrary code, cross-site scripting, privilege\nescalation, bypass of the same-origin policy or the installation of\nmalicious addons.

\n

The Iceweasel version in the oldstable distribution (squeeze) is no\nlonger supported with security updates.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.8esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.8esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2736": "
\n

Debian Security Advisory

\n

DSA-2736-1 putty -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Aug 2013
\n
Affected Packages:
\n
\nputty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 718779.
In Mitre's CVE dictionary: CVE-2013-4206, CVE-2013-4207, CVE-2013-4208, CVE-2013-4852.
\n
More information:
\n
\n

Several vulnerabilities where discovered in PuTTY, a Telnet/SSH client\nfor X. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2013-4206\n

    Mark Wooding discovered a heap-corrupting buffer underrun bug in the\n modmul function which performs modular multiplication. As the modmul\n function is called during validation of any DSA signature received\n by PuTTY, including during the initial key exchange phase, a\n malicious server could exploit this vulnerability before the client\n has received and verified a host key signature. An attack to this\n vulnerability can thus be performed by a man-in-the-middle between\n the SSH client and server, and the normal host key protections\n against man-in-the-middle attacks are bypassed.

    • \n
  • CVE-2013-4207\n

    It was discovered that non-coprime values in DSA signatures can\n cause a buffer overflow in the calculation code of modular inverses\n when verifying a DSA signature. Such a signature is invalid. This\n bug however applies to any DSA signature received by PuTTY,\n including during the initial key exchange phase and thus it can be\n exploited by a malicious server before the client has received and\n verified a host key signature.

    • \n
  • CVE-2013-4208\n

    It was discovered that private keys were left in memory after being\n used by PuTTY tools.

    • \n
  • CVE-2013-4852\n

    Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is\n vulnerable to an integer overflow leading to heap overflow during\n the SSH handshake before authentication due to improper bounds\n checking of the length parameter received from the SSH server. A\n remote attacker could use this vulnerability to mount a local denial\n of service attack by crashing the putty client.

    • \n
\n

Additionally this update backports some general proactive potentially\nsecurity-relevant tightening from upstream.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.60+2010-02-20-1+squeeze2. This update also provides a fix for\nCVE-2011-4607, which was fixed for stable already.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.62-9+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.63-1.

\n

We recommend that you upgrade your putty packages.

\n
\n
\n
\n
", "2737": "
\n

Debian Security Advisory

\n

DSA-2737-1 swift -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Aug 2013
\n
Affected Packages:
\n
\nswift\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2161, CVE-2013-4155.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Swift, the Openstack\nobject storage. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2013-2161\n

    Alex Gaynor from Rackspace reported a vulnerability in XML\n handling within Swift account servers. Account strings were\n unescaped in xml listings, and an attacker could potentially\n generate unparsable or arbitrary XML responses which may be\n used to leverage other vulnerabilities in the calling software.

    • \n
  • CVE-2013-4155\n

    Peter Portante from Red Hat reported a vulnerability in Swift.\n By issuing requests with an old X-Timestamp value, an\n authenticated attacker can fill an object server with superfluous\n object tombstones, which may significantly slow down subsequent\n requests to that object server, facilitating a Denial of Service\n attack against Swift clusters.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.8-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.0-6.

\n

We recommend that you upgrade your swift packages.

\n
\n
\n
\n
", "2738": "
\n

Debian Security Advisory

\n

DSA-2738-1 ruby1.9.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Aug 2013
\n
Affected Packages:
\n
\nruby1.9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702525, Bug 714543.
In Mitre's CVE dictionary: CVE-2013-1821, CVE-2013-4073.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service and other\nsecurity problems. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2013-1821\n

    Ben Murphy discovered that unrestricted entity expansion in REXML\n can lead to a Denial of Service by consuming all host memory.

    • \n
  • CVE-2013-4073\n

    William (B.J.) Snow Orvis discovered a vulnerability in the hostname\n checking in Ruby's SSL client that could allow man-in-the-middle\n attackers to spoof SSL servers via valid certificate issued by a\n trusted certification authority.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.9.2.0-2+deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.9.3.194-8.1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.3.194-8.2.

\n

We recommend that you upgrade your ruby1.9.1 packages.

\n
\n
\n
\n
", "2739": "
\n

Debian Security Advisory

\n

DSA-2739-1 cacti -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Aug 2013
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1434, CVE-2013-1435.
\n
More information:
\n
\n

Two security issues (SQL injection and command line injection via SNMP\nsettings) were found in Cacti, a web interface for graphing of monitoring\nsystems.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.8.7g-1+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.8a+dfsg-5+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8b+dfsg-2.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "2740": "
\n

Debian Security Advisory

\n

DSA-2740-2 python-django -- cross-site scripting vulnerability

\n
\n
Date Reported:
\n
23 Aug 2013
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6044.
\n
More information:
\n
\n

Nick Brunn reported a possible cross-site scripting vulnerability in\npython-django, a high-level Python web development framework.

\n

The is_safe_url utility function used to validate that a used URL is on\nthe current host to avoid potentially dangerous redirects from\nmaliciously-constructed querystrings, worked as intended for HTTP and\nHTTPS URLs, but permitted redirects to other schemes, such as\njavascript:.

\n

The is_safe_url function has been modified to properly recognize and\nreject URLs which specify a scheme other than HTTP or HTTPS, to prevent\ncross-site scripting attacks through redirecting to other schemes.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze6.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u2.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 1.5.2-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2741": "
\n

Debian Security Advisory

\n

DSA-2741-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
25 Aug 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2887, CVE-2013-2900, CVE-2013-2901, CVE-2013-2902, CVE-2013-2903, CVE-2013-2904, CVE-2013-2905.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Chromium web browser.

\n
    \n
  • CVE-2013-2887\n

    The chrome 29 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
  • CVE-2013-2900\n

    Krystian Bigaj discovered a file handling path sanitization issue.

    • \n
  • CVE-2013-2901\n

    Alex Chapman discovered an integer overflow issue in ANGLE, the\n Almost Native Graphics Layer.

    • \n
  • CVE-2013-2902\n

    cloudfuzzer discovered a use-after-free issue in XSLT.

    • \n
  • CVE-2013-2903\n

    cloudfuzzer discovered a use-after-free issue in HTMLMediaElement.

    • \n
  • CVE-2013-2904\n

    cloudfuzzer discovered a use-after-free issue in XML document\n parsing.

    • \n
  • CVE-2013-2905\n

    Christian Jaeger discovered an information leak due to insufficient\n file permissions.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 29.0.1547.57-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 29.0.1547.57-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2742": "
\n

Debian Security Advisory

\n

DSA-2742-1 php5 -- interpretation conflict

\n
\n
Date Reported:
\n
26 Aug 2013
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 719765.
In Mitre's CVE dictionary: CVE-2013-4248.
\n
More information:
\n
\n

It was discovered that PHP, a general-purpose scripting language\ncommonly used for web application development, did not properly\nprocess embedded NUL characters in the subjectAltName extension of\nX.509 certificates. Depending on the application and with\ninsufficient CA-level checks, this could be abused for impersonating\nother users.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze17.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.5.3+dfsg-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2743": "
\n

Debian Security Advisory

\n

DSA-2743-1 kfreebsd-9 -- privilege escalation/information leak

\n
\n
Date Reported:
\n
27 Aug 2013
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-3077, CVE-2013-4851, CVE-2013-5209.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FreeBSD kernel\nthat may lead to a privilege escalation or information leak. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2013-3077\n

    Clement Lecigne from the Google Security Team reported an integer\n overflow in computing the size of a temporary buffer in the IP\n multicast code, which can result in a buffer which is too small\n for the requested operation. An unprivileged process can read or\n write pages of memory which belong to the kernel. These may lead\n to exposure of sensitive information or allow privilege\n escalation.

    • \n
  • CVE-2013-4851\n

    Rick Macklem, Christopher Key and Tim Zingelman reported that the\n FreeBSD kernel incorrectly uses client supplied credentials\n instead of the one configured in exports(5) when filling out the\n anonymous credential for a NFS export, when -network or -host\n restrictions are used at the same time. The remote client may\n supply privileged credentials (e.g. the root user) when accessing\n a file under the NFS share, which will bypass the normal access\n checks.

    • \n
  • CVE-2013-5209\n

    Julian Seward and Michael Tuexen reported a kernel memory\n disclosure when initializing the SCTP state cookie being sent in\n INIT-ACK chunks, a buffer allocated from the kernel stack is not\n completely initialized. Fragments of kernel memory may be\n included in SCTP packets and transmitted over the network. For\n each SCTP session, there are two separate instances in which a\n 4-byte fragment may be transmitted.

    \n

    This memory might contain sensitive information, such as portions\n of the file cache or terminal buffers. This information might be\n directly useful, or it might be leveraged to obtain elevated\n privileges in some way. For example, a terminal buffer might\n include an user-entered password.

    • \n
\n

For the stable distribution (wheezy), these problems has been fixed in\nversion 9.0-10+deb70.3.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "2744": "
\n

Debian Security Advisory

\n

DSA-2744-1 tiff -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Aug 2013
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4231, CVE-2013-4232, CVE-2013-4244.
\n
More information:
\n
\n

Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple\nvulnerabilities in various tools shipped by the tiff library. Processing\na malformed file may lead to denial of service or the execution of\narbitrary code.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.9.4-5+squeeze10.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.2-6+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.3-3.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2745": "
\n

Debian Security Advisory

\n

DSA-2745-1 linux -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
28 Aug 2013
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 701744.
In Mitre's CVE dictionary: CVE-2013-1059, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-4162, CVE-2013-4163.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-1059\n

    Chanam Park reported an issue in the Ceph distributed storage system.\n Remote users can cause a denial of service by sending a specially crafted\n auth_reply message.

    • \n
  • CVE-2013-2148\n

    Dan Carpenter reported an information leak in the filesystem wide access\n notification subsystem (fanotify). Local users could gain access to\n sensitive kernel memory.

    • \n
  • CVE-2013-2164\n

    Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.

    • \n
  • CVE-2013-2232\n

    Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.

    • \n
  • CVE-2013-2234\n

    Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2237\n

    Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2851\n

    Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.

    • \n
  • CVE-2013-2852\n

    Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0\n privileges. This is only a security issue for certain specially configured\n systems.

    • \n
  • CVE-2013-4162\n

    Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem.\n Local users can cause a denial of service (system crash).

    • \n
  • CVE-2013-4163\n

    Dave Jones reported an issue in the IPv6 networking subsystem. Local\n users can cause a denial of service (system crash).

    • \n
\n

This update also includes a fix for a regression in the Xen subsystem.

\n

For the stable distribution (wheezy), these problems has been fixed in version\n3.2.46-1+deb7u1.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 7.0 (wheezy)
user-mode-linux3.2-2um-1+deb7u2
\n
\n

We recommend that you upgrade your linux and user-mode-linux packages.

\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n
\n
\n
\n
", "2746": "
\n

Debian Security Advisory

\n

DSA-2746-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
29 Aug 2013
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, missing permission checks and other implementation errors may\nlead to the execution of arbitrary code or cross-site scripting.

\n

The Icedove version in the oldstable distribution (squeeze) is no longer\nsupported with full security updates. However, it should be noted that\nalmost all security issues in Icedove stem from the included browser engine.\nThese security problems only affect Icedove if scripting and HTML mails\nare enabled. If there are security issues specific to Icedove (e.g. a\nhypothetical buffer overflow in the IMAP implementation) we'll make an\neffort to backport such fixes to oldstable.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.8-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.8-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2747": "
\n

Debian Security Advisory

\n

DSA-2747-1 cacti -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Aug 2013
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5588, CVE-2013-5589.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Cacti, a web interface for\ngraphing of monitoring systems:

\n
    \n
  • CVE-2013-5588\n

    install/index.php and cacti/host.php suffered from Cross-Site\n Scripting vulnerabilities.

    • \n
  • CVE-2013-5589\n

    cacti/host.php contained an SQL injection vulnerability, allowing\n an attacker to execute SQL code on the database used by Cacti.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.8.7g-1+squeeze3.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.8a+dfsg-5+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8b+dfsg-3.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "2748": "
\n

Debian Security Advisory

\n

DSA-2748-1 exactimage -- denial of service

\n
\n
Date Reported:
\n
01 Sep 2013
\n
Affected Packages:
\n
\nexactimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 721236.
In Mitre's CVE dictionary: CVE-2013-1438.
\n
More information:
\n
\n

Several denial-of-service vulnerabilities were discovered in the dcraw\ncode base, a program for procesing raw format images from digital\ncameras. This update corrects them in the copy that is embedded in\nthe exactimage package.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.1-3+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.5-5+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.9-1.

\n

We recommend that you upgrade your exactimage packages.

\n
\n
\n
\n
", "2749": "
\n

Debian Security Advisory

\n

DSA-2749-1 asterisk -- several vulnerabilities

\n
\n
Date Reported:
\n
02 Sep 2013
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5641, CVE-2013-5642.
\n
More information:
\n
\n

Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in\nthe SIP processing code of Asterisk - an open source PBX and telephony\ntoolkit -, which could result in denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.6.2.9-2+squeeze11.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.13.1~dfsg-3+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2750": "
\n

Debian Security Advisory

\n

DSA-2750-1 imagemagick -- buffer overflow

\n
\n
Date Reported:
\n
03 Sep 2013
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 721273.
In Mitre's CVE dictionary: CVE-2013-4298.
\n
More information:
\n
\n

Anton Kortunov reported a heap corruption in ImageMagick, a program\ncollection and library for converting and manipulating image files.\nCrafted GIF files could cause ImageMagick to crash, potentially\nleading to arbitrary code execution.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 8:6.7.7.10-5+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8:6.7.7.10-6.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "2751": "
\n

Debian Security Advisory

\n

DSA-2751-1 libmodplug -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Sep 2013
\n
Affected Packages:
\n
\nlibmodplug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4233, CVE-2013-4234.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libmodplug, a library for\nmod music based on ModPlug, that might allow arbitrary code execution\nwhen processing specially-crafted ABC files through applications using\nthe library, such as media players.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:0.8.8.1-1+squeeze2+git20130828.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:0.8.8.4-3+deb7u1+git20130828.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:0.8.8.4-4.

\n

We recommend that you upgrade your libmodplug packages.

\n
\n
\n
\n
", "2752": "
\n

Debian Security Advisory

\n

DSA-2752-1 phpbb3 -- permissions too wide

\n
\n
Date Reported:
\n
07 Sep 2013
\n
Affected Packages:
\n
\nphpbb3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 711172.
In Mitre's CVE dictionary: CVE-2013-5724.
\n
More information:
\n
\n

Andreas Beckmann discovered that phpBB, a web forum, as installed in\nDebian, sets incorrect permissions for cached files, allowing a\nmalicious local user to overwrite them.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.0.7-PL1-4+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.10-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.11-4.

\n

We recommend that you upgrade your phpbb3 packages.

\n
\n
\n
\n
", "2753": "
\n

Debian Security Advisory

\n

DSA-2753-1 mediawiki -- information leak

\n
\n
Date Reported:
\n
13 Sep 2013
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4302.
\n
More information:
\n
\n

It was discovered that in Mediawiki, a wiki engine, several API modules\nallowed anti-CSRF tokens to be accessed via JSONP. These tokens protect\nagainst cross site request forgeries and are confidential.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.15.5-2squeeze6.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.19.5-1+deb7u1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nthis problem has been fixed in version 1.19.8+dfsg-1.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "2754": "
\n

Debian Security Advisory

\n

DSA-2754-1 exactimage -- denial of service

\n
\n
Date Reported:
\n
10 Sep 2013
\n
Affected Packages:
\n
\nexactimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1441.
\n
More information:
\n
\n

It was discovered that exactimage, a fast image processing library,\ndoes not correctly handle error conditions of the embedded copy of\ndcraw. This could result in a crash or other behaviour in an\napplication using the library due to an uninitialized variable being\npassed to longjmp.

\n

This is a different issue than CVE-2013-1438/DSA-2748-1.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.8.1-3+deb6u3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.5-5+deb7u3.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 0.8.9-2.

\n

We recommend that you upgrade your exactimage packages.

\n
\n
\n
\n
", "2755": "
\n

Debian Security Advisory

\n

DSA-2755-1 python-django -- directory traversal

\n
\n
Date Reported:
\n
11 Sep 2013
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4315.
\n
More information:
\n
\n

Rainer Koirikivi discovered a directory traversal vulnerability with\nssi template tags in python-django, a high-level Python web\ndevelopment framework.

\n

It was shown that the handling of the ALLOWED_INCLUDE_ROOTS setting,\nused to represent allowed prefixes for the {% ssi %} template tag, is\nvulnerable to a directory traversal attack, by specifying a file path\nwhich begins as the absolute path of a directory in\nALLOWED_INCLUDE_ROOTS, and then uses relative paths to break free.

\n

To exploit this vulnerability an attacker must be in a position to alter\ntemplates on the site, or the site to be attacked must have one or more\ntemplates making use of the ssi tag, and must allow some form of\nunsanitized user input to be used as an argument to the ssi tag.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze7.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2756": "
\n

Debian Security Advisory

\n

DSA-2756-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Sep 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5718, CVE-2013-5720, CVE-2013-5722.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for LDAP,\nRTPS and NBAP and in the Netmon file parser, which could result in denial\nof service or the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze12.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.2-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2757": "
\n

Debian Security Advisory

\n

DSA-2757-1 wordpress -- several vulnerabilities

\n
\n
Date Reported:
\n
14 Sep 2013
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 722537.
In Mitre's CVE dictionary: CVE-2013-4338, CVE-2013-4339, CVE-2013-4340, CVE-2013-5738, CVE-2013-5739.
\n
More information:
\n
\n

Several vulnerabilities were identified in Wordpress, a web blogging\ntool. As the CVEs were allocated from releases announcements and specific\nfixes are usually not identified, it has been decided to upgrade the\nWordpress package to the latest upstream version instead of backporting\nthe patches.

\n

This means extra care should be taken when upgrading, especially when\nusing third-party plugins or themes, since compatibility may have been\nimpacted along the way. We recommend that users check their install\nbefore doing the upgrade.

\n
    \n
  • CVE-2013-4338\n

    Unsafe PHP unserialization in wp-includes/functions.php could cause\n arbitrary code execution.

    • \n
  • CVE-2013-4339\n

    Insufficient input validation could result in redirecting or leading\n a user to another website.

    • \n
  • CVE-2013-4340\n

    Privilege escalation allowing an user with an author role to create\n an entry appearing as written by another user.

    • \n
  • CVE-2013-5738\n

    Insufficient capabilities were required for uploading .html/.html\n files, making it easier for authenticated users to conduct cross-site\n scripting attacks (XSS) using crafted html file uploads.

    • \n
  • CVE-2013-5739\n

    Default Wordpress configuration allowed file upload for .swf/.exe\n files, making it easier for authenticated users to conduct cross-site\n scripting attacks (XSS).

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.6.1+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.6.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "2758": "
\n

Debian Security Advisory

\n

DSA-2758-1 python-django -- denial of service

\n
\n
Date Reported:
\n
17 Sep 2013
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 723043.
In Mitre's CVE dictionary: CVE-2013-1443.
\n
More information:
\n
\n

It was discovered that python-django, a high-level Python web\ndevelompent framework, is prone to a denial of service vulnerability\nvia large passwords.

\n

A non-authenticated remote attacker could mount a denial of service by\nsubmitting arbitrarily large passwords, tying up server resources in\nthe expensive computation of the corresponding hashes to verify the\npassword.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.3-3+squeeze8.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.4-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2759": "
\n

Debian Security Advisory

\n

DSA-2759-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Sep 2013
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows may lead to the execution of arbitrary code.

\n

The Iceweasel version in the oldstable distribution (squeeze) is no\nlonger supported with security updates.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.9esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2760": "
\n

Debian Security Advisory

\n

DSA-2760-1 chrony -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Sep 2013
\n
Affected Packages:
\n
\nchrony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-4502, CVE-2012-4503.
\n
More information:
\n
\n

Florian Weimer discovered two security problems in the Chrony time\nsynchronisation software (buffer overflows and use of uninitialised data\nin command replies).

\n

For the oldstable distribution (squeeze), these problems will be fixed\nsoon in 1.24-3+squeeze1 (due to a technical restriction in the archive\nprocessing scripts the two updates cannot be released together).

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your chrony packages.

\n
\n
\n
\n
", "2761": "
\n

Debian Security Advisory

\n

DSA-2761-1 puppet -- several vulnerabilities

\n
\n
Date Reported:
\n
19 Sep 2013
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4761, CVE-2013-4956.
\n
More information:
\n
\n

Several vulnerabilities were discovered in puppet, a centralized\nconfiguration management system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2013-4761\n

    The resource_type service (disabled by default) could be used to\n make puppet load arbitrary Ruby code from puppet master's file\n system.

    • \n
  • CVE-2013-4956\n

    Modules installed with the Puppet Module Tool might be installed\n with weak permissions, possibly allowing local users to read or\n modify them.

    • \n
\n

The stable distribution (wheezy) has been updated to version 2.7.33 of\npuppet. This version includes the patches for all the previous DSAs\nrelated to puppet in wheezy. In this version, the puppet report format\nis now correctly reported as version 3.

\n

It is to be expected that future DSAs for puppet update to a newer,\nbug fix-only, release of the 2.7 branch.

\n

The oldstable distribution (squeeze) has not been updated for this\nadvisory: as of this time there is no fix for\nCVE-2013-4761\nand the package is not affected by\nCVE-2013-4956.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.7.23-1~deb7u1.

\n

For the testing distribution (jessie) and the unstable distribution (sid),\nthese problems have been fixed in version 3.2.4-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2762": "
\n

Debian Security Advisory

\n

DSA-2762-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Sep 2013
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors and buffer overflows may lead to the execution of arbitrary code.

\n

The Icedove version in the oldstable distribution (squeeze) is no longer\nsupported with full security updates. However, it should be noted that\nalmost all security issues in Icedove stem from the included browser engine.\nThese security problems only affect Icedove if scripting and HTML mails\nare enabled. If there are security issues specific to Icedove (e.g. a\nhypothetical buffer overflow in the IMAP implementation) we'll make an\neffort to backport such fixes to oldstable.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.9-1~deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2763": "
\n

Debian Security Advisory

\n

DSA-2763-1 pyopenssl -- hostname check bypassing

\n
\n
Date Reported:
\n
24 Sep 2013
\n
Affected Packages:
\n
\npyopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 722055.
In Mitre's CVE dictionary: CVE-2013-4314.
\n
More information:
\n
\n

It was discovered that PyOpenSSL, a Python wrapper around the OpenSSL\nlibrary, does not properly handle certificates with NULL characters in\nthe Subject Alternative Name field.

\n

A remote attacker in the position to obtain a certificate for\n'www.foo.org\\0.example.com' from a CA that a SSL client trusts, could\nuse this to spoof www.foo.org and conduct man-in-the-middle attacks\nbetween the PyOpenSSL-using client and the SSL server.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.10-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.13-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.13-2.1.

\n

We recommend that you upgrade your pyopenssl packages.

\n
\n
\n
\n
", "2764": "
\n

Debian Security Advisory

\n

DSA-2764-1 libvirt -- programming error

\n
\n
Date Reported:
\n
25 Sep 2013
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4296.
\n
More information:
\n
\n

Daniel P. Berrange discovered that incorrect memory handling in the\nremoteDispatchDomainMemoryStats() function could lead to denial of\nservice.

\n

The oldstable distribution (squeeze) is not affected.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.12-11+deb7u4. This update also includes some non-security\nrelated bugfixes scheduled for the upcoming Wheezy 7.2 point release.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "2765": "
\n

Debian Security Advisory

\n

DSA-2765-1 davfs2 -- privilege escalation

\n
\n
Date Reported:
\n
26 Sep 2013
\n
Affected Packages:
\n
\ndavfs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 723034.
In Mitre's CVE dictionary: CVE-2013-4362.
\n
More information:
\n
\n

Davfs2, a filesystem client for WebDAV, calls the function system()\ninsecurely while is setuid root. This might allow a privilege escalation.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.6-1.1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.6-1.1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.4.7-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.7-3.

\n

We recommend that you upgrade your davfs2 packages.

\n
\n
\n
\n
", "2766": "
\n

Debian Security Advisory

\n

DSA-2766-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
27 Sep 2013
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2141, CVE-2013-2164, CVE-2013-2206, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2239, CVE-2013-2851, CVE-2013-2852, CVE-2013-2888, CVE-2013-2892.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-2141\n

    Emese Revfy provided a fix for an information leak in the tkill and\n tgkill system calls. A local user on a 64-bit system may be able to\n gain access to sensitive memory contents.

    • \n
  • CVE-2013-2164\n

    Jonathan Salwan reported an information leak in the CD-ROM driver. A\n local user on a system with a malfunctioning CD-ROM drive could gain\n access to sensitive memory.

    • \n
  • CVE-2013-2206\n

    Karl Heiss reported an issue in the Linux SCTP implementation. A remote\n user could cause a denial of service (system crash).

    • \n
  • CVE-2013-2232\n

    Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6\n subsystem. Local users could cause a denial of service by using an\n AF_INET6 socket to connect to an IPv4 destination.

    • \n
  • CVE-2013-2234\n

    Mathias Krause reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2237\n

    Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2\n sockets. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2239\n

    Jonathan Salwan discovered multiple memory leaks in the openvz kernel\n flavor. Local users could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2851\n

    Kees Cook reported an issue in the block subsystem. Local users with\n uid 0 could gain elevated ring 0 privileges. This is only a security\n issue for certain specially configured systems.

    • \n
  • CVE-2013-2852\n

    Kees Cook reported an issue in the b43 network driver for certain Broadcom\n wireless devices. Local users with uid 0 could gain elevated ring 0\n privileges. This is only a security issue for certain specially configured\n systems.

    • \n
  • CVE-2013-2888\n

    Kees Cook reported an issue in the HID driver subsystem. A local user,\n with the ability to attach a device, could cause a denial of service\n (system crash).

    • \n
  • CVE-2013-2892\n

    Kees Cook reported an issue in the pantherlord HID device driver. Local\n users with the ability to attach a device could cause a denial of service\n or possibly gain elevated privileges.

    • \n
\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze4.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze4
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

\n
\n
\n
", "2767": "
\n

Debian Security Advisory

\n

DSA-2767-1 proftpd-dfsg -- denial of service

\n
\n
Date Reported:
\n
29 Sep 2013
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 723179.
In Mitre's CVE dictionary: CVE-2013-4359.
\n
More information:
\n
\n

Kingcope discovered that the mod_sftp and mod_sftp_pam modules of\nproftpd, a powerful modular FTP/SFTP/FTPS server, are not properly\nvalidating input, before making pool allocations. An attacker can\nuse this flaw to conduct denial of service attacks against the system\nrunning proftpd (resource exhaustion).

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.3.3a-6squeeze7.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.3.4a-5+deb7u1.

\n

For the testing (jessie) and unstable (sid) distributions, this problem will\nbe fixed soon.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "2768": "
\n

Debian Security Advisory

\n

DSA-2768-1 icedtea-web -- heap-based buffer overflow

\n
\n
Date Reported:
\n
04 Oct 2013
\n
Affected Packages:
\n
\nicedtea-web\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 723118.
In Mitre's CVE dictionary: CVE-2013-4349.
\n
More information:
\n
\n

A heap-based buffer overflow vulnerability was found in icedtea-web, a\nweb browser plugin for running applets written in the Java programming\nlanguage. If a user were tricked into opening a malicious website, an\nattacker could cause the plugin to crash or possibly execute arbitrary\ncode as the user invoking the program.

\n

This problem was initially discovered by Arthur Gerkis and got assigned\nCVE-2012-4540. Fixes where applied in the 1.1, 1.2 and 1.3 branches but\nnot to the 1.4 branch.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4-3~deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4-3.1.

\n

We recommend that you upgrade your icedtea-web packages.

\n
\n
\n
\n
", "2769": "
\n

Debian Security Advisory

\n

DSA-2769-1 kfreebsd-9 -- privilege escalation/denial of service

\n
\n
Date Reported:
\n
08 Oct 2013
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5691, CVE-2013-5710.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FreeBSD kernel that may\nlead to a denial of service or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-5691\n

    Loganaden Velvindron and Gleb Smirnoff discovered that the SIOCSIFADDR,\n SIOCSIFBRDADDR, SIOCSIFDSTADDR and SIOCSIFNETMASK ioctl requests do not\n perform input validation or verify the caller's credentials.\n Unprivileged user with the ability to run arbitrary code can cause any\n network interface in the system to perform the link layer actions\n associated with the above ioctl requests or trigger a kernel panic by\n passing a specially crafted address structure which causes a network\n interface driver to dereference an invalid pointer.

    • \n
  • CVE-2013-5710\n

    Konstantin Belousov discovered that the nullfs(5) implementation of the\n VOP_LINK(9) VFS operation does not check whether the source and target of\n the link are both in the same nullfs instance. It is therefore possible to\n create a hardlink from a location in one nullfs instance to a file in\n another, as long as the underlying (source) filesystem is the same. If\n multiple nullfs views into the same filesystem are mounted in different\n locations, a user may gain write access to files which are nominally on\n a read-only filesystem.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 9.0-10+deb70.4.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "2770": "
\n

Debian Security Advisory

\n

DSA-2770-1 torque -- authentication bypass

\n
\n
Date Reported:
\n
09 Oct 2013
\n
Affected Packages:
\n
\ntorque\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 722306.
In Mitre's CVE dictionary: CVE-2013-4319.
\n
More information:
\n
\n

John Fitzpatrick of MWR InfoSecurity discovered an authentication bypass\nvulnerability in torque, a PBS-derived batch processing queueing system.

\n

The torque authentication model revolves around the use of privileged\nports. If a request is not made from a privileged port then it is\nassumed not to be trusted or authenticated. It was found that pbs_mom\ndoes not perform a check to ensure that connections are established\nfrom a privileged port.

\n

A user who can run jobs or login to a node running pbs_server or pbs_mom\ncan exploit this vulnerability to remotely execute code as root on the\ncluster by submitting a command directly to a pbs_mom daemon\nto queue and run a job.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.16+dfsg-1+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your torque packages.

\n
\n
\n
\n
", "2771": "
\n

Debian Security Advisory

\n

DSA-2771-1 nas -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Oct 2013
\n
Affected Packages:
\n
\nnas\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4256, CVE-2013-4257, CVE-2013-4258.
\n
More information:
\n
\n

Hamid Zamani discovered multiple security problems (buffer overflows,\nformat string vulnerabilities and missing input sanitising), which\ncould lead to the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.9.2-4squeeze1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.9.3-5wheezy1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 1.9.3-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.3-6.

\n

We recommend that you upgrade your nas packages.

\n
\n
\n
\n
", "2772": "
\n

Debian Security Advisory

\n

DSA-2772-1 typo3-src -- cross-site scripting

\n
\n
Date Reported:
\n
10 Oct 2013
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1464.
\n
More information:
\n
\n

Markus Pieton and Vytautas Paulikas discovered that the embedded video\nand audio player in the TYPO3 web content management system is suspectible\nto cross-site-scripting.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.19+dfsg1-5+wheezy1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 4.5.29+dfsg1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5.29+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2773": "
\n

Debian Security Advisory

\n

DSA-2773-1 gnupg -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Oct 2013
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 725439, Bug 722722.
In Mitre's CVE dictionary: CVE-2013-4351, CVE-2013-4402.
\n
More information:
\n
\n

Two vulnerabilities were discovered in GnuPG, the GNU privacy guard,\na free PGP replacement. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2013-4351\n

    When a key or subkey had its key flags subpacket set to all bits\n off, GnuPG currently would treat the key as having all bits set.\n That is, where the owner wanted to indicate no use permitted,\n GnuPG would interpret it as all use permitted. Such no use\n permitted keys are rare and only used in very special circumstances.

    • \n
  • CVE-2013-4402\n

    Infinite recursion in the compressed packet parser was possible\n with crafted input data, which may be used to cause a denial of\n service.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.10-4+squeeze3.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.12-7+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.15-1.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "2774": "
\n

Debian Security Advisory

\n

DSA-2774-1 gnupg2 -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Oct 2013
\n
Affected Packages:
\n
\ngnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 722724, Bug 725433.
In Mitre's CVE dictionary: CVE-2013-4351, CVE-2013-4402.
\n
More information:
\n
\n

Two vulnerabilities were discovered in GnuPG 2, the GNU privacy guard,\na free PGP replacement. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2013-4351\n

    When a key or subkey had its key flags subpacket set to all bits\n off, GnuPG currently would treat the key as having all bits set.\n That is, where the owner wanted to indicate no use permitted,\n GnuPG would interpret it as all use permitted. Such no use\n permitted keys are rare and only used in very special circumstances.

    • \n
  • CVE-2013-4402\n

    Infinite recursion in the compressed packet parser was possible\n with crafted input data, which may be used to cause a denial of\n service.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.0.14-2+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.19-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.22-1.

\n

We recommend that you upgrade your gnupg2 packages.

\n
\n
\n
\n
", "2775": "
\n

Debian Security Advisory

\n

DSA-2775-1 ejabberd -- insecure SSL usage

\n
\n
Date Reported:
\n
10 Oct 2013
\n
Affected Packages:
\n
\nejabberd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 722105.
In Mitre's CVE dictionary: CVE-2013-6169.
\n
More information:
\n
\n

It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and\nweak ciphers for communication, which are considered insecure. The\nsoftware offers no runtime configuration options to disable these. This\nupdate disables the use of SSLv2 and weak ciphers.

\n

The updated package for Debian 7 (wheezy) also contains auxiliary\nbugfixes originally staged for the next stable point release.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.5-3+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.1.10-4+deb7u1.

\n

For the testing distribution (jessie), and unstable distribution (sid),\nthis problem will be fixed soon.

\n

We recommend that you upgrade your ejabberd packages.

\n
\n
\n
\n
", "2776": "
\n

Debian Security Advisory

\n

DSA-2776-1 drupal6 -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Oct 2013
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-0825, CVE-2012-0826, CVE-2012-5651, CVE-2012-5652, CVE-2012-5653, CVE-2013-0244, CVE-2013-0245.
\n
More information:
\n
\n

Multiple vulnerabilities have been been fixed in the Drupal content\nmanagement framework, resulting in information disclosure, insufficient\nvalidation, cross-site scripting and cross-site request forgery.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.28-1.

\n

For the stable distribution (wheezy), these problems have already been\nfixed in the drupal7 package.

\n

For the unstable distribution (sid), these problems have already been\nfixed in the drupal7 package.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
\n
\n
", "2777": "
\n

Debian Security Advisory

\n

DSA-2777-1 systemd -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Oct 2013
\n
Affected Packages:
\n
\nsystemd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 725357.
In Mitre's CVE dictionary: CVE-2013-4327, CVE-2013-4391, CVE-2013-4394.
\n
More information:
\n
\n

Multiple security issues in systemd have been discovered by Sebastian\nKrahmer and Florian Weimer: Insecure interaction with DBUS could lead\nto the bypass of Policykit restrictions and privilege escalation or\ndenial of service through an integer overflow in journald and missing\ninput sanitising in the processing of X keyboard extension (XKB) files.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 44-11+deb7u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your systemd packages.

\n
\n
\n
\n
", "2778": "
\n

Debian Security Advisory

\n

DSA-2778-1 libapache2-mod-fcgid -- heap-based buffer overflow

\n
\n
Date Reported:
\n
12 Oct 2013
\n
Affected Packages:
\n
\nlibapache2-mod-fcgid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4365.
\n
More information:
\n
\n

Robert Matthews discovered that the Apache FCGID module, a FastCGI\nimplementation for Apache HTTP Server, fails to perform adequate\nboundary checks on user-supplied input. This may allow a remote attacker\nto cause a heap-based buffer overflow, resulting in a denial of service\nor potentially allowing the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:2.3.6-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:2.3.6-1.2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.3.9-1.

\n

We recommend that you upgrade your libapache2-mod-fcgid packages.

\n
\n
\n
\n
", "2779": "
\n

Debian Security Advisory

\n

DSA-2779-1 libxml2 -- denial of service

\n
\n
Date Reported:
\n
13 Oct 2013
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 715531.
In Mitre's CVE dictionary: CVE-2013-2877.
\n
More information:
\n
\n

Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2,\nthe GNOME project's XML parser library, which can lead to denial of\nservice issues when handling XML documents that end abruptly.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.7.8.dfsg-2+squeeze8.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+nmu2.

\n

For the testing (jessie) and unstable (sid) distributions, this\nproblem has been fixed in version 2.9.1+dfsg1-1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2780": "
\n

Debian Security Advisory

\n

DSA-2780-1 mysql-5.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
18 Oct 2013
\n
Affected Packages:
\n
\nmysql-5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-2750, CVE-2013-3839.
\n
More information:
\n
\n

This DSA updates the MySQL database to 5.1.72. This fixes multiple\nunspecified security problems in the Optimizer component:\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.1.72-2.

\n

We recommend that you upgrade your mysql-5.1 packages.

\n
\n
\n
\n
", "2781": "
\n

Debian Security Advisory

\n

DSA-2781-1 python-crypto -- PRNG not correctly reseeded in some situations

\n
\n
Date Reported:
\n
18 Oct 2013
\n
Affected Packages:
\n
\npython-crypto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1445.
\n
More information:
\n
\n

A cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.

\n

In some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.6.1-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.

\n

We recommend that you upgrade your python-crypto packages.

\n
\n
\n
\n
", "2782": "
\n

Debian Security Advisory

\n

DSA-2782-1 polarssl -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Oct 2013
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4623, CVE-2013-5914, CVE-2013-5915.
\n
More information:
\n
\n

Multiple security issues have been discovered in PolarSSL, a lightweight\ncrypto and SSL/TLS library:

\n
    \n
  • CVE-2013-4623\n

    Jack Lloyd discovered a denial of service vulnerability in the\n parsing of PEM-encoded certificates.

    • \n
  • CVE-2013-5914\n

    Paul Brodeur and TrustInSoft discovered a buffer overflow in the\n ssl_read_record() function, allowing the potential execution of\n arbitrary code.

    • \n
  • CVE-2013-5915\n

    Cyril Arnaud and Pierre-Alain Fouque discovered timing attacks against\n the RSA implementation.

    • \n
\n

For the oldstable distribution (squeeze), these problems will be fixed in\nversion 1.2.9-1~deb6u1 soon (due to a technical limitation the updates\ncannot be released synchronously).

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.9-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.1-1.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "2783": "
\n

Debian Security Advisory

\n

DSA-2783-1 librack-ruby -- several vulnerabilities

\n
\n
Date Reported:
\n
21 Oct 2013
\n
Affected Packages:
\n
\nlibrack-ruby\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 653963, Bug 698440, Bug 700226.
In Mitre's CVE dictionary: CVE-2011-5036, CVE-2013-0183, CVE-2013-0184, CVE-2013-0263.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Rack, a modular Ruby\nwebserver interface. The Common Vulnerabilites and Exposures project\nidentifies the following vulnerabilities:

\n
    \n
  • CVE-2011-5036\n

    Rack computes hash values for form parameters without restricting\n the ability to trigger hash collisions predictably, which allows\n remote attackers to cause a denial of service (CPU consumption)\n by sending many crafted parameters.

    • \n
  • CVE-2013-0183\n

    A remote attacker could cause a denial of service (memory\n consumption and out-of-memory error) via a long string in a\n Multipart HTTP packet.

    • \n
  • CVE-2013-0184\n

    A vulnerability in Rack::Auth::AbstractRequest allows remote\n attackers to cause a denial of service via unknown vectors.

    • \n
  • CVE-2013-0263\n

    Rack::Session::Cookie allows remote attackers to guess the\n session cookie, gain privileges, and execute arbitrary code via a\n timing attack involving an HMAC comparison function that does not\n run in constant time.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.1.0-4+squeeze1.

\n

The stable, testing and unstable distributions do not contain the\nlibrack-ruby package. They have already been addressed in version\n1.4.1-2.1 of the ruby-rack package.

\n

We recommend that you upgrade your librack-ruby packages.

\n
\n
\n
\n
", "2784": "
\n

Debian Security Advisory

\n

DSA-2784-1 xorg-server -- use-after-free

\n
\n
Date Reported:
\n
22 Oct 2013
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4396.
\n
More information:
\n
\n

Pedro Ribeiro discovered a use-after-free in the handling of ImageText\nrequests in the Xorg Xserver, which could result in denial of service\nor privilege escalation.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.7.7-17.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.12.4-6+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.14.3-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.14.3-4.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "2785": "
\n

Debian Security Advisory

\n

DSA-2785-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Oct 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2906, CVE-2013-2907, CVE-2013-2908, CVE-2013-2909, CVE-2013-2910, CVE-2013-2911, CVE-2013-2912, CVE-2013-2913, CVE-2013-2915, CVE-2013-2916, CVE-2013-2917, CVE-2013-2918, CVE-2013-2919, CVE-2013-2920, CVE-2013-2921, CVE-2013-2922, CVE-2013-2923, CVE-2013-2924, CVE-2013-2925, CVE-2013-2926, CVE-2013-2927, CVE-2013-2928.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2013-2906\n

    Atte Kettunen of OUSPG discovered race conditions in Web Audio.

    • \n
  • CVE-2013-2907\n

    Boris Zbarsky discovered an out-of-bounds read in window.prototype.

    • \n
  • CVE-2013-2908\n

    Chamal de Silva discovered an address bar spoofing issue.

    • \n
  • CVE-2013-2909\n

    Atte Kuttenen of OUSPG discovered a use-after-free issue in\n inline-block.

    • \n
  • CVE-2013-2910\n

    Byoungyoung Lee of the Georgia Tech Information Security Center\n discovered a use-after-free issue in Web Audio.

    • \n
  • CVE-2013-2911\n

    Atte Kettunen of OUSPG discovered a use-after-free in Blink's XSLT\n handling.

    • \n
  • CVE-2013-2912\n

    Chamal de Silva and 41.w4r10r(at)garage4hackers.com discovered a\n use-after-free issue in the Pepper Plug-in API.

    • \n
  • CVE-2013-2913\n

    cloudfuzzer discovered a use-after-free issue in Blink's XML\n document parsing.

    • \n
  • CVE-2013-2915\n

    Wander Groeneveld discovered an address bar spoofing issue.

    • \n
  • CVE-2013-2916\n

    Masato Kinugawa discovered an address bar spoofing issue.

    • \n
  • CVE-2013-2917\n

    Byoungyoung Lee and Tielei Wang discovered an out-of-bounds read\n issue in Web Audio.

    • \n
  • CVE-2013-2918\n

    Byoungyoung Lee discoverd an out-of-bounds read in Blink's DOM\n implementation.

    • \n
  • CVE-2013-2919\n

    Adam Haile of Concrete Data discovered a memory corruption issue\n in the V8 javascript library.

    • \n
  • CVE-2013-2920\n

    Atte Kuttunen of OUSPG discovered an out-of-bounds read in URL\n host resolving.

    • \n
  • CVE-2013-2921\n

    Byoungyoung Lee and Tielei Wang discovered a use-after-free issue\n in resource loading.

    • \n
  • CVE-2013-2922\n

    Jon Butler discovered a use-after-free issue in Blink's HTML\n template element implementation.

    • \n
  • CVE-2013-2924\n

    A use-after-free issue was discovered in the International\n Components for Unicode (ICU) library.

    • \n
  • CVE-2013-2925\n

    Atte Kettunen of OUSPG discover a use-after-free issue in Blink's\n XML HTTP request implementation.

    • \n
  • CVE-2013-2926\n

    cloudfuzzer discovered a use-after-free issue in the list indenting\n implementation.

    • \n
  • CVE-2013-2927\n

    cloudfuzzer discovered a use-after-free issue in the HTML form\n submission implementation.

    • \n
  • CVE-2013-2923\nand CVE-2013-2928\n

    The chrome 30 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 30.0.1599.101-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 30.0.1599.101-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2786": "
\n

Debian Security Advisory

\n

DSA-2786-1 icu -- several vulnerabilities

\n
\n
Date Reported:
\n
27 Oct 2013
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702346, Bug 726477.
In Mitre's CVE dictionary: CVE-2013-0900, CVE-2013-2924.
\n
More information:
\n
\n

The Google Chrome Security Team discovered two issues (a race condition\nand a use-after-free issue) in the International Components for Unicode\n(ICU) library.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 4.4.1-8+squeeze2.

\n

For the stable distribution (wheezy), which is only affected by\nCVE-2013-2924, this problem has been fixed in version 4.8.1.1-12+deb7u1.

\n

For the testing distribution (jessie), which is only affected by\nCVE-2013-2924, this problem will be fixed soon.

\n

For the unstable distribution (sid), which is only affected by\nCVE-2013-2924, this problem has been fixed in version 4.8.1.1-13+nmu1.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "2787": "
\n

Debian Security Advisory

\n

DSA-2787-1 roundcube -- design error

\n
\n
Date Reported:
\n
27 Oct 2013
\n
Affected Packages:
\n
\nroundcube\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 727668.
In Mitre's CVE dictionary: CVE-2013-6172.
\n
More information:
\n
\n

It was discovered that roundcube, a skinnable AJAX based webmail\nsolution for IMAP servers, does not properly sanitize the _session\nparameter in steps/utils/save_pref.inc during saving preferences. The\nvulnerability can be exploited to overwrite configuration settings and\nsubsequently allowing random file access, manipulated SQL queries and\neven code execution.

\n

roundcube in the oldstable distribution (squeeze) is not affected by\nthis problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.7.2-9+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your roundcube packages.

\n
\n
\n
\n
", "2788": "
\n

Debian Security Advisory

\n

DSA-2788-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
31 Oct 2013
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604.
\n
More information:
\n
\n

Multiple security issues have been found in iceweasel, Debian's version\nof the Mozilla Firefox web browser: multiple memory safety errors, and\nother implementation errors may lead to the execution of arbitrary\ncode.

\n

The iceweasel version in the oldstable distribution (squeeze) is no\nlonger supported with security updates.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.10esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems will fixed soon.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2789": "
\n

Debian Security Advisory

\n

DSA-2789-1 strongswan -- Denial of service and authorization bypass

\n
\n
Date Reported:
\n
01 Nov 2013
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6075.
\n
More information:
\n
\n

A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE\ndaemon used to establish IPsec protected links.

\n

By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or\ncharon daemon, a malicious remote user can provoke a denial of service\n(daemon crash) or an authorization bypass (impersonating a different\nuser, potentially acquiring VPN permissions she doesn't have).

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-5.4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.5+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 5.1.0-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.0-3.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "2790": "
\n

Debian Security Advisory

\n

DSA-2790-1 nss -- uninitialized memory read

\n
\n
Date Reported:
\n
02 Nov 2013
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 726473.
In Mitre's CVE dictionary: CVE-2013-1739.
\n
More information:
\n
\n

A flaw was found in the way the Mozilla Network Security Service library\n(nss) read uninitialized data when there was a decryption failure. A\nremote attacker could use this flaw to cause a denial of service\n(application crash) for applications linked with the nss library.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.4-1.

\n

The packages in the stable distribution were updated to the latest patch\nrelease 3.14.4 of the library to also include a regression bugfix for a\nflaw that affects the libpkix certificate verification cache. More\ninformation can be found via:

\n

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.14.4_release_notes

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2:3.15.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.15.2-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2791": "
\n

Debian Security Advisory

\n

DSA-2791-1 tryton-client -- missing input sanitization

\n
\n
Date Reported:
\n
04 Nov 2013
\n
Affected Packages:
\n
\ntryton-client\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4510.
\n
More information:
\n
\n

Cedric Krier discovered that the Tryton client does not sanitize the\nfile extension supplied by the server when processing reports. As a\nresult, a malicious server could send a report with a crafted file\nextension that causes the client to write any local file to which the\nuser running the client has write access.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.6.1-1+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.2.3-1+deb7u1.

\n

We recommend that you upgrade your tryton-client packages.

\n
\n
\n
\n
", "2792": "
\n

Debian Security Advisory

\n

DSA-2792-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Nov 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6340.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for IEEE\n802.15.4, NBAP, SIP and TCP, which could result in denial of service.

\n

The oldstable distribution (squeeze) is only affected by CVE-2013-6340.\nThis problem has been fixed in version 1.2.11-6+squeeze13.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.3-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2793": "
\n

Debian Security Advisory

\n

DSA-2793-1 libav -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Nov 2013
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0844, CVE-2013-0850, CVE-2013-0853, CVE-2013-0854, CVE-2013-0857, CVE-2013-0858, CVE-2013-0866.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The CVE IDs mentioned above are\njust a small portion of the security issues fixed in this update. A full\nlist of the changes is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.9

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.9-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.10-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "2794": "
\n

Debian Security Advisory

\n

DSA-2794-1 spip -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Nov 2013
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 729172.
In Mitre's CVE dictionary: CVE-2013-4555, CVE-2013-4556, CVE-2013-4557.
\n
More information:
\n
\n

Several vulnerabilities have been found in SPIP, a website engine for\npublishing, resulting in cross-site request forgery on logout,\ncross-site scripting on author page, and PHP injection.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 2.1.1-3squeeze7.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.1.17-1+deb7u2.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1.24-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 3.0.12-1.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "2795": "
\n

Debian Security Advisory

\n

DSA-2795-2 lighttpd -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Nov 2013
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 729453, Bug 729480.
In Mitre's CVE dictionary: CVE-2013-4508, CVE-2013-4559, CVE-2013-4560.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the lighttpd web server.

\n

It was discovered that SSL connections with client certificates\nstopped working after the DSA-2795-1 update of lighttpd. An upstream\npatch has now been applied that provides an appropriate identifier for\nclient certificate verification.

\n
    \n
  • CVE-2013-4508\n

    It was discovered that lighttpd uses weak ssl ciphers when SNI (Server\n Name Indication) is enabled. This issue was solved by ensuring that\n stronger ssl ciphers are used when SNI is selected.

    • \n
  • CVE-2013-4559\n

    The clang static analyzer was used to discover privilege escalation\n issues due to missing checks around lighttpd's setuid, setgid, and\n setgroups calls. Those are now appropriately checked.

    • \n
  • CVE-2013-4560\n

    The clang static analyzer was used to discover a use-after-free issue\n when the FAM stat cache engine is enabled, which is now fixed.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.5.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u2.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion lighttpd_1.4.33-1+nmu1.

\n

For the testing (jessie) and unstable (sid) distributions, the regression\nproblem will be fixed soon.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "2796": "
\n

Debian Security Advisory

\n

DSA-2796-1 torque -- arbitrary code execution

\n
\n
Date Reported:
\n
13 Nov 2013
\n
Affected Packages:
\n
\ntorque\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 729333.
In Mitre's CVE dictionary: CVE-2013-4495.
\n
More information:
\n
\n

Matt Ezell from Oak Ridge National Labs reported a vulnerability in\ntorque, a PBS-derived batch processing queueing system.

\n

A user could submit executable shell commands on the tail of what is\npassed with the -M switch for qsub. This was later passed to a pipe,\nmaking it possible for these commands to be executed as root on the\npbs_server.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.16+dfsg-1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.16+dfsg-1.3.

\n

We recommend that you upgrade your torque packages.

\n
\n
\n
\n
", "2797": "
\n

Debian Security Advisory

\n

DSA-2797-1 icedove -- several vulnerabilities

\n
\n
Date Reported:
\n
13 Nov 2013
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, and other implementation errors may lead to the execution of\narbitrary code.

\n

The Icedove version in the oldstable distribution (squeeze) is no longer\nsupported with full security updates. However, it should be noted that\nalmost all security issues in Icedove stem from the included browser engine.\nThese security problems only affect Icedove if scripting and HTML mails\nare enabled. If there are security issues specific to Icedove (e.g. a\nhypothetical buffer overflow in the IMAP implementation) we'll make an\neffort to backport such fixes to oldstable.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 17.0.10-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 17.0.10-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2798": "
\n

Debian Security Advisory

\n

DSA-2798-1 curl -- unchecked ssl certificate host name

\n
\n
Date Reported:
\n
17 Nov 2013
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4545.
\n
More information:
\n
\n

Scott Cantor discovered that curl, a file retrieval tool, would disable\nthe CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting\nwas disabled. This would also disable ssl certificate host name checks\nwhen it should have only disabled verification of the certificate trust\nchain.

\n

The default configuration for the curl package is not affected by this\nissue since CURLOPT_SSLVERIFYPEER is enabled by default.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze5.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy5.

\n

For the testing (jessie) and unstable (sid) distributions, this problem\nhas been fixed in version 7.33.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2799": "
\n

Debian Security Advisory

\n

DSA-2799-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Nov 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2931, CVE-2013-6621, CVE-2013-6622, CVE-2013-6623, CVE-2013-6624, CVE-2013-6625, CVE-2013-6626, CVE-2013-6627, CVE-2013-6628, CVE-2013-6629, CVE-2013-6630, CVE-2013-6631, CVE-2013-6632.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2013-2931\n

    The chrome 31 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
  • CVE-2013-6621\n

    Khalil Zhani discovered a use-after-free issue in speech input\n handling.

    • \n
  • CVE-2013-6622\n

    cloudfuzzer discovered a use-after-free issue in\n HTMLMediaElement.

    • \n
  • CVE-2013-6623\n

    miaubiz discovered an out-of-bounds read in the Blink/Webkit SVG\n implementation.

    • \n
  • CVE-2013-6624\n

    Jon Butler discovered a use-after-free issue in id attribute\n strings.

    • \n
  • CVE-2013-6625\n

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n DOM implementation.

    • \n
  • CVE-2013-6626\n

    Chamal de Silva discovered an address bar spoofing issue.

    • \n
  • CVE-2013-6627\n

    skylined discovered an out-of-bounds read in the HTTP stream\n parser.

    • \n
  • CVE-2013-6628\n

    Antoine Delignat-Lavaud and Karthikeyan Bhargavan of INRIA Paris\n discovered that a different (unverified) certificate could be used\n after successful TLS renegotiation with a valid certificate.

    • \n
  • CVE-2013-6629\n

    Michal Zalewski discovered an uninitialized memory read in the\n libjpeg and libjpeg-turbo libraries.

    • \n
  • CVE-2013-6630\n

    Michal Zalewski discovered another uninitialized memory read in\n the libjpeg and libjpeg-turbo libraries.

    • \n
  • CVE-2013-6631\n

    Patrik H\u00f6glund discovered a use-free issue in the libjingle\n library.

    • \n
  • CVE-2013-6632\n

    Pinkie Pie discovered multiple memory corruption issues.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.0.1650.57-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.0.1650.57-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2800": "
\n

Debian Security Advisory

\n

DSA-2800-1 nss -- buffer overflow

\n
\n
Date Reported:
\n
25 Nov 2013
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5605.
\n
More information:
\n
\n

Andrew Tinits reported a potentially exploitable buffer overflow in the\nMozilla Network Security Service library (nss). With a specially crafted\nrequest a remote attacker could cause a denial of service or possibly\nexecute arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.12.8-1+squeeze7.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2:3.15.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.15.3-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2801": "
\n

Debian Security Advisory

\n

DSA-2801-1 libhttp-body-perl -- design error

\n
\n
Date Reported:
\n
21 Nov 2013
\n
Affected Packages:
\n
\nlibhttp-body-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 721634.
In Mitre's CVE dictionary: CVE-2013-4407.
\n
More information:
\n
\n

Jonathan Dolle reported a design error in HTTP::Body, a Perl module for\nprocessing data from HTTP POST requests. The HTTP body multipart parser\ncreates temporary files which preserve the suffix of the uploaded file.\nAn attacker able to upload files to a service that uses\nHTTP::Body::Multipart could potentially execute commands on the server\nif these temporary filenames are used in subsequent commands without\nfurther checks.

\n

This update restricts the possible suffixes used for the created\ntemporary files.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.11-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.17-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.17-2.

\n

We recommend that you upgrade your libhttp-body-perl packages.

\n
\n
\n
\n
", "2802": "
\n

Debian Security Advisory

\n

DSA-2802-1 nginx -- restriction bypass

\n
\n
Date Reported:
\n
21 Nov 2013
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 730012.
In Mitre's CVE dictionary: CVE-2013-4547.
\n
More information:
\n
\n

Ivan Fratric of the Google Security Team discovered a bug in nginx,\na web server, which might allow an attacker to bypass security\nrestrictions by using a specially crafted request.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.4-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "2803": "
\n

Debian Security Advisory

\n

DSA-2803-1 quagga -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Nov 2013
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 730513, Bug 726724.
In Mitre's CVE dictionary: CVE-2013-2236, CVE-2013-6051.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Quagga, a BGP/OSPF/RIP\nrouting daemon:

\n
    \n
  • CVE-2013-2236\n

    A buffer overflow was found in the OSPF API-server (exporting the LSDB\n and allowing announcement of Opaque-LSAs).

    • \n
  • CVE-2013-6051\n

    bgpd could be crashed through BGP updates. This only affects Wheezy/stable.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.99.20.1-0+squeeze5.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.99.22.4-1+wheezy1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.99.22.4-1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "2804": "
\n

Debian Security Advisory

\n

DSA-2804-1 drupal7 -- several vulnerabilities

\n
\n
Date Reported:
\n
26 Nov 2013
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6385, CVE-2013-6386, CVE-2013-6387, CVE-2013-6388, CVE-2013-6389.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Drupal, a fully-featured\ncontent management framework: Cross-site request forgery, insecure\npseudo random number generation, code execution, incorrect security token\nvalidation and cross-site scripting.

\n

In order to avoid the remote code execution vulnerability, it is\nrecommended to create a .htaccess file (or an equivalent configuration\ndirective in case you are not using Apache to serve your Drupal sites)\nin each of your sites' files directories (both public and private, in\ncase you have both configured).

\n

Please refer to the NEWS file provided with this update and the upstream\nadvisory at drupal.org/SA-CORE-2013-003 for further information.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.24-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "2805": "
\n

Debian Security Advisory

\n

DSA-2805-1 sup-mail -- command injection

\n
\n
Date Reported:
\n
27 Nov 2013
\n
Affected Packages:
\n
\nsup-mail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 728232.
In Mitre's CVE dictionary: CVE-2013-4478, CVE-2013-4479.
\n
More information:
\n
\n

joernchen of Phenoelit discovered two command injection flaws in Sup, a\nconsole-based email client. An attacker might execute arbitrary command\nif the user opens a maliciously crafted email.

\n
    \n
  • CVE-2013-4478\n

    Sup wrongly handled the filename of attachments.

    • \n
  • CVE-2013-4479\n

    Sup did not sanitize the content-type of attachments.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 0.11-2+nmu1+deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.12.1+git20120407.aaa852f-1+deb7u1.

\n

We recommend that you upgrade your sup-mail packages.

\n
\n
\n
\n
", "2806": "
\n

Debian Security Advisory

\n

DSA-2806-1 nbd -- privilege escalation

\n
\n
Date Reported:
\n
29 Nov 2013
\n
Affected Packages:
\n
\nnbd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6410.
\n
More information:
\n
\n

It was discovered that nbd-server, the server for the Network Block\nDevice protocol, did incorrect parsing of the access control lists,\nallowing access to any hosts with an IP address sharing a prefix with\nan allowed address.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:2.9.16-8+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:3.2-4~deb7u4.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your nbd packages.

\n
\n
\n
\n
", "2807": "
\n

Debian Security Advisory

\n

DSA-2807-1 links2 -- integer overflow

\n
\n
Date Reported:
\n
30 Nov 2013
\n
Affected Packages:
\n
\nlinks2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6050.
\n
More information:
\n
\n

Mikulas Patocka discovered an integer overflow in the parsing of HTML\ntables in the Links web browser. This can only be exploited when running\nLinks in graphical mode.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.3~pre1-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.7-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.8-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.8-1.

\n

We recommend that you upgrade your links2 packages.

\n
\n
\n
\n
", "2808": "
\n

Debian Security Advisory

\n

DSA-2808-1 openjpeg -- several vulnerabilities

\n
\n
Date Reported:
\n
03 Dec 2013
\n
Affected Packages:
\n
\nopenjpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000\nimage library, that may lead to denial of service (CVE-2013-1447) via\napplication crash or high memory consumption, possible code execution\nthrough heap buffer overflows (CVE-2013-6045), information disclosure\n(CVE-2013-6052), or yet another heap buffer overflow that only appears\nto affect OpenJPEG 1.3 (CVE-2013-6054).

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.3+dfsg-4+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.3+dfsg-4.7.

\n

For the testing distribution (jessie), and the unstable distribution (sid),\nthese problems will be fixed soon.

\n

We recommend that you upgrade your openjpeg packages.

\n
\n
\n
\n
", "2809": "
\n

Debian Security Advisory

\n

DSA-2809-1 ruby1.8 -- several vulnerabilities

\n
\n
Date Reported:
\n
04 Dec 2013
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 702526, Bug 714541, Bug 730189.
In Mitre's CVE dictionary: CVE-2013-1821, CVE-2013-4073, CVE-2013-4164.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the interpreter for the\nRuby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2013-1821\n

    Ben Murphy discovered that unrestricted entity expansion in REXML\n can lead to a Denial of Service by consuming all host memory.

    • \n
  • CVE-2013-4073\n

    William (B.J.) Snow Orvis discovered a vulnerability in the hostname\n checking in Ruby's SSL client that could allow man-in-the-middle\n attackers to spoof SSL servers via a crafted certificate issued by a\n trusted certification authority.

    • \n
  • CVE-2013-4164\n

    Charlie Somerville discovered that Ruby incorrectly handled floating\n point number conversion. If an application using Ruby accepted\n untrusted input strings and converted them to floating point\n numbers, an attacker able to provide such input could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the application.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.8.7.302-2squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.7.358-7.1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.358-9.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
\n
\n
", "2810": "
\n

Debian Security Advisory

\n

DSA-2810-1 ruby1.9.1 -- heap overflow

\n
\n
Date Reported:
\n
04 Dec 2013
\n
Affected Packages:
\n
\nruby1.9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 730178.
In Mitre's CVE dictionary: CVE-2013-4164.
\n
More information:
\n
\n

Charlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.9.2.0-2+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.9.3.194-8.1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3.484-1.

\n

We recommend that you upgrade your ruby1.9.1 packages.

\n
\n
\n
\n
", "2811": "
\n

Debian Security Advisory

\n

DSA-2811-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
07 Dec 2013
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6634, CVE-2013-6635, CVE-2013-6636, CVE-2013-6637, CVE-2013-6638, CVE-2013-6639, CVE-2013-6640.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2013-6634\n

    Andrey Labunets discovered that the wrong URL was used during\n validation in the one-click sign on helper.

    • \n
  • CVE-2013-6635\n

    cloudfuzzer discovered use-after-free issues in the InsertHTML and\n Indent DOM editing commands.

    • \n
  • CVE-2013-6636\n

    Bas Venis discovered an address bar spoofing issue.

    • \n
  • CVE-2013-6637\n

    The chrome 31 development team discovered and fixed multiple issues\n with potential security impact.

    • \n
  • CVE-2013-6638\n

    Jakob Kummerow of the Chromium project discovered a buffer overflow in\n the v8 javascript library.

    • \n
  • CVE-2013-6639\n

    Jakob Kummerow of the Chromium project discovered an out-of-bounds\n write in the v8 javascript library.

    • \n
  • CVE-2013-6640\n

    Jakob Kummerow of the Chromium project discovered an out-of-bounds\n read in the v8 javascript library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.0.1650.63-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.0.1650.63-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2812": "
\n

Debian Security Advisory

\n

DSA-2812-1 samba -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Dec 2013
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4408, CVE-2013-4475.
\n
More information:
\n
\n

Two security issues were found in Samba, a SMB/CIFS file, print, and\nlogin server:

\n
    \n
  • CVE-2013-4408\n

    It was discovered that multiple buffer overflows in the processing\n of DCE-RPC packets may lead to the execution of arbitrary code.

    • \n
  • CVE-2013-4475\n

    Hemanth Thummala discovered that ACLs were not checked when opening\n files with alternate data streams. This issue is only exploitable\n if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are\n used.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.5.6~dfsg-3squeeze11.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.6-6+deb7u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2813": "
\n

Debian Security Advisory

\n

DSA-2813-1 gimp -- several vulnerabilities

\n
\n
Date Reported:
\n
09 Dec 2013
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1913, CVE-2013-1978.
\n
More information:
\n
\n

Murray McAllister discovered multiple integer and buffer overflows in the\nXWD plugin in Gimp, which can result in the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 2.6.10-1+squeeze4. This update also fixes CVE-2012-3403,\nCVE-2012-3481 and CVE-2012-5576.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.8.2-2+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your gimp packages.

\n
\n
\n
\n
", "2814": "
\n

Debian Security Advisory

\n

DSA-2814-1 varnish -- denial of service

\n
\n
Date Reported:
\n
09 Dec 2013
\n
Affected Packages:
\n
\nvarnish\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 728989.
In Mitre's CVE dictionary: CVE-2013-4484.
\n
More information:
\n
\n

A denial of service vulnerability was reported in varnish, a state of\nthe art, high-performance web accelerator. With some configurations of\nvarnish a remote attacker could mount a denial of service (child-process\ncrash and temporary caching outage) via a GET request with trailing\nwhitespace characters and no URI.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.3-8+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.2-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.5-1.

\n

We recommend that you upgrade your varnish packages.

\n
\n
\n
\n
", "2815": "
\n

Debian Security Advisory

\n

DSA-2815-1 munin -- denial of service

\n
\n
Date Reported:
\n
09 Dec 2013
\n
Affected Packages:
\n
\nmunin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6048, CVE-2013-6359.
\n
More information:
\n
\n

Christoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2013-6048\n

    The Munin::Master::Node module of munin does not properly validate\n certain data a node sends. A malicious node might exploit this to\n drive the munin-html process into an infinite loop with memory\n exhaustion on the munin master.

    • \n
  • CVE-2013-6359\n

    A malicious node, with a plugin enabled using multigraph as a\n multigraph service name, can abort data collection for the entire\n node the plugin runs on.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.6-4+deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 2.0.18-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.18-1.

\n

We recommend that you upgrade your munin packages.

\n
\n
\n
\n
", "2816": "
\n

Debian Security Advisory

\n

DSA-2816-1 php5 -- several vulnerabilities

\n
\n
Date Reported:
\n
12 Dec 2013
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 731112, Bug 731895.
In Mitre's CVE dictionary: CVE-2013-6420, CVE-2013-6712.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following issues:

\n
    \n
  • CVE-2013-6420\n

    Stefan Esser reported possible memory corruption in\n openssl_x509_parse().

    • \n
  • CVE-2013-6712\n

    Creating DateInterval objects from parsed ISO dates was\n not properly restricted, which allowed to cause a\n denial of service.

    • \n
\n

In addition, the update for Debian 7 Wheezy contains several bugfixes\noriginally targeted for the upcoming Wheezy point release.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.3.3-7+squeeze18.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.5.6+dfsg-2.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2817": "
\n

Debian Security Advisory

\n

DSA-2817-1 libtar -- Integer overflow

\n
\n
Date Reported:
\n
14 Dec 2013
\n
Affected Packages:
\n
\nlibtar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 725938.
In Mitre's CVE dictionary: CVE-2013-4397.
\n
More information:
\n
\n

Timo Warns reported multiple integer overflow vulnerabilities in libtar,\na library for manipulating tar archives, which can result in the\nexecution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.16-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.2.20-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.20-1.

\n

We recommend that you upgrade your libtar packages.

\n
\n
\n
\n
", "2818": "
\n

Debian Security Advisory

\n

DSA-2818-1 mysql-5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Dec 2013
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 711600, Bug 732306.
In Mitre's CVE dictionary: CVE-2013-1861, CVE-2013-2162, CVE-2013-3783, CVE-2013-3793, CVE-2013-3802, CVE-2013-3804, CVE-2013-3809, CVE-2013-3812, CVE-2013-3839, CVE-2013-5807.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to a new upstream\nversion, 5.5.33, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes for further details:

\n\n

In addition this update fixes two issues affecting specifically the\nmysql-5.5 Debian package:

\n

A race condition in the post-installation script of the mysql-server-5.5\npackage creates the configuration file /etc/mysql/debian.cnf with\nworld-readable permissions before restricting the permissions, which\nallows local users to read the file and obtain sensitive information\nsuch as credentials for the debian-sys-maint to perform\nadministration tasks.\n(CVE-2013-2162)

\n

Matthias Reichl reported that the mysql-5.5 package misses the patches\napplied previous in Debian's mysql-5.1 to drop the database test and\nthe permissions that allow anonymous access, without a password, from\nlocalhost to the test database and any databases starting with\ntest_. This update reintroduces these patches for the mysql-5.5\npackage.

\n

Existing databases and permissions are not touched. Please refer to the\nNEWS file provided with this update for further information.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.33+dfsg-0+wheezy1.

\n

For the unstable distribution (sid), the Debian specific problems will\nbe fixed soon.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "2819": "
\n

Debian Security Advisory

\n

DSA-2819-1 iceape -- end-of-life announcement for iceape

\n
\n
Date Reported:
\n
16 Dec 2013
\n
Affected Packages:
\n
\niceape\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Security support for Iceape, the Debian-branded version of the Seamonkey\nsuite needed to be stopped before the end of the regular security maintenance\nlife cycle.

\n

We recommend to migrate to Iceweasel for the web browser functionality and\nto Icedove for the e-mail bits. Iceweasel and Icedove are based on the same\ncodebase and will continue to be supported with security updates. Alternatively\nyou can switch to the binaries provided by Mozilla available at\nhttp://www.seamonkey-project.org/releases/\n

\n
\n
\n
", "2820": "
\n

Debian Security Advisory

\n

DSA-2820-1 nspr -- integer overflow

\n
\n
Date Reported:
\n
17 Dec 2013
\n
Affected Packages:
\n
\nnspr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5607.
\n
More information:
\n
\n

It was discovered that NSPR, Netscape Portable Runtime library, could\ncrash an application using the library when parsing a certificate that\ncauses an integer overflow. This flaw only affects 64-bit systems.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 4.8.6-1+squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:4.9.2-1+deb7u1.

\n

For the testing distribution (jessie), and the unstable distribution\n(sid), this problem has been fixed in version 2:4.10.2-1.

\n

We recommend that you upgrade your nspr packages.

\n
\n
\n
\n
", "2821": "
\n

Debian Security Advisory

\n

DSA-2821-1 gnupg -- side channel attack

\n
\n
Date Reported:
\n
18 Dec 2013
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4576.
\n
More information:
\n
\n

Genkin, Shamir and Tromer discovered that RSA key material could\nbe extracted by using the sound generated by the computer during the\ndecryption of some chosen ciphertexts.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.10-4+squeeze4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.15-3.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "2822": "
\n

Debian Security Advisory

\n

DSA-2822-1 xorg-server -- integer underflow

\n
\n
Date Reported:
\n
18 Dec 2013
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6424.
\n
More information:
\n
\n

Bryan Quigley discovered an integer underflow in the Xorg X server which\ncould lead to denial of service or the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.7.7-18.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.12.4-6+deb7u2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "2823": "
\n

Debian Security Advisory

\n

DSA-2823-1 pixman -- integer underflow

\n
\n
Date Reported:
\n
18 Dec 2013
\n
Affected Packages:
\n
\npixman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6425.
\n
More information:
\n
\n

Bryan Quigley discovered an integer underflow in Pixman which could lead\nto denial of service or the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.16.4-1+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.26.0-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.30.2-2.

\n

We recommend that you upgrade your pixman packages.

\n
\n
\n
\n
", "2824": "
\n

Debian Security Advisory

\n

DSA-2824-1 curl -- unchecked tls/ssl certificate host name

\n
\n
Date Reported:
\n
19 Dec 2013
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6422.
\n
More information:
\n
\n

Marc Deslauriers discovered that curl, a file retrieval tool, would\nmistakenly skip verifying the CN and SAN name fields when digital\nsignature verification was disabled in the libcurl GnuTLS backend.

\n

The default configuration for the curl package is not affected by this\nissue since the digital signature verification is enabled by default.

\n

The oldstable distribution (squeeze) is not affected by this problem.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.34.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2825": "
\n

Debian Security Advisory

\n

DSA-2825-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Dec 2013
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7113, CVE-2013-7114.
\n
More information:
\n
\n

Laurent Butti and Garming Sam discovered multiple vulnerabilities in the\ndissectors for NTLMSSPv2 and BSSGP, which could lead to denial of service\nor the execution of arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy9.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.4-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2826": "
\n

Debian Security Advisory

\n

DSA-2826-1 denyhosts -- remote denial of ssh service

\n
\n
Date Reported:
\n
22 Dec 2013
\n
Affected Packages:
\n
\ndenyhosts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6890.
\n
More information:
\n
\n

Helmut Grohne discovered that denyhosts, a tool preventing SSH\nbrute-force attacks, could be used to perform remote denial of service\nagainst the SSH daemon. Incorrectly specified regular expressions used\nto detect brute force attacks in authentication logs could be exploited\nby a malicious user to forge crafted login names in order to make\ndenyhosts ban arbitrary IP addresses.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6-7+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-10+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.6-10.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6-10.1.

\n

We recommend that you upgrade your denyhosts packages.

\n
\n
\n
\n
", "2827": "
\n

Debian Security Advisory

\n

DSA-2827-1 libcommons-fileupload-java -- arbitrary file upload via deserialization

\n
\n
Date Reported:
\n
24 Dec 2013
\n
Affected Packages:
\n
\nlibcommons-fileupload-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 726601.
In Mitre's CVE dictionary: CVE-2013-2186.
\n
More information:
\n
\n

It was discovered that Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications, incorrectly handled file names with NULL bytes in\nserialized instances. A remote attacker able to supply a serialized\ninstance of the DiskFileItem class, which will be deserialized on a\nserver, could use this flaw to write arbitrary content to any location\non the server that is accessible to the user running the application\nserver process.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.3-2.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3-2.1.

\n

We recommend that you upgrade your libcommons-fileupload-java packages.

\n
\n
\n
\n
", "2828": "
\n

Debian Security Advisory

\n

DSA-2828-1 drupal6 -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Dec 2013
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6385, CVE-2013-6386.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Drupal, a fully-featured\ncontent management framework: vulnerabilities due to optimistic cross-site\nrequest forgery protection, insecure pseudo random number generation, code\nexecution and incorrect security token validation.

\n

In order to avoid the remote code execution vulnerability, it is\nrecommended to create a .htaccess file (or an equivalent configuration\ndirective in case you are not using Apache to serve your Drupal sites)\nin each of your sites' files directories (both public and private, in\ncase you have both configured).

\n

Please refer to the NEWS file provided with this update and the upstream\nadvisory at drupal.org/SA-CORE-2013-003 for further information.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 6.29-1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
\n
\n
", "2829": "
\n

Debian Security Advisory

\n

DSA-2829-1 hplip -- several vulnerabilities

\n
\n
Date Reported:
\n
28 Dec 2013
\n
Affected Packages:
\n
\nhplip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0200, CVE-2013-4325, CVE-2013-6402, CVE-2013-6427.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the HP Linux Printing and\nImaging System: Insecure temporary files, insufficient permission checks\nin PackageKit and the insecure hp-upgrade service has been disabled.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.10.6-2+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.12.6-3.1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.13.11-2.

\n

We recommend that you upgrade your hplip packages.

\n
\n
\n
\n
", "2830": "
\n

Debian Security Advisory

\n

DSA-2830-1 ruby-i18n -- cross-site scripting

\n
\n
Date Reported:
\n
30 Dec 2013
\n
Affected Packages:
\n
\nruby-i18n\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4492.
\n
More information:
\n
\n

Peter McLarnan discovered that the internationalization component of\nRuby on Rails does not properly encode parameters in generated HTML\ncode, resulting in a cross-site scripting vulnerability. This update\ncorrects the underlying vulnerability in the i18n gem, as provided by\nthe ruby-i18n package.

\n

The oldstable distribution (squeeze) is not affected by this problem;\nthe libi18n-ruby package does not contain the vulnerable code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.6.0-3+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.9-1.

\n

We recommend that you upgrade your ruby-i18n packages.

\n
\n
\n
\n
", "2831": "
\n

Debian Security Advisory

\n

DSA-2831-1 puppet -- insecure temporary files

\n
\n
Date Reported:
\n
31 Dec 2013
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4969.
\n
More information:
\n
\n

An unsafe use of temporary files was discovered in Puppet, a tool for\ncentralized configuration management. An attacker can exploit this\nvulnerability and overwrite an arbitrary file in the system.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.2-5+squeeze9.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.23-1~deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 3.4.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.4.1-1.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "2832": "
\n

Debian Security Advisory

\n

DSA-2832-1 memcached -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jan 2014
\n
Affected Packages:
\n
\nmemcached\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 706426, Bug 733643.
In Mitre's CVE dictionary: CVE-2011-4971, CVE-2013-7239.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in memcached, a high-performance\nmemory object caching system. The Common Vulnerabilities and Exposures\nproject identifies the following issues:

\n
    \n
  • CVE-2011-4971\n

    Stefan Bucur reported that memcached could be caused to crash by\n sending a specially crafted packet.

    • \n
  • CVE-2013-7239\n

    It was reported that SASL authentication could be bypassed due to a\n flaw related to the managment of the SASL authentication state. With\n a specially crafted request, a remote attacker may be able to\n authenticate with invalid SASL credentials.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 1.4.5-1+deb6u1. Note that the patch for CVE-2013-7239 was not\napplied for the oldstable distribution as SASL support is not enabled in\nthis version. This update also provides the fix for CVE-2013-0179 which\nwas fixed for stable already.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.13-0.2+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your memcached packages.

\n
\n
\n
\n
", "2833": "
\n

Debian Security Advisory

\n

DSA-2833-1 openssl -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jan 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 732754, Bug 732710.
In Mitre's CVE dictionary: CVE-2013-6449, CVE-2013-6450.
\n
More information:
\n
\n

Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support\nwas susceptible to denial of service and retransmission of DTLS messages\nwas fixed. In addition this update disables the insecure Dual_EC_DRBG\nalgorithm (which was unused anyway, see\nhttp://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further\ninformation) and no longer uses the RdRand feature available on some\nIntel CPUs as a sole source of entropy unless explicitly requested.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1e-5.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2834": "
\n

Debian Security Advisory

\n

DSA-2834-1 typo3-src -- several vulnerabilities

\n
\n
Date Reported:
\n
01 Jan 2014
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 731999.
In Mitre's CVE dictionary: CVE-2013-7073, CVE-2013-7074, CVE-2013-7075, CVE-2013-7076, CVE-2013-7078, CVE-2013-7079, CVE-2013-7080, CVE-2013-7081.
\n
More information:
\n
\n

Several vulnerabilities were discovered in TYPO3, a content management\nsystem. This update addresses cross-site scripting, information\ndisclosure, mass assignment, open redirection and insecure unserialize\nvulnerabilities and corresponds to TYPO3-CORE-SA-2013-004.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 4.3.9+dfsg1-1+squeeze9.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.5.19+dfsg1-5+wheezy2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 4.5.32+dfsg1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.5.32+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2835": "
\n

Debian Security Advisory

\n

DSA-2835-1 asterisk -- buffer overflow

\n
\n
Date Reported:
\n
05 Jan 2014
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 732355.
In Mitre's CVE dictionary: CVE-2013-7100.
\n
More information:
\n
\n

Jan Juergens discovered a buffer overflow in the parser for SMS messages\nin Asterisk.

\n

An additional change was backported, which is fully described in\nhttp://downloads.asterisk.org/pub/security/AST-2013-007.html

\n

With the fix for AST-2013-007, a new configuration option was added in\norder to allow the system adminitrator to disable the expansion of\ndangerous functions (such as SHELL()) from any interface which is not\nthe dialplan. In stable and oldstable this option is disabled by default.\nTo enable it add the following line to the section '[options]' in\n/etc/asterisk/asterisk.conf (and restart asterisk)

\n
live_dangerously = no
\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.6.2.9-2+squeeze12.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.8.13.1~dfsg1-3+deb7u3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:11.7.0~dfsg-1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "2836": "
\n

Debian Security Advisory

\n

DSA-2836-1 devscripts -- arbitrary code execution

\n
\n
Date Reported:
\n
05 Jan 2014
\n
Affected Packages:
\n
\ndevscripts\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6888, CVE-2013-7325.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in uscan, a tool to scan\nupstream sites for new releases of packages, which is part of the\ndevscripts package. An attacker controlling a website from which uscan\nwould attempt to download a source tarball could execute arbitrary code\nwith the privileges of the user running uscan.

\n

The Common Vulnerabilities and Exposures project id CVE-2013-6888 has\nbeen assigned to identify them.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.12.6+deb7u2.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 2.13.9.

\n

We recommend that you upgrade your devscripts packages.

\n
\n
\n
\n
", "2837": "
\n

Debian Security Advisory

\n

DSA-2837-1 openssl -- programming error

\n
\n
Date Reported:
\n
07 Jan 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4353.
\n
More information:
\n
\n

Anton Johansson discovered that an invalid TLS handshake package could\ncrash OpenSSL with a NULL pointer dereference.

\n

The oldstable distribution (squeeze) is not affected.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1f-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2838": "
\n

Debian Security Advisory

\n

DSA-2838-1 libxfont -- buffer overflow

\n
\n
Date Reported:
\n
07 Jan 2014
\n
Affected Packages:
\n
\nlibxfont\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6462.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the processing of Glyph\nBitmap Distribution fonts (BDF) could result in the execution of\narbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1:1.4.1-4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.4.5-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.4.7-1.

\n

We recommend that you upgrade your libxfont packages.

\n
\n
\n
\n
", "2839": "
\n

Debian Security Advisory

\n

DSA-2839-1 spice -- denial of service

\n
\n
Date Reported:
\n
08 Jan 2014
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 717030, Bug 728314.
In Mitre's CVE dictionary: CVE-2013-4130, CVE-2013-4282.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following issues:

\n
    \n
  • CVE-2013-4130\n

    David Gibson of Red Hat discovered that SPICE incorrectly handled\n certain network errors. A remote user able to initiate a SPICE\n connection to an application acting as a SPICE server could use this\n flaw to crash the application.

    • \n
  • CVE-2013-4282\n

    Tomas Jamrisko of Red Hat discovered that SPICE incorrectly handled\n long passwords in SPICE tickets. A remote user able to initiate a\n SPICE connection to an application acting as a SPICE server could use\n this flaw to crash the application.

    • \n
\n

Applications acting as a SPICE server must be restarted for this update\nto take effect.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.11.0-1+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 0.12.4-0nocelt2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.12.4-0nocelt2.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "2840": "
\n

Debian Security Advisory

\n

DSA-2840-1 srtp -- buffer overflow

\n
\n
Date Reported:
\n
10 Jan 2014
\n
Affected Packages:
\n
\nsrtp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 711163.
In Mitre's CVE dictionary: CVE-2013-2139.
\n
More information:
\n
\n

Fernando Russ from Groundworks Technologies reported a buffer overflow\n flaw in srtp, Cisco's reference implementation of the Secure Real-time\n Transport Protocol (SRTP), in how the\n crypto_policy_set_from_profile_for_rtp() function applies\n cryptographic profiles to an srtp_policy. A remote attacker could\n exploit this vulnerability to crash an application linked against\n libsrtp, resulting in a denial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.4.4~dfsg-6+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.4+20100615~dfsg-2+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.4.5~20130609~dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.5~20130609~dfsg-1.

\n

We recommend that you upgrade your srtp packages.

\n
\n
\n
\n
", "2841": "
\n

Debian Security Advisory

\n

DSA-2841-1 movabletype-opensource -- cross-site scripting

\n
\n
Date Reported:
\n
11 Jan 2014
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 734304.
In Mitre's CVE dictionary: CVE-2014-0977.
\n
More information:
\n
\n

A cross-site scripting vulnerability was discovered in the rich text\neditor of the Movable Type blogging engine.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 4.3.8+dfsg-0+squeeze4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.1.4+dfsg-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.9+dfsg-1.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "2842": "
\n

Debian Security Advisory

\n

DSA-2842-1 libspring-java -- denial of service

\n
\n
Date Reported:
\n
13 Jan 2014
\n
Affected Packages:
\n
\nlibspring-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 720902.
In Mitre's CVE dictionary: CVE-2013-4152.
\n
More information:
\n
\n

Alvaro Munoz discovered a XML External Entity (XXE) injection in the\nSpring Framework which can be used for conducting CSRF and DoS attacks\non other sites.

\n

The Spring OXM wrapper did not expose any property for disabling entity\nresolution when using the JAXB unmarshaller. There are four possible\nsource implementations passed to the unmarshaller:

\n
    \n
  • DOMSource
    • \n
  • StAXSource
    • \n
  • SAXSource
    • \n
  • StreamSource
    • \n
\n

For a DOMSource, the XML has already been parsed by user code\nand that code is responsible for protecting against XXE.

\n

For a StAXSource, the XMLStreamReader has already been created\nby user code and that code is responsible for protecting\nagainst XXE.

\n

For SAXSource and StreamSource instances, Spring processed\nexternal entities by default thereby creating this\nvulnerability.

\n

The issue was resolved by disabling external entity processing\nby default and adding an option to enable it for those users\nthat need to use this feature when processing XML from a\ntrusted source.

\n

It was also identified that Spring MVC processed user provided\nXML with JAXB in combination with a StAX XMLInputFactory\nwithout disabling external entity resolution. External entity\nresolution has been disabled in this case.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.6.RELEASE-6+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.6.RELEASE-10.

\n

We recommend that you upgrade your libspring-java packages.

\n
\n
\n
\n
", "2843": "
\n

Debian Security Advisory

\n

DSA-2843-1 graphviz -- buffer overflow

\n
\n
Date Reported:
\n
13 Jan 2014
\n
Affected Packages:
\n
\ngraphviz\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 734745.
In Mitre's CVE dictionary: CVE-2014-0978, CVE-2014-1236.
\n
More information:
\n
\n

Two buffer overflow vulnerabilities were reported in Graphviz, a rich\ncollection of graph drawing tools. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2014-0978\n

    It was discovered that user-supplied input used in the yyerror()\n function in lib/cgraph/scan.l is not bound-checked before beeing\n copied into an insufficiently sized memory buffer. A\n context-dependent attacker could supply a specially crafted input\n file containing a long line to cause a stack-based buffer overlow,\n resulting in a denial of service (application crash) or potentially\n allowing the execution of arbitrary code.

    • \n
  • CVE-2014-1236\n

    Sebastian Krahmer reported an overflow condition in the chkNum()\n function in lib/cgraph/scan.l that is triggered as the used regular\n expression accepts an arbitrary long digit list. With a specially\n crafted input file, a context-dependent attacker can cause a\n stack-based buffer overflow, resulting in a denial of service\n (application crash) or potentially allowing the execution of\n arbitrary code.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.26.3-5+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.26.3-14+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your graphviz packages.

\n
\n
\n
\n
", "2844": "
\n

Debian Security Advisory

\n

DSA-2844-1 djvulibre -- arbitrary code execution

\n
\n
Date Reported:
\n
15 Jan 2014
\n
Affected Packages:
\n
\ndjvulibre\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6535.
\n
More information:
\n
\n

It was discovered that djvulibre, the Open Source DjVu implementation\nproject, can be crashed or possibly make it execute arbitrary code when\nprocessing a specially crafted djvu file.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.5.23-3+squeeze1.

\n

This problem has been fixed before the release of the stable distribution\n(wheezy), therefore it is not affected.

\n

We recommend that you upgrade your djvulibre packages.

\n
\n
\n
\n
", "2845": "
\n

Debian Security Advisory

\n

DSA-2845-1 mysql-5.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jan 2014
\n
Affected Packages:
\n
\nmysql-5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437.
\n
More information:
\n
\n

This DSA updates the MySQL 5.1 database to 5.1.73. This fixes multiple\nunspecified security problems in MySQL:\nhttp://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 5.1.73-1.

\n

We recommend that you upgrade your mysql-5.1 packages.

\n
\n
\n
\n
", "2846": "
\n

Debian Security Advisory

\n

DSA-2846-1 libvirt -- several vulnerabilities

\n
\n
Date Reported:
\n
17 Jan 2014
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6458, CVE-2014-1447.
\n
More information:
\n
\n

Multiple security issues have been found in Libvirt, a virtualisation\nabstraction library:

\n
    \n
  • CVE-2013-6458\n

    It was discovered that insecure job usage could lead to denial of\n service against libvirtd.

    • \n
  • CVE-2014-1447\n

    It was discovered that a race condition in keepalive handling could\n lead to denial of service against libvirtd.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.12.3-1. This bugfix point release also addresses some\nadditional bugfixes.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.1-1.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "2847": "
\n

Debian Security Advisory

\n

DSA-2847-1 drupal7 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Jan 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1475, CVE-2014-1476.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Drupal, a\nfully-featured content management framework. The Common Vulnerabilities\nand Exposures project identifies the following issues:

\n
    \n
  • CVE-2014-1475\n

    Christian Mainka and Vladislav Mladenov reported a vulnerability\n in the OpenID module that allows a malicious user to log in as\n other users on the site, including administrators, and hijack\n their accounts.

    • \n
  • CVE-2014-1476\n

    Matt Vance and Damien Tournoud reported an access bypass\n vulnerability in the taxonomy module. Under certain circumstances,\n unpublished content can appear on listing pages provided by the\n taxonomy module and will be visible to users who should not have\n permission to see it.

    • \n
\n

These fixes require extra updates to the database which can be done from\nthe administration pages. Furthermore this update introduces a new\nsecurity hardening element for the form API. Please refer to the\nupstream advisory at drupal.org/SA-CORE-2014-001 for further\ninformation.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 7.26-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.26-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "2848": "
\n

Debian Security Advisory

\n

DSA-2848-1 mysql-5.5 -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Jan 2014
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5891, CVE-2013-5908, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.35+dfsg-0+wheezy1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.5.35+dfsg-1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "2849": "
\n

Debian Security Advisory

\n

DSA-2849-1 curl -- information disclosure

\n
\n
Date Reported:
\n
31 Jan 2014
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0015.
\n
More information:
\n
\n

Paras Sethia discovered that libcurl, a client-side URL transfer\nlibrary, would sometimes mix up multiple HTTP and HTTPS connections\nwith NTLM authentication to the same server, sending requests for one\nuser over the connection authenticated as a different user.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 7.21.0-2.1+squeeze7.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.35.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2850": "
\n

Debian Security Advisory

\n

DSA-2850-1 libyaml -- heap-based buffer overflow

\n
\n
Date Reported:
\n
31 Jan 2014
\n
Affected Packages:
\n
\nlibyaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 737076.
In Mitre's CVE dictionary: CVE-2013-6393.
\n
More information:
\n
\n

Florian Weimer of the Red Hat Product Security Team discovered a\nheap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and\nemitter library. A remote attacker could provide a YAML document with a\nspecially-crafted tag that, when parsed by an application using libyaml,\nwould cause the application to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.1.3-1+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.1.4-3.

\n

We recommend that you upgrade your libyaml packages.

\n
\n
\n
\n
", "2851": "
\n

Debian Security Advisory

\n

DSA-2851-1 drupal6 -- impersonation

\n
\n
Date Reported:
\n
02 Feb 2014
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1475.
\n
More information:
\n
\n

Christian Mainka and Vladislav Mladenov reported a vulnerability in the\nOpenID module of Drupal, a fully-featured content management framework.\nA malicious user could exploit this flaw to log in as other users on the\nsite, including administrators, and hijack their accounts.

\n

These fixes require extra updates to the database which can be done from\nthe administration pages.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.30-1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
\n
\n
", "2852": "
\n

Debian Security Advisory

\n

DSA-2852-1 libgadu -- heap-based buffer overflow

\n
\n
Date Reported:
\n
06 Feb 2014
\n
Affected Packages:
\n
\nlibgadu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6487.
\n
More information:
\n
\n

Yves Younan and Ryan Pentney discovered that libgadu, a library for\naccessing the Gadu-Gadu instant messaging service, contained an\ninteger overflow leading to a buffer overflow. Attackers which\nimpersonate the server could crash clients and potentially execute\narbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed\nin version 1:1.9.0-2+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.11.2-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.11.3-1.

\n

We recommend that you upgrade your libgadu packages.

\n
\n
\n
\n
", "2853": "
\n

Debian Security Advisory

\n

DSA-2853-1 horde3 -- remote code execution

\n
\n
Date Reported:
\n
05 Feb 2014
\n
Affected Packages:
\n
\nhorde3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 737149.
In Mitre's CVE dictionary: CVE-2014-1691.
\n
More information:
\n
\n

Pedro Ribeiro from Agile Information Security found a possible remote\ncode execution on Horde3, a web application framework. Unsanitized\nvariables are passed to the unserialize() PHP function. A remote attacker\ncould specially-craft one of those variables allowing her to load and\nexecute code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.3.8+debian0-3.

\n

In the testing (jessie) and unstable (sid) distributions, Horde is\ndistributed in the php-horde-util package. This problem has been fixed in\nversion 2.3.0-1.

\n

We recommend that you upgrade your horde3 packages.

\n
\n
\n
\n
", "2854": "
\n

Debian Security Advisory

\n

DSA-2854-1 mumble -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Feb 2014
\n
Affected Packages:
\n
\nmumble\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 737739.
In Mitre's CVE dictionary: CVE-2014-0044, CVE-2014-0045.
\n
More information:
\n
\n

Several issues have been discovered in mumble, a low latency VoIP\nclient. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:

\n
    \n
  • CVE-2014-0044\n

    It was discovered that a malformed Opus voice packet sent to a\n Mumble client could trigger a NULL pointer dereference or an\n out-of-bounds array access. A malicious remote attacker could\n exploit this flaw to mount a denial of service attack against a\n mumble client by causing the application to crash.

    • \n
  • CVE-2014-0045\n

    It was discovered that a malformed Opus voice packet sent to a\n Mumble client could trigger a heap-based buffer overflow. A\n malicious remote attacker could use this flaw to cause a client\n crash (denial of service) or potentially use it to execute\n arbitrary code.

    • \n
\n

The oldstable distribution (squeeze) is not affected by these problems.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.3-349-g315b5f5-2.2+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your mumble packages.

\n
\n
\n
\n
", "2855": "
\n

Debian Security Advisory

\n

DSA-2855-1 libav -- several vulnerabilities

\n
\n
Date Reported:
\n
05 Feb 2014
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3944, CVE-2013-0845, CVE-2013-0846, CVE-2013-0849, CVE-2013-0865, CVE-2013-7010, CVE-2013-7014, CVE-2013-7015.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. The IDs mentioned above are just\na portion of the security issues fixed in this update. A full list of the\nchanges is available at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.10

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.10-1

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6:9.11-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "2856": "
\n

Debian Security Advisory

\n

DSA-2856-1 libcommons-fileupload-java -- denial of service

\n
\n
Date Reported:
\n
07 Feb 2014
\n
Affected Packages:
\n
\nlibcommons-fileupload-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0050.
\n
More information:
\n
\n

It was discovered that the Apache Commons FileUpload package for Java\ncould enter an infinite loop while processing a multipart request with\na crafted Content-Type, resulting in a denial-of-service condition.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.2-1+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.2-1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.1-1.

\n

We recommend that you upgrade your libcommons-fileupload-java packages.

\n
\n
\n
\n
", "2857": "
\n

Debian Security Advisory

\n

DSA-2857-1 libspring-java -- several vulnerabilities

\n
\n
Date Reported:
\n
08 Feb 2014
\n
Affected Packages:
\n
\nlibspring-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6429, CVE-2013-6430.
\n
More information:
\n
\n

It was discovered by the Spring development team that the fix for the\nXML External Entity (XXE) Injection\n(CVE-2013-4152) in the Spring Framework was incomplete.

\n

Spring MVC's SourceHttpMessageConverter also processed user provided XML\nand neither disabled XML external entities nor provided an option to\ndisable them. SourceHttpMessageConverter has been modified to provide an\noption to control the processing of XML external entities and that\nprocessing is now disabled by default.

\n

In addition Jon Passki discovered a possible XSS vulnerability:\nThe JavaScriptUtils.javaScriptEscape() method did not escape all\ncharacters that are sensitive within either a JS single quoted string,\nJS double quoted string, or HTML script data context. In most cases this\nwill result in an unexploitable parse error but in some cases it could\nresult in an XSS vulnerability.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.0.6.RELEASE-6+deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.0.6.RELEASE-11.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.0.6.RELEASE-11.

\n

We recommend that you upgrade your libspring-java packages.

\n
\n
\n
\n
", "2858": "
\n

Debian Security Advisory

\n

DSA-2858-1 iceweasel -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-frees, too-verbose error messages and missing permission checks\nmay lead to the execution of arbitrary code, the bypass of security\nchecks or information disclosure. This update also addresses security\nissues in the bundled version of the NSS crypto library.

\n

This update updates Iceweasel to the ESR24 series of Firefox.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.3.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.3.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2859": "
\n

Debian Security Advisory

\n

DSA-2859-1 pidgin -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Feb 2014
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol\ninstant messaging client:

\n
    \n
  • CVE-2013-6477\n

    Jaime Breva Ribes discovered that a remote XMPP user can trigger a\n crash by sending a message with a timestamp in the distant future.

    • \n
  • CVE-2013-6478\n

    Pidgin could be crashed through overly wide tooltip windows.

    • \n
  • CVE-2013-6479\n

    Jacob Appelbaum discovered that a malicious server or a man in the\n middle could send a malformed HTTP header resulting in denial of\n service.

    • \n
  • CVE-2013-6481\n

    Daniel Atallah discovered that Pidgin could be crashed through\n malformed Yahoo! P2P messages.

    • \n
  • CVE-2013-6482\n

    Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin\n could be crashed through malformed MSN messages.

    • \n
  • CVE-2013-6483\n

    Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin\n could be crashed through malformed XMPP messages.

    • \n
  • CVE-2013-6484\n

    It was discovered that incorrect error handling when reading the\n response from a STUN server could result in a crash.

    • \n
  • CVE-2013-6485\n

    Matt Jones discovered a buffer overflow in the parsing of malformed\n HTTP responses.

    • \n
  • CVE-2013-6487\n

    Yves Younan and Ryan Pentney discovered a buffer overflow when parsing\n Gadu-Gadu messages.

    • \n
  • CVE-2013-6489\n

    Yves Younan and Pawel Janic discovered an integer overflow when parsing\n MXit emoticons.

    • \n
  • CVE-2013-6490\n

    Yves Younan discovered a buffer overflow when parsing SIMPLE headers.

    • \n
  • CVE-2014-0020\n

    Daniel Atallah discovered that Pidgin could be crashed via malformed\n IRC arguments.

    • \n
\n

For the oldstable distribution (squeeze), no direct backport is provided.\nA fixed package will be provided through backports.debian.org shortly.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.10.9-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.10.9-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
\n
\n
", "2860": "
\n

Debian Security Advisory

\n

DSA-2860-1 parcimonie -- information disclosure

\n
\n
Date Reported:
\n
11 Feb 2014
\n
Affected Packages:
\n
\nparcimonie\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 738134.
In Mitre's CVE dictionary: CVE-2014-1921.
\n
More information:
\n
\n

Holger Levsen discovered that parcimonie, a privacy-friendly helper to\nrefresh a GnuPG keyring, is affected by a design problem that undermines\nthe usefulness of this piece of software in the intended threat model.

\n

When using parcimonie with a large keyring (1000 public keys or more),\nit would always sleep exactly ten minutes between two key fetches. This\ncan probably be used by an adversary who can watch enough key fetches to\ncorrelate multiple key fetches with each other, which is what parcimonie\naims at protecting against. Smaller keyrings are affected to a smaller\ndegree. This problem is slightly mitigated when using a HKP(s) pool as\nthe configured GnuPG keyserver.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.7.1-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.1-1.

\n

We recommend that you upgrade your parcimonie packages.

\n
\n
\n
\n
", "2861": "
\n

Debian Security Advisory

\n

DSA-2861-1 file -- denial of service

\n
\n
Date Reported:
\n
16 Feb 2014
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 738832.
In Mitre's CVE dictionary: CVE-2014-1943.
\n
More information:
\n
\n

It was discovered that file, a file type classification tool, contains a\nflaw in the handling of indirect magic rules in the libmagic library,\nwhich leads to an infinite recursion when trying to determine the file\ntype of certain files. The Common Vulnerabilities and Exposures project\nID CVE-2014-1943 has been assigned to identify this flaw. Additionally,\nother well-crafted files might result in long computation times (while\nusing 100% CPU) and overlong results.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.04-5+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.11-2+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "2862": "
\n

Debian Security Advisory

\n

DSA-2862-1 chromium-browser -- several vulnerabilities

\n
\n
Date Reported:
\n
16 Feb 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6641, CVE-2013-6643, CVE-2013-6644, CVE-2013-6645, CVE-2013-6646, CVE-2013-6649, CVE-2013-6650.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2013-6641\n

    Atte Kettunen discovered a use-after-free issue in Blink/Webkit form\n elements.

    • \n
  • CVE-2013-6643\n

    Joao Lucas Melo Brasio discovered a Google account information\n disclosure issue related to the one-click sign-on feature.

    • \n
  • CVE-2013-6644\n

    The chrome development team discovered and fixed multiple issues with\n potential security impact.

    • \n
  • CVE-2013-6645\n

    Khalil Zhani discovered a use-after-free issue related to speech input.

    • \n
  • CVE-2013-6646\n

    Colin Payne discovered a use-after-free issue in the web workers\n implementation.

    • \n
  • CVE-2013-6649\n

    Atte Kettunen discovered a use-after-free issue in the Blink/Webkit\n SVG implementation.

    • \n
  • CVE-2013-6650\n

    Christian Holler discovered a memory corruption in the v8 javascript\n library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 32.0.1700.123-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 32.0.1700.123-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2863": "
\n

Debian Security Advisory

\n

DSA-2863-1 libtar -- directory traversal

\n
\n
Date Reported:
\n
18 Feb 2014
\n
Affected Packages:
\n
\nlibtar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 731860.
In Mitre's CVE dictionary: CVE-2013-4420.
\n
More information:
\n
\n

A directory traversal attack was reported against libtar, a C library for\nmanipulating tar archives. The application does not validate the\nfilenames inside the tar archive, allowing to extract files in arbitrary\npath. An attacker can craft a tar file to override files beyond the\ntar_extract_glob and tar_extract_all prefix parameter.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.2.11-6+deb6u2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.16-1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.20-2.

\n

We recommend that you upgrade your libtar packages.

\n
\n
\n
\n
", "2864": "
\n

Debian Security Advisory

\n

DSA-2864-1 postgresql-8.4 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Feb 2014
\n
Affected Packages:
\n
\npostgresql-8.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067.
\n
More information:
\n
\n

Various vulnerabilities were discovered in PostgreSQL:

\n
    \n
  • CVE-2014-0060\n Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n

    Granting a role without ADMIN OPTION is supposed to prevent the grantee\n from adding or removing members from the granted role, but this\n restriction was easily bypassed by doing SET ROLE first. The security\n impact is mostly that a role member can revoke the access of others,\n contrary to the wishes of his grantor. Unapproved role member additions\n are a lesser concern, since an uncooperative role member could provide\n most of his rights to others anyway by creating views or SECURITY\n DEFINER functions.

    • \n
  • CVE-2014-0061\n Prevent privilege escalation via manual calls to PL validator functions\n (Andres Freund)\n

    The primary role of PL validator functions is to be called implicitly\n during CREATE FUNCTION, but they are also normal SQL functions that a\n user can call explicitly. Calling a validator on a function actually\n written in some other language was not checked for and could be\n exploited for privilege-escalation purposes. The fix involves adding a\n call to a privilege-checking function in each validator function.\n Non-core procedural languages will also need to make this change to\n their own validator functions, if any.

    • \n
  • CVE-2014-0062\n Avoid multiple name lookups during table and index DDL\n (Robert Haas, Andres Freund)\n

    If the name lookups come to different conclusions due to concurrent\n activity, we might perform some parts of the DDL on a different table\n than other parts. At least in the case of CREATE INDEX, this can be used\n to cause the permissions checks to be performed against a different\n table than the index creation, allowing for a privilege escalation\n attack.

    • \n
  • CVE-2014-0063\n Prevent buffer overrun with long datetime strings (Noah Misch)\n

    The MAXDATELEN constant was too small for the longest possible value of\n type interval, allowing a buffer overrun in interval_out(). Although the\n datetime input functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to reject some valid\n inputs, such as input containing a very long timezone name. The ecpg\n library contained these vulnerabilities along with some of its own.

    • \n
  • CVE-2014-0064\n Prevent buffer overrun due to integer overflow in size calculations\n (Noah Misch, Heikki Linnakangas)\n

    Several functions, mostly type input functions, calculated an allocation\n size without checking for overflow. If overflow did occur, a too-small\n buffer would be allocated and then written past.

    • \n
  • CVE-2014-0065\n Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n

    Use strlcpy() and related functions to provide a clear guarantee that\n fixed-size buffers are not overrun. Unlike the preceding items, it is\n unclear whether these cases really represent live issues, since in most\n cases there appear to be previous constraints on the size of the input\n string. Nonetheless it seems prudent to silence all Coverity warnings of\n this type.

    • \n
  • CVE-2014-0066\n Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\n

    There are relatively few scenarios in which crypt() could return NULL,\n but contrib/chkpass would crash if it did. One practical case in which\n this could be an issue is if libc is configured to refuse to execute\n unapproved hashing algorithms (e.g., FIPS mode).

    • \n
  • CVE-2014-0067\n Document risks of make check in the regression testing instructions\n (Noah Misch, Tom Lane)\n

    Since the temporary server started by make check uses trust\n authentication, another user on the same machine could connect to it as\n database superuser, and then potentially exploit the privileges of the\n operating-system user who started the tests. A future release will\n probably incorporate changes in the testing procedure to prevent this\n risk, but some public discussion is needed first. So for the moment,\n just warn people against using make check when there are untrusted users\n on the same machine.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 8.4.20-0squeeze1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.

\n

We recommend that you upgrade your postgresql-8.4 packages.

\n
\n
\n
\n
", "2865": "
\n

Debian Security Advisory

\n

DSA-2865-1 postgresql-9.1 -- several vulnerabilities

\n
\n
Date Reported:
\n
20 Feb 2014
\n
Affected Packages:
\n
\npostgresql-9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, CVE-2014-0067, CVE-2014-2669.
\n
More information:
\n
\n

Various vulnerabilities were discovered in PostgreSQL:

\n
    \n
  • CVE-2014-0060\n Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch)\n

    Granting a role without ADMIN OPTION is supposed to prevent the grantee\n from adding or removing members from the granted role, but this\n restriction was easily bypassed by doing SET ROLE first. The security\n impact is mostly that a role member can revoke the access of others,\n contrary to the wishes of his grantor. Unapproved role member additions\n are a lesser concern, since an uncooperative role member could provide\n most of his rights to others anyway by creating views or SECURITY\n DEFINER functions.

    • \n
  • CVE-2014-0061\n Prevent privilege escalation via manual calls to PL validator functions\n (Andres Freund)\n

    The primary role of PL validator functions is to be called implicitly\n during CREATE FUNCTION, but they are also normal SQL functions that a\n user can call explicitly. Calling a validator on a function actually\n written in some other language was not checked for and could be\n exploited for privilege-escalation purposes. The fix involves adding a\n call to a privilege-checking function in each validator function.\n Non-core procedural languages will also need to make this change to\n their own validator functions, if any.

    • \n
  • CVE-2014-0062\n Avoid multiple name lookups during table and index DDL\n (Robert Haas, Andres Freund)\n

    If the name lookups come to different conclusions due to concurrent\n activity, we might perform some parts of the DDL on a different table\n than other parts. At least in the case of CREATE INDEX, this can be used\n to cause the permissions checks to be performed against a different\n table than the index creation, allowing for a privilege escalation\n attack.

    • \n
  • CVE-2014-0063\n Prevent buffer overrun with long datetime strings (Noah Misch)\n

    The MAXDATELEN constant was too small for the longest possible value of\n type interval, allowing a buffer overrun in interval_out(). Although the\n datetime input functions were more careful about avoiding buffer\n overrun, the limit was short enough to cause them to reject some valid\n inputs, such as input containing a very long timezone name. The ecpg\n library contained these vulnerabilities along with some of its own.

    • \n
  • CVE-2014-0064\nCVE-2014-2669\n Prevent buffer overrun due to integer overflow in size calculations\n (Noah Misch, Heikki Linnakangas)\n

    Several functions, mostly type input functions, calculated an allocation\n size without checking for overflow. If overflow did occur, a too-small\n buffer would be allocated and then written past.

    • \n
  • CVE-2014-0065\n Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich)\n

    Use strlcpy() and related functions to provide a clear guarantee that\n fixed-size buffers are not overrun. Unlike the preceding items, it is\n unclear whether these cases really represent live issues, since in most\n cases there appear to be previous constraints on the size of the input\n string. Nonetheless it seems prudent to silence all Coverity warnings of\n this type.

    • \n
  • CVE-2014-0066\n Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian)\n

    There are relatively few scenarios in which crypt() could return NULL,\n but contrib/chkpass would crash if it did. One practical case in which\n this could be an issue is if libc is configured to refuse to execute\n unapproved hashing algorithms (e.g., FIPS mode).

    • \n
  • CVE-2014-0067\n Document risks of make check in the regression testing instructions\n (Noah Misch, Tom Lane)\n

    Since the temporary server started by make check uses trust\n authentication, another user on the same machine could connect to it as\n database superuser, and then potentially exploit the privileges of the\n operating-system user who started the tests. A future release will\n probably incorporate changes in the testing procedure to prevent this\n risk, but some public discussion is needed first. So for the moment,\n just warn people against using make check when there are untrusted users\n on the same machine.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 9.1_9.1.12-0wheezy1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.3.3-1 of the postgresql-9.3 package.

\n

We recommend that you upgrade your postgresql-9.1 packages.

\n
\n
\n
\n
", "2866": "
\n

Debian Security Advisory

\n

DSA-2866-1 gnutls26 -- certificate verification flaw

\n
\n
Date Reported:
\n
22 Feb 2014
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1959.
\n
More information:
\n
\n

Suman Jana reported that GnuTLS, deviating from the documented behavior,\nconsiders a version 1 intermediate certificate as a CA certificate by\ndefault.

\n

The oldstable distribution (squeeze) is not affected by this problem as\nX.509 version 1 trusted CA certificates are not allowed by default.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-8.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem has been fixed in version 2.12.23-12.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "2867": "
\n

Debian Security Advisory

\n

DSA-2867-1 otrs2 -- several vulnerabilities

\n
\n
Date Reported:
\n
23 Feb 2014
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1471, CVE-2014-1694.
\n
More information:
\n
\n

Several vulnerabilities were discovered in otrs2, the Open Ticket\nRequest System. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2014-1694\n

    Norihiro Tanaka reported missing challenge token checks. An attacker\n that managed to take over the session of a logged in customer could\n create tickets and/or send follow-ups to existing tickets due to\n these missing checks.

    • \n
  • CVE-2014-1471\n

    Karsten Nielsen from Vasgard GmbH discovered that an attacker with a\n valid customer or agent login could inject SQL code through the\n ticket search URL.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.4.9+dfsg1-3+squeeze5.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.1.7+dfsg1-8+deb7u4.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 3.3.4-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "2868": "
\n

Debian Security Advisory

\n

DSA-2868-1 php5 -- denial of service

\n
\n
Date Reported:
\n
02 Mar 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 739012.
In Mitre's CVE dictionary: CVE-2014-1943.
\n
More information:
\n
\n

It was discovered that file, a file type classification tool, contains a\nflaw in the handling of indirect magic rules in the libmagic library,\nwhich leads to an infinite recursion when trying to determine the file\ntype of certain files. The Common Vulnerabilities and Exposures project\nID CVE-2014-1943 has been assigned to identify this flaw. Additionally,\nother well-crafted files might result in long computation times (while\nusing 100% CPU) and overlong results.

\n

This update corrects this flaw in the copy that is embedded in the\nphp5 package.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 5.3.3-7+squeeze19.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u8.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2869": "
\n

Debian Security Advisory

\n

DSA-2869-1 gnutls26 -- incorrect certificate verification

\n
\n
Date Reported:
\n
03 Mar 2014
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0092.
\n
More information:
\n
\n

Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate\nverification issue in GnuTLS, an SSL/TLS library. A certificate\nvalidation could be reported sucessfully even in cases were an error\nwould prevent all verification steps to be performed.

\n

An attacker doing a man-in-the-middle of a TLS connection could use this\nvulnerability to present a carefully crafted certificate that would be\naccepted by GnuTLS as valid even if not signed by one of the trusted\nauthorities.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.8.6-1+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-8+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.12.23-13.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-13.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "2870": "
\n

Debian Security Advisory

\n

DSA-2870-1 libyaml-libyaml-perl -- heap-based buffer overflow

\n
\n
Date Reported:
\n
08 Mar 2014
\n
Affected Packages:
\n
\nlibyaml-libyaml-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6393.
\n
More information:
\n
\n

Florian Weimer of the Red Hat Product Security Team discovered a\nheap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and\nemitter library. A remote attacker could provide a YAML document with a\nspecially-crafted tag that, when parsed by an application using libyaml,\nwould cause the application to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.

\n

This update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.33-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.38-3+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.41-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.41-4.

\n

We recommend that you upgrade your libyaml-libyaml-perl packages.

\n
\n
\n
\n
", "2871": "
\n

Debian Security Advisory

\n

DSA-2871-1 wireshark -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Mar 2014
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2281, CVE-2014-2283, CVE-2014-2299.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Wireshark:

\n
    \n
  • CVE-2014-2281\n

    Moshe Kaplan discovered that the NFS dissector could be crashed,\n resulting in denial of service.

    • \n
  • CVE-2014-2283\n

    It was discovered that the RLC dissector could be crashed, resulting\n in denial of service.

    • \n
  • CVE-2014-2299\n

    Wesley Neelen discovered a buffer overflow in the MPEG file parser,\n which could lead to the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.11-6+squeeze14.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy10.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.6-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "2872": "
\n

Debian Security Advisory

\n

DSA-2872-1 udisks -- several vulnerabilities

\n
\n
Date Reported:
\n
10 Mar 2014
\n
Affected Packages:
\n
\nudisks\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0004.
\n
More information:
\n
\n

Florian Weimer discovered a buffer overflow in udisks's mount path\nparsing code which may result in privilege escalation.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.0.1+git20100614-3squeeze1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.4-7wheezy1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.5-1.

\n

We recommend that you upgrade your udisks packages.

\n
\n
\n
\n
", "2873": "
\n

Debian Security Advisory

\n

DSA-2873-1 file -- several vulnerabilities

\n
\n
Date Reported:
\n
11 Mar 2014
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 703993.
In Mitre's CVE dictionary: CVE-2014-2270, CVE-2013-7345.
\n
More information:
\n
\n

Several vulnerabilities have been found in file, a file type\nclassification tool.

\n

Aaron Reffett reported a flaw in the way the file utility determined the\ntype of Portable Executable (PE) format files, the executable format\nused on Windows. When processing a defective or intentionally prepared\nPE executable which contains invalid offset information, the\nfile_strncmp routine will access memory that is out of bounds, causing\nfile to crash. The Common Vulnerabilities and Exposures project ID\nCVE-2014-2270 has been assigned to identify this flaw.

\n

Mike Frysinger reported that file's rule for detecting AWK scripts\nsignificantly slows down file. The regular expression to detect AWK\nfiles contained two star operators, which could be exploited to cause\nexcessive backtracking in the regex engine.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 5.04-5+squeeze4.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.11-2+deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 1:5.17-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:5.17-1.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "2874": "
\n

Debian Security Advisory

\n

DSA-2874-1 mutt -- security update

\n
\n
Date Reported:
\n
12 Mar 2014
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 708731.
In Mitre's CVE dictionary: CVE-2014-0467.
\n
More information:
\n
\n

Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the\nmutt mailreader. Malformed RFC2047 header lines could result in denial\nof service or potentially the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.5.20-9+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.21-6.2+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.22-2.

\n

We recommend that you upgrade your mutt packages.

\n
\n
\n
\n
", "2875": "
\n

Debian Security Advisory

\n

DSA-2875-1 cups-filters -- security update

\n
\n
Date Reported:
\n
12 Mar 2014
\n
Affected Packages:
\n
\ncups-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6474, CVE-2013-6475, CVE-2013-6476.
\n
More information:
\n
\n

Florian Weimer of the Red Hat Product Security Team discovered multiple\nvulnerabilities in the pdftoopvp CUPS filter, which could result in the\nexecution of aribitrary code if a malformed PDF file is processed.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.18-2.1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.47-1.

\n

We recommend that you upgrade your cups-filters packages.

\n
\n
\n
\n
", "2876": "
\n

Debian Security Advisory

\n

DSA-2876-1 cups -- security update

\n
\n
Date Reported:
\n
12 Mar 2014
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6474, CVE-2013-6475, CVE-2013-6476.
\n
More information:
\n
\n

Florian Weimer of the Red Hat Product Security Team discovered multiple\nvulnerabilities in the pdftoopvp CUPS filter, which could result in the\nexecution of aribitrary code if a malformed PDF file is processed.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.4-7+squeeze4.

\n

For the stable distribution (wheezy) and the unstable distribution (sid)\nthe filter is now part of the cups-filters source package.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "2877": "
\n

Debian Security Advisory

\n

DSA-2877-1 lighttpd -- security update

\n
\n
Date Reported:
\n
12 Mar 2014
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 741493.
In Mitre's CVE dictionary: CVE-2014-2323, CVE-2014-2324.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the lighttpd web server.

\n
    \n
  • CVE-2014-2323\n

    Jann Horn discovered that specially crafted host names can be used\n to inject arbitrary MySQL queries in lighttpd servers using the\n MySQL virtual hosting module (mod_mysql_vhost).

    \n

    This only affects installations with the lighttpd-mod-mysql-vhost\n binary package installed and in use.

    • \n
  • CVE-2014-2324\n

    Jann Horn discovered that specially crafted host names can be used\n to traverse outside of the document root under certain situations\n in lighttpd servers using either the mod_mysql_vhost, mod_evhost,\n or mod_simple_vhost virtual hosting modules.

    \n

    Servers not using these modules are not affected.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.4.28-2+squeeze1.6.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.31-4+deb7u3.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.33-1+nmu3.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "2878": "
\n

Debian Security Advisory

\n

DSA-2878-1 virtualbox -- security update

\n
\n
Date Reported:
\n
13 Mar 2014
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 735410.
In Mitre's CVE dictionary: CVE-2013-5892, CVE-2014-0404, CVE-2014-0406, CVE-2014-0407.
\n
More information:
\n
\n

Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86\nvirtualisation solution, resulting in denial of service, privilege\nescalation and an information leak.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.18-dfsg-2+deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 4.3.6-dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.6-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "2879": "
\n

Debian Security Advisory

\n

DSA-2879-1 libssh -- security update

\n
\n
Date Reported:
\n
13 Mar 2014
\n
Affected Packages:
\n
\nlibssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0017.
\n
More information:
\n
\n

It was discovered that libssh, a tiny C SSH library, did not reset the\nstate of the PRNG after accepting a connection. A server mode\napplication that forks itself to handle incoming connections could see\nits children sharing the same PRNG state, resulting in a cryptographic\nweakness and possibly the recovery of the private key.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.4.5-3+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.5.4-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.5.4-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.5.4-3.

\n

We recommend that you upgrade your libssh packages.

\n
\n
\n
\n
", "2880": "
\n

Debian Security Advisory

\n

DSA-2880-1 python2.7 -- security update

\n
\n
Date Reported:
\n
17 Mar 2014
\n
Affected Packages:
\n
\npython2.7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4238, CVE-2014-1912.
\n
More information:
\n
\n

Multiple security issues were discovered in Python:

\n
    \n
  • CVE-2013-4238\n

    Ryan Sleevi discovered that NULL characters in the subject alternate\n names of SSL cerficates were parsed incorrectly.

    • \n
  • CVE-2014-1912\n

    Ryan Smith-Roberts discovered a buffer overflow in the\n socket.recvfrom_into() function.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.7.3-6+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.7.6-7.

\n

We recommend that you upgrade your python2.7 packages.

\n
\n
\n
\n
", "2881": "
\n

Debian Security Advisory

\n

DSA-2881-1 iceweasel -- security update

\n
\n
Date Reported:
\n
19 Mar 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, out of\nbound reads, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, information disclosure, denial of\nservice.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0esr-1~deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2882": "
\n

Debian Security Advisory

\n

DSA-2882-1 extplorer -- security update

\n
\n
Date Reported:
\n
20 Mar 2014
\n
Affected Packages:
\n
\nextplorer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 741908.
In Mitre's CVE dictionary: CVE-2013-5951.
\n
More information:
\n
\n

Multiple cross-site scripting (XSS) vulnerabilities have been discovered\nin extplorer, a web file explorer and manager using Ext JS.\nA remote attacker can inject arbitrary web script or HTML code via a\ncrafted string in the URL to application.js.php, admin.php, copy_move.php,\nfunctions.php, header.php and upload.php.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0b6+dfsg.2-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.1.0b6+dfsg.3-4+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your extplorer packages.

\n
\n
\n
\n
", "2883": "
\n

Debian Security Advisory

\n

DSA-2883-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
23 Mar 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6653, CVE-2013-6654, CVE-2013-6655, CVE-2013-6656, CVE-2013-6657, CVE-2013-6658, CVE-2013-6659, CVE-2013-6660, CVE-2013-6661, CVE-2013-6663, CVE-2013-6664, CVE-2013-6665, CVE-2013-6666, CVE-2013-6667, CVE-2013-6668, CVE-2014-1700, CVE-2014-1701, CVE-2014-1702, CVE-2014-1703, CVE-2014-1704, CVE-2014-1705, CVE-2014-1713, CVE-2014-1715.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2013-6653\n

    Khalil Zhani discovered a use-after-free issue in chromium's web\n contents color chooser.

    • \n
  • CVE-2013-6654\n

    TheShow3511 discovered an issue in SVG handling.

    • \n
  • CVE-2013-6655\n

    cloudfuzzer discovered a use-after-free issue in dom event handling.

    • \n
  • CVE-2013-6656\n

    NeexEmil discovered an information leak in the XSS auditor.

    • \n
  • CVE-2013-6657\n

    NeexEmil discovered a way to bypass the Same Origin policy in the\n XSS auditor.

    • \n
  • CVE-2013-6658\n

    cloudfuzzer discovered multiple use-after-free issues surrounding\n the updateWidgetPositions function.

    • \n
  • CVE-2013-6659\n

    Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that\n it was possible to trigger an unexpected certificate chain during\n TLS renegotiation.

    • \n
  • CVE-2013-6660\n

    bishopjeffreys discovered an information leak in the drag and drop\n implementation.

    • \n
  • CVE-2013-6661\n

    The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.117.

    • \n
  • CVE-2013-6663\n

    Atte Kettunen discovered a use-after-free issue in SVG handling.

    • \n
  • CVE-2013-6664\n

    Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.

    • \n
  • CVE-2013-6665\n

    cloudfuzzer discovered a buffer overflow issue in the software\n renderer.

    • \n
  • CVE-2013-6666\n

    netfuzzer discovered a restriction bypass in the Pepper Flash\n plugin.

    • \n
  • CVE-2013-6667\n

    The Google Chrome team discovered and fixed multiple issues in\n version 33.0.1750.146.

    • \n
  • CVE-2013-6668\n

    Multiple vulnerabilities were fixed in version 3.24.35.10 of\n the V8 javascript library.

    • \n
  • CVE-2014-1700\n

    Chamal de Silva discovered a use-after-free issue in speech\n synthesis.

    • \n
  • CVE-2014-1701\n

    aidanhs discovered a cross-site scripting issue in event handling.

    • \n
  • CVE-2014-1702\n

    Colin Payne discovered a use-after-free issue in the web database\n implementation.

    • \n
  • CVE-2014-1703\n

    VUPEN discovered a use-after-free issue in web sockets that\n could lead to a sandbox escape.

    • \n
  • CVE-2014-1704\n

    Multiple vulnerabilities were fixed in version 3.23.17.18 of\n the V8 javascript library.

    • \n
  • CVE-2014-1705\n

    A memory corruption issue was discovered in the V8 javascript\n library.

    • \n
  • CVE-2014-1713\n

    A use-after-free issue was discovered in the AttributeSetter\n function.

    • \n
  • CVE-2014-1715\n

    A directory traversal issue was found and fixed.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 33.0.1750.152-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 33.0.1750.152-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2884": "
\n

Debian Security Advisory

\n

DSA-2884-1 libyaml -- security update

\n
\n
Date Reported:
\n
26 Mar 2014
\n
Affected Packages:
\n
\nlibyaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742732.
In Mitre's CVE dictionary: CVE-2014-2525.
\n
More information:
\n
\n

Ivan Fratric of the Google Security Team discovered a heap-based buffer\noverflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter\nlibrary. A remote attacker could provide a specially-crafted YAML\ndocument that, when parsed by an application using libyaml, would cause\nthe application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.1.3-1+deb6u4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u4.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libyaml packages.

\n
\n
\n
\n
", "2885": "
\n

Debian Security Advisory

\n

DSA-2885-1 libyaml-libyaml-perl -- security update

\n
\n
Date Reported:
\n
26 Mar 2014
\n
Affected Packages:
\n
\nlibyaml-libyaml-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2525.
\n
More information:
\n
\n

Ivan Fratric of the Google Security Team discovered a heap-based buffer\noverflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter\nlibrary. A remote attacker could provide a specially-crafted YAML\ndocument that, when parsed by an application using libyaml, would cause\nthe application to crash or, potentially, execute arbitrary code with\nthe privileges of the user running the application.

\n

This update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.33-1+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.38-3+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.41-5.

\n

We recommend that you upgrade your libyaml-libyaml-perl packages.

\n
\n
\n
\n
", "2886": "
\n

Debian Security Advisory

\n

DSA-2886-1 libxalan2-java -- security update

\n
\n
Date Reported:
\n
26 Mar 2014
\n
Affected Packages:
\n
\nlibxalan2-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742577.
In Mitre's CVE dictionary: CVE-2014-0107.
\n
More information:
\n
\n

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,\na Java library for XSLT processing. Crafted XSLT programs could\naccess system properties or load arbitrary classes, resulting in\ninformation disclosure and, potentially, arbitrary code execution.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.7.1-5+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.1-7+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.1-9.

\n

We recommend that you upgrade your libxalan2-java packages.

\n
\n
\n
\n
", "2887": "
\n

Debian Security Advisory

\n

DSA-2887-1 ruby-actionmailer-3.2 -- security update

\n
\n
Date Reported:
\n
27 Mar 2014
\n
Affected Packages:
\n
\nruby-actionmailer-3.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4389.
\n
More information:
\n
\n

Aaron Neyer discovered that missing input sanitising in the logging\ncomponent of Ruby Actionmailer could result in denial of service through\na malformed e-mail message.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.2.6-2+deb7u1. ruby-activesupport-3.2 was updated in a related\nchange to version 3.2.6-6+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.16-3+0 of the rails-3.2 source package.

\n

We recommend that you upgrade your ruby-actionmailer-3.2 packages.

\n
\n
\n
\n
", "2888": "
\n

Debian Security Advisory

\n

DSA-2888-1 ruby-actionpack-3.2 -- security update

\n
\n
Date Reported:
\n
27 Mar 2014
\n
Affected Packages:
\n
\nruby-actionpack-3.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4389, CVE-2013-4491, CVE-2013-6414, CVE-2013-6415, CVE-2013-6417.
\n
More information:
\n
\n

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes\ndiscovered multiple cross-site scripting and denial of service\nvulnerabilities in Ruby Actionpack.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.6-6+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.16-3+0 of the rails-3.2 source package.

\n

We recommend that you upgrade your ruby-actionpack-3.2 packages.

\n
\n
\n
\n
", "2889": "
\n

Debian Security Advisory

\n

DSA-2889-1 postfixadmin -- security update

\n
\n
Date Reported:
\n
28 Mar 2014
\n
Affected Packages:
\n
\npostfixadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2655.
\n
More information:
\n
\n

An SQL injection vulnerability was discovered in postfixadmin, a web\nadministration interface for the Postfix Mail Transport Agent, which\nallowed authenticated users to make arbitrary manipulations to the\ndatabase.

\n

The oldstable distribution (squeeze) does not contain postfixadmin.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.3.5-2+deb7u1.

\n

For the testing distribution (jessie), and unstable distribution\n(sid), this problem has been fixed in version 2.3.5-3.

\n

We recommend that you upgrade your postfixadmin packages.

\n
\n
\n
\n
", "2890": "
\n

Debian Security Advisory

\n

DSA-2890-1 libspring-java -- security update

\n
\n
Date Reported:
\n
29 Mar 2014
\n
Affected Packages:
\n
\nlibspring-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 741604.
In Mitre's CVE dictionary: CVE-2014-0054, CVE-2014-1904.
\n
More information:
\n
\n

Two vulnerabilities were discovered in libspring-java, the Debian\npackage for the Java Spring framework.

\n
    \n
  • CVE-2014-0054\n

    Jaxb2RootElementHttpMessageConverter in Spring MVC processes\n external XML entities.

    • \n
  • CVE-2014-1904\n

    Spring MVC introduces a cross-site scripting vulnerability if the\n action on a Spring form is not specified.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.0.6.RELEASE-6+deb7u3.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 3.0.6.RELEASE-13.

\n

We recommend that you upgrade your libspring-java packages.

\n
\n
\n
\n
", "2891": "
\n

Debian Security Advisory

\n

DSA-2891-1 mediawiki, mediawiki-extensions -- security update

\n
\n
Date Reported:
\n
30 Mar 2014
\n
Affected Packages:
\n
\nmediawiki, mediawiki-extensions\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 729629, Bug 706601, Bug 742857, Bug 742857.
In Mitre's CVE dictionary: CVE-2013-2031, CVE-2013-2032, CVE-2013-4567, CVE-2013-4568, CVE-2013-4572, CVE-2013-6452, CVE-2013-6453, CVE-2013-6454, CVE-2013-6472, CVE-2014-1610, CVE-2014-2665.
\n
More information:
\n
\n

Several vulnerabilities were discovered in MediaWiki, a wiki engine.\nThe Common Vulnerabilities and Exposures project identifies the following\nissues:

\n
    \n
  • CVE-2013-2031\n

    Cross-site scripting attack via valid UTF-7 encoded sequences\n in a SVG file.

    • \n
  • CVE-2013-4567\n & CVE-2013-4568\n

    Kevin Israel (Wikipedia user PleaseStand) reported two ways\n to inject Javascript due to an incomplete blacklist in the\n CSS sanitizer function.

    • \n
  • CVE-2013-4572\n

    MediaWiki and the CentralNotice extension were incorrectly setting\n cache headers when a user was autocreated, causing the user's\n session cookies to be cached, and returned to other users.

    • \n
  • CVE-2013-6452\n

    Chris from RationalWiki reported that SVG files could be\n uploaded that include external stylesheets, which could lead to\n XSS when an XSL was used to include JavaScript.

    • \n
  • CVE-2013-6453\n

    MediaWiki's SVG sanitization could be bypassed when the XML was\n considered invalid.

    • \n
  • CVE-2013-6454\n

    MediaWiki's CSS sanitization did not filter -o-link attributes,\n which could be used to execute JavaScript in Opera 12.

    • \n
  • CVE-2013-6472\n

    MediaWiki displayed some information about deleted pages in\n the log API, enhanced RecentChanges, and user watchlists.

    • \n
  • CVE-2014-1610\n

    A remote code execution vulnerability existed if file upload\n support for DjVu (natively handled) or PDF files (in\n combination with the PdfHandler extension) was enabled.\n Neither file type is enabled by default in MediaWiki.

    • \n
  • CVE-2014-2665\n

    Cross site request forgery in login form: an attacker could login\n a victim as the attacker.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.14+dfsg-0+deb7u1 of the mediawiki package and 3.5~deb7u1\nof the mediawiki-extensions package.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.19.14+dfsg-1 of the mediawiki package and 3.5 of the\nmediawiki-extensions package.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "2892": "
\n

Debian Security Advisory

\n

DSA-2892-1 a2ps -- security update

\n
\n
Date Reported:
\n
31 Mar 2014
\n
Affected Packages:
\n
\na2ps\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 737385, Bug 742902.
In Mitre's CVE dictionary: CVE-2001-1593, CVE-2014-0466.
\n
More information:
\n
\n

Several vulnerabilities have been found in a2ps, an Anything to\nPostScript converter and pretty-printer. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2001-1593\n

    The spy_user function which is called when a2ps is invoked with the\n --debug flag insecurely used temporary files.

    • \n
  • CVE-2014-0466\n

    Brian M. Carlson reported that a2ps's fixps script does not invoke\n gs with the -dSAFER option. Consequently executing fixps on a\n malicious PostScript file could result in files being deleted or\n arbitrary commands being executed with the privileges of the user\n running fixps.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 1:4.14-1.1+deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.14-1.1+deb7u1.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), these problems will be fixed soon.

\n

We recommend that you upgrade your a2ps packages.

\n
\n
\n
\n
", "2893": "
\n

Debian Security Advisory

\n

DSA-2893-1 openswan -- security update

\n
\n
Date Reported:
\n
31 Mar 2014
\n
Affected Packages:
\n
\nopenswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2053, CVE-2013-6466.
\n
More information:
\n
\n

Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation\nfor Linux.

\n
    \n
  • CVE-2013-2053\n

    During an audit of Libreswan (with which Openswan shares some code),\n Florian Weimer found a remote buffer overflow in the atodn()\n function. This vulnerability can be triggered when Opportunistic\n Encryption (OE) is enabled and an attacker controls the PTR record\n of a peer IP address.\n Authentication is not needed to trigger the vulnerability.

    • \n
  • CVE-2013-6466\n

    Iustina Melinte found a vulnerability in Libreswan which also\n applies to the Openswan code. By carefuly crafting IKEv2 packets, an\n attacker can make the pluto daemon dereference non-received IKEv2\n payload, leading to the daemon crash.\n Authentication is not needed to trigger the vulnerability.

    • \n
\n

Patches were originally written to fix the vulnerabilities in Libreswan,\nand have been ported to Openswan by Paul Wouters from the Libreswan\nProject.

\n

Since the Openswan package is not maintained anymore in the Debian\ndistribution and is not available in testing and unstable suites, it is\nrecommended for IKE/IPsec users to switch to a supported implementation\nlike strongSwan.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.6.28+dfsg-5+squeeze2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.6.37-3.1.

\n

We recommend that you upgrade your openswan packages.

\n
\n
\n
\n
", "2894": "
\n

Debian Security Advisory

\n

DSA-2894-1 openssh -- security update

\n
\n
Date Reported:
\n
05 Apr 2014
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742513.
In Mitre's CVE dictionary: CVE-2014-2532, CVE-2014-2653.
\n
More information:
\n
\n

Two vulnerabilities were discovered in OpenSSH, an implementation of the\nSSH protocol suite. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2014-2532\n

    Jann Horn discovered that OpenSSH incorrectly handled wildcards in\n AcceptEnv lines. A remote attacker could use this issue to trick\n OpenSSH into accepting any environment variable that contains the\n characters before the wildcard character.

    • \n
  • CVE-2014-2653\n

    Matthew Vernon reported that if a SSH server offers a\n HostCertificate that the ssh client doesn't accept, then the client\n doesn't check the DNS for SSHFP records. As a consequence a\n malicious server can disable SSHFP-checking by presenting a\n certificate.

    \n

    Note that a host verification prompt is still displayed before\n connecting.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:5.5p1-6+squeeze5.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:6.0p1-4+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:6.6p1-1.

\n

We recommend that you upgrade your openssh packages.

\n
\n
\n
\n
", "2895": "
\n

Debian Security Advisory

\n

DSA-2895-1 prosody -- security update

\n
\n
Date Reported:
\n
06 Apr 2014
\n
Affected Packages:
\n
\nprosody\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

A denial-of-service vulnerability has been reported in Prosody, a XMPP\nserver. If compression is enabled, an attacker might send highly-compressed XML\nelements (attack known as zip bomb) over XMPP streams and consume all\nthe resources of the server.

\n

The SAX XML parser lua-expat is also affected by this issues.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.2-4+deb7u1 of prosody.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.4-1 of prosody.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.0-5+deb7u1 of lua-expat.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.0-1 lua-expat.

\n

We recommend that you upgrade your prosody and lua-expat packages.

\n
\n
\n
\n
", "2896": "
\n

Debian Security Advisory

\n

DSA-2896-1 openssl -- security update

\n
\n
Date Reported:
\n
07 Apr 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 743883.
In Mitre's CVE dictionary: CVE-2014-0160.
\n
More information:
\n
\n

A vulnerability has been discovered in OpenSSL's support for the\nTLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or\nserver can be recovered by an attacker. This vulnerability might allow an\nattacker to compromise the private key and other sensitive data in\nmemory.

\n

All users are urged to upgrade their openssl packages (especially\nlibssl1.0.0) and restart applications as soon as possible.

\n

According to the currently available information, private keys should be\nconsidered as compromised and regenerated as soon as possible. More\ndetails will be communicated at a later time.

\n

The oldstable distribution (squeeze) is not affected by this\nvulnerability.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u5.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2897": "
\n

Debian Security Advisory

\n

DSA-2897-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
08 Apr 2014
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2014-0050.
\n
More information:
\n
\n

Multiple security issues were found in the Tomcat servlet and JSP engine:

\n
    \n
  • CVE-2013-2067\n

    FORM authentication associates the most recent request requiring\n authentication with the current session. By repeatedly sending a request\n for an authenticated resource while the victim is completing the login\n form, an attacker could inject a request that would be executed using the\n victim's credentials.

    • \n
  • CVE-2013-2071\n

    A runtime exception in AsyncListener.onComplete() prevents the request from\n being recycled. This may expose elements of a previous request to a current\n request.

    • \n
  • CVE-2013-4286\n

    Reject requests with multiple content-length headers or with a content-length\n header when chunked encoding is being used.

    • \n
  • CVE-2013-4322\n

    When processing a request submitted using the chunked transfer encoding,\n Tomcat ignored but did not limit any extensions that were included. This allows\n a client to perform a limited denial of service by streaming an unlimited amount\n of data to the server.

    • \n
  • CVE-2014-0050\n

    Multipart requests with a malformed Content-Type header could trigger an\n infinite loop causing a denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.0.28-4+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 7.0.52-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.52-1.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "2898": "
\n

Debian Security Advisory

\n

DSA-2898-1 imagemagick -- security update

\n
\n
Date Reported:
\n
09 Apr 2014
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1947, CVE-2014-1958, CVE-2014-2030.
\n
More information:
\n
\n

Several buffer overflows were found in Imagemagick, a suite of image\nmanipulation programs. Processing malformed PSD files could lead to the\nexecution of arbitrary code.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 8:6.6.0.4-3+squeeze4.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 8:6.7.7.10-5+deb7u3.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 8:6.7.7.10+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.7.7.10+dfsg-1.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "2899": "
\n

Debian Security Advisory

\n

DSA-2899-1 openafs -- security update

\n
\n
Date Reported:
\n
09 Apr 2014
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0159, CVE-2014-2852.
\n
More information:
\n
\n

Michael Meffie discovered that in OpenAFS, a distributed filesystem,\nan attacker with the ability to connect to an OpenAFS fileserver can\ntrigger a buffer overflow, crashing the fileserver, and potentially\npermitting the execution of arbitrary code.

\n

In addition, this update addresses a minor denial of service issue:\nthe listener thread of the server will hang for about one second when\nreceiving an invalid packet, giving the opportunity to slow down\nthe server to an unusable state by sending such packets.

\n

For the oldstable distribution (squeeze), this problem has been fixed\nin version 1.4.12.1+dfsg-4+squeeze3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.1-3+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.7-1.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "2900": "
\n

Debian Security Advisory

\n

DSA-2900-1 jbigkit -- security update

\n
\n
Date Reported:
\n
10 Apr 2014
\n
Affected Packages:
\n
\njbigkit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 743960.
In Mitre's CVE dictionary: CVE-2013-6369.
\n
More information:
\n
\n

Florian Weimer of the Red Hat product security team discovered multiple\nbuffer overflows in jbigkit, which could lead to the execution of\narbitrary code when processing malformed images.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.0-2+deb7u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your jbigkit packages.

\n
\n
\n
\n
", "2901": "
\n

Debian Security Advisory

\n

DSA-2901-1 wordpress -- security update

\n
\n
Date Reported:
\n
12 Apr 2014
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 744018.
In Mitre's CVE dictionary: CVE-2014-0165, CVE-2014-0166.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2014-0165\n

    A user with a contributor role, using a specially crafted\n request, can publish posts, which is reserved for users of the\n next-higher role.

    • \n
  • CVE-2014-0166\n

    Jon Cave of the WordPress security team discovered that the\n wp_validate_auth_cookie function in wp-includes/pluggable.php does\n not properly determine the validity of authentication cookies,\n allowing a remote attacker to obtain access via a forged cookie.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 3.6.1+dfsg-1~deb6u2.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u2.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.8.2+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.8.2+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "2902": "
\n

Debian Security Advisory

\n

DSA-2902-1 curl -- security update

\n
\n
Date Reported:
\n
13 Apr 2014
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742728.
In Mitre's CVE dictionary: CVE-2014-0138, CVE-2014-0139.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2014-0138\n

    Steve Holme discovered that libcurl can in some circumstances re-use\n the wrong connection when asked to do transfers using other\n protocols than HTTP and FTP.

    • \n
  • CVE-2014-0139\n

    Richard Moore from Westpoint Ltd. reported that libcurl does not\n behave compliant to RFC 2828 under certain conditions and\n incorrectly validates wildcard SSL certificates containing literal\n IP addresses.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 7.21.0-2.1+squeeze8.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy9.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 7.36.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.36.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "2903": "
\n

Debian Security Advisory

\n

DSA-2903-1 strongswan -- security update

\n
\n
Date Reported:
\n
14 Apr 2014
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2338.
\n
More information:
\n
\n

An authentication bypass vulnerability was found in charon, the daemon\nhandling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine\nhandling the security association (IKE_SA) handled some state transitions\nincorrectly.

\n

An attacker can trigger the vulnerability by rekeying an unestablished\nIKE_SA during the initiation itself. This will trick the IKE_SA state to\nestablished without the need to provide any valid credential.

\n

Vulnerable setups include those actively initiating IKEv2 IKE_SA (like\n\u201dclients\u201d or \u201croadwarriors\u201d) but also during re-authentication (which\ncan be initiated by the responder). Installations using IKEv1 (pluto\ndaemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not\naffected.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-5.5.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.5+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.2-4.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "2904": "
\n

Debian Security Advisory

\n

DSA-2904-1 virtualbox -- security update

\n
\n
Date Reported:
\n
15 Apr 2014
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0981, CVE-2014-0983.
\n
More information:
\n
\n

Francisco Falcon discovered that missing input sanitizing in the 3D\nacceleration code in VirtualBox could lead to the execution of arbitrary\ncode on the host system.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.2.10-dfsg-1+squeeze3.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.18-dfsg-2+deb7u3.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 4.3.10-dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.10-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "2905": "
\n

Debian Security Advisory

\n

DSA-2905-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
15 Apr 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1716, CVE-2014-1717, CVE-2014-1718, CVE-2014-1719, CVE-2014-1720, CVE-2014-1721, CVE-2014-1722, CVE-2014-1723, CVE-2014-1724, CVE-2014-1725, CVE-2014-1726, CVE-2014-1727, CVE-2014-1728, CVE-2014-1729.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2014-1716\n

    A cross-site scripting issue was discovered in the v8 javascript\n library.

    • \n
  • CVE-2014-1717\n

    An out-of-bounds read issue was discovered in the v8 javascript\n library.

    • \n
  • CVE-2014-1718\n

    Aaron Staple discovered an integer overflow issue in chromium's\n software compositor.

    • \n
  • CVE-2014-1719\n

    Colin Payne discovered a use-after-free issue in the web workers\n implementation.

    • \n
  • CVE-2014-1720\n

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.

    • \n
  • CVE-2014-1721\n

    Christian Holler discovered a memory corruption issue in the v8\n javascript library.

    • \n
  • CVE-2014-1722\n

    miaubiz discovered a use-after-free issue in block rendering.

    • \n
  • CVE-2014-1723\n

    George McBay discovered a url spoofing issue.

    • \n
  • CVE-2014-1724\n

    Atte Kettunen discovered a use-after-free issue in freebsoft's\n libspeechd library.

    \n

    Because of this issue, the text-to-speech feature is now disabled\n by default (\"--enable-speech-dispatcher\" at the command-line can\n re-enable it).

    • \n
  • CVE-2014-1725\n

    An out-of-bounds read was discovered in the base64 implementation.

    • \n
  • CVE-2014-1726\n

    Jann Horn discovered a way to bypass the same origin policy.

    • \n
  • CVE-2014-1727\n

    Khalil Zhani discovered a use-after-free issue in the web color\n chooser implementation.

    • \n
  • CVE-2014-1728\n

    The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.

    • \n
  • CVE-2014-1729\n

    The Google Chrome development team discovered and fixed multiple\n issues in version 3.24.35.22 of the v8 javascript library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.116-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.116-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2906": "
\n

Debian Security Advisory

\n

DSA-2906-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
24 Apr 2014
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-0343, CVE-2013-2147, CVE-2013-2889, CVE-2013-2893, CVE-2013-2929, CVE-2013-4162, CVE-2013-4299, CVE-2013-4345, CVE-2013-4512, CVE-2013-4587, CVE-2013-6367, CVE-2013-6380, CVE-2013-6381, CVE-2013-6382, CVE-2013-6383, CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7339, CVE-2014-0101, CVE-2014-1444, CVE-2014-1445, CVE-2014-1446, CVE-2014-1874, CVE-2014-2039, CVE-2014-2523.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2013-0343\n

    George Kargiotakis reported an issue in the temporary address handling\n of the IPv6 privacy extensions. Users on the same LAN can cause a denial\n of service or obtain access to sensitive information by sending router\n advertisement messages that cause temporary address generation to be\n disabled.

    • \n
  • CVE-2013-2147\n

    Dan Carpenter reported issues in the cpqarray driver for Compaq\n Smart2 Controllers and the cciss driver for HP Smart Array controllers\n allowing users to gain access to sensitive kernel memory.

    • \n
  • CVE-2013-2889\n

    Kees Cook discovered missing input sanitization in the HID driver for\n Zeroplus game pads that could lead to a local denial of service.

    • \n
  • CVE-2013-2893\n

    Kees Cook discovered that missing input sanitization in the HID driver\n for various Logitech force feedback devices could lead to a local denial\n of service.

    • \n
  • CVE-2013-2929\n

    Vasily Kulikov discovered that a flaw in the get_dumpable() function of\n the ptrace subsytsem could lead to information disclosure. Only systems\n with the fs.suid_dumpable sysctl set to a non-default value of 2 are\n vulnerable.

    • \n
  • CVE-2013-4162\n

    Hannes Frederic Sowa discovered that incorrect handling of IPv6 sockets\n using the UDP_CORK option could result in denial of service.

    • \n
  • CVE-2013-4299\n

    Fujitsu reported an issue in the device-mapper subsystem. Local users\n could gain access to sensitive kernel memory.

    • \n
  • CVE-2013-4345\n

    Stephan Mueller found in bug in the ANSI pseudo random number generator\n which could lead to the use of less entropy than expected.

    • \n
  • CVE-2013-4512\n

    Nico Golde and Fabian Yamaguchi reported an issue in the user mode\n linux port. A buffer overflow condition exists in the write method\n for the /proc/exitcode file. Local users with sufficient privileges\n allowing them to write to this file could gain further elevated\n privileges.

    • \n
  • CVE-2013-4587\n

    Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A local user could gain elevated privileges by passing\n a large vcpu_id parameter.

    • \n
  • CVE-2013-6367\n

    Andrew Honig of Google reported an issue in the KVM virtualization\n subsystem. A divide-by-zero condition could allow a guest user to\n cause a denial of service on the host (crash).

    • \n
  • CVE-2013-6380\n

    Mahesh Rajashekhara reported an issue in the aacraid driver for storage\n products from various vendors. Local users with CAP_SYS_ADMIN privileges\n could gain further elevated privileges.

    • \n
  • CVE-2013-6381\n

    Nico Golde and Fabian Yamaguchi reported an issue in the Gigabit Ethernet\n device support for s390 systems. Local users could cause a denial of\n service or gain elevated privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL\n ioctl.

    • \n
  • CVE-2013-6382\n

    Nico Golde and Fabian Yamaguchi reported an issue in the XFS filesystem.\n Local users with CAP_SYS_ADMIN privileges could gain further elevated\n privileges.

    • \n
  • CVE-2013-6383\n

    Dan Carpenter reported an issue in the aacraid driver for storage devices\n from various vendors. A local user could gain elevated privileges due to\n a missing privilege level check in the aac_compat_ioctl function.

    • \n
  • CVE-2013-7263\nCVE-2013-7264\nCVE-2013-7265\n

    mpb reported an information leak in the recvfrom, recvmmsg and recvmsg\n system calls. A local user could obtain access to sensitive kernel memory.

    • \n
  • CVE-2013-7339\n

    Sasha Levin reported an issue in the RDS network protocol over Infiniband.\n A local user could cause a denial of service condition.

    • \n
  • CVE-2014-0101\n

    Nokia Siemens Networks reported an issue in the SCTP network protocol\n subsystem. Remote users could cause a denial of service (NULL pointer\n dereference).

    • \n
  • CVE-2014-1444\n

    Salva Peiro reported an issue in the FarSync WAN driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.

    • \n
  • CVE-2014-1445\n

    Salva Peiro reported an issue in the wanXL serial card driver. Local\n users could gain access to sensitive kernel memory.

    • \n
  • CVE-2014-1446\n

    Salva Peiro reported an issue in the YAM radio modem driver. Local users\n with the CAP_NET_ADMIN capability could gain access to sensitive kernel\n memory.

    • \n
  • CVE-2014-1874\n

    Matthew Thode reported an issue in the SELinux subsystem. A local user\n with CAP_MAC_ADMIN privileges could cause a denial of service by setting\n an empty security context on a file.

    • \n
  • CVE-2014-2039\n

    Martin Schwidefsky reported an issue on s390 systems. A local user\n could cause a denial of service (kernel oops) by executing an application\n with a linkage stack instruction.

    • \n
  • CVE-2014-2523\n

    Daniel Borkmann provided a fix for an issue in the nf_conntrack_dccp\n module. Remote users could cause a denial of service (system crash)\n or potentially gain elevated privileges.

    • \n
\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze5.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze5
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or leap-frog fashion.

\n

\n
\n
\n
", "2907": "
\n

Debian Security Advisory

\n

DSA-2907-1 -- announcement of long term support for Debian oldstable

\n
\n
Date Reported:
\n
16 Apr 2014
\n
Affected Packages:
\n
\n \n
\n
Vulnerable:
\n
No
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

\nThis is an advance notice that regular security support for Debian\nGNU/Linux 6.0 (code name squeeze) will be terminated on the 31st of\nMay.\n

\n

\nHowever, we're happy to announce that security support for squeeze is\ngoing to be extended until February 2016, i.e. five years after the\ninitial release. This effort is driven by various interested parties /\ncompanies which require longer security support. See the LTS section\nof the initial announcement.\n

\n

\nThe details are currently being sorted out and a more detailed\nannouncement will be made soon.\n

\n

\nBrief advance FAQ (but you should really wait for the more detailed\nannouncement):\n

\n
\n
What's the difference between regular security support and the LTS\n support?
\n
squeeze-lts is only going to support i386 and amd64. If you're\n running a different architecture you need to upgrade to Debian 7\n (wheezy). Also there are going to be a few packages which will not\n be supported in squeeze-lts (e.g. a few web-based applications\n which cannot be supported for five years). There will be a tool to\n detect such unsupported packages.
\n
Does this mean that Debian 7 (wheezy) and/or Debian 8 (jessie) will\n have five years security support as well?
\n
Likely, we'll see how squeeze-lts turns out. If there's sufficient\n support it will be continued for later releases as well. Also, see\n below.
\n
Is additional help needed?
\n
Absolutely. squeeze-lts is not handled by the Debian security team,\n but by a separate group of volunteers and companies interested in\n making it a success (with some overlap in people involved). So, if\n you're a company using Debian and seeing a benefit in security\n support for five years, get in touch with team@security.debian.org\n and we'll see how you can help (if you e.g. don't have the manpower /\n know how but are willing to contribute, we can point you to a list\n of Debian consultants)
\n
\n
\n
\n
\n
", "2908": "
\n

Debian Security Advisory

\n

DSA-2908-1 openssl -- security update

\n
\n
Date Reported:
\n
17 Apr 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742923.
In Mitre's CVE dictionary: CVE-2010-5298, CVE-2014-0076.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL. The following\nCommon Vulnerabilities and Exposures project ids identify them:

\n
    \n
  • CVE-2010-5298\n

    A read buffer can be freed even when it still contains data that is\nused later on, leading to a use-after-free. Given a race condition in a\nmulti-threaded application it may permit an attacker to inject data from\none connection into another or cause denial of service.

    • \n
  • CVE-2014-0076\n

    ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD\ncache side-channel attack.

    • \n
\n

A third issue, with no CVE id, is the missing detection of the\ncritical flag for the TSA extended key usage under certain cases.

\n

Additionally, this update checks for more services that might need to\nbe restarted after upgrades of libssl, corrects the detection of\napache2 and postgresql, and adds support for the\n'libraries/restart-without-asking' debconf configuration. This allows\nservices to be restarted on upgrade without prompting.

\n

The oldstable distribution (squeeze) is not affected by CVE-2010-5298\nand it might be updated at a later time to address the remaining\nvulnerabilities.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u7.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1g-3.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2909": "
\n

Debian Security Advisory

\n

DSA-2909-1 qemu -- security update

\n
\n
Date Reported:
\n
18 Apr 2014
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 744221.
In Mitre's CVE dictionary: CVE-2014-0150.
\n
More information:
\n
\n

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the\nway qemu processed MAC addresses table update requests from the guest.

\n

A privileged guest user could use this flaw to corrupt qemu process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the qemu process.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-3squeeze4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6a+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.7.0+dfsg-8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.0+dfsg-8.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "2910": "
\n

Debian Security Advisory

\n

DSA-2910-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
18 Apr 2014
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0150.
\n
More information:
\n
\n

Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the\nway qemu processed MAC addresses table update requests from the guest.

\n

A privileged guest user could use this flaw to corrupt qemu process\nmemory on the host, which could potentially result in arbitrary code\nexecution on the host with the privileges of the qemu process.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.12.5+dfsg-5+squeeze11.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6+deb7u1.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2911": "
\n

Debian Security Advisory

\n

DSA-2911-1 icedove -- security update

\n
\n
Date Reported:
\n
22 Apr 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client. Multiple memory safety\nerrors, out of bound reads, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.4.0-1~deb7u1. This updates Icedove to the Extended Support\nRelease (ESR) branch 24. An updated and compatible version of Enigmail\nis included with this update.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 24.4.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.4.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2912": "
\n

Debian Security Advisory

\n

DSA-2912-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
24 Apr 2014
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0462, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2405, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the oldstable distribution (squeeze), these problems have been fixed\nin version 6b31-1.13.3-1~deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b31-1.13.3-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 6b31-1.13.3-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6b31-1.13.3-1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2913": "
\n

Debian Security Advisory

\n

DSA-2913-1 drupal7 -- security update

\n
\n
Date Reported:
\n
25 Apr 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2983.
\n
More information:
\n
\n

An information disclosure vulnerability was discovered in Drupal, a\nfully-featured content management framework. When pages are cached for\nanonymous users, form state may leak between anonymous users. Sensitive\nor private information recorded for one anonymous user could thus be\ndisclosed to other users interacting with the same form at the same\ntime.

\n

This security update introduces small API changes, see the upstream\nadvisory at drupal.org/SA-CORE-2014-002 for further information.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u4.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 7.27-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.27-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "2914": "
\n

Debian Security Advisory

\n

DSA-2914-1 drupal6 -- security update

\n
\n
Date Reported:
\n
25 Apr 2014
\n
Affected Packages:
\n
\ndrupal6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2983.
\n
More information:
\n
\n

An information disclosure vulnerability was discovered in Drupal, a\nfully-featured content management framework. When pages are cached for\nanonymous users, form state may leak between anonymous users. Sensitive\nor private information recorded for one anonymous user could thus be\ndisclosed to other users interacting with the same form at the same\ntime.

\n

This security update introduces small API changes, see the upstream\nadvisory at drupal.org/SA-CORE-2014-002 for further information.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 6.31-1.

\n

We recommend that you upgrade your drupal6 packages.

\n
\n
\n
\n
", "2915": "
\n

Debian Security Advisory

\n

DSA-2915-1 dpkg -- security update

\n
\n
Date Reported:
\n
28 Apr 2014
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0471.
\n
More information:
\n
\n

Jakub Wilk discovered that dpkg did not correctly parse C-style\nfilename quoting, allowing for paths to be traversed when unpacking a\nsource package - leading to the creation of files outside the directory\nof the source being unpacked.

\n

The update to the stable distribution (wheezy) incorporates\nnon-security changes that were targeted for the point release 7.5.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.15.9.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.16.13.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem will be fixed in\nversion 1.17.8.

\n

We recommend that you upgrade your dpkg packages.

\n
\n
\n
\n
", "2916": "
\n

Debian Security Advisory

\n

DSA-2916-1 libmms -- security update

\n
\n
Date Reported:
\n
28 Apr 2014
\n
Affected Packages:
\n
\nlibmms\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2892.
\n
More information:
\n
\n

Alex Chapman discovered that a buffer overflow in processing MMS over\nHTTP messages could result in the execution of arbitrary code.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 0.6-1+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.6.2-3+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.2-4.

\n

We recommend that you upgrade your libmms packages.

\n
\n
\n
\n
", "2917": "
\n

Debian Security Advisory

\n

DSA-2917-1 super -- security update

\n
\n
Date Reported:
\n
28 Apr 2014
\n
Affected Packages:
\n
\nsuper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0470.
\n
More information:
\n
\n

John Lightsey of the Debian Security Audit project discovered that the\nsuper package did not check for setuid failures, allowing local users\nto increase the privileges on kernel versions which do not guard\nagainst RLIMIT_NPROC attacks.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.30.0-3+squeeze2.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.30.0-6+deb7u1.

\n

We recommend that you upgrade your super packages.

\n
\n
\n
\n
", "2918": "
\n

Debian Security Advisory

\n

DSA-2918-1 iceweasel -- security update

\n
\n
Date Reported:
\n
30 Apr 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows, missing permission checks, out of bound reads,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, privilege escalation, cross-site scripting\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.5.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.5.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2919": "
\n

Debian Security Advisory

\n

DSA-2919-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
03 May 2014
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 737596, Bug 744910.
In Mitre's CVE dictionary: CVE-2014-0001, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2014-2440.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.37. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.37-0+wheezy1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 5.5.37-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.5.37-1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "2920": "
\n

Debian Security Advisory

\n

DSA-2920-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
03 May 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1730, CVE-2014-1731, CVE-2014-1732, CVE-2014-1733, CVE-2014-1734, CVE-2014-1735, CVE-2014-1736.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2014-1730\n

    A type confusion issue was discovered in the v8 javascript library.

    • \n
  • CVE-2014-1731\n

    John Butler discovered a type confusion issue in the WebKit/Blink\n document object model implementation.

    • \n
  • CVE-2014-1732\n

    Khalil Zhani discovered a use-after-free issue in the speech\n recognition feature.

    • \n
  • CVE-2014-1733\n

    Jed Davis discovered a way to bypass the seccomp-bpf sandbox.

    • \n
  • CVE-2014-1734\n

    The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.

    • \n
  • CVE-2014-1735\n

    The Google Chrome development team discovered and fixed multiple\n issues in version 3.24.35.33 of the v8 javascript library.

    • \n
  • CVE-2014-1736\n

    SkyLined discovered an integer overlflow issue in the v8 javascript\n library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.132-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.132-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2921": "
\n

Debian Security Advisory

\n

DSA-2921-1 xbuffy -- security update

\n
\n
Date Reported:
\n
04 May 2014
\n
Affected Packages:
\n
\nxbuffy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0469.
\n
More information:
\n
\n

Michael Niedermayer discovered a vulnerability in xbuffy, an utility for\ndisplaying message count in mailbox and newsgroup accounts.

\n

By sending carefully crafted messages to a mail or news account\nmonitored by xbuffy, an attacker can trigger a stack-based buffer\noverflow, leading to xbuffy crash or even remote code execution.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 3.3.bl.3.dfsg-8+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.3.bl.3.dfsg-8+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 3.3.bl.3.dfsg-9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.bl.3.dfsg-9.

\n

We recommend that you upgrade your xbuffy packages.

\n
\n
\n
\n
", "2922": "
\n

Debian Security Advisory

\n

DSA-2922-1 strongswan -- security update

\n
\n
Date Reported:
\n
05 May 2014
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2891.
\n
More information:
\n
\n

A vulnerability has been found in the ASN.1 parser of strongSwan, an\nIKE/IPsec suite used to establish IPsec protected links.

\n

By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or\ncharon daemon, a malicious remote user can provoke a null pointer\ndereference in the daemon parsing the identity, leading to a crash and a\ndenial of service.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 4.4.1-5.6.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.5+deb7u4.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 5.1.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.2-1.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "2923": "
\n

Debian Security Advisory

\n

DSA-2923-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
05 May 2014
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u55-2.4.7-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u55-2.4.7-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "2924": "
\n

Debian Security Advisory

\n

DSA-2924-1 icedove -- security update

\n
\n
Date Reported:
\n
05 May 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail and news client: multiple memory safety\nerrors, buffer overflows, missing permission checks, out of bound reads,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, privilege escalation, cross-site scripting\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.5.0-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 24.5.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 24.5.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2925": "
\n

Debian Security Advisory

\n

DSA-2925-1 rxvt-unicode -- security update

\n
\n
Date Reported:
\n
08 May 2014
\n
Affected Packages:
\n
\nrxvt-unicode\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 746593.
In Mitre's CVE dictionary: CVE-2014-3121.
\n
More information:
\n
\n

Phillip Hallam-Baker discovered that window property values could be\nqueried in rxvt-unicode, resulting in the potential execution of\narbitrary commands.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 9.07-2+deb6u1.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 9.15-2+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 9.20-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 9.20-1.

\n

We recommend that you upgrade your rxvt-unicode packages.

\n
\n
\n
\n
", "2926": "
\n

Debian Security Advisory

\n

DSA-2926-1 linux -- security update

\n
\n
Date Reported:
\n
12 May 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0196, CVE-2014-1737, CVE-2014-1738, CVE-2014-2851, CVE-2014-3122.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation:

\n
    \n
  • CVE-2014-0196\n

    Jiri Slaby discovered a race condition in the pty layer, which could\n lead to denial of service or privilege escalation.

    • \n
  • CVE-2014-1737 /\n CVE-2014-1738\n

    Matthew Daley discovered that missing input sanitising in the\n FDRAWCMD ioctl and an information leak could result in privilege\n escalation.

    • \n
  • CVE-2014-2851\n

    Incorrect reference counting in the ping_init_sock() function allows\n denial of service or privilege escalation.

    • \n
  • CVE-2014-3122\n

    Incorrect locking of memory can result in local denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.57-3+deb7u1. This update also fixes a regression in the isci\ndriver and suspend problems with certain AMD CPUs (introduced in the\nupdated kernel from the Wheezy 7.5 point release).

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "2927": "
\n

Debian Security Advisory

\n

DSA-2927-1 libxfont -- security update

\n
\n
Date Reported:
\n
13 May 2014
\n
Affected Packages:
\n
\nlibxfont\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0209, CVE-2014-0210, CVE-2014-0211.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in the\nX.Org libXfont library, which may allow a local, authenticated user to\nattempt to raise privileges; or a remote attacker who can control the\nfont server to attempt to execute code with the privileges of the X\nserver.

\n
    \n
  • CVE-2014-0209\n

    Integer overflow of allocations in font metadata file parsing could\n allow a local user who is already authenticated to the X server to\n overwrite other memory in the heap.

    • \n
  • CVE-2014-0210\n

    libxfont does not validate length fields when parsing xfs protocol\n replies allowing to write past the bounds of allocated memory when\n storing the returned data from the font server.

    • \n
  • CVE-2014-0211\n

    Integer overflows calculating memory needs for xfs replies could\n result in allocating too little memory and then writing the returned\n data from the font server past the end of the allocated buffer.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1:1.4.1-5.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.4.5-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.4.7-2.

\n

We recommend that you upgrade your libxfont packages.

\n
\n
\n
\n
", "2928": "
\n

Debian Security Advisory

\n

DSA-2928-1 linux-2.6 -- privilege escalation/denial of service/information leak

\n
\n
Date Reported:
\n
14 May 2014
\n
Affected Packages:
\n
\nlinux-2.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0196, CVE-2014-1737, CVE-2014-1738.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that may lead\nto a denial of service, information leak or privilege escalation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-0196\n

    Jiri Slaby discovered a race condition in the pty layer, which could lead\n to a denial of service or privilege escalation.

    • \n
  • CVE-2014-1737\nCVE-2014-1738\n

    Matthew Daley discovered an information leak and missing input\n sanitising in the FDRAWCMD ioctl of the floppy driver. This could result\n in a privilege escalation.

    • \n
\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.6.32-48squeeze6.

\n

The following matrix lists additional source packages that were rebuilt for\ncompatibility with or to take advantage of this update:

\n
\n\n\n\n\n\n\n\n\n\n
\u00a0Debian 6.0 (squeeze)
user-mode-linux2.6.32-1um-4+48squeeze6
\n
\n

We recommend that you upgrade your linux-2.6 and user-mode-linux packages.\n

Note: Debian carefully tracks all known security issues across every\nlinux kernel package in all releases under active security support.\nHowever, given the high frequency at which low-severity security\nissues are discovered in the kernel and the resource requirements of\ndoing an update, updates for lower priority issues will normally not\nbe released for all kernels at the same time. Rather, they will be\nreleased in a staggered or \"leap-frog\" fashion.

\n

\n
\n
\n
", "2929": "
\n

Debian Security Advisory

\n

DSA-2929-1 ruby-actionpack-3.2 -- security update

\n
\n
Date Reported:
\n
16 May 2014
\n
Affected Packages:
\n
\nruby-actionpack-3.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 747382.
In Mitre's CVE dictionary: CVE-2014-0081, CVE-2014-0082, CVE-2014-0130.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Action Pack, a component\nof Ruby on Rails.

\n
    \n
  • CVE-2014-0081\n

    actionview/lib/action_view/helpers/number_helper.rb contains\n multiple cross-site scripting vulnerabilities

    • \n
  • CVE-2014-0082\n

    actionpack/lib/action_view/template/text.rb performs symbol\n interning on MIME type strings, allowing remote denial-of-service\n attacks via increased memory consumption.

    • \n
  • CVE-2014-0130\n

    A directory traversal vulnerability in\n actionpack/lib/abstract_controller/base.rb allows remote attackers\n to read arbitrary files.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.6-6+deb7u2.

\n

We recommend that you upgrade your ruby-actionpack-3.2 packages.

\n
\n
\n
\n
", "2930": "
\n

Debian Security Advisory

\n

DSA-2930-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
17 May 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1740, CVE-2014-1741, CVE-2014-1742.
\n
More information:
\n
\n

Several vulnerabilties have been discovered in the chromium web browser.

\n
    \n
  • CVE-2014-1740\n

    Collin Payne discovered a use-after-free issue in chromium's\n WebSockets implementation.

    • \n
  • CVE-2014-1741\n

    John Butler discovered multiple integer overflow issues in the\n Blink/Webkit document object model implementation.

    • \n
  • CVE-2014-1742\n

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n text editing feature.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 34.0.1847.137-1~deb7u1.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 34.0.1847.137-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2931": "
\n

Debian Security Advisory

\n

DSA-2931-1 openssl -- security update

\n
\n
Date Reported:
\n
18 May 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0198.
\n
More information:
\n
\n

It was discovered that incorrect memory handling in OpenSSL's\ndo_ssl3_write() function could result in denial of service.

\n

The oldstable distribution (squeeze) is not affected.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.1e-2+deb7u9.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.0.1g-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.1g-4.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2932": "
\n

Debian Security Advisory

\n

DSA-2932-1 qemu -- security update

\n
\n
Date Reported:
\n
19 May 2014
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 745157, Bug 725944.
In Mitre's CVE dictionary: CVE-2013-4344, CVE-2014-2894.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor emulator.

\n
    \n
  • CVE-2013-4344\n

    Buffer overflow in the SCSI implementation in QEMU,\n when a SCSI controller has more than 256 attached devices, allows\n local users to gain privileges via a small transfer buffer in a\n REPORT LUNS command.

    • \n
  • CVE-2014-2894\n

    Off-by-one error in the cmd_smart function in the smart self test in\n hw/ide/core.c in QEMU allows local users to have\n unspecified impact via a SMART EXECUTE OFFLINE command that triggers\n a buffer underflow and memory corruption.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6a+deb7u3.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 2.0.0+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.0+dfsg-1.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "2933": "
\n

Debian Security Advisory

\n

DSA-2933-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
19 May 2014
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 745157, Bug 725944.
In Mitre's CVE dictionary: CVE-2013-4344, CVE-2014-2894.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2013-4344\n

    Buffer overflow in the SCSI implementation in QEMU,\n when a SCSI controller has more than 256 attached devices, allows\n local users to gain privileges via a small transfer buffer in a\n REPORT LUNS command.

    • \n
  • CVE-2014-2894\n

    Off-by-one error in the cmd_smart function in the smart self test in\n hw/ide/core.c in QEMU allows local users to have\n unspecified impact via a SMART EXECUTE OFFLINE command that triggers\n a buffer underflow and memory corruption.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6+deb7u3.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "2934": "
\n

Debian Security Advisory

\n

DSA-2934-1 python-django -- security update

\n
\n
Date Reported:
\n
19 May 2014
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0472, CVE-2014-0473, CVE-2014-0474, CVE-2014-1418, CVE-2014-3730.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2014-0472\n

    Benjamin Bach discovered that Django incorrectly handled dotted\n Python paths when using the reverse() URL resolver function. An\n attacker able to request a specially crafted view from a Django\n application could use this issue to cause Django to import arbitrary\n modules from the Python path, resulting in possible code execution.

    • \n
  • CVE-2014-0473\n

    Paul McMillan discovered that Django incorrectly cached certain\n pages that contained CSRF cookies. A remote attacker could use this\n flaw to acquire the CSRF token of a different user and bypass\n intended CSRF protections in a Django application.

    • \n
  • CVE-2014-0474\n

    Michael Koziarski discovered that certain Django model field classes\n did not properly perform type conversion on their arguments, which\n allows remote attackers to obtain unexpected results.

    • \n
  • CVE-2014-1418\n

    Michael Nelson, Natalia Bidart and James Westby discovered that\n cached data in Django could be served to a different session, or to\n a user with no session at all. An attacker may use this to retrieve\n private data or poison caches.

    • \n
  • CVE-2014-3730\n

    Peter Kuma and Gavin Wahl discovered that Django incorrectly\n validated certain malformed URLs from user input. An attacker may\n use this to cause unexpected redirects.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.2.3-3+squeeze10.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u7.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 1.6.5-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.5-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "2935": "
\n

Debian Security Advisory

\n

DSA-2935-1 libgadu -- security update

\n
\n
Date Reported:
\n
21 May 2014
\n
Affected Packages:
\n
\nlibgadu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3775.
\n
More information:
\n
\n

It was discovered that malformed responses from a Gadu-Gadu file relay\nserver could lead to denial of service or the execution of arbitrary\ncode in applications linked to the libgadu library.

\n

The oldstable distribution (squeeze) is not affected.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.11.2-1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.12.0~rc3-1.

\n

We recommend that you upgrade your libgadu packages.

\n
\n
\n
\n
", "2936": "
\n

Debian Security Advisory

\n

DSA-2936-1 torque -- security update

\n
\n
Date Reported:
\n
23 May 2014
\n
Affected Packages:
\n
\ntorque\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 748827.
In Mitre's CVE dictionary: CVE-2014-0749.
\n
More information:
\n
\n

John Fitzpatrick from MWR Labs reported a stack-based buffer overflow\nvulnerability in torque, a PBS-derived batch processing queueing system.\nAn unauthenticated remote attacker could exploit this flaw to execute\narbitrary code with root privileges.

\n

For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.4.8+dfsg-9squeeze4.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.16+dfsg-1+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.16+dfsg-1.4.

\n

We recommend that you upgrade your torque packages.

\n
\n
\n
\n
", "2937": "
\n

Debian Security Advisory

\n

DSA-2937-1 mod-wsgi -- security update

\n
\n
Date Reported:
\n
27 May 2014
\n
Affected Packages:
\n
\nmod-wsgi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0240, CVE-2014-0242.
\n
More information:
\n
\n

Two security issues have been found in the Python WSGI adapter module\nfor Apache:

\n
    \n
  • CVE-2014-0240\n

    Robert Kisteleki discovered a potential privilege escalation in\n daemon mode. This is not exploitable with the kernel used in Debian\n 7.0/wheezy.

    • \n
  • CVE-2014-0242\n

    Buck Golemon discovered that incorrect memory handling could lead to\n information disclosure when processing Content-Type headers.

    • \n
\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.3-2+deb6u1.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.3-4+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.5-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.5-1.

\n

We recommend that you upgrade your mod-wsgi packages.

\n
\n
\n
\n
", "2938": "
\n

Debian Security Advisory

\n

DSA-2938-1 -- Availability of LTS support for Debian 6.0 / squeeze

\n
\n
Date Reported:
\n
27 May 2014
\n
Affected Packages:
\n
\n \n
\n
Vulnerable:
\n
No
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

The initial organisation and setup of Squeeze LTS has now happened and it is\nready for taking over security support once the standard security support ends\nat the end of the month:

\n

Information for users

\n

Support for Squeeze LTS will end five years after the release of Squeeze,\ni.e. until the 6th of February 2016.

\n

You need to enable the apt sources for squeeze-lts manually.\nInformation on how to do this can be found at\nhttps://wiki.debian.org/LTS/Development#Add_squeeze-lts_to_your_sources.list

\n

You should also subscribe to the new annoucement mailing list for security\nupdates for squeeze-lts:\nhttps://lists.debian.org/debian-lts-announce/

\n

A few packages are not covered by the Squeeze LTS support. These can be\ndetected with the new tool debian-security-support. Information on\nhow to run it can be found here:\nhttps://wiki.debian.org/LTS/Development#Check_for_unsupported_packages

\n

If debian-security-support detects an unsupported package which\nis critical to you, please get in touch with\ndebian-lts@lists.debian.org\n(see below).

\n

squeeze-backports will continue to be supported for the lifetime of\nSqueeze LTS.

\n

Information for Debian maintainers

\n

First of all, Debian package maintainers are not expected to work on updates\nof their packages for squeeze-lts. Package updates for squeeze-lts\nwill be handled by the Debian LTS team.

\n

However, if you are interested in doing so (and the maintainer always\nknows best on a package), you're certainly welcome to do so; everyone in the\nDebian.org and Debian maintainers key ring can upload to the squeeze-lts\nsuite. Information on how to upload a fixed package can be found at\nhttps://wiki.debian.org/LTS/Development#Upload_Packages

\n

Mailing lists

\n

The whole coordination of the Debian LTS effort is handled through the\ndebian-lts mailing list: https://lists.debian.org/debian-lts/

\n

Please subscribe or follow us via GMANE (gmane.linux.debian.devel.lts)

\n

Aside from the debian-lts-announce list, there's also a list for\nfollowing all uploads in debian-lts:\nhttps://lists.debian.org/debian-lts-changes/

\n

Security Tracker

\n

All information on the status of vulnerabilities (e.g. if the version in\nsqueeze-lts happens to be unaffected while wheezy is affected) will be\ntracked in the Debian Security Tracker:

\n

https://security-tracker.debian.org

\n

If you happen to spot an error in the data, please see\nhttps://security-tracker.debian.org/tracker/data/report

\n
\n
\n
\n
", "2939": "
\n

Debian Security Advisory

\n

DSA-2939-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
31 May 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1743, CVE-2014-1744, CVE-2014-1745, CVE-2014-1746, CVE-2014-1747, CVE-2014-1748, CVE-2014-1749, CVE-2014-3152.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2014-1743\n

    cloudfuzzer discovered a use-after-free issue in the Blink/Webkit\n document object model implementation.

    • \n
  • CVE-2014-1744\n

    Aaron Staple discovered an integer overflow issue in audio input\n handling.

    • \n
  • CVE-2014-1745\n

    Atte Kettunen discovered a use-after-free issue in the Blink/Webkit\n scalable vector graphics implementation.

    • \n
  • CVE-2014-1746\n

    Holger Fuhrmannek discovered an out-of-bounds read issue in the URL\n protocol implementation for handling media.

    • \n
  • CVE-2014-1747\n

    packagesu discovered a cross-site scripting issue involving\n malformed MHTML files.

    • \n
  • CVE-2014-1748\n

    Jordan Milne discovered a user interface spoofing issue.

    • \n
  • CVE-2014-1749\n

    The Google Chrome development team discovered and fixed multiple\n issues with potential security impact.

    • \n
  • CVE-2014-3152\n

    An integer underflow issue was discovered in the v8 javascript\n library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.114-1~deb7u2.

\n

For the testing distribution (jessie), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 35.0.1916.114-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2940": "
\n

Debian Security Advisory

\n

DSA-2940-1 libstruts1.2-java -- security update

\n
\n
Date Reported:
\n
21 Aug 2014
\n
Affected Packages:
\n
\nlibstruts1.2-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0114.
\n
More information:
\n
\n

It was discovered that missing access checks in the Struts ActionForm\nobject could result in the execution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-5+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.9-9.

\n

We recommend that you upgrade your libstruts1.2-java packages.

\n
\n
\n
\n
", "2941": "
\n

Debian Security Advisory

\n

DSA-2941-1 lxml -- security update

\n
\n
Date Reported:
\n
01 Jun 2014
\n
Affected Packages:
\n
\nlxml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3146.
\n
More information:
\n
\n

It was discovered that clean_html() function of lxml (pythonic bindings\nfor the libxml2 and libxslt libraries) performed insufficient\nsanitisation for some non-printable characters. This could lead to\ncross-site scripting.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.3.2-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 3.3.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.5-1.

\n

We recommend that you upgrade your lxml packages.

\n
\n
\n
\n
", "2942": "
\n

Debian Security Advisory

\n

DSA-2942-1 typo3-src -- security update

\n
\n
Date Reported:
\n
01 Jun 2014
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 749215.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Typo3 CMS. More\ninformation can be found in the upstream advisory:\nhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.19+dfsg1-5+wheezy3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 4.5.34+dfsg1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5.34+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "2943": "
\n

Debian Security Advisory

\n

DSA-2943-1 php5 -- security update

\n
\n
Date Reported:
\n
01 Jun 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0185, CVE-2014-0237, CVE-2014-0238, CVE-2014-2270.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development:

\n
    \n
  • CVE-2014-0185\n

    The default PHP FPM socket permission has been changed from 0666\n to 0660 to mitigate a security vulnerability\n (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code\n under the active user of FPM process via crafted FastCGI client.

    \n

    The default Debian setup now correctly sets the listen.owner and\n listen.group to www-data:www-data in default php-fpm.conf. If you\n have more FPM instances or a webserver not running under www-data\n user you need to adjust the configuration of FPM pools in\n /etc/php5/fpm/pool.d/ so the accessing process has rights to\n access the socket.

    • \n
  • CVE-2014-0237 /\n CVE-2014-0238\n

    Denial of service in the CDF parser of the fileinfo module.

    • \n
  • CVE-2014-2270\n

    Denial of service in the fileinfo module.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u10.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2944": "
\n

Debian Security Advisory

\n

DSA-2944-1 gnutls26 -- security update

\n
\n
Date Reported:
\n
01 Jun 2014
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3466.
\n
More information:
\n
\n

Joonas Kuorilehto discovered that GNU TLS performed insufficient\nvalidation of session IDs during TLS/SSL handshakes. A malicious server\ncould use this to execute arbitrary code or perform denial of service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.12.20-8+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.23-16.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "2945": "
\n

Debian Security Advisory

\n

DSA-2945-1 chkrootkit -- security update

\n
\n
Date Reported:
\n
03 Jun 2014
\n
Affected Packages:
\n
\nchkrootkit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0476.
\n
More information:
\n
\n

Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit\ndetector, which may allow local attackers to gain root access when /tmp\nis mounted without the noexec option.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.49-4.1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.49-5.

\n

We recommend that you upgrade your chkrootkit packages.

\n
\n
\n
\n
", "2946": "
\n

Debian Security Advisory

\n

DSA-2946-1 python-gnupg -- security update

\n
\n
Date Reported:
\n
04 Jun 2014
\n
Affected Packages:
\n
\npython-gnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7323, CVE-2014-1927, CVE-2014-1928, CVE-2014-1929.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the Python wrapper for the\nGnu Privacy Guard (GPG). Insufficient sanitising could lead to the\nexecution of arbitrary shell commands.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.3.6-1~deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 0.3.6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.3.6-1.

\n

We recommend that you upgrade your python-gnupg packages.

\n
\n
\n
\n
", "2947": "
\n

Debian Security Advisory

\n

DSA-2947-1 libav -- security update

\n
\n
Date Reported:
\n
04 Jun 2014
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.12

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.12-1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 6:10.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6:10.1-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "2948": "
\n

Debian Security Advisory

\n

DSA-2948-1 python-bottle -- security update

\n
\n
Date Reported:
\n
04 Jun 2014
\n
Affected Packages:
\n
\npython-bottle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3137.
\n
More information:
\n
\n

It was discovered that Bottle, a WSGI-framework for Python, performed\na too permissive detection of JSON content, resulting a potential\nbypass of security mechanisms.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.10.11-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.12.6-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.12.6-1.

\n

We recommend that you upgrade your python-bottle packages.

\n
\n
\n
\n
", "2949": "
\n

Debian Security Advisory

\n

DSA-2949-1 linux -- security update

\n
\n
Date Reported:
\n
05 Jun 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3144, CVE-2014-3145, CVE-2014-3153.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:

\n
    \n
  • CVE-2014-3144\n/ CVE-2014-3145\n

    A local user can cause a denial of service (system crash) via\n crafted BPF instructions.

    • \n
  • CVE-2014-3153\n

    Pinkie Pie discovered an issue in the futex subsystem that allows a\n local user to gain ring 0 control via the futex syscall. An\n unprivileged user could use this flaw to crash the kernel (resulting\n in denial of service) or for privilege escalation.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.57-3+deb7u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "2950": "
\n

Debian Security Advisory

\n

DSA-2950-1 openssl -- security update

\n
\n
Date Reported:
\n
05 Jun 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL:

\n
    \n
  • CVE-2014-0195\n

    Jueri Aedla discovered that a buffer overflow in processing DTLS\n fragments could lead to the execution of arbitrary code or denial\n of service.

    • \n
  • CVE-2014-0221\n

    Imre Rad discovered the processing of DTLS hello packets is\n susceptible to denial of service.

    • \n
  • CVE-2014-0224\n

    KIKUCHI Masashi discovered that carefully crafted handshakes can\n force the use of weak keys, resulting in potential man-in-the-middle\n attacks.

    • \n
  • CVE-2014-3470\n

    Felix Groebert and Ivan Fratric discovered that the implementation of\n anonymous ECDH ciphersuites is suspectible to denial of service.

    • \n
\n

Additional information can be found at\nhttp://www.openssl.org/news/secadv_20140605.txt

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u10. All applications linked to openssl need to\nbe restarted. You can use the tool checkrestart from the package\ndebian-goodies to detect affected programs or reboot your system. There's\nalso a forthcoming security update for the Linux kernel later the day\n(CVE-2014-3153), so you need to reboot anyway. Perfect timing, isn't it?

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2951": "
\n

Debian Security Advisory

\n

DSA-2951-1 mupdf -- security update

\n
\n
Date Reported:
\n
05 Jun 2014
\n
Affected Packages:
\n
\nmupdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2013.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the MuPDF viewer might lead\nto the execution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9-2+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.3-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3-2.

\n

We recommend that you upgrade your mupdf packages.

\n
\n
\n
\n
", "2952": "
\n

Debian Security Advisory

\n

DSA-2952-1 kfreebsd-9 -- security update

\n
\n
Date Reported:
\n
05 Jun 2014
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1453, CVE-2014-3000, CVE-2014-3880.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FreeBSD kernel that may\nlead to a denial of service or possibly disclosure of kernel memory. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-1453\n

    A remote, authenticated attacker could cause the NFS server become\n deadlocked, resulting in a denial of service.

    • \n
  • CVE-2014-3000:\n

    An attacker who can send a series of specifically crafted packets with a\n connection could cause a denial of service situation by causing the kernel\n to crash.

    \n

    Additionally, because the undefined on stack memory may be overwritten by\n other kernel threads, while difficult, it may be possible for an attacker\n to construct a carefully crafted attack to obtain portion of kernel memory\n via a connected socket. This may result in the disclosure of sensitive\n information such as login credentials, etc. before or even without\n crashing the system.

    • \n
  • CVE-2014-3880\n

    A local attacker can trigger a kernel crash (triple fault) with potential\n data loss, related to the execve/fexecve system calls.\n Reported by Ivo De Decker.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 9.0-10+deb70.7.

\n

For the unstable (sid) and testing (jessie) distributions, these problems are fixed\nin kfreebsd-10 version 10.0-6.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "2953": "
\n

Debian Security Advisory

\n

DSA-2953-1 dpkg -- security update

\n
\n
Date Reported:
\n
08 Jun 2014
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 746498, Bug 749183.
In Mitre's CVE dictionary: CVE-2014-3864, CVE-2014-3865.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in dpkg that allow file\nmodification through path traversal when unpacking source packages with\nspecially crafted patch files.

\n

This update had been scheduled before the end of security support for\nthe oldstable distribution (squeeze), hence an exception has been made\nand was released through the security archive. However, no further updates\nshould be expected.

\n

For the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.15.11.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.16.15.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.17.10.

\n

We recommend that you upgrade your dpkg packages.

\n
\n
\n
\n
", "2954": "
\n

Debian Security Advisory

\n

DSA-2954-1 dovecot -- security update

\n
\n
Date Reported:
\n
09 Jun 2014
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 747549.
In Mitre's CVE dictionary: CVE-2014-3430.
\n
More information:
\n
\n

It was discovered that the Dovecot email server is vulnerable to a\ndenial of service attack against imap/pop3-login processes due to\nincorrect handling of the closure of inactive SSL/TLS connections.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:2.1.7-7+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1:2.2.13~rc1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.2.13~rc1-1.

\n

We recommend that you upgrade your dovecot packages.

\n
\n
\n
\n
", "2955": "
\n

Debian Security Advisory

\n

DSA-2955-1 iceweasel -- security update

\n
\n
Date Reported:
\n
11 Jun 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1533, CVE-2014-1538, CVE-2014-1541, CVE-2014-1545.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nbuffer overflows may lead to the execution of arbitrary code or denial\nof service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.6.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 30.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2956": "
\n

Debian Security Advisory

\n

DSA-2956-1 icinga -- security update

\n
\n
Date Reported:
\n
11 Jun 2014
\n
Affected Packages:
\n
\nicinga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7106, CVE-2013-7107, CVE-2013-7108, CVE-2014-1878, CVE-2014-2386.
\n
More information:
\n
\n

Multiple security issues have been found in the Icinga host and network\nmonitoring system (buffer overflows, cross-site request forgery, off-by\nones) which could result in the execution of arbitrary code, denial of\nservice or session hijacking.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.7.1-7.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 1.11.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.11.0-1.

\n

We recommend that you upgrade your icinga packages.

\n
\n
\n
\n
", "2957": "
\n

Debian Security Advisory

\n

DSA-2957-1 mediawiki -- security update

\n
\n
Date Reported:
\n
12 Jun 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3966.
\n
More information:
\n
\n

Omer Iqbal discovered that Mediawiki, a wiki engine, parses invalid\nusernames on Special:PasswordReset as wikitext when $wgRawHtml is\nenabled. On such wikis this allows an unauthenticated attacker to\ninsert malicious JavaScript, a cross site scripting attack.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.19.16+dfsg-0+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.19.16+dfsg-1.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "2958": "
\n

Debian Security Advisory

\n

DSA-2958-1 apt -- security update

\n
\n
Date Reported:
\n
12 Jun 2014
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 749795.
In Mitre's CVE dictionary: CVE-2014-0478.
\n
More information:
\n
\n

Jakub Wilk discovered that APT, the high level package manager,\ndid not properly perform authentication checks for source packages\ndownloaded via \"apt-get source\". This only affects use cases where\nsource packages are downloaded via this command; it does not\naffect regular Debian package installation and upgrading.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.7.9+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.4.

\n

We recommend that you upgrade your apt packages.

\n
\n
\n
\n
", "2959": "
\n

Debian Security Advisory

\n

DSA-2959-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
14 Jun 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3154, CVE-2014-3155, CVE-2014-3156, CVE-2014-3157.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2014-3154\n

    Collin Payne discovered a use-after-free issue in the filesystem API.

    • \n
  • CVE-2014-3155\n

    James March, Daniel Sommermann, and Alan Frindell discovered several\n out-of-bounds read issues in the SPDY protocol implementation.

    • \n
  • CVE-2014-3156\n

    Atte Kettunen discovered a buffer overflow issue in bitmap handling\n in the clipboard implementation.

    • \n
  • CVE-2014-3157\n

    A heap-based buffer overflow issue was discovered in chromium's\n ffmpeg media filter.

    • \n
\n

In addition, this version corrects a regression in the previous update.\nSupport for older i386 processors had been dropped. This functionality\nis now restored.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 35.0.1916.153-1~deb7u1.

\n

For the testing (jessie) and unstable (sid) distribution, these problems\nhave been fixed in version 35.0.1916.153-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "2960": "
\n

Debian Security Advisory

\n

DSA-2960-1 icedove -- security update

\n
\n
Date Reported:
\n
16 Jun 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1533, CVE-2014-1538, CVE-2014-1541, CVE-2014-1545.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: multiple memory safety\nerrors and buffer overflows may lead to the execution of arbitrary code\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.6.0-1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2961": "
\n

Debian Security Advisory

\n

DSA-2961-1 php5 -- security update

\n
\n
Date Reported:
\n
16 Jun 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 751364.
In Mitre's CVE dictionary: CVE-2014-4049.
\n
More information:
\n
\n

It was discovered that PHP, a general-purpose scripting language\ncommonly used for web application development, is vulnerable to a\nheap-based buffer overflow in the DNS TXT record parsing. A malicious\nserver or man-in-the-middle attacker could possibly use this flaw to\nexecute arbitrary code as the PHP interpreter if a PHP application uses\ndns_get_record() to perform a DNS query.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.4-14+deb7u11.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 5.6.0~beta4+dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.6.0~beta4+dfsg-3.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2962": "
\n

Debian Security Advisory

\n

DSA-2962-1 nspr -- security update

\n
\n
Date Reported:
\n
17 Jun 2014
\n
Affected Packages:
\n
\nnspr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1545.
\n
More information:
\n
\n

Abhiskek Arya discovered an out of bounds write in the cvt_t() function\nof the NetScape Portable Runtime Library which could result in the\nexecution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:4.9.2-1+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:4.10.6-1.

\n

We recommend that you upgrade your nspr packages.

\n
\n
\n
\n
", "2963": "
\n

Debian Security Advisory

\n

DSA-2963-1 lucene-solr -- security update

\n
\n
Date Reported:
\n
17 Jun 2014
\n
Affected Packages:
\n
\nlucene-solr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6397, CVE-2013-6407, CVE-2013-6408.
\n
More information:
\n
\n

Multiple vulnerabilities were found in Solr, an open source enterprise\nsearch server based on Lucene, resulting in information disclosure or\ncode execution.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.0+dfsg-1+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 3.6.2+dfsg-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.6.2+dfsg-2.

\n

We recommend that you upgrade your lucene-solr packages.

\n
\n
\n
\n
", "2964": "
\n

Debian Security Advisory

\n

DSA-2964-1 iodine -- security update

\n
\n
Date Reported:
\n
21 Jun 2014
\n
Affected Packages:
\n
\niodine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 751834.
In Mitre's CVE dictionary: CVE-2014-4168.
\n
More information:
\n
\n

Oscar Reparaz discovered an authentication bypass vulnerability in\niodine, a tool for tunneling IPv4 data through a DNS server. A remote\nattacker could provoke a server to accept the rest of the setup or\nalso network traffic by exploiting this flaw.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.6.0~rc1-12+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.6.0~rc1-19.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.0~rc1-19.

\n

We recommend that you upgrade your iodine packages.

\n
\n
\n
\n
", "2965": "
\n

Debian Security Advisory

\n

DSA-2965-1 tiff -- security update

\n
\n
Date Reported:
\n
22 Jun 2014
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 742917.
In Mitre's CVE dictionary: CVE-2013-4243.
\n
More information:
\n
\n

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff\ncommand line tool. Executing gif2tiff on a malicious tiff image could\nresult in arbitrary code execution.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.0.2-6+deb7u3.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.0.3-9.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "2966": "
\n

Debian Security Advisory

\n

DSA-2966-1 samba -- security update

\n
\n
Date Reported:
\n
23 Jun 2014
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0178, CVE-2014-0244, CVE-2014-3493.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS\nfile, print, and login server:

\n
    \n
  • CVE-2014-0178\n

    Information leak vulnerability in the VFS code, allowing an\n authenticated user to retrieve eight bytes of uninitialized memory\n when shadow copy is enabled.

    • \n
  • CVE-2014-0244\n

    Denial of service (infinite CPU loop) in the nmbd Netbios name\n service daemon. A malformed packet can cause the nmbd server to\n enter an infinite loop, preventing it to process later requests to\n the Netbios name service.

    • \n
  • CVE-2014-3493\n

    Denial of service (daemon crash) in the smbd file server daemon. An\n authenticated user attempting to read a Unicode path using a\n non-Unicode request can force the daemon to overwrite memory at an\n invalid address.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:3.6.6-6+deb7u4.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 2:4.1.9+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.1.9+dfsg-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "2967": "
\n

Debian Security Advisory

\n

DSA-2967-1 gnupg -- security update

\n
\n
Date Reported:
\n
25 Jun 2014
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 752497.
In Mitre's CVE dictionary: CVE-2014-4617.
\n
More information:
\n
\n

Jean-Ren\u00e9 Reinhard, Olivier Levillain and Florian Maury reported that\nGnuPG, the GNU Privacy Guard, did not properly parse certain garbled\ncompressed data packets. A remote attacker could use this flaw to mount\na denial of service against GnuPG by triggering an infinite loop.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.16-1.2.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "2968": "
\n

Debian Security Advisory

\n

DSA-2968-1 gnupg2 -- security update

\n
\n
Date Reported:
\n
27 Jun 2014
\n
Affected Packages:
\n
\ngnupg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 752498.
In Mitre's CVE dictionary: CVE-2014-4617.
\n
More information:
\n
\n

Jean-Ren\u00e9 Reinhard, Olivier Levillain and Florian Maury reported that\nGnuPG, the GNU Privacy Guard, did not properly parse certain garbled\ncompressed data packets. A remote attacker could use this flaw to mount\na denial of service against GnuPG by triggering an infinite loop.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.0.19-2+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.0.24-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.24-1.

\n

We recommend that you upgrade your gnupg2 packages.

\n
\n
\n
\n
", "2969": "
\n

Debian Security Advisory

\n

DSA-2969-1 libemail-address-perl -- security update

\n
\n
Date Reported:
\n
27 Jun 2014
\n
Affected Packages:
\n
\nlibemail-address-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0477, CVE-2014-4720.
\n
More information:
\n
\n

Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.895-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.905-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.905-1.

\n

We recommend that you upgrade your libemail-address-perl packages.

\n
\n
\n
\n
", "2970": "
\n

Debian Security Advisory

\n

DSA-2970-1 cacti -- security update

\n
\n
Date Reported:
\n
29 Jun 2014
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2326, CVE-2014-2327, CVE-2014-2328, CVE-2014-2708, CVE-2014-2709, CVE-2014-4002.
\n
More information:
\n
\n

Multiple security issues (cross-site scripting, cross-site request\nforgery, SQL injections, missing input sanitising) have been found in\nCacti, a web frontend for RRDTool.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.8a+dfsg-5+deb7u3.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8b+dfsg-6.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "2971": "
\n

Debian Security Advisory

\n

DSA-2971-1 dbus -- security update

\n
\n
Date Reported:
\n
02 Jul 2014
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3477, CVE-2014-3532, CVE-2014-3533.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in dbus, an asynchronous\ninter-process communication system. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2014-3477\n

    Alban Crequy at Collabora Ltd. discovered that dbus-daemon sends an\n AccessDenied error to the service instead of a client when the\n client is prohibited from accessing the service. A local attacker\n could use this flaw to cause a bus-activated service that is not\n currently running to attempt to start, and fail, denying other users\n access to this service.

    • \n
  • CVE-2014-3532\n

    Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's\n support for file descriptor passing. A malicious process could force\n system services or user applications to be disconnected from the\n D-Bus system by sending them a message containing a file descriptor,\n leading to a denial of service.

    • \n
  • CVE-2014-3533\n

    Alban Crequy at Collabora Ltd. and Alejandro Mart\u00ednez Su\u00e1rez\n discovered that a malicious process could force services to be\n disconnected from the D-Bus system by causing dbus-daemon to attempt\n to forward invalid file descriptors to a victim process, leading to\n a denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.8-1+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.6-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "2972": "
\n

Debian Security Advisory

\n

DSA-2972-1 linux -- security update

\n
\n
Date Reported:
\n
06 Jul 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-4699.
\n
More information:
\n
\n

Andy Lutomirski discovered that the ptrace syscall was not verifying the\nRIP register to be valid in the ptrace API on x86_64 processors. An\nunprivileged user could use this flaw to crash the kernel (resulting in\ndenial of service) or for privilege escalation.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.2.60-1+deb7u1. In addition, this update contains several\nbugfixes originally targeted for the upcoming Wheezy point release.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "2973": "
\n

Debian Security Advisory

\n

DSA-2973-1 vlc -- security update

\n
\n
Date Reported:
\n
07 Jul 2014
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1868, CVE-2013-1954, CVE-2013-4388.
\n
More information:
\n
\n

Multiple buffer overflows have been found in the VideoLAN media player.\nProcessing malformed subtitles or movie files could lead to denial of\nservice and potentially the execution of arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u1.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 2.1.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "2974": "
\n

Debian Security Advisory

\n

DSA-2974-1 php5 -- security update

\n
\n
Date Reported:
\n
08 Jul 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4721.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-0207\n

    Francisco Alonso of the Red Hat Security Response Team reported an\n incorrect boundary check in the cdf_read_short_sector() function.

    • \n
  • CVE-2014-3478\n

    Francisco Alonso of the Red Hat Security Response Team discovered a\n flaw in the way the truncated pascal string size in the mconvert()\n function is computed.

    • \n
  • CVE-2014-3479\n

    Francisco Alonso of the Red Hat Security Response Team reported an\n incorrect boundary check in the cdf_check_stream_offset() function.

    • \n
  • CVE-2014-3480\n

    Francisco Alonso of the Red Hat Security Response Team reported an\n insufficient boundary check in the cdf_count_chain() function.

    • \n
  • CVE-2014-3487\n

    Francisco Alonso of the Red Hat Security Response Team discovered an\n incorrect boundary check in the cdf_read_property_info() funtion.

    • \n
  • CVE-2014-3515\n

    Stefan Esser discovered that the ArrayObject and the\n SPLObjectStorage unserialize() handler do not verify the type of\n unserialized data before using it. A remote attacker could use this\n flaw to execute arbitrary code.

    • \n
  • CVE-2014-4721\n

    Stefan Esser discovered a type confusion issue affecting phpinfo(),\n which might allow an attacker to obtain sensitive information from\n process memory.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u12. In addition, this update contains several\nbugfixes originally targeted for the upcoming Wheezy point release.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 5.6.0~rc2+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.6.0~rc2+dfsg-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "2975": "
\n

Debian Security Advisory

\n

DSA-2975-1 phpmyadmin -- security update

\n
\n
Date Reported:
\n
09 Jul 2014
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4995, CVE-2013-4996, CVE-2013-5002, CVE-2013-5003, CVE-2014-1879.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in phpMyAdmin, a tool to\nadminister MySQL over the web. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2013-4995\n

    Authenticated users could inject arbitrary web script or HTML\n via a crafted SQL query.

    • \n
  • CVE-2013-4996\n

    Cross site scripting was possible via a crafted logo URL in\n the navigation panel or a crafted entry in the Trusted Proxies list.

    • \n
  • CVE-2013-5002\n

    Authenticated users could inject arbitrary web script or HTML\n via a crafted pageNumber value in Schema Export.

    • \n
  • CVE-2013-5003\n

    Authenticated users could execute arbitrary SQL commands as\n the phpMyAdmin control user via the scale parameter PMD PDF\n export and the pdf_page_number parameter in Schema Export.

    • \n
  • CVE-2014-1879\n

    Authenticated users could inject arbitrary web script or HTML\n via a crafted file name in the Import function.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4:3.4.11.1-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.2.5-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "2976": "
\n

Debian Security Advisory

\n

DSA-2976-1 eglibc -- security update

\n
\n
Date Reported:
\n
10 Jul 2014
\n
Affected Packages:
\n
\neglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0475.
\n
More information:
\n
\n

Stephane Chazelas discovered that the GNU C library, glibc, processed\n\"..\" path segments in locale-related environment variables, possibly\nallowing attackers to circumvent intended restrictions, such as\nForceCommand in OpenSSH, assuming that they can supply crafted locale\nsettings.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u3.

\n

This update also includes changes previously scheduled for the next\nwheezy point release as version 2.13-38+deb7u2. See the Debian\nchangelog for details.

\n

We recommend that you upgrade your eglibc packages.

\n
\n
\n
\n
", "2977": "
\n

Debian Security Advisory

\n

DSA-2977-1 libav -- security update

\n
\n
Date Reported:
\n
11 Jul 2014
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-4609.
\n
More information:
\n
\n

Don A. Baley discovered an integer overflow in the lzo compression\nhandler which could result in the execution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 6:0.8.13-1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 6:10.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6:10.2-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "2978": "
\n

Debian Security Advisory

\n

DSA-2978-1 libxml2 -- security update

\n
\n
Date Reported:
\n
11 Jul 2014
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0191.
\n
More information:
\n
\n

Daniel P. Berrange discovered a denial of service vulnerability in\nlibxml2 entity substitution.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9.1+dfsg1-4.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "2979": "
\n

Debian Security Advisory

\n

DSA-2979-1 fail2ban -- security update

\n
\n
Date Reported:
\n
17 Jul 2014
\n
Affected Packages:
\n
\nfail2ban\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7176, CVE-2013-7177.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts\nthat cause multiple authentication errors. When using Fail2ban to monitor\nPostfix or Cyrus IMAP logs, improper input validation in log parsing\ncould enable a remote attacker to trigger an IP ban on arbitrary\naddresses, resulting in denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.6-3wheezy3.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 0.8.11-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.11-1.

\n

We recommend that you upgrade your fail2ban packages.

\n
\n
\n
\n
", "2980": "
\n

Debian Security Advisory

\n

DSA-2980-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
17 Jul 2014
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266, CVE-2014-4268.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b32-1.13.4-1~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "2981": "
\n

Debian Security Advisory

\n

DSA-2981-1 polarssl -- security update

\n
\n
Date Reported:
\n
18 Jul 2014
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 754655.
In Mitre's CVE dictionary: CVE-2014-4911.
\n
More information:
\n
\n

A flaw was discovered in PolarSSL, a lightweight crypto and SSL/TLS\nlibrary, which can be exploited by a remote unauthenticated attacker to\nmount a denial of service against PolarSSL servers that offer GCM\nciphersuites. Potentially clients are affected too if a malicious server\ndecides to execute the denial of service attack against its clients.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-1~deb7u3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.3.7-2.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.7-2.1.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "2982": "
\n

Debian Security Advisory

\n

DSA-2982-1 ruby-activerecord-3.2 -- security update

\n
\n
Date Reported:
\n
19 Jul 2014
\n
Affected Packages:
\n
\nruby-activerecord-3.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3482, CVE-2014-3483.
\n
More information:
\n
\n

Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter\nfor Active Record which could lead to SQL injection.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.6-5+deb7u1. Debian provides two variants of Ruby on Rails\nin Wheezy (2.3 and 3.2). Support for the 2.3 variants had to be ceased\nat this point. This affects the following source packages:\nruby-actionmailer-2.3, ruby-actionpack-2.3, ruby-activerecord-2.3,\nruby-activeresource-2.3, ruby-activesupport-2.3 and ruby-rails-2.3. The\nversion of Redmine in Wheezy still requires 2.3, you can use an updated\nversion from backports.debian.org which is compatible with rails 3.2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.19-1 of the rails-3.2 source package.

\n

We recommend that you upgrade your ruby-activerecord-3.2 packages.

\n
\n
\n
\n
", "2983": "
\n

Debian Security Advisory

\n

DSA-2983-1 drupal7 -- security update

\n
\n
Date Reported:
\n
20 Jul 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 755038.
In Mitre's CVE dictionary: CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Drupal content\nmanagement system, ranging from denial of service to cross-site\nscripting. More information can be found at https://www.drupal.org/SA-CORE-2014-003.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u5.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 7.29-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.29-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "2984": "
\n

Debian Security Advisory

\n

DSA-2984-1 acpi-support -- security update

\n
\n
Date Reported:
\n
22 Jul 2014
\n
Affected Packages:
\n
\nacpi-support\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1419.
\n
More information:
\n
\n

CESG discovered a root escalation flaw in the acpi-support package. An\nunprivileged user can inject the DBUS_SESSION_BUS_ADDRESS environment\nvariable to run arbitrary commands as root user via the policy-funcs\nscript.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 0.142-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.142-2.

\n

We recommend that you upgrade your acpi-support packages.

\n
\n
\n
\n
", "2985": "
\n

Debian Security Advisory

\n

DSA-2985-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
22 Jul 2014
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 754941.
In Mitre's CVE dictionary: CVE-2014-2494, CVE-2014-4207, CVE-2014-4258, CVE-2014-4260.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.38. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.38-0+wheezy1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "2986": "
\n

Debian Security Advisory

\n

DSA-2986-1 iceweasel -- security update

\n
\n
Date Reported:
\n
23 Jul 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "2987": "
\n

Debian Security Advisory

\n

DSA-2987-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
23 Jul 2014
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4266, CVE-2014-4268.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution of\narbitrary code, breakouts of the Java sandbox, information disclosure or\ndenial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u65-2.5.1-2~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u65-2.5.1-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "2988": "
\n

Debian Security Advisory

\n

DSA-2988-1 transmission -- security update

\n
\n
Date Reported:
\n
24 Jul 2014
\n
Affected Packages:
\n
\ntransmission\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-4909.
\n
More information:
\n
\n

Ben Hawkes discovered that incorrect handling of peer messages in the\nTransmission bittorrent client could result in denial of service or the\nexecution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.52-3+nmu2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your transmission packages.

\n
\n
\n
\n
", "2989": "
\n

Debian Security Advisory

\n

DSA-2989-1 apache2 -- security update

\n
\n
Date Reported:
\n
24 Jul 2014
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0118, CVE-2014-0226, CVE-2014-0231.
\n
More information:
\n
\n

Several security issues were found in the Apache HTTP server.

\n
    \n
  • CVE-2014-0118\n

    The DEFLATE input filter (inflates request bodies) in mod_deflate\n allows remote attackers to cause a denial of service (resource\n consumption) via crafted request data that decompresses to a much\n larger size.

    • \n
  • CVE-2014-0226\n

    A race condition was found in mod_status. An attacker able to\n access a public server status page on a server could send carefully\n crafted requests which could lead to a heap buffer overflow,\n causing denial of service, disclosure of sensitive information, or\n potentially the execution of arbitrary code.

    • \n
  • CVE-2014-0231\n

    A flaw was found in mod_cgid. If a server using mod_cgid hosted\n CGI scripts which did not consume standard input, a remote attacker\n could cause child processes to hang indefinitely, leading to denial\n of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.2.22-13+deb7u3.

\n

For the testing distribution (jessie), these problems will be fixed in\nversion 2.4.10-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.10-1.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "2990": "
\n

Debian Security Advisory

\n

DSA-2990-1 cups -- security update

\n
\n
Date Reported:
\n
27 Jul 2014
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031.
\n
More information:
\n
\n

It was discovered that the web interface in CUPS, the Common UNIX\nPrinting System, incorrectly validated permissions on rss files and\ndirectory index files. A local attacker could possibly use this issue\nto bypass file permissions and read arbitrary files, possibly leading\nto a privilege escalation.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.5.3-5+deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.7.4-2.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "2991": "
\n

Debian Security Advisory

\n

DSA-2991-1 modsecurity-apache -- security update

\n
\n
Date Reported:
\n
27 Jul 2014
\n
Affected Packages:
\n
\nmodsecurity-apache\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-5705.
\n
More information:
\n
\n

Martin Holst Swende discovered a flaw in the way chunked requests are\nhandled in ModSecurity, an Apache module whose purpose is to tighten the\nWeb application security. A remote attacker could use this flaw to\nbypass intended mod_security restrictions by using chunked transfer\ncoding with a capitalized Chunked value in the Transfer-Encoding HTTP\nheader, allowing to send requests containing content that should have\nbeen removed by mod_security.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.6.6-6+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.7.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.7-1.

\n

We recommend that you upgrade your modsecurity-apache packages.

\n
\n
\n
\n
", "2992": "
\n

Debian Security Advisory

\n

DSA-2992-1 linux -- security update

\n
\n
Date Reported:
\n
29 Jul 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 728705.
In Mitre's CVE dictionary: CVE-2014-3534, CVE-2014-4667, CVE-2014-4943.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:

\n
    \n
  • CVE-2014-3534\n

    Martin Schwidefsky of IBM discovered that the ptrace subsystem does\n not properly sanitize the psw mask value. On s390 systems, an\n unprivileged local user could use this flaw to set address space\n control bits to kernel space combination and thus gain read/write\n access to kernel memory.

    • \n
  • CVE-2014-4667\n

    Gopal Reddy Kodudula of Nokia Siemens Networks discovered that the\n sctp_association_free function does not properly manage a certain\n backlog value, which allows remote attackers to cause a denial of\n service (socket outage) via a crafted SCTP packet.

    • \n
  • CVE-2014-4943\n

    Sasha Levin discovered a flaw in the Linux kernel's point-to-point\n protocol (PPP) when used with the Layer Two Tunneling Protocol\n (L2TP). An unprivileged local user could use this flaw for privilege\n escalation.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.60-1+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.14.13-2.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "2993": "
\n

Debian Security Advisory

\n

DSA-2993-1 tor -- security update

\n
\n
Date Reported:
\n
31 Jul 2014
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5117.
\n
More information:
\n
\n

Several issues have been discovered in Tor, a connection-based\nlow-latency anonymous communication system, resulting in information\nleaks.

\n
    \n

  • Relay-early cells could be used by colluding relays on the network to\n tag user circuits and so deploy traffic confirmation attacks\n [CVE-2014-5117]. The updated version emits a warning and drops the\n circuit upon receiving inbound relay-early cells, preventing this\n specific kind of attack. Please consult the following advisory for\n more details about this issue:

    \n

    https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack

    \n
    • \n

  • A bug in the bounds-checking in the 32-bit curve25519-donna\n implementation could cause incorrect results on 32-bit\n implementations when certain malformed inputs were used along with a\n small class of private ntor keys. This flaw does not currently\n appear to allow an attacker to learn private keys or impersonate a\n Tor server, but it could provide a means to distinguish 32-bit Tor\n implementations from 64-bit Tor implementations.

    • \n
\n

The following additional security-related improvements have been\nimplemented:

\n
    \n

  • As a client, the new version will effectively stop using CREATE_FAST\n cells. While this adds computational load on the network, this\n approach can improve security on connections where Tor's circuit\n handshake is stronger than the available TLS connection security\n levels.

    • \n

  • Prepare clients to use fewer entry guards by honoring the consensus\n parameters. The following article provides some background:

    \n

    https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters

    \n
    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.2.4.23-1~deb7u1.

\n

For the testing distribution (jessie) and the unstable distribution\n(sid), these problems have been fixed in version 0.2.4.23-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 0.2.5.6-alpha-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "2994": "
\n

Debian Security Advisory

\n

DSA-2994-1 nss -- security update

\n
\n
Date Reported:
\n
31 Jul 2014
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1741, CVE-2013-5606, CVE-2014-1491, CVE-2014-1492.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in nss, the Mozilla Network\nSecurity Service library:

\n
    \n
  • CVE-2013-1741\n

    Runaway memset in certificate parsing on 64-bit computers leading to\n a crash by attempting to write 4Gb of nulls.

    • \n
  • CVE-2013-5606\n

    Certificate validation with the verifylog mode did not return\n validation errors, but instead expected applications to determine\n the status by looking at the log.

    • \n
  • CVE-2014-1491\n

    Ticket handling protection mechanisms bypass due to the lack of\n restriction of public values in Diffie-Hellman key exchanges.

    • \n
  • CVE-2014-1492\n

    Incorrect IDNA domain name matching for wildcard certificates could\n allow specially-crafted invalid certificates to be considered as\n valid.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2:3.14.5-1+deb7u1.

\n

For the testing distribution (jessie), and the unstable distribution (sid),\nthese problems have been fixed in version 2:3.16-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "2995": "
\n

Debian Security Advisory

\n

DSA-2995-1 lzo2 -- security update

\n
\n
Date Reported:
\n
03 Aug 2014
\n
Affected Packages:
\n
\nlzo2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 752861.
In Mitre's CVE dictionary: CVE-2014-4607.
\n
More information:
\n
\n

Don A. Bailey from Lab Mouse Security discovered an integer overflow\nflaw in the way the lzo library decompressed certain archives compressed\nwith the LZO algorithm. An attacker could create a specially crafted\nLZO-compressed input that, when decompressed by an application using the\nlzo library, would cause that application to crash or, potentially,\nexecute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.06-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2.08-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.08-1.

\n

We recommend that you upgrade your lzo2 packages.

\n
\n
\n
\n
", "2996": "
\n

Debian Security Advisory

\n

DSA-2996-1 icedove -- security update

\n
\n
Date Reported:
\n
03 Aug 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.7.0-1~deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "2997": "
\n

Debian Security Advisory

\n

DSA-2997-1 reportbug -- security update

\n
\n
Date Reported:
\n
05 Aug 2014
\n
Affected Packages:
\n
\nreportbug\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0479.
\n
More information:
\n
\n

Jakub Wilk discovered a remote command execution flaw in reportbug, a\ntool to report bugs in the Debian distribution. A man-in-the-middle\nattacker could put shell metacharacters in the version number allowing\narbitrary code execution with the privileges of the user running\nreportbug.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 6.4.4+deb7u1.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.5.0+nmu1.

\n

We recommend that you upgrade your reportbug packages.

\n
\n
\n
\n
", "2998": "
\n

Debian Security Advisory

\n

DSA-2998-1 openssl -- security update

\n
\n
Date Reported:
\n
07 Aug 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139.
\n
More information:
\n
\n

Multiple vulnerabilities have been identified in OpenSSL, a Secure\nSockets Layer toolkit, that may result in denial of service\n(application crash, large memory consumption), information leak,\nprotocol downgrade. Additionally, a buffer overrun affecting only\napplications explicitly set up for SRP has been fixed (CVE-2014-3512).

\n

Detailed descriptions of the vulnerabilities can be found at:\nwww.openssl.org/news/secadv_20140806.txt

\n

It's important that you upgrade the libssl1.0.0 package and not just\nthe openssl package.

\n

All applications linked to openssl need to be restarted. You can use\nthe checkrestart tool from the debian-goodies package to detect\naffected programs. Alternatively, you may reboot your system.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u12.

\n

For the testing distribution (jessie), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1i-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "2999": "
\n

Debian Security Advisory

\n

DSA-2999-1 drupal7 -- security update

\n
\n
Date Reported:
\n
09 Aug 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5265, CVE-2014-5266, CVE-2014-5267.
\n
More information:
\n
\n

A denial of service vulnerability was discovered in Drupal, a\nfully-featured content management framework. A remote attacker could\nexploit this flaw to cause CPU and memory exhaustion and the site's\ndatabase to reach the maximum number of open connections, leading to the\nsite becoming unavailable or unresponsive. More information can be found\nat https://www.drupal.org/SA-CORE-2014-004.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u6.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 7.31-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.31-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3000": "
\n

Debian Security Advisory

\n

DSA-3000-1 krb5 -- security update

\n
\n
Date Reported:
\n
09 Aug 2014
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 753624, Bug 753625, Bug 755520, Bug 755521, Bug 757416.
In Mitre's CVE dictionary: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345.
\n
More information:
\n
\n

Several vulnerabilities were discovered in krb5, the MIT implementation\nof Kerberos. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2014-4341\n

    An unauthenticated remote attacker with the ability to inject\n packets into a legitimately established GSSAPI application session\n can cause a program crash due to invalid memory references when\n attempting to read beyond the end of a buffer.

    • \n
  • CVE-2014-4342\n

    An unauthenticated remote attacker with the ability to inject\n packets into a legitimately established GSSAPI application session\n can cause a program crash due to invalid memory references when\n reading beyond the end of a buffer or by causing a null pointer\n dereference.

    • \n
  • CVE-2014-4343\n

    An unauthenticated remote attacker with the ability to spoof packets\n appearing to be from a GSSAPI acceptor can cause a double-free\n condition in GSSAPI initiators (clients) which are using the SPNEGO\n mechanism, by returning a different underlying mechanism than was\n proposed by the initiator. A remote attacker could exploit this flaw\n to cause an application crash or potentially execute arbitrary code.

    • \n
  • CVE-2014-4344\n

    An unauthenticated or partially authenticated remote attacker can\n cause a NULL dereference and application crash during a SPNEGO\n negotiation by sending an empty token as the second or later context\n token from initiator to acceptor.

    • \n
  • CVE-2014-4345\n

    When kadmind is configured to use LDAP for the KDC database, an\n authenticated remote attacker can cause it to perform an\n out-of-bounds write (buffer overflow).

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.10.1+dfsg-5+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-7.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "3001": "
\n

Debian Security Advisory

\n

DSA-3001-1 wordpress -- security update

\n
\n
Date Reported:
\n
09 Aug 2014
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-2053, CVE-2014-5204, CVE-2014-5205, CVE-2014-5240, CVE-2014-5265, CVE-2014-5266.
\n
More information:
\n
\n

Multiple security issues have been discovered in Wordpress, a web\nblogging tool, resulting in denial of service or information disclosure.\nMore information can be found in the upstream advisory at\nhttps://wordpress.org/news/2014/08/wordpress-3-9-2/.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.9.2+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3002": "
\n

Debian Security Advisory

\n

DSA-3002-1 wireshark -- security update

\n
\n
Date Reported:
\n
10 Aug 2014
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, CVE-2014-5165.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for Catapult\nDCT2000, IrDA, GSM Management, RLC ASN.1 BER, which could result in\ndenial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy11.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3003": "
\n

Debian Security Advisory

\n

DSA-3003-1 libav -- security update

\n
\n
Date Reported:
\n
10 Aug 2014
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3934, CVE-2011-3935, CVE-2011-3946, CVE-2013-0848, CVE-2013-0851, CVE-2013-0852, CVE-2013-0860, CVE-2013-0868, CVE-2013-3672, CVE-2013-3674, CVE-2014-2263.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15\n

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.15-1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3004": "
\n

Debian Security Advisory

\n

DSA-3004-1 kde4libs -- security update

\n
\n
Date Reported:
\n
11 Aug 2014
\n
Affected Packages:
\n
\nkde4libs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5033.
\n
More information:
\n
\n

Sebastian Krahmer discovered that Kauth used Policykit insecurely by\nrelying on the process ID. This could result in privilege escalation.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4:4.8.4-4+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 4:4.13.3-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:4.13.3-2.

\n

We recommend that you upgrade your kde4libs packages.

\n
\n
\n
\n
", "3005": "
\n

Debian Security Advisory

\n

DSA-3005-1 gpgme1.0 -- security update

\n
\n
Date Reported:
\n
14 Aug 2014
\n
Affected Packages:
\n
\ngpgme1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 756651.
In Mitre's CVE dictionary: CVE-2014-3564.
\n
More information:
\n
\n

Tom\u00e1\u0161 Trnka discovered a heap-based buffer overflow within the gpgsm\nstatus handler of GPGME, a library designed to make access to GnuPG\neasier for applications. An attacker could use this issue to cause an\napplication using GPGME to crash (denial of service) or possibly to\nexecute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.0-1.4+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.5.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.1-1.

\n

We recommend that you upgrade your gpgme1.0 packages.

\n
\n
\n
\n
", "3006": "
\n

Debian Security Advisory

\n

DSA-3006-1 xen -- security update

\n
\n
Date Reported:
\n
18 Aug 2014
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-1432, CVE-2013-1442, CVE-2013-2076, CVE-2013-2077, CVE-2013-2078, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, CVE-2013-2211, CVE-2013-4329, CVE-2013-4355, CVE-2013-4361, CVE-2013-4368, CVE-2013-4494, CVE-2013-4553, CVE-2014-1950, CVE-2014-2599, CVE-2014-3124, CVE-2014-4021.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Xen virtualisation\nsolution which may result in information leaks or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3007": "
\n

Debian Security Advisory

\n

DSA-3007-1 cacti -- security update

\n
\n
Date Reported:
\n
20 Aug 2014
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5025, CVE-2014-5026, CVE-2014-5261, CVE-2014-5262.
\n
More information:
\n
\n

Multiple security issues (cross-site scripting, missing input sanitising\nand SQL injection) have been discovered in Cacti, a web interface for\ngraphing of monitoring systems.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.8a+dfsg-5+deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8b+dfsg-8.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "3008": "
\n

Debian Security Advisory

\n

DSA-3008-1 php5 -- security update

\n
\n
Date Reported:
\n
21 Aug 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-3538\n

    It was discovered that the original fix for CVE-2013-7345 did not\n sufficiently address the problem. A remote attacker could still\n cause a denial of service (CPU consumption) via a specially-crafted\n input file that triggers backtracking during processing of an awk\n regular expression rule.

    • \n
  • CVE-2014-3587\n

    It was discovered that the CDF parser of the fileinfo module does\n not properly process malformed files in the Composite Document File\n (CDF) format, leading to crashes.

    • \n
  • CVE-2014-3597\n

    It was discovered that the original fix for CVE-2014-4049 did not\n completely address the issue. A malicious server or\n man-in-the-middle attacker could cause a denial of service (crash)\n and possibly execute arbitrary code via a crafted DNS TXT record.

    • \n
  • CVE-2014-4670\n

    It was discovered that PHP incorrectly handled certain SPL\n Iterators. A local attacker could use this flaw to cause PHP to\n crash, resulting in a denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.4-14+deb7u13. In addition, this update contains several\nbugfixes originally targeted for the upcoming Wheezy point release.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3009": "
\n

Debian Security Advisory

\n

DSA-3009-1 python-imaging -- security update

\n
\n
Date Reported:
\n
21 Aug 2014
\n
Affected Packages:
\n
\npython-imaging\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3589.
\n
More information:
\n
\n

Andrew Drake discovered that missing input sanitising in the icns decoder\nof the Python Imaging Library could result in denial of service if a\nmalformed image is processed.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.7-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.3-1 of the pillow source package.

\n

We recommend that you upgrade your python-imaging packages.

\n
\n
\n
\n
", "3010": "
\n

Debian Security Advisory

\n

DSA-3010-1 python-django -- security update

\n
\n
Date Reported:
\n
22 Aug 2014
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0480, CVE-2014-0481, CVE-2014-0482, CVE-2014-0483.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2014-0480\n

    Florian Apolloner discovered that in certain situations, URL\n reversing could generate scheme-relative URLs which could\n unexpectedly redirect a user to a different host, leading to\n phishing attacks.

    • \n
  • CVE-2014-0481\n

    David Wilson reported a file upload denial of service vulnerability.\n Django's file upload handling in its default configuration may\n degrade to producing a huge number of `os.stat()` system calls when\n a duplicate filename is uploaded. A remote attacker with the ability\n to upload files can cause poor performance in the upload handler,\n eventually causing it to become very slow.

    • \n
  • CVE-2014-0482\n

    David Greisen discovered that under some circumstances, the use of\n the RemoteUserMiddleware middleware and the RemoteUserBackend\n authentication backend could result in one user receiving another\n user's session, if a change to the REMOTE_USER header occurred\n without corresponding logout/login actions.

    • \n
  • CVE-2014-0483\n

    Collin Anderson discovered that it is possible to reveal any field's\n data by modifying the popup and to_field parameters of the query\n string on an admin change form page. A user with access to the admin\n interface, and with sufficient knowledge of model structure and the\n appropriate URLs, could construct popup views which would display\n the values of non-relationship fields, including fields the\n application developer had not intended to expose in such a fashion.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.6-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3011": "
\n

Debian Security Advisory

\n

DSA-3011-1 mediawiki -- security update

\n
\n
Date Reported:
\n
23 Aug 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 752622, Bug 758510.
In Mitre's CVE dictionary: CVE-2014-5241, CVE-2014-5243.
\n
More information:
\n
\n

It was discovered that MediaWiki, a website engine for collaborative\nwork, is vulnerable to JSONP injection in Flash (CVE-2014-5241) and\nclickjacking between OutputPage and ParserOutput (CVE-2014-5243). The\nvulnerabilities are addressed by upgrading MediaWiki to the new upstream\nversion 1.19.18, which includes additional changes.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:1.19.18+dfsg-0+deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "3012": "
\n

Debian Security Advisory

\n

DSA-3012-1 eglibc -- security update

\n
\n
Date Reported:
\n
27 Aug 2014
\n
Affected Packages:
\n
\neglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5119.
\n
More information:
\n
\n

Tavis Ormandy discovered a heap-based buffer overflow in the\ntransliteration module loading code in eglibc, Debian's version of the\nGNU C Library. As a result, an attacker who can supply a crafted\ndestination character set argument to iconv-related character\nconversation functions could achieve arbitrary code execution.

\n

This update removes support of loadable gconv transliteration modules.\nBesides the security vulnerability, the module loading code had\nfunctionality defects which prevented it from working for the intended\npurpose.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-38+deb7u4.

\n

We recommend that you upgrade your eglibc packages.

\n
\n
\n
\n
", "3013": "
\n

Debian Security Advisory

\n

DSA-3013-1 s3ql -- security update

\n
\n
Date Reported:
\n
27 Aug 2014
\n
Affected Packages:
\n
\ns3ql\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0485.
\n
More information:
\n
\n

Nikolaus Rath discovered that s3ql, a file system for online data\nstorage, used the pickle functionality of the Python programming\nlanguage in an unsafe way. As a result, a malicious storage backend\nor man-in-the-middle attacker was able execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.11.1-3+deb7u1.

\n

We recommend that you upgrade your s3ql packages.

\n
\n
\n
\n
", "3014": "
\n

Debian Security Advisory

\n

DSA-3014-1 squid3 -- security update

\n
\n
Date Reported:
\n
28 Aug 2014
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 759509.
In Mitre's CVE dictionary: CVE-2014-3609.
\n
More information:
\n
\n

Matthew Daley discovered that Squid3, a fully featured web proxy cache,\ndid not properly perform input validation in request parsing. A remote\nattacker could use this flaw to mount a denial of service by sending\ncrafted Range requests.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.20-2.2+deb7u2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "3015": "
\n

Debian Security Advisory

\n

DSA-3015-1 lua5.1 -- security update

\n
\n
Date Reported:
\n
01 Sep 2014
\n
Affected Packages:
\n
\nlua5.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5461.
\n
More information:
\n
\n

A heap-based overflow vulnerability was found in the way Lua, a\nsimple, extensible, embeddable programming language, handles varargs\nfunctions with many fixed parameters called with few arguments,\nleading to application crashes or, potentially, arbitrary code\nexecution.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.1.5-4+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.5-7.

\n

We recommend that you upgrade your lua5.1 packages.

\n
\n
\n
\n
", "3016": "
\n

Debian Security Advisory

\n

DSA-3016-1 lua5.2 -- security update

\n
\n
Date Reported:
\n
01 Sep 2014
\n
Affected Packages:
\n
\nlua5.2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5461.
\n
More information:
\n
\n

A heap-based overflow vulnerability was found in the way Lua, a\nsimple, extensible, embeddable programming language, handles varargs\nfunctions with many fixed parameters called with few arguments,\nleading to application crashes or, potentially, arbitrary code\nexecution.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.2.1-3+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 5.2.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.3-1.

\n

We recommend that you upgrade your lua5.2 packages.

\n
\n
\n
\n
", "3017": "
\n

Debian Security Advisory

\n

DSA-3017-1 php-cas -- security update

\n
\n
Date Reported:
\n
02 Sep 2014
\n
Affected Packages:
\n
\nphp-cas\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 759718.
In Mitre's CVE dictionary: CVE-2014-4172.
\n
More information:
\n
\n

Marvin S. Addison discovered that Jasig phpCAS, a PHP library for the\nCAS authentication protocol, did not encode tickets before adding them\nto an URL, creating a possibility for cross site scripting.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.3.1-4+deb7u1.

\n

The unstable distribution (sid) will be fixed soon.

\n

We recommend that you upgrade your php-cas packages.

\n
\n
\n
\n
", "3018": "
\n

Debian Security Advisory

\n

DSA-3018-1 iceweasel -- security update

\n
\n
Date Reported:
\n
03 Sep 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1562, CVE-2014-1567.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nuse-after-frees may lead to the execution of arbitrary code or denial\nof service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.8.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.1.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3019": "
\n

Debian Security Advisory

\n

DSA-3019-1 procmail -- security update

\n
\n
Date Reported:
\n
04 Sep 2014
\n
Affected Packages:
\n
\nprocmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 704675, Bug 760443.
In Mitre's CVE dictionary: CVE-2014-3618.
\n
More information:
\n
\n

Boris pi Piwinger and Tavis Ormandy reported a heap overflow\nvulnerability in procmail's formail utility when processing\nspecially-crafted email headers. A remote attacker could use this flaw\nto cause formail to crash, resulting in a denial of service or data\nloss, or possibly execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.22-20+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.22-22.

\n

We recommend that you upgrade your procmail packages.

\n
\n
\n
\n
", "3020": "
\n

Debian Security Advisory

\n

DSA-3020-1 acpi-support -- security update

\n
\n
Date Reported:
\n
10 Sep 2014
\n
Affected Packages:
\n
\nacpi-support\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0484.
\n
More information:
\n
\n

During a review for EDF, Raphael Geissert discovered that the\nacpi-support package did not properly handle data obtained from a\nuser's environment. This could lead to program malfunction or allow a\nlocal user to escalate privileges to the root user due to a programming\nerror.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.140-5+deb7u3.

\n

For the testing distribution (jessie), and the unstable distribution (sid)\nthis problem will be fixed soon.

\n

We recommend that you upgrade your acpi-support packages.

\n
\n
\n
\n
", "3021": "
\n

Debian Security Advisory

\n

DSA-3021-1 file -- security update

\n
\n
Date Reported:
\n
09 Sep 2014
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587.
\n
More information:
\n
\n

Multiple security issues have been found in file, a tool to determine\na file type. These vulnerabilities allow remote attackers to cause a\ndenial of service, via resource consumption or application crash.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.11-2+deb7u4.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion file 1:5.19-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion file 1:5.19-2.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "3022": "
\n

Debian Security Advisory

\n

DSA-3022-1 curl -- security update

\n
\n
Date Reported:
\n
10 Sep 2014
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3613, CVE-2014-3620.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. They can be use to leak cookie information:

\n
    \n
  • CVE-2014-3613\n

    By not detecting and rejecting domain names for partial literal IP\n addresses properly when parsing received HTTP cookies, libcurl can\n be fooled to both sending cookies to wrong sites and into allowing\n arbitrary sites to set cookies for others.

    • \n
  • CVE-2014-3620\n

    libcurl wrongly allows cookies to be set for Top Level Domains\n (TLDs), thus making them apply broader than cookies are allowed.\n This can allow arbitrary sites to set cookies that then would get\n sent to a different and unrelated site or domain.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy10.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 7.38.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.38.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3023": "
\n

Debian Security Advisory

\n

DSA-3023-1 bind9 -- security update

\n
\n
Date Reported:
\n
11 Sep 2014
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 735190.
In Mitre's CVE dictionary: CVE-2014-0591.
\n
More information:
\n
\n

Jared Mauch reported a denial of service flaw in the way BIND, a DNS\nserver, handled queries for NSEC3-signed zones. A remote attacker could\nuse this flaw against an authoritative name server that served\nNCES3-signed zones by sending a specially crafted query, which, when\nprocessed, would cause named to crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:9.9.5.dfsg-2.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3024": "
\n

Debian Security Advisory

\n

DSA-3024-1 gnupg -- security update

\n
\n
Date Reported:
\n
11 Sep 2014
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 725411.
In Mitre's CVE dictionary: CVE-2014-5270.
\n
More information:
\n
\n

Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal\nencryption subkeys\n(CVE-2014-5270).

\n

In addition, this update hardens GnuPG's behaviour when treating\nkeyserver responses; GnuPG now filters keyserver responses to only\naccepts those keyid's actually requested by the user.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.12-7+deb7u6.

\n

For the testing (jessie) and unstable distribution (sid), this\nproblem has been fixed in version 1.4.18-4.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "3025": "
\n

Debian Security Advisory

\n

DSA-3025-1 apt -- security update

\n
\n
Date Reported:
\n
16 Sep 2014
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0487, CVE-2014-0488, CVE-2014-0489, CVE-2014-0490.
\n
More information:
\n
\n

It was discovered that APT, the high level package manager, does not\nproperly invalidate unauthenticated data\n(CVE-2014-0488), performs\nincorrect verification of 304 replies\n(CVE-2014-0487), does not perform\nthe checksum check when the Acquire::GzipIndexes option is used\n(CVE-2014-0489) and does not properly perform validation for binary\npackages downloaded by the apt-get download command\n(CVE-2014-0490).

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.7.9+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.9.

\n

We recommend that you upgrade your apt packages.

\n
\n
\n
\n
", "3026": "
\n

Debian Security Advisory

\n

DSA-3026-1 dbus -- security update

\n
\n
Date Reported:
\n
16 Sep 2014
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639.
\n
More information:
\n
\n

Alban Crequy and Simon McVittie discovered several vulnerabilities in\nthe D-Bus message daemon.

\n
    \n
  • CVE-2014-3635\n

    On 64-bit platforms, file descriptor passing could be abused by\n local users to cause heap corruption in dbus-daemon,\n leading to a crash, or potentially to arbitrary code execution.

    • \n
  • CVE-2014-3636\n

    A denial-of-service vulnerability in dbus-daemon allowed local\n attackers to prevent new connections to dbus-daemon, or disconnect\n existing clients, by exhausting descriptor limits.

    • \n
  • CVE-2014-3637\n

    Malicious local users could create D-Bus connections to\n dbus-daemon which could not be terminated by killing the\n participating processes, resulting in a denial-of-service\n vulnerability.

    • \n
  • CVE-2014-3638\n

    dbus-daemon suffered from a denial-of-service vulnerability in the\n code which tracks which messages expect a reply, allowing local\n attackers to reduce the performance of dbus-daemon.

    • \n
  • CVE-2014-3639\n

    dbus-daemon did not properly reject malicious connections from\n local users, resulting in a denial-of-service vulnerability.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.8-1+deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.8-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "3027": "
\n

Debian Security Advisory

\n

DSA-3027-1 libav -- security update

\n
\n
Date Reported:
\n
17 Sep 2014
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7020.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 6:0.8.16-1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 6:11~alpha2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6:11~alpha2-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3028": "
\n

Debian Security Advisory

\n

DSA-3028-1 icedove -- security update

\n
\n
Date Reported:
\n
17 Sep 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1562, CVE-2014-1567.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and use-after-frees may lead to the execution of arbitrary code\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 24.8.0-1~deb7u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3029": "
\n

Debian Security Advisory

\n

DSA-3029-1 nginx -- security update

\n
\n
Date Reported:
\n
20 Sep 2014
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 761940.
In Mitre's CVE dictionary: CVE-2014-3616.
\n
More information:
\n
\n

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was\npossible to reuse cached SSL sessions in unrelated contexts, allowing\nvirtual host confusion attacks in some configurations by an attacker in\na privileged network position.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.1-2.2+wheezy3.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.6.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.2-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "3030": "
\n

Debian Security Advisory

\n

DSA-3030-1 mantis -- security update

\n
\n
Date Reported:
\n
20 Sep 2014
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1608, CVE-2014-1609.
\n
More information:
\n
\n

Multiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.

\n

We recommend that you upgrade your mantis packages.

\n
\n
\n
\n
", "3031": "
\n

Debian Security Advisory

\n

DSA-3031-1 apt -- security update

\n
\n
Date Reported:
\n
23 Sep 2014
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6273.
\n
More information:
\n
\n

The Google Security Team discovered a buffer overflow vulnerability in\nthe HTTP transport code in apt-get. An attacker able to\nman-in-the-middle a HTTP request to an apt repository can trigger the\nbuffer overflow, leading to a crash of the http apt method binary, or\npotentially to arbitrary code execution.

\n

Two regression fixes were included in this update:

\n
    \n

  • Fix regression from the previous update in DSA-3025-1 when the custom\n apt configuration option for Dir::state::lists is set to a relative\n path (#762160).

    • \n

  • Fix regression in the reverification handling of cdrom: sources that\n may lead to incorrect hashsum warnings. Affected users need to run\n \"apt-cdrom add\" again after the update was applied.

    • \n
\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.7.9+deb7u5.

\n

We recommend that you upgrade your apt packages.

\n
\n
\n
\n
", "3032": "
\n

Debian Security Advisory

\n

DSA-3032-1 bash -- security update

\n
\n
Date Reported:
\n
24 Sep 2014
\n
Affected Packages:
\n
\nbash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6271.
\n
More information:
\n
\n

Stephane Chazelas discovered a vulnerability in bash, the GNU\nBourne-Again Shell, related to how environment variables are\nprocessed. In many common configurations, this vulnerability is\nexploitable over the network, especially if bash has been configured\nas the system shell.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.2+dfsg-0.1+deb7u1.

\n

We recommend that you upgrade your bash packages.

\n
\n
\n
\n
", "3033": "
\n

Debian Security Advisory

\n

DSA-3033-1 nss -- security update

\n
\n
Date Reported:
\n
25 Sep 2014
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1568.
\n
More information:
\n
\n

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS\n(the Mozilla Network Security Service library) was parsing ASN.1 data\nused in signatures, making it vulnerable to a signature forgery attack.

\n

An attacker could craft ASN.1 data to forge RSA certificates with a\nvalid certification chain to a trusted CA.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 2:3.17.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.17.1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3034": "
\n

Debian Security Advisory

\n

DSA-3034-1 iceweasel -- security update

\n
\n
Date Reported:
\n
25 Sep 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1568.
\n
More information:
\n
\n

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS\n(the Mozilla Network Security Service library, embedded in Wheezy's\nIceweasel package), was parsing ASN.1 data used in signatures, making it\nvulnerable to a signature forgery attack.

\n

An attacker could craft ASN.1 data to forge RSA certificates with a\nvalid certification chain to a trusted CA.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 24.8.1esr-1~deb7u1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nIceweasel uses the system NSS library, handled in DSA 3033-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3035": "
\n

Debian Security Advisory

\n

DSA-3035-1 bash -- security update

\n
\n
Date Reported:
\n
25 Sep 2014
\n
Affected Packages:
\n
\nbash\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762760, Bug 762761.
In Mitre's CVE dictionary: CVE-2014-7169.
\n
More information:
\n
\n

Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271\nreleased in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was\nincomplete and could still allow some characters to be injected into\nanother environment (CVE-2014-7169). With this update prefix and suffix\nfor environment variable names which contain shell functions are added\nas hardening measure.

\n

Additionally two out-of-bounds array accesses in the bash parser are\nfixed which were revealed in Red Hat's internal analysis for these\nissues and also independently reported by Todd Sabin.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.2+dfsg-0.1+deb7u3.

\n

We recommend that you upgrade your bash packages.

\n
\n
\n
\n
", "3036": "
\n

Debian Security Advisory

\n

DSA-3036-1 mediawiki -- security update

\n
\n
Date Reported:
\n
26 Sep 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762754.
In Mitre's CVE dictionary: CVE-2014-7199.
\n
More information:
\n
\n

It was discovered that MediaWiki, a wiki engine, did not sufficiently\nfilter CSS in uploaded SVG files, allowing for cross site scripting.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.19.19+dfsg-0+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.19.19+dfsg-1.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "3037": "
\n

Debian Security Advisory

\n

DSA-3037-1 icedove -- security update

\n
\n
Date Reported:
\n
26 Sep 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1568.
\n
More information:
\n
\n

Antoine Delignat-Lavaud from Inria discovered an issue in the way NSS (the\nMozilla Network Security Service library, embedded in Wheezy's Icedove),\nwas parsing ASN.1 data used in signatures, making it vulnerable to a\nsignature forgery attack.

\n

An attacker could craft ASN.1 data to forge RSA certificates with a valid\ncertification chain to a trusted CA.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 24.8.1-1~deb7u1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nIcedove uses the system NSS library, handled in DSA 3033-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3038": "
\n

Debian Security Advisory

\n

DSA-3038-1 libvirt -- security update

\n
\n
Date Reported:
\n
27 Sep 2014
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762203.
In Mitre's CVE dictionary: CVE-2014-0179, CVE-2014-3633.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Libvirt, a virtualisation\nabstraction library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2014-0179\n

    Richard Jones and Daniel P. Berrange found that libvirt passes the\n XML_PARSE_NOENT flag when parsing XML documents using the libxml2\n library, in which case all XML entities in the parsed documents are\n expanded. A user able to force libvirtd to parse an XML document\n with an entity pointing to a special file that blocks on read access\n could use this flaw to cause libvirtd to hang indefinitely,\n resulting in a denial of service on the system.

    • \n
  • CVE-2014-3633\n

    Luyao Huang of Red Hat found that the qemu implementation of\n virDomainGetBlockIoTune computed an index into the array of disks\n for the live definition, then used it as the index into the array of\n disks for the persistent definition, which could result into an\n out-of-bounds read access in qemuDomainGetBlockIoTune().

    \n

    A remote attacker able to establish a read-only connection to\n libvirtd could use this flaw to crash libvirtd or, potentially, leak\n memory from the libvirtd process.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.12.3-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.8-2.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "3039": "
\n

Debian Security Advisory

\n

DSA-3039-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
28 Sep 2014
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3160, CVE-2014-3162, CVE-2014-3165, CVE-2014-3166, CVE-2014-3167, CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177, CVE-2014-3178, CVE-2014-3179.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2014-3160\n

    Christian Schneider discovered a same origin bypass issue in SVG\n file resource fetching.

    • \n
  • CVE-2014-3162\n

    The Google Chrome development team addressed multiple issues with\n potential security impact for chromium 36.0.1985.125.

    • \n
  • CVE-2014-3165\n

    Colin Payne discovered a use-after-free issue in the Web Sockets\n implementation.

    • \n
  • CVE-2014-3166\n

    Antoine Delignat-Lavaud discovered an information leak in the SPDY\n protocol implementation.

    • \n
  • CVE-2014-3167\n

    The Google Chrome development team addressed multiple issues with\n potential security impact for chromium 36.0.1985.143.

    • \n
  • CVE-2014-3168\n

    cloudfuzzer discovered a use-after-free issue in SVG image file\n handling.

    • \n
  • CVE-2014-3169\n

    Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink\n Document Object Model implementation.

    • \n
  • CVE-2014-3170\n

    Rob Wu discovered a way to spoof the url of chromium extensions.

    • \n
  • CVE-2014-3171\n

    cloudfuzzer discovered a use-after-free issue in chromium's v8\n bindings.

    • \n
  • CVE-2014-3172\n

    Eli Grey discovered a way to bypass access restrictions using\n chromium's Debugger extension API.

    • \n
  • CVE-2014-3173\n

    jmuizelaar discovered an uninitialized read issue in WebGL.

    • \n
  • CVE-2014-3174\n

    Atte Kettunen discovered an uninitialized read issue in Web Audio.

    • \n
  • CVE-2014-3175\n

    The Google Chrome development team addressed multiple issues with\n potential security impact for chromium 37.0.2062.94.

    • \n
  • CVE-2014-3176\n

    lokihardt@asrt discovered a combination of flaws that can lead to\n remote code execution outside of chromium's sandbox.

    • \n
  • CVE-2014-3177\n

    lokihardt@asrt discovered a combination of flaws that can lead to\n remote code execution outside of chromium's sandbox.

    • \n
  • CVE-2014-3178\n

    miaubiz discovered a use-after-free issue in the Document Object\n Model implementation in Blink/Webkit.

    • \n
  • CVE-2014-3179\n

    The Google Chrome development team addressed multiple issues with\n potential security impact for chromium 37.0.2062.120.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 37.0.2062.120-1~deb7u1.

\n

For the testing (jessie) and unstable (sid) distributions, these\nproblems have been fixed in version 37.0.2062.120-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3040": "
\n

Debian Security Advisory

\n

DSA-3040-1 rsyslog -- security update

\n
\n
Date Reported:
\n
30 Sep 2014
\n
Affected Packages:
\n
\nrsyslog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3634.
\n
More information:
\n
\n

Rainer Gerhards, the rsyslog project leader, reported a vulnerability in\nRsyslog, a system for log processing. As a consequence of this\nvulnerability an attacker can send malformed messages to a server, if\nthis one accepts data from untrusted sources, and trigger a denial of\nservice attack.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.1-1.

\n

We recommend that you upgrade your rsyslog packages.

\n
\n
\n
\n
", "3041": "
\n

Debian Security Advisory

\n

DSA-3041-1 xen -- security update

\n
\n
Date Reported:
\n
01 Oct 2014
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-2072, CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Xen virtualisation\nsolution which may result in denial of service, information disclosure\nor privilege escalation.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3042": "
\n

Debian Security Advisory

\n

DSA-3042-1 exuberant-ctags -- security update

\n
\n
Date Reported:
\n
04 Oct 2014
\n
Affected Packages:
\n
\nexuberant-ctags\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7204.
\n
More information:
\n
\n

Stefano Zacchiroli discovered a vulnerability in exuberant-ctags, a tool\nto build tag file indexes of source code definitions: Certain JavaScript\nfiles cause ctags to enter an infinite loop until it runs out of disk\nspace, resulting in denial of service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:5.9~svn20110310-4+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1:5.9~svn20110310-8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.9~svn20110310-8.

\n

We recommend that you upgrade your exuberant-ctags packages.

\n
\n
\n
\n
", "3044": "
\n

Debian Security Advisory

\n

DSA-3044-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
04 Oct 2014
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware:

\n
    \n
  • Various security issues have been found in the block qemu drivers.\n\t\tMalformed disk images might result in the execution of arbitrary code.
    • \n
  • A NULL pointer dereference in SLIRP may result in denial of service
    • \n
  • An information leak was discovered in the VGA emulation
    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6+deb7u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3045": "
\n

Debian Security Advisory

\n

DSA-3045-1 qemu -- security update

\n
\n
Date Reported:
\n
04 Oct 2014
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0222, CVE-2014-0223, CVE-2014-3615, CVE-2014-3640.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator:

\n
    \n
  • Various security issues have been found in the block qemu drivers.\n\t\tMalformed disk images might result in the execution of arbitrary code.
    • \n
  • A NULL pointer dereference in SLIRP may result in denial of service
    • \n
  • An information leak was discovered in the VGA emulation
    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6a+deb7u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3046": "
\n

Debian Security Advisory

\n

DSA-3046-1 mediawiki -- security update

\n
\n
Date Reported:
\n
05 Oct 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7295.
\n
More information:
\n
\n

It was reported that MediaWiki, a website engine for collaborative work,\nallowed to load user-created CSS on pages where user-created JavaScript\nis not allowed. A wiki user could be tricked into performing actions by\nmanipulating the interface from CSS, or JavaScript code being executed\nfrom CSS, on security-wise sensitive pages like Special:Preferences and\nSpecial:UserLogin. This update removes the separation of CSS and\nJavaScript module allowance.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.19.20+dfsg-0+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.19.20+dfsg-1.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "3047": "
\n

Debian Security Advisory

\n

DSA-3047-1 rsyslog -- security update

\n
\n
Date Reported:
\n
08 Oct 2014
\n
Affected Packages:
\n
\nrsyslog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3683.
\n
More information:
\n
\n

Mancha discovered a vulnerability in rsyslog, a system for log\nprocessing. This vulnerability is an integer overflow that can be\ntriggered by malformed messages to a server, if this one accepts data\nfrom untrusted sources, provoking message loss, denial of service and, potentially, remote code execution.

\n

This vulnerability can be seen as an incomplete fix of CVE-2014-3634\n(DSA 3040-1).

\n

For more information: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.8.11-3+deb7u2.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 8.4.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.4.2-1.

\n

We recommend that you upgrade your rsyslog packages.

\n
\n
\n
\n
", "3048": "
\n

Debian Security Advisory

\n

DSA-3048-1 apt -- security update

\n
\n
Date Reported:
\n
08 Oct 2014
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 763780.
In Mitre's CVE dictionary: CVE-2014-7206.
\n
More information:
\n
\n

Guillem Jover discovered that the changelog retrieval functionality in\napt-get used temporary files in an insecure way, allowing a local user\nto cause arbitrary files to be overwritten.

\n

This vulnerability is neutralized by the fs.protected_symlinks setting in\nthe Linux kernel, which is enabled by default in Debian 7 Wheezy and up.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.7.9+deb7u6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.9.2.

\n

We recommend that you upgrade your apt packages.

\n
\n
\n
\n
", "3049": "
\n

Debian Security Advisory

\n

DSA-3049-1 wireshark -- security update

\n
\n
Date Reported:
\n
14 Oct 2014
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nRTP, MEGACO, Netflow, RTSP, SES and Sniffer, which could result in denial\nof service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy12.

\n

For the testing distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3050": "
\n

Debian Security Advisory

\n

DSA-3050-1 iceweasel -- security update

\n
\n
Date Reported:
\n
15 Oct 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583, CVE-2014-1585, CVE-2014-1586.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, buffer\noverflows, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, denial of service, the bypass of the\nsame-origin policy or a loss of privacy.

\n

This update updates Iceweasel to the ESR31 series of Firefox. The new\nrelease introduces a new user interface.

\n

In addition, this update also disables SSLv3.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.2.0esr-2~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.2.0esr-1.

\n

For the experimental distribution, these problems have been fixed in\nversion 33.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3051": "
\n

Debian Security Advisory

\n

DSA-3051-1 drupal7 -- security update

\n
\n
Date Reported:
\n
15 Oct 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3704.
\n
More information:
\n
\n

Stefan Horst discovered a vulnerability in the Drupal database\nabstraction API, which may result in SQL injection.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.32-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3052": "
\n

Debian Security Advisory

\n

DSA-3052-1 wpa -- security update

\n
\n
Date Reported:
\n
15 Oct 2014
\n
Affected Packages:
\n
\nwpa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 765352.
In Mitre's CVE dictionary: CVE-2014-3686.
\n
More information:
\n
\n

Jouni Malinen discovered an input sanitization issue in the wpa_cli and\nhostapd_cli tools included in the wpa package. A remote wifi system\nwithin range could provide a crafted string triggering arbitrary code\nexecution running with privileges of the affected wpa_cli or hostapd_cli\nprocess.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0-3+deb7u1.

\n

For the testing distribution (jessie), this problem will be fixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3-1.

\n

We recommend that you upgrade your wpa packages.

\n
\n
\n
\n
", "3053": "
\n

Debian Security Advisory

\n

DSA-3053-1 openssl -- security update

\n
\n
Date Reported:
\n
16 Oct 2014
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568.
\n
More information:
\n
\n

Several vulnerabilities have been found in OpenSSL, the Secure Sockets\nLayer library and toolkit.

\n
    \n
  • CVE-2014-3513\n

    A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure\n Real-time Transport Protocol (SRTP) extension data. A remote attacker\n could send multiple specially crafted handshake messages to exhaust\n all available memory of an SSL/TLS or DTLS server.

    • \n
  • CVE-2014-3566 (\"POODLE\")\n

    A flaw was found in the way SSL 3.0 handled padding bytes when\n decrypting messages encrypted using block ciphers in cipher block\n chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM)\n attacker to decrypt a selected byte of a cipher text in as few as 256\n tries if they are able to force a victim application to repeatedly send\n the same data over newly created SSL 3.0 connections.

    \n

    This update adds support for Fallback SCSV to mitigate this issue.

    • \n
  • CVE-2014-3567\n

    A memory leak flaw was found in the way an OpenSSL handled failed\n session ticket integrity checks. A remote attacker could exhaust all\n available memory of an SSL/TLS or DTLS server by sending a large number\n of invalid session tickets to that server.

    • \n
  • CVE-2014-3568\n

    When OpenSSL is configured with \"no-ssl3\" as a build option, servers\n could accept and complete a SSL 3.0 handshake, and clients could be\n configured to send them.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u13.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1j-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3054": "
\n

Debian Security Advisory

\n

DSA-3054-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
20 Oct 2014
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 765663.
In Mitre's CVE dictionary: CVE-2012-5615, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6478, CVE-2014-6484, CVE-2014-6491, CVE-2014-6494, CVE-2014-6495, CVE-2014-6496, CVE-2014-6500, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.40-0+wheezy1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3055": "
\n

Debian Security Advisory

\n

DSA-3055-1 pidgin -- security update

\n
\n
Date Reported:
\n
23 Oct 2014
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Pidgin, a multi-protocol\ninstant messaging client:

\n
    \n
  • CVE-2014-3694\n

    It was discovered that the SSL/TLS plugins failed to validate the\n basic constraints extension in intermediate CA certificates.

    • \n
  • CVE-2014-3695\n

    Yves Younan and Richard Johnson discovered that emoticons with\n overly large length values could crash Pidgin.

    • \n
  • CVE-2014-3696\n

    Yves Younan and Richard Johnson discovered that malformed Groupwise\n messages could crash Pidgin.

    • \n
  • CVE-2014-3698\n

    Thijs Alkemade and Paul Aurich discovered that malformed XMPP\n messages could result in memory disclosure.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.10.10-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.10.10-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
\n
\n
", "3056": "
\n

Debian Security Advisory

\n

DSA-3056-1 libtasn1-3 -- security update

\n
\n
Date Reported:
\n
26 Oct 2014
\n
Affected Packages:
\n
\nlibtasn1-3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3467, CVE-2014-3468, CVE-2014-3469.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libtasn1-3, a library that\nmanages ASN1 (Abstract Syntax Notation One) structures. An attacker\ncould use those to cause a denial-of-service via out-of-bounds access\nor NULL pointer dereference.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-2+deb7u1.

\n

We recommend that you upgrade your libtasn1-3 packages.

\n
\n
\n
\n
", "3057": "
\n

Debian Security Advisory

\n

DSA-3057-1 libxml2 -- security update

\n
\n
Date Reported:
\n
26 Oct 2014
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762864, Bug 765722, Bug 765770.
In Mitre's CVE dictionary: CVE-2014-3660.
\n
More information:
\n
\n

Sogeti found a denial of service flaw in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML file that, when processed by an\napplication using libxml2, would lead to excessive CPU consumption\n(denial of service) based on excessive entity substitutions, even if\nentity substitution was disabled, which is the parser default behavior.\n(CVE-2014-3660)

\n

In addition, this update addresses a misapplied chunk for a patch\nreleased in version 2.8.0+dfsg1-7+wheezy1 (#762864), and a memory leak\nregression (#765770) introduced in version 2.8.0+dfsg1-7+nmu3.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.8.0+dfsg1-7+wheezy2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9.2+dfsg1-1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "3058": "
\n

Debian Security Advisory

\n

DSA-3058-1 torque -- security update

\n
\n
Date Reported:
\n
27 Oct 2014
\n
Affected Packages:
\n
\ntorque\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 763922.
In Mitre's CVE dictionary: CVE-2014-3684.
\n
More information:
\n
\n

Chad Vizino reported a vulnerability in torque, a PBS-derived batch\nprocessing queueing system. A non-root user could exploit the flaw in\nthe tm_adopt() library call to kill any process, including root-owned\nones on any node in a job.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.16+dfsg-1+deb7u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.16+dfsg-1.5.

\n

We recommend that you upgrade your torque packages.

\n
\n
\n
\n
", "3059": "
\n

Debian Security Advisory

\n

DSA-3059-1 dokuwiki -- security update

\n
\n
Date Reported:
\n
29 Oct 2014
\n
Affected Packages:
\n
\ndokuwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in dokuwiki. Access control in\nthe media manager was insufficiently restricted and authentication could\nbe bypassed when using Active Directory for LDAP authentication.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.0.20120125b-2+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.0.20140929.a-1.

\n

We recommend that you upgrade your dokuwiki packages.

\n
\n
\n
\n
", "3060": "
\n

Debian Security Advisory

\n

DSA-3060-1 linux -- security update

\n
\n
Date Reported:
\n
31 Oct 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 766195.
In Mitre's CVE dictionary: CVE-2014-3610, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3647, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-3690, CVE-2014-7207.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service:

\n
    \n
  • CVE-2014-3610\n

    Lars Bull of Google and Nadav Amit reported a flaw in how KVM\n handles noncanonical writes to certain MSR registers. A privileged\n guest user can exploit this flaw to cause a denial of service\n (kernel panic) on the host.

    • \n
  • CVE-2014-3611\n

    Lars Bull of Google reported a race condition in the PIT\n emulation code in KVM. A local guest user with access to PIT i/o\n ports could exploit this flaw to cause a denial of service (crash)\n on the host.

    • \n
  • CVE-2014-3645\n/ CVE-2014-3646\n

    The Advanced Threat Research team at Intel Security discovered\n that the KVM subsystem did not handle the VM exits gracefully\n for the invept (Invalidate Translations Derived from EPT) and\n invvpid (Invalidate Translations Based on VPID) instructions. On\n hosts with an Intel processor and invept/invppid VM exit\n support, an unprivileged guest user could use these instructions\n to crash the guest.

    • \n
  • CVE-2014-3647\n

    Nadav Amit reported that KVM mishandles noncanonical addresses when\n emulating instructions that change rip, potentially causing a failed\n VM-entry. A guest user with access to I/O or the MMIO can use this\n flaw to cause a denial of service (system crash) of the guest.

    • \n
  • CVE-2014-3673\n

    Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to\n a kernel panic when receiving malformed ASCONF chunks. A remote\n attacker could use this flaw to crash the system.

    • \n
  • CVE-2014-3687\n

    A flaw in the sctp stack was discovered leading to a kernel panic\n when receiving duplicate ASCONF chunks. A remote attacker could use\n this flaw to crash the system.

    • \n
  • CVE-2014-3688\n

    It was found that the sctp stack is prone to a remotely triggerable\n memory pressure issue caused by excessive queueing. A remote\n attacker could use this flaw to cause denial-of-service conditions\n on the system.

    • \n
  • CVE-2014-3690\n

    Andy Lutomirski discovered that incorrect register handling in KVM\n may lead to denial of service.

    • \n
  • CVE-2014-7207\n

    Several Debian developers reported an issue in the IPv6 networking\n subsystem. A local user with access to tun or macvtap devices, or a\n virtual machine connected to such a device, can cause a denial of\n service (system crash).

    • \n
\n

This update includes a bug fix related to CVE-2014-7207 that disables\nUFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net\ndrivers. This will cause migration of a running VM from a host running\nan earlier kernel version to a host running this kernel version to fail,\nif the VM has been assigned a virtio network device. In order to migrate\nsuch a VM, it must be shut down first.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.63-2+deb7u1.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3061": "
\n

Debian Security Advisory

\n

DSA-3061-1 icedove -- security update

\n
\n
Date Reported:
\n
31 Oct 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1585, CVE-2014-1586.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors, buffer overflows, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code or denial of service.

\n

This update updates Icedove to the ESR31 series of Thunderbird. In\naddition Enigmail was updated to version 1.7.2-1~deb7u1 to ensure\ncompatibility with the new upstream release.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.2.0-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.2.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3062": "
\n

Debian Security Advisory

\n

DSA-3062-1 wget -- security update

\n
\n
Date Reported:
\n
01 Nov 2014
\n
Affected Packages:
\n
\nwget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 766981.
In Mitre's CVE dictionary: CVE-2014-4877.
\n
More information:
\n
\n

HD Moore of Rapid7 discovered a symlink attack in Wget, a command-line\nutility to retrieve files via HTTP, HTTPS, and FTP. The vulnerability\nallows to create arbitrary files on the user's system when Wget runs in\nrecursive mode against a malicious FTP server. Arbitrary file creation\nmay override content of user's files or permit remote code execution with\nthe user privilege.

\n

This update changes the default setting in Wget such that it no longer\ncreates local symbolic links, but rather traverses them and retrieves the\npointed-to file in such a retrieval.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.13.4-3+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.16-1.

\n

We recommend that you upgrade your wget packages.

\n
\n
\n
\n
", "3063": "
\n

Debian Security Advisory

\n

DSA-3063-1 quassel -- security update

\n
\n
Date Reported:
\n
02 Nov 2014
\n
Affected Packages:
\n
\nquassel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 766962.
In Mitre's CVE dictionary: CVE-2014-8483.
\n
More information:
\n
\n

An out-of-bounds read vulnerability was discovered in Quassel-core, one\nof the components of the distributed IRC client Quassel. An attacker can\nsend a crafted message that crash to component causing a denial of\nservices or disclosure of information from process memory.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.8.0-1+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.10.0-2.1 (will be available soon).

\n

We recommend that you upgrade your quassel packages.

\n
\n
\n
\n
", "3064": "
\n

Debian Security Advisory

\n

DSA-3064-1 php5 -- security update

\n
\n
Date Reported:
\n
04 Nov 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7345, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development. It has been\ndecided to follow the stable 5.4.x releases for the Wheezy PHP packages.\nConsequently the vulnerabilities are addressed by upgrading PHP to a new\nupstream version 5.4.34, which includes additional bug fixes, new\nfeatures and possibly incompatible changes. Please refer to the upstream\nchangelog for more information:

\n

http://php.net/ChangeLog-5.php#5.4.34

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.34-0+deb7u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3065": "
\n

Debian Security Advisory

\n

DSA-3065-1 libxml-security-java -- security update

\n
\n
Date Reported:
\n
06 Nov 2014
\n
Affected Packages:
\n
\nlibxml-security-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 720375.
In Mitre's CVE dictionary: CVE-2013-2172.
\n
More information:
\n
\n

James Forshaw discovered that, in Apache Santuario XML Security for\nJava, CanonicalizationMethod parameters were incorrectly validated:\nby specifying an arbitrary weak canonicalization algorithm, an\nattacker could spoof XML signatures.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u1.

\n

For the testing distribution (jessie), this problem has been fixed in\nversion 1.5.5-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.5-2.

\n

We recommend that you upgrade your libxml-security-java packages.

\n
\n
\n
\n
", "3066": "
\n

Debian Security Advisory

\n

DSA-3066-1 qemu -- security update

\n
\n
Date Reported:
\n
06 Nov 2014
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 765496.
In Mitre's CVE dictionary: CVE-2014-3689, CVE-2014-7815.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator.

\n
    \n
  • CVE-2014-3689\n

    The Advanced Threat Research team at Intel Security reported that\n guest provided parameter were insufficiently validated in\n rectangle functions in the vmware-vga driver. A privileged guest\n user could use this flaw to write into qemu address space on the\n host, potentially escalating their privileges to those of the\n qemu host process.

    • \n
  • CVE-2014-7815\n

    James Spadaro of Cisco reported insufficiently sanitized\n bits_per_pixel from the client in the QEMU VNC display driver. An\n attacker having access to the guest's VNC console could use this\n flaw to crash the guest.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6a+deb7u5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1+dfsg-7.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3067": "
\n

Debian Security Advisory

\n

DSA-3067-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
06 Nov 2014
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3689, CVE-2014-7815.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2014-3689\n

    The Advanced Threat Research team at Intel Security reported that\n guest provided parameter were insufficiently validated in\n rectangle functions in the vmware-vga driver. A privileged guest\n user could use this flaw to write into qemu address space on the\n host, potentially escalating their privileges to those of the\n qemu host process.

    • \n
  • CVE-2014-7815\n

    James Spadaro of Cisco reported insufficiently sanitized\n bits_per_pixel from the client in the QEMU VNC display driver. An\n attacker having access to the guest's VNC console could use this\n flaw to crash the guest.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.1.2+dfsg-6+deb7u5.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3068": "
\n

Debian Security Advisory

\n

DSA-3068-1 konversation -- security update

\n
\n
Date Reported:
\n
07 Nov 2014
\n
Affected Packages:
\n
\nkonversation\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8483.
\n
More information:
\n
\n

It was discovered that Konversation, an IRC client for KDE, could be\ncrashed when receiving malformed messages using FiSH encryption.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5-2.

\n

We recommend that you upgrade your konversation packages.

\n
\n
\n
\n
", "3069": "
\n

Debian Security Advisory

\n

DSA-3069-1 curl -- security update

\n
\n
Date Reported:
\n
07 Nov 2014
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3707.
\n
More information:
\n
\n

Symeon Paraschoudis discovered that the curl_easy_duphandle() function\nin cURL, an URL transfer library, has a bug that can lead to libcurl\neventually sending off sensitive data that was not intended for sending,\nwhile performing a HTTP POST operation.

\n

This bug requires CURLOPT_COPYPOSTFIELDS and curl_easy_duphandle() to be\nused in that order, and then the duplicate handle must be used to\nperform the HTTP POST. The curl command line tool is not affected by\nthis problem as it does not use this sequence.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy11.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed in version 7.38.0-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.38.0-3.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3070": "
\n

Debian Security Advisory

\n

DSA-3070-1 kfreebsd-9 -- security update

\n
\n
Date Reported:
\n
07 Nov 2014
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3711, CVE-2014-3952, CVE-2014-3953, CVE-2014-8476.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FreeBSD kernel that\nmay lead to a denial of service or information disclosure.

\n
    \n
  • CVE-2014-3711\n

    Denial of service through memory leak in sandboxed namei lookups.

    • \n
  • CVE-2014-3952\n

    Kernel memory disclosure in sockbuf control messages.

    • \n
  • CVE-2014-3953\n

    Kernel memory disclosure in SCTP. This update disables SCTP, since the\n userspace tools shipped in Wheezy didn't support SCTP anyway.

    • \n
  • CVE-2014-8476\n

    Kernel stack disclosure in setlogin() and getlogin().

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 9.0-10+deb70.8.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "3071": "
\n

Debian Security Advisory

\n

DSA-3071-1 nss -- security update

\n
\n
Date Reported:
\n
11 Nov 2014
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1544.
\n
More information:
\n
\n

In nss, a set of libraries designed to support cross-platform\ndevelopment of security-enabled client and server applications, Tyson\nSmith and Jesse Schwartzentruber discovered a use-after-free\nvulnerability that allows remote attackers to execute arbitrary code by\ntriggering the improper removal of an NSSCertificate structure from a\ntrust domain.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u3.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:3.16.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.16.3-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3072": "
\n

Debian Security Advisory

\n

DSA-3072-1 file -- security update

\n
\n
Date Reported:
\n
11 Nov 2014
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 768806.
In Mitre's CVE dictionary: CVE-2014-3710.
\n
More information:
\n
\n

Francisco Alonso of Red Hat Product Security found an issue in the file\nutility: when checking ELF files, note headers are incorrectly checked,\nthus potentially allowing attackers to cause a denial of service\n(out-of-bounds read and application crash) by supplying a specially\ncrafted ELF file.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.11-2+deb7u6.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.20-2.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "3073": "
\n

Debian Security Advisory

\n

DSA-3073-1 libgcrypt11 -- security update

\n
\n
Date Reported:
\n
16 Nov 2014
\n
Affected Packages:
\n
\nlibgcrypt11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5270.
\n
More information:
\n
\n

Daniel Genkin, Itamar Pipman and Eran Tromer discovered that Elgamal\nencryption subkeys in applications using the libgcrypt11 library, for\nexample GnuPG 2.x, could be leaked via a side-channel attack.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.0-5+deb7u2.

\n

We recommend that you upgrade your libgcrypt11 packages.

\n
\n
\n
\n
", "3074": "
\n

Debian Security Advisory

\n

DSA-3074-1 php5 -- security update

\n
\n
Date Reported:
\n
18 Nov 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 768807.
In Mitre's CVE dictionary: CVE-2014-3710.
\n
More information:
\n
\n

Francisco Alonso of Red Hat Product Security found an issue in the file\nutility, whose code is embedded in PHP, a general-purpose scripting\nlanguage. When checking ELF files, note headers are incorrectly\nchecked, thus potentially allowing attackers to cause a denial of\nservice (out-of-bounds read and application crash) by supplying a\nspecially crafted ELF file.

\n

As announced in DSA-3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerability is addressed by upgrading PHP to a new upstream version\n5.4.35, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:

\nhttp://php.net/ChangeLog-5.php#5.4.35\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.35-0+deb7u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3075": "
\n

Debian Security Advisory

\n

DSA-3075-1 drupal7 -- security update

\n
\n
Date Reported:
\n
20 Nov 2014
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9015, CVE-2014-9016.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Drupal, a fully-featured content\nmanagement framework. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2014-9015\n

    Aaron Averill discovered that a specially crafted request can give a\n user access to another user's session, allowing an attacker to\n hijack a random session.

    • \n
  • CVE-2014-9016\n

    Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered\n that the password hashing API allows an attacker to send\n specially crafted requests resulting in CPU and memory\n exhaustion. This may lead to the site becoming unavailable or\n unresponsive (denial of service).

    • \n
\n

Custom configured session.inc and password.inc need to be audited as\nwell to verify if they are prone to these vulnerabilities. More\ninformation can be found in the upstream advisory at\nhttps://www.drupal.org/SA-CORE-2014-006

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.14-2+deb7u8.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3076": "
\n

Debian Security Advisory

\n

DSA-3076-1 wireshark -- security update

\n
\n
Date Reported:
\n
25 Nov 2014
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nSigComp UDVM, AMQP, NCP and TN5250, which could result in denial of\nservice.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy13.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-2.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3077": "
\n

Debian Security Advisory

\n

DSA-3077-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
26 Nov 2014
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b33-1.13.5-2~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "3078": "
\n

Debian Security Advisory

\n

DSA-3078-1 libksba -- security update

\n
\n
Date Reported:
\n
27 Nov 2014
\n
Affected Packages:
\n
\nlibksba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 770972.
In Mitre's CVE dictionary: CVE-2014-9087.
\n
More information:
\n
\n

An integer underflow flaw, leading to a heap-based buffer overflow, was\nfound in the ksba_oid_to_str() function of libksba, an X.509 and CMS\n(PKCS#7) library. By using special crafted S/MIME messages or ECC based\nOpenPGP data, it is possible to create a buffer overflow, which could\ncause an application using libksba to crash (denial of service), or\npotentially, execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.0-2+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.3.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1.

\n

We recommend that you upgrade your libksba packages.

\n
\n
\n
\n
", "3079": "
\n

Debian Security Advisory

\n

DSA-3079-1 ppp -- security update

\n
\n
Date Reported:
\n
28 Nov 2014
\n
Affected Packages:
\n
\nppp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762789.
In Mitre's CVE dictionary: CVE-2014-3158.
\n
More information:
\n
\n

A vulnerability was discovered in ppp, an implementation of the\nPoint-to-Point Protocol: an integer overflow in the routine\nresponsible for parsing user-supplied options potentially allows a\nlocal attacker to gain root privileges.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.5-5.1+deb7u1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 2.4.6-3.

\n

We recommend that you upgrade your ppp packages.

\n
\n
\n
\n
", "3080": "
\n

Debian Security Advisory

\n

DSA-3080-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
29 Nov 2014
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u71-2.5.3-2~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 7u71-2.5.3-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u71-2.5.3-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3081": "
\n

Debian Security Advisory

\n

DSA-3081-1 libvncserver -- security update

\n
\n
Date Reported:
\n
29 Nov 2014
\n
Affected Packages:
\n
\nlibvncserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 762745.
In Mitre's CVE dictionary: CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in libvncserver, a library to\nimplement VNC server functionality. These vulnerabilities might result in the\nexecution of arbitrary code or denial of service in both the client and the\nserver side.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.9.9+dfsg-1+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.9.9+dfsg-6.1.

\n

We recommend that you upgrade your libvncserver packages.

\n
\n
\n
\n
", "3082": "
\n

Debian Security Advisory

\n

DSA-3082-1 flac -- security update

\n
\n
Date Reported:
\n
30 Nov 2014
\n
Affected Packages:
\n
\nflac\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 770918.
In Mitre's CVE dictionary: CVE-2014-8962, CVE-2014-9028.
\n
More information:
\n
\n

Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of\nRed Hat, discovered two issues in flac, a library handling Free\nLossless Audio Codec media: by providing a specially crafted FLAC\nfile, an attacker could execute arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.1-6+deb7u1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 1.3.0-3.

\n

We recommend that you upgrade your flac packages.

\n
\n
\n
\n
", "3083": "
\n

Debian Security Advisory

\n

DSA-3083-1 mutt -- security update

\n
\n
Date Reported:
\n
30 Nov 2014
\n
Affected Packages:
\n
\nmutt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 771125.
In Mitre's CVE dictionary: CVE-2014-9116.
\n
More information:
\n
\n

A flaw was discovered in mutt, a text-based mailreader. A specially\ncrafted mail header could cause mutt to crash, leading to a denial of\nservice condition.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.21-6.2+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.23-2.

\n

We recommend that you upgrade your mutt packages.

\n
\n
\n
\n
", "3084": "
\n

Debian Security Advisory

\n

DSA-3084-1 openvpn -- security update

\n
\n
Date Reported:
\n
01 Dec 2014
\n
Affected Packages:
\n
\nopenvpn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8104.
\n
More information:
\n
\n

Dragana Damjanovic discovered that an authenticated client could crash\nan OpenVPN server by sending a control packet containing less than\nfour bytes as payload.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.2.1-8+deb7u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.4-5.

\n

We recommend that you upgrade your openvpn packages.

\n
\n
\n
\n
", "3085": "
\n

Debian Security Advisory

\n

DSA-3085-1 wordpress -- security update

\n
\n
Date Reported:
\n
03 Dec 2014
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 770425.
In Mitre's CVE dictionary: CVE-2014-9031, CVE-2014-9033, CVE-2014-9034, CVE-2014-9035, CVE-2014-9036, CVE-2014-9037, CVE-2014-9038, CVE-2014-9039.
\n
More information:
\n
\n

Multiple security issues have been discovered in Wordpress, a web\nblogging tool, resulting in denial of service or information disclosure.\nMore information can be found in the upstream advisory at\nhttps://wordpress.org/news/2014/11/wordpress-4-0-1/

\n
    \n
  • CVE-2014-9031\n

    Jouko Pynnonen discovered an unauthenticated cross site scripting\n vulnerability (XSS) in wptexturize(), exploitable via comments or\n posts.

    • \n
  • CVE-2014-9033\n

    Cross site request forgery (CSRF) vulnerability in the password\n changing process, which could be used by an attacker to trick an\n user into changing her password.

    • \n
  • CVE-2014-9034\n

    Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential\n denial of service in the way the phpass library is used to handle\n passwords, since no maximum password length was set.

    • \n
  • CVE-2014-9035\n

    John Blackbourn reported an XSS in the Press This function (used\n for quick publishing using a browser bookmarklet).

    • \n
  • CVE-2014-9036\n

    Robert Chapin reported an XSS in the HTML filtering of CSS in posts.

    • \n
  • CVE-2014-9037\n

    David Anderson reported a hash comparison vulnerability for\n passwords stored using the old-style MD5 scheme. While unlikely,\n this could be exploited to compromise an account, if the user had\n not logged in after a Wordpress 2.5 update (uploaded to Debian on 2\n Apr, 2008) and the password MD5 hash could be collided with due to\n PHP dynamic comparison.

    • \n
  • CVE-2014-9038\n

    Ben Bidner reported a server side request forgery (SSRF) in the core\n HTTP layer which unsufficiently blocked the loopback IP address\n space.

    • \n
  • CVE-2014-9039\n

    Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a\n vulnerability in the password reset process: an email address change\n would not invalidate a previous password reset email.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.6.1+dfsg-1~deb7u5.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.0.1+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3086": "
\n

Debian Security Advisory

\n

DSA-3086-1 tcpdump -- security update

\n
\n
Date Reported:
\n
03 Dec 2014
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 770424, Bug 770434.
In Mitre's CVE dictionary: CVE-2014-8767, CVE-2014-8769, CVE-2014-9140.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service, leaking sensitive information from memory or, potentially,\nexecution of arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.3.0-1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-3.

\n

We recommend that you upgrade your tcpdump packages.

\n
\n
\n
\n
", "3087": "
\n

Debian Security Advisory

\n

DSA-3087-1 qemu -- security update

\n
\n
Date Reported:
\n
04 Dec 2014
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8106.
\n
More information:
\n
\n

Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu, a fast processor\nemulator. A privileged guest user could use this flaw to write into qemu\naddress space on the host, potentially escalating their privileges to\nthose of the qemu host process.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6a+deb7u6.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3088": "
\n

Debian Security Advisory

\n

DSA-3088-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
04 Dec 2014
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8106.
\n
More information:
\n
\n

Paolo Bonzini of Red Hat discovered that the blit region checks were\ninsufficient in the Cirrus VGA emulator in qemu-kvm, a full\nvirtualization solution on x86 hardware. A privileged guest user could\nuse this flaw to write into qemu address space on the host, potentially\nescalating their privileges to those of the qemu host process.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.2+dfsg-6+deb7u6.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3089": "
\n

Debian Security Advisory

\n

DSA-3089-1 jasper -- security update

\n
\n
Date Reported:
\n
04 Dec 2014
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772036.
In Mitre's CVE dictionary: CVE-2014-9029.
\n
More information:
\n
\n

Jose Duart of the Google Security Team discovered heap-based buffer\noverflow flaws in JasPer, a library for manipulating JPEG-2000 files,\nwhich could lead to denial of service (application crash) or the\nexecution of arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed\nin version 1.900.1-13+deb7u1.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3090": "
\n

Debian Security Advisory

\n

DSA-3090-1 iceweasel -- security update

\n
\n
Date Reported:
\n
04 Dec 2014
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors, buffer\noverflows, use-after-frees and other implementation errors may lead to\nthe execution of arbitrary code, the bypass of security restrictions or\ndenial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.3.0esr-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.3.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3091": "
\n

Debian Security Advisory

\n

DSA-3091-1 getmail4 -- security update

\n
\n
Date Reported:
\n
07 Dec 2014
\n
Affected Packages:
\n
\ngetmail4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 766670.
In Mitre's CVE dictionary: CVE-2014-7273, CVE-2014-7274, CVE-2014-7275.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in getmail4, a mail\nretriever with support for POP3, IMAP4 and SDPS, that could allow\nman-in-the-middle attacks.

\n
    \n
  • CVE-2014-7273\n

    The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0\n does not verify X.509 certificates from SSL servers, which allows\n man-in-the-middle attackers to spoof IMAP servers and obtain\n sensitive information via a crafted certificate.

    • \n
  • CVE-2014-7274\n

    The IMAP-over-SSL implementation in getmail 4.44.0 does not verify\n that the server hostname matches a domain name in the subject's\n Common Name (CN) field of the X.509 certificate, which allows\n man-in-the-middle attackers to spoof IMAP servers and obtain\n sensitive information via a crafted certificate from a recognized\n Certification Authority.

    • \n
  • CVE-2014-7275\n

    The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0\n does not verify X.509 certificates from SSL servers, which allows\n man-in-the-middle attackers to spoof POP3 servers and obtain\n sensitive information via a crafted certificate.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.46.0-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.46.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.46.0-1.

\n

We recommend that you upgrade your getmail4 packages.

\n
\n
\n
\n
", "3092": "
\n

Debian Security Advisory

\n

DSA-3092-1 icedove -- security update

\n
\n
Date Reported:
\n
07 Dec 2014
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors, buffer overflows, use-after-frees and other implementation errors\nmay lead to the execution of arbitrary code, the bypass of security\nrestrictions or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.3.0-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.3.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3093": "
\n

Debian Security Advisory

\n

DSA-3093-1 linux -- security update

\n
\n
Date Reported:
\n
08 Dec 2014
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7841, CVE-2014-8369, CVE-2014-8884, CVE-2014-9090.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:

\n
    \n
  • CVE-2014-7841\n

    Liu Wei of Red Hat discovered that a SCTP server doing ASCONF will\n panic on malformed INIT chunks by triggering a NULL pointer\n dereference.

    • \n
  • CVE-2014-8369\n

    A flaw was discovered in the way iommu mapping failures were handled\n in the kvm_iommu_map_pages() function in the Linux kernel. A guest\n OS user could exploit this flaw to cause a denial of service (host\n OS memory corruption) or possibly have other unspecified impact on\n the host OS.

    • \n
  • CVE-2014-8884\n

    A stack-based buffer overflow flaw was discovered in the\n TechnoTrend/Hauppauge DEC USB driver. A local user with write access\n to the corresponding device could use this flaw to crash the kernel\n or, potentially, elevate their privileges.

    • \n
  • CVE-2014-9090\n

    Andy Lutomirski discovered that the do_double_fault function in\n arch/x86/kernel/traps.c in the Linux kernel did not properly handle\n faults associated with the Stack Segment (SS) segment register,\n which allows local users to cause a denial of service (panic).

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.63-2+deb7u2. This update also includes fixes for regressions\nintroduced by previous updates.

\n

For the unstable distribution (sid), these problems will be fixed soon\nin version 3.16.7-ckt2-1.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3094": "
\n

Debian Security Advisory

\n

DSA-3094-1 bind9 -- security update

\n
\n
Date Reported:
\n
08 Dec 2014
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8500.
\n
More information:
\n
\n

It was discovered that BIND, a DNS server, is prone to a denial of\nservice vulnerability.

\n

By making use of maliciously-constructed zones or a rogue server, an\nattacker can exploit an oversight in the code BIND 9 uses to follow\ndelegations in the Domain Name Service, causing BIND to issue unlimited\nqueries in an attempt to follow the delegation.

\n

This can lead to resource exhaustion and denial of service\n(up to and including termination of the named server process.)

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u3.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3095": "
\n

Debian Security Advisory

\n

DSA-3095-1 xorg-server -- security update

\n
\n
Date Reported:
\n
10 Dec 2014
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102.
\n
More information:
\n
\n

Ilja van Sprundel of IOActive discovered several security issues in the\nX.org X server, which may lead to privilege escalation or denial of\nservice.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.12.4-6+deb7u5.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.16.2.901-1.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "3096": "
\n

Debian Security Advisory

\n

DSA-3096-1 pdns-recursor -- security update

\n
\n
Date Reported:
\n
11 Dec 2014
\n
Affected Packages:
\n
\npdns-recursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8601.
\n
More information:
\n
\n

Florian Maury from ANSSI discovered a flaw in pdns-recursor, a\nrecursive DNS server : a remote attacker controlling\nmaliciously-constructed zones or a rogue server could affect the\nperformance of pdns-recursor, thus leading to resource exhaustion and\na potential denial-of-service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.3-3+deb7u1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 3.6.2-1.

\n

We recommend that you upgrade your pdns-recursor packages.

\n
\n
\n
\n
", "3097": "
\n

Debian Security Advisory

\n

DSA-3097-1 unbound -- security update

\n
\n
Date Reported:
\n
10 Dec 2014
\n
Affected Packages:
\n
\nunbound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772622.
In Mitre's CVE dictionary: CVE-2014-8602.
\n
More information:
\n
\n

Florian Maury from ANSSI discovered that unbound, a validating,\nrecursive, and caching DNS resolver, was prone to a denial of service\nvulnerability. An attacker crafting a malicious zone and able to emit\n(or make emit) queries to the server can trick the resolver into\nfollowing an endless series of delegations, leading to resource\nexhaustion and huge network usage.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.17-3+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.4.22-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.22-3.

\n

We recommend that you upgrade your unbound packages.

\n
\n
\n
\n
", "3098": "
\n

Debian Security Advisory

\n

DSA-3098-1 graphviz -- security update

\n
\n
Date Reported:
\n
11 Dec 2014
\n
Affected Packages:
\n
\ngraphviz\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772648.
In Mitre's CVE dictionary: CVE-2014-9157.
\n
More information:
\n
\n

Joshua Rogers discovered a format string vulnerability in the yyerror\nfunction in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing\ntools. An attacker could use this flaw to cause graphviz to crash or\npossibly execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.26.3-14+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon in version 2.38.0-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.38.0-7.

\n

We recommend that you upgrade your graphviz packages.

\n
\n
\n
\n
", "3099": "
\n

Debian Security Advisory

\n

DSA-3099-1 dbus -- security update

\n
\n
Date Reported:
\n
11 Dec 2014
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7824.
\n
More information:
\n
\n

Simon McVittie discovered that the fix for\nCVE-2014-3636 was incorrect, as it did not fully address the underlying\ndenial-of-service vector. This update starts the D-Bus daemon as root\ninitially, so that it can properly raise its file descriptor count.

\n

In addition, this update reverts the auth_timeout change in the\nprevious security update to its old value because the new value causes\nboot failures on some systems. See the README.Debian file for details\nhow to harden the D-Bus daemon against malicious local users.

\n

For the stable distribution (wheezy), these problem have been fixed in\nversion 1.6.8-1+deb7u5.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problem have been fixed in version 1.8.10-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "3100": "
\n

Debian Security Advisory

\n

DSA-3100-1 mediawiki -- security update

\n
\n
Date Reported:
\n
12 Dec 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772764.
In Mitre's CVE dictionary: CVE-2014-9277.
\n
More information:
\n
\n

A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy\nmangling allows an article editor to inject code into API consumers\nthat deserialize PHP representations of the page from the API.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:1.19.20+dfsg-0+deb7u2.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "3101": "
\n

Debian Security Advisory

\n

DSA-3101-1 c-icap -- security update

\n
\n
Date Reported:
\n
13 Dec 2014
\n
Affected Packages:
\n
\nc-icap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7401, CVE-2013-7402.
\n
More information:
\n
\n

Several vulnerabilities were found in c-icap, an ICAP server\nimplementation, which could allow a remote attacker to cause c-icap to\ncrash, or have other, unspecified impacts.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:0.1.6-1.1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1:0.3.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:0.3.1-1.

\n

We recommend that you upgrade your c-icap packages.

\n
\n
\n
\n
", "3102": "
\n

Debian Security Advisory

\n

DSA-3102-1 libyaml -- security update

\n
\n
Date Reported:
\n
13 Dec 2014
\n
Affected Packages:
\n
\nlibyaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 771366.
In Mitre's CVE dictionary: CVE-2014-9130.
\n
More information:
\n
\n

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.1.4-2+deb7u5.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.1.6-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.1.6-3.

\n

We recommend that you upgrade your libyaml packages.

\n
\n
\n
\n
", "3103": "
\n

Debian Security Advisory

\n

DSA-3103-1 libyaml-libyaml-perl -- security update

\n
\n
Date Reported:
\n
13 Dec 2014
\n
Affected Packages:
\n
\nlibyaml-libyaml-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 771365.
In Mitre's CVE dictionary: CVE-2014-9130.
\n
More information:
\n
\n

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and\nemitter library. An attacker able to load specially crafted YAML input\ninto an application using libyaml could cause the application to crash.

\n

This update corrects this flaw in the copy that is embedded in the\nlibyaml-libyaml-perl package.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.38-3+deb7u3.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.41-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.41-6.

\n

We recommend that you upgrade your libyaml-libyaml-perl packages.

\n
\n
\n
\n
", "3104": "
\n

Debian Security Advisory

\n

DSA-3104-1 bsd-mailx -- security update

\n
\n
Date Reported:
\n
16 Dec 2014
\n
Affected Packages:
\n
\nbsd-mailx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7844.
\n
More information:
\n
\n

It was discovered that bsd-mailx, an implementation of the mail\ncommand, had an undocumented feature which treats syntactically valid\nemail addresses as shell commands to execute.

\n

Users who need this feature can re-enable it using the expandaddr in\nan appropriate mailrc file. This update also removes the obsolete\n-T option. An older security vulnerability,\nCVE-2004-2771, had already been addressed in the Debian's bsd-mailx\npackage.

\n

Note that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the\nrecipient addresses as part of the mail header.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 8.1.2-0.20111106cvs-1+deb7u1.

\n

We recommend that you upgrade your bsd-mailx packages.

\n
\n
\n
\n
", "3105": "
\n

Debian Security Advisory

\n

DSA-3105-1 heirloom-mailx -- security update

\n
\n
Date Reported:
\n
16 Dec 2014
\n
Affected Packages:
\n
\nheirloom-mailx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2004-2771, CVE-2014-7844.
\n
More information:
\n
\n

Two security vulnerabilities were discovered in Heirloom mailx, an\nimplementation of the mail command:

\n
    \n
  • CVE-2004-2771\n

    mailx interprets shell meta-characters in certain email\n addresses.

    • \n
  • CVE-2014-7844\n

    An unexpected feature of mailx treats syntactically valid email\n addresses as shell commands to execute.

    • \n
\n

Shell command execution can be re-enabled using the expandaddr\noption.

\n

Note that this security update does not remove all mailx facilities\nfor command execution, though. Scripts which send mail to addresses\nobtained from an untrusted source (such as a web form) should use the\n-- separator before the email addresses (which was fixed to work\nproperly in this update), or they should be changed to invoke\nmail -t or sendmail -i -t instead, passing the recipient addresses\nas part of the mail header.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 12.5-2+deb7u1.

\n

We recommend that you upgrade your heirloom-mailx packages.

\n
\n
\n
\n
", "3106": "
\n

Debian Security Advisory

\n

DSA-3106-1 jasper -- security update

\n
\n
Date Reported:
\n
20 Dec 2014
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773463.
In Mitre's CVE dictionary: CVE-2014-8137, CVE-2014-8138.
\n
More information:
\n
\n

Jose Duart of the Google Security Team discovered a double free flaw\n(CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138)\nin JasPer, a library for manipulating JPEG-2000 files. A specially\ncrafted file could cause an application using JasPer to crash or,\npossibly, execute arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.900.1-13+deb7u2.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3107": "
\n

Debian Security Advisory

\n

DSA-3107-1 subversion -- security update

\n
\n
Date Reported:
\n
20 Dec 2014
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773263.
In Mitre's CVE dictionary: CVE-2014-3580.
\n
More information:
\n
\n

Evgeny Kotkov discovered a NULL pointer dereference while processing\nREPORT requests in mod_dav_svn, the Subversion component which is used\nto serve repositories with the Apache web server. A remote attacker\ncould abuse this vulnerability for a denial of service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.17dfsg-4+deb7u7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.10-5.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3108": "
\n

Debian Security Advisory

\n

DSA-3108-1 ntp -- security update

\n
\n
Date Reported:
\n
20 Dec 2014
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773576.
In Mitre's CVE dictionary: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the ntp package, an\nimplementation of the Network Time Protocol.

\n
    \n
  • CVE-2014-9293\n

    ntpd generated a weak key for its internal use, with full\n administrative privileges. Attackers could use this key to\n reconfigure ntpd (or to exploit other vulnerabilities).

    • \n
  • CVE-2014-9294\n

    The ntp-keygen utility generated weak MD5 keys with insufficient\n entropy.

    • \n
  • CVE-2014-9295\n

    ntpd had several buffer overflows (both on the stack and in the\n data section), allowing remote authenticated attackers to crash\n ntpd or potentially execute arbitrary code.

    • \n
  • CVE-2014-9296\n

    The general packet processing function in ntpd did not handle an\n error case correctly.

    • \n
\n

The default ntpd configuration in Debian restricts access to localhost\n(and possible the adjacent network in case of IPv6).

\n

Keys explicitly generated by \"ntp-keygen -M\" should be regenerated.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u1.

\n

We recommend that you upgrade your ntp packages.

\n
\n
\n
\n
", "3109": "
\n

Debian Security Advisory

\n

DSA-3109-1 firebird2.5 -- security update

\n
\n
Date Reported:
\n
21 Dec 2014
\n
Affected Packages:
\n
\nfirebird2.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772880.
In Mitre's CVE dictionary: CVE-2014-9323.
\n
More information:
\n
\n

Dmitry Kovalenko discovered that the Firebird database server is prone\nto a denial of service vulnerability. An unauthenticated remote attacker\ncould send a malformed network packet to a firebird server, which would\ncause the server to crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.5.2.26540.ds4-1~deb7u2.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2.5.3.26778.ds4-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.3.26778.ds4-5.

\n

We recommend that you upgrade your firebird2.5 packages.

\n
\n
\n
\n
", "3110": "
\n

Debian Security Advisory

\n

DSA-3110-1 mediawiki -- security update

\n
\n
Date Reported:
\n
23 Dec 2014
\n
Affected Packages:
\n
\nmediawiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773654.
In Mitre's CVE dictionary: CVE-2014-9475.
\n
More information:
\n
\n

A flaw was discovered in mediawiki, a wiki engine: thumb.php outputs\nwikitext messages as raw HTML, potentially leading to cross-site\nscripting (XSS).

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.19.20+dfsg-0+deb7u3; this version additionally fixes a\nregression introduced in the previous release, DSA-3100-1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version\n1:1.19.20+dfsg-2.2.

\n

We recommend that you upgrade your mediawiki packages.

\n
\n
\n
\n
", "3111": "
\n

Debian Security Advisory

\n

DSA-3111-1 cpio -- security update

\n
\n
Date Reported:
\n
22 Dec 2014
\n
Affected Packages:
\n
\ncpio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772793.
In Mitre's CVE dictionary: CVE-2014-9112.
\n
More information:
\n
\n

Michal Zalewski discovered an out of bounds write issue in cpio, a tool\nfor creating and extracting cpio archive files. In the process of\nfixing that issue, the cpio developers found and fixed additional\nrange checking and null pointer dereference issues.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.11+dfsg-0.1+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-4.

\n

We recommend that you upgrade your cpio packages.

\n
\n
\n
\n
", "3112": "
\n

Debian Security Advisory

\n

DSA-3112-1 sox -- security update

\n
\n
Date Reported:
\n
23 Dec 2014
\n
Affected Packages:
\n
\nsox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773720.
In Mitre's CVE dictionary: CVE-2014-8145.
\n
More information:
\n
\n

Michele Spagnuolo of the Google Security Team dicovered two heap-based\nbuffer overflows in SoX, the Swiss Army knife of sound processing\nprograms. A specially crafted wav file could cause an application using\nSoX to crash or, possibly, execute arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 14.4.0-3+deb7u1.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your sox packages.

\n
\n
\n
\n
", "3113": "
\n

Debian Security Advisory

\n

DSA-3113-1 unzip -- security update

\n
\n
Date Reported:
\n
28 Dec 2014
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773722.
In Mitre's CVE dictionary: CVE-2014-8139, CVE-2014-8140, CVE-2014-8141.
\n
More information:
\n
\n

Michele Spagnuolo of the Google Security Team discovered that unzip, an\nextraction utility for archives compressed in .zip format, is affected\nby heap-based buffer overflows within the CRC32 verification function\n(CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the\ngetZip64Data() function (CVE-2014-8141), which may lead to the execution\nof arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6.0-8+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6.0-13.

\n

We recommend that you upgrade your unzip packages.

\n
\n
\n
\n
", "3114": "
\n

Debian Security Advisory

\n

DSA-3114-1 mime-support -- security update

\n
\n
Date Reported:
\n
29 Dec 2014
\n
Affected Packages:
\n
\nmime-support\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7209.
\n
More information:
\n
\n

Timothy D. Morgan discovered that run-mailcap, an utility to execute\nprograms via entries in the mailcap file, is prone to shell command\ninjection via shell meta-characters in filenames. In specific scenarios\nthis flaw could allow an attacker to remotely execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.52-1+deb7u1.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your mime-support packages.

\n
\n
\n
\n
", "3115": "
\n

Debian Security Advisory

\n

DSA-3115-1 pyyaml -- security update

\n
\n
Date Reported:
\n
29 Dec 2014
\n
Affected Packages:
\n
\npyyaml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772815.
In Mitre's CVE dictionary: CVE-2014-9130.
\n
More information:
\n
\n

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the\nway wrapped strings are parsed in Python-YAML, a YAML parser and emitter\nfor Python. An attacker able to load specially crafted YAML input into an\napplication using python-yaml could cause the application to crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.10-4+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.11-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.11-2.

\n

We recommend that you upgrade your pyyaml packages.

\n
\n
\n
\n
", "3116": "
\n

Debian Security Advisory

\n

DSA-3116-1 polarssl -- security update

\n
\n
Date Reported:
\n
30 Dec 2014
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8628.
\n
More information:
\n
\n

It was discovered that a memory leak in parsing X.509 certificates may\nresult in denial of service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-1~deb7u4.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.3.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.9-1.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "3117": "
\n

Debian Security Advisory

\n

DSA-3117-1 php5 -- security update

\n
\n
Date Reported:
\n
31 Dec 2014
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8142.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

As announced in DSA 3064-1 it has been decided to follow the stable\n5.4.x releases for the Wheezy php5 packages. Consequently the\nvulnerabilities are addressed by upgrading PHP to a new upstream version\n5.4.36, which includes additional bug fixes, new features and possibly\nincompatible changes. Please refer to the upstream changelog for more\ninformation:

\n

http://php.net/ChangeLog-5.php#5.4.36

\n

Two additional patches were applied on top of the imported new upstream\nversion. An out-of-bounds read flaw was fixed which could lead php5-cgi\nto crash. Moreover a bug with php5-pgsql in combination with PostgreSQL\n9.1 was fixed\n(Debian Bug #773182).

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.36-0+deb7u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3118": "
\n

Debian Security Advisory

\n

DSA-3118-1 strongswan -- security update

\n
\n
Date Reported:
\n
05 Jan 2015
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9221.
\n
More information:
\n
\n

Mike Daskalakis reported a denial of service vulnerability in charon,\nthe IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish\nIPsec protected links.

\n

The bug can be triggered by an IKEv2 Key Exchange (KE) payload that\ncontains the Diffie-Hellman (DH) group 1025. This identifier is from the\nprivate-use range and only used internally by libtls for DH groups with\ncustom generator and prime (MODP_CUSTOM). As such the instantiated\nmethod expects that these two values are passed to the constructor. This\nis not the case when a DH object is created based on the group in the KE\npayload. Therefore, an invalid pointer is dereferenced later, which\ncauses a segmentation fault.

\n

This means that the charon daemon can be crashed with a single\nIKE_SA_INIT message containing such a KE payload. The starter process\nshould restart the daemon after that, but this might increase load on\nthe system. Remote code execution is not possible due to this issue, nor\nis IKEv1 affected in charon or pluto.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.2-1.5+deb7u6.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 5.2.1-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.1-5.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "3119": "
\n

Debian Security Advisory

\n

DSA-3119-1 libevent -- security update

\n
\n
Date Reported:
\n
06 Jan 2015
\n
Affected Packages:
\n
\nlibevent\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 774645.
In Mitre's CVE dictionary: CVE-2014-6272, CVE-2015-6525.
\n
More information:
\n
\n

Andrew Bartlett of Catalyst reported a defect affecting certain\napplications using the Libevent evbuffer API. This defect leaves\napplications which pass insanely large inputs to evbuffers open to a\npossible heap overflow or infinite loop. In order to exploit this flaw,\nan attacker needs to be able to find a way to provoke the program into\ntrying to make a buffer chunk larger than what will fit into a single\nsize_t or off_t.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.0.19-stable-3+deb7u1.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libevent packages.

\n
\n
\n
\n
", "3120": "
\n

Debian Security Advisory

\n

DSA-3120-1 mantis -- security update

\n
\n
Date Reported:
\n
06 Jan 2015
\n
Affected Packages:
\n
\nmantis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6316, CVE-2014-7146, CVE-2014-8553, CVE-2014-8554, CVE-2014-8598, CVE-2014-8986, CVE-2014-8988, CVE-2014-9089, CVE-2014-9117, CVE-2014-9269, CVE-2014-9270, CVE-2014-9271, CVE-2014-9272, CVE-2014-9280, CVE-2014-9281, CVE-2014-9388, CVE-2014-9506, CVE-2014-6387, CVE-2013-4460, CVE-2013-1934, CVE-2013-1811.
\n
More information:
\n
\n

Multiple security issues have been found in the Mantis bug tracking\nsystem, which may result in phishing, information disclosure, CAPTCHA\nbypass, SQL injection, cross-site scripting or the execution of arbitrary\nPHP code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.18-1.

\n

We recommend that you upgrade your mantis packages.

\n
\n
\n
\n
", "3121": "
\n

Debian Security Advisory

\n

DSA-3121-1 file -- security update

\n
\n
Date Reported:
\n
08 Jan 2015
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773148.
In Mitre's CVE dictionary: CVE-2014-8116, CVE-2014-8117, CVE-2014-9620.
\n
More information:
\n
\n

Multiple security issues have been found in file, a tool/library to\ndetermine a file type. Processing a malformed file could result in\ndenial of service. Most of the changes are related to parsing ELF\nfiles.

\n

As part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded or too many program header sections.

\n

To mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.11-2+deb7u7.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:5.21+15-1.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "3122": "
\n

Debian Security Advisory

\n

DSA-3122-1 curl -- security update

\n
\n
Date Reported:
\n
08 Jan 2015
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8150.
\n
More information:
\n
\n

Andrey Labunets of Facebook discovered that cURL, an URL transfer\nlibrary, fails to properly handle URLs with embedded end-of-line\ncharacters. An attacker able to make an application using libcurl to\naccess a specially crafted URL via an HTTP proxy could use this flaw to\ndo additional requests in a way that was not intended, or insert\nadditional request headers into the request.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.26.0-1+wheezy12.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.38.0-4.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3123": "
\n

Debian Security Advisory

\n

DSA-3123-1 binutils -- security update

\n
\n
Date Reported:
\n
09 Jan 2015
\n
Affected Packages:
\n
\nbinutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738.
\n
More information:
\n
\n

Multiple security issues have been found in binutils, a toolbox for\nbinary file manipulation. These vulnerabilities include multiple memory\nsafety errors, buffer overflows, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, the bypass of security\nrestrictions, path traversal attack or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.22-8+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.25-3.

\n

We recommend that you upgrade your binutils packages.

\n
\n
\n
\n
", "3124": "
\n

Debian Security Advisory

\n

DSA-3124-1 otrs2 -- security update

\n
\n
Date Reported:
\n
10 Jan 2015
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9324.
\n
More information:
\n
\n

Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered\na privilege escalation vulnerability in otrs2, the Open Ticket Request\nSystem. An attacker with valid OTRS credentials could access and\nmanipulate ticket data of other users via the GenericInterface, if a\nticket webservice is configured and not additionally secured.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.7+dfsg1-8+deb7u5.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.3.9-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.9-3.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "3125": "
\n

Debian Security Advisory

\n

DSA-3125-1 openssl -- security update

\n
\n
Date Reported:
\n
11 Jan 2015
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2014-3569\n

    Frank Schmirler reported that the ssl23_get_client_hello function in\n OpenSSL does not properly handle attempts to use unsupported\n protocols. When OpenSSL is built with the no-ssl3 option and a SSL\n v3 ClientHello is received, the ssl method would be set to NULL which\n could later result in a NULL pointer dereference and daemon crash.

    • \n
  • CVE-2014-3570\n

    Pieter Wuille of Blockstream reported that the bignum squaring\n (BN_sqr) may produce incorrect results on some platforms, which\n might make it easier for remote attackers to defeat cryptographic\n protection mechanisms.

    • \n
  • CVE-2014-3571\n

    Markus Stenberg of Cisco Systems, Inc. reported that a carefully\n crafted DTLS message can cause a segmentation fault in OpenSSL due\n to a NULL pointer dereference. A remote attacker could use this flaw\n to mount a denial of service attack.

    • \n
  • CVE-2014-3572\n

    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL client would accept a handshake using an ephemeral ECDH\n ciphersuite if the server key exchange message is omitted. This\n allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks\n and trigger a loss of forward secrecy.

    • \n
  • CVE-2014-8275\n

    Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project\n and Konrad Kraszewski of Google reported various certificate\n fingerprint issues, which allow remote attackers to defeat a\n fingerprint-based certificate-blacklist protection mechanism.

    • \n
  • CVE-2015-0204\n

    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that\n an OpenSSL client will accept the use of an ephemeral RSA key in a\n non-export RSA key exchange ciphersuite, violating the TLS\n standard. This allows remote SSL servers to downgrade the security\n of the session.

    • \n
  • CVE-2015-0205\n

    Karthikeyan Bhargavan of the PROSECCO team at INRIA reported that an\n OpenSSL server will accept a DH certificate for client\n authentication without the certificate verify message. This flaw\n effectively allows a client to authenticate without the use of a\n private key via crafted TLS handshake protocol traffic to a server\n that recognizes a certification authority with DH support.

    • \n
  • CVE-2015-0206\n

    Chris Mueller discovered a memory leak in the dtls1_buffer_record\n function. A remote attacker could exploit this flaw to mount a\n denial of service through memory exhaustion by repeatedly sending\n specially crafted DTLS records.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u14.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.1k-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3126": "
\n

Debian Security Advisory

\n

DSA-3126-1 php5 -- security update

\n
\n
Date Reported:
\n
12 Jan 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that libmagic as used by PHP, would trigger an out\nof bounds memory access when trying to identify a crafted file.

\n

Additionally, this updates fixes a potential dependency loop in dpkg\ntrigger handling.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.4.36-0+deb7u3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3127": "
\n

Debian Security Advisory

\n

DSA-3127-1 iceweasel -- security update

\n
\n
Date Reported:
\n
14 Jan 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors\nand implementation errors may lead to the execution of arbitrary code,\ninformation leaks or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.4.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.4.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3128": "
\n

Debian Security Advisory

\n

DSA-3128-1 linux -- security update

\n
\n
Date Reported:
\n
15 Jan 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6885, CVE-2014-8133, CVE-2014-9419, CVE-2014-9529, CVE-2014-9584.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.

\n
    \n
  • CVE-2013-6885\n

    It was discovered that under specific circumstances, a combination\n of write operations to write-combined memory and locked CPU\n instructions may cause a core hang on AMD 16h 00h through 0Fh\n processors. A local user can use this flaw to mount a denial of\n service (system hang) via a crafted application.

    \n

    For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

    • \n
  • CVE-2014-8133\n

    It was found that the espfix funcionality can be bypassed by\n installing a 16-bit RW data segment into GDT instead of LDT (which\n espfix checks for) and using it for stack. A local unprivileged user\n could potentially use this flaw to leak kernel stack addresses and\n thus allowing to bypass the ASLR protection mechanism.

    • \n
  • CVE-2014-9419\n

    It was found that on Linux kernels compiled with the 32 bit\n interfaces (CONFIG_X86_32) a malicious user program can do a\n partial ASLR bypass through TLS base addresses leak when attacking\n other programs.

    • \n
  • CVE-2014-9529\n

    It was discovered that the Linux kernel is affected by a race\n condition flaw when doing key garbage collection, allowing local\n users to cause a denial of service (memory corruption or panic).

    • \n
  • CVE-2014-9584\n

    It was found that the Linux kernel does not validate a length value\n in the Extensions Reference (ER) System Use Field, which allows\n local users to obtain sensitive information from kernel memory via a\n crafted iso9660 image.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3129": "
\n

Debian Security Advisory

\n

DSA-3129-1 rpm -- security update

\n
\n
Date Reported:
\n
15 Jan 2015
\n
Affected Packages:
\n
\nrpm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-6435, CVE-2014-8118.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the RPM package manager.

\n
    \n
  • CVE-2013-6435\n

    Florian Weimer discovered a race condition in package signature\n validation.

    • \n
  • CVE-2014-8118\n

    Florian Weimer discovered an integer overflow in parsing CPIO headers\n which might result in the execution of arbitrary code.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.10.0-5+deb7u2.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.11.3-1.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.11.3-1.1.

\n

We recommend that you upgrade your rpm packages.

\n
\n
\n
\n
", "3130": "
\n

Debian Security Advisory

\n

DSA-3130-1 lsyncd -- security update

\n
\n
Date Reported:
\n
16 Jan 2015
\n
Affected Packages:
\n
\nlsyncd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8990.
\n
More information:
\n
\n

It was discovered that lsyncd, a daemon to synchronize local directories\nusing rsync, performed insufficient sanitising of filenames which might\nresult in the execution of arbitrary commands.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.0.7-3+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2.1.5-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.5-2.

\n

We recommend that you upgrade your lsyncd packages.

\n
\n
\n
\n
", "3131": "
\n

Debian Security Advisory

\n

DSA-3131-1 xdg-utils -- security update

\n
\n
Date Reported:
\n
18 Jan 2015
\n
Affected Packages:
\n
\nxdg-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773085.
In Mitre's CVE dictionary: CVE-2014-9622.
\n
More information:
\n
\n

John Houwer discovered a way to cause xdg-open, a tool that automatically\nopens URLs in a user's preferred application, to execute arbitrary\ncommands remotely.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.0~rc1+git20111210-6+deb7u2.

\n

For the upcoming stable (jessie) and unstable (sid) distributions,\nthis problem has been fixed in version 1.1.0~rc1+git20111210-7.3.

\n

We recommend that you upgrade your xdg-utils packages.

\n
\n
\n
\n
", "3132": "
\n

Debian Security Advisory

\n

DSA-3132-1 icedove -- security update

\n
\n
Date Reported:
\n
19 Jan 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8634, CVE-2014-8638, CVE-2014-8639.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and implementation errors may lead to the execution of arbitrary\ncode, information leaks or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.4.0-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.4.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3133": "
\n

Debian Security Advisory

\n

DSA-3133-1 privoxy -- security update

\n
\n
Date Reported:
\n
20 Jan 2015
\n
Affected Packages:
\n
\nprivoxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1031.
\n
More information:
\n
\n

Multiple use-after-frees were discovered in Privoxy, a privacy-enhancing\nHTTP proxy.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.19-2+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.21-5.

\n

We recommend that you upgrade your privoxy packages.

\n
\n
\n
\n
", "3134": "
\n

Debian Security Advisory

\n

DSA-3134-1 sympa -- security update

\n
\n
Date Reported:
\n
20 Jan 2015
\n
Affected Packages:
\n
\nsympa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1306.
\n
More information:
\n
\n

A vulnerability has been discovered in the web interface of sympa, a\nmailing list manager. An attacker could take advantage of this flaw in\nthe newsletter posting area, which allows sending to a list, or to\noneself, any file located on the server filesystem and readable by the\nsympa user.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 6.1.11~dfsg-5+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.1.23~dfsg-2.

\n

We recommend that you upgrade your sympa packages.

\n
\n
\n
\n
", "3135": "
\n

Debian Security Advisory

\n

DSA-3135-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
23 Jan 2015
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775881.
In Mitre's CVE dictionary: CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0411, CVE-2015-0432.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.41. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.41-0+wheezy1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3136": "
\n

Debian Security Advisory

\n

DSA-3136-1 polarssl -- security update

\n
\n
Date Reported:
\n
24 Jan 2015
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775776.
In Mitre's CVE dictionary: CVE-2015-1182.
\n
More information:
\n
\n

A vulnerability was discovered in PolarSSL, a lightweight crypto and\nSSL/TLS library. A remote attacker could exploit this flaw using\nspecially crafted certificates to mount a denial of service against an\napplication linked against the library (application crash), or\npotentially, to execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2.9-1~deb7u5.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "3137": "
\n

Debian Security Advisory

\n

DSA-3137-1 websvn -- security update

\n
\n
Date Reported:
\n
24 Jan 2015
\n
Affected Packages:
\n
\nwebsvn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775682.
In Mitre's CVE dictionary: CVE-2013-6892.
\n
More information:
\n
\n

James Clawson discovered that websvn, a web viewer for Subversion\nrepositories, would follow symlinks in a repository when presenting a\nfile for download. An attacker with repository write access could\nthereby access any file on disk readable by the user the webserver\nruns as.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.3.3-1.1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.3-1.2.

\n

We recommend that you upgrade your websvn packages.

\n
\n
\n
\n
", "3138": "
\n

Debian Security Advisory

\n

DSA-3138-1 jasper -- security update

\n
\n
Date Reported:
\n
25 Jan 2015
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775970.
In Mitre's CVE dictionary: CVE-2014-8157, CVE-2014-8158.
\n
More information:
\n
\n

An off-by-one flaw, leading to a heap-based buffer overflow\n(CVE-2014-8157), and an unrestricted stack memory use flaw\n(CVE-2014-8158) were found in JasPer, a library for manipulating\nJPEG-2000 files. A specially crafted file could cause an application\nusing JasPer to crash or, possibly, execute arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.900.1-13+deb7u3.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3139": "
\n

Debian Security Advisory

\n

DSA-3139-1 squid -- security update

\n
\n
Date Reported:
\n
25 Jan 2015
\n
Affected Packages:
\n
\nsquid\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 776194.
In Mitre's CVE dictionary: CVE-2014-3609.
\n
More information:
\n
\n

Matthew Daley discovered that squid, a web proxy cache, does not\nproperly perform input validation when parsing requests. A remote\nattacker could use this flaw to mount a denial of service attack, by\nsending specially crafted Range requests.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.7.STABLE9-4.1+deb7u1.

\n

We recommend that you upgrade your squid packages.

\n
\n
\n
\n
", "3140": "
\n

Debian Security Advisory

\n

DSA-3140-1 xen -- security update

\n
\n
Date Reported:
\n
27 Jan 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8594, CVE-2014-8595, CVE-2014-8866, CVE-2014-8867, CVE-2014-9030.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Xen virtualisation\nsolution which may result in denial of service, information disclosure\nor privilege escalation.

\n
    \n
  • CVE-2014-8594\n

    Roger Pau Monne and Jan Beulich discovered that incomplete\n restrictions on MMU update hypercalls may result in privilege\n escalation.

    • \n
  • CVE-2014-8595\n

    Jan Beulich discovered that missing privilege level checks in the\n x86 emulation of far branches may result in privilege escalation.

    • \n
  • CVE-2014-8866\n

    Jan Beulich discovered that an error in compatibility mode hypercall\n argument translation may result in denial of service.

    • \n
  • CVE-2014-8867\n

    Jan Beulich discovered that an insufficient restriction in\n acceleration support for the REP MOVS instruction may result in\n denial of service.

    • \n
  • CVE-2014-9030\n

    Andrew Cooper discovered a page reference leak in MMU_MACHPHYS_UPDATE\n handling, resulting in denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u4.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.4.1-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.4.1-4.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3141": "
\n

Debian Security Advisory

\n

DSA-3141-1 wireshark -- security update

\n
\n
Date Reported:
\n
27 Jan 2015
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0562, CVE-2015-0564.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nSSL/TLS and DEC DNA, which could result in denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy14.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-3.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3142": "
\n

Debian Security Advisory

\n

DSA-3142-1 eglibc -- security update

\n
\n
Date Reported:
\n
27 Jan 2015
\n
Affected Packages:
\n
\neglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6656, CVE-2014-6040, CVE-2014-7817, CVE-2015-0235.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library:

\n
    \n
  • CVE-2015-0235\n

    Qualys discovered that the gethostbyname and gethostbyname2\n functions were subject to a buffer overflow if provided with a\n crafted IP address argument. This could be used by an attacker to\n execute arbitrary code in processes which called the affected\n functions.

    \n

    The original glibc bug was reported by Peter Klotz.

    • \n
  • CVE-2014-7817\n

    Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the\n wordexp function did not suppress command execution in all cases.\n This allows a context-dependent attacker to execute shell\n commands.

    • \n
  • CVE-2012-6656\nCVE-2014-6040\n

    The charset conversion code for certain IBM multi-byte code pages\n could perform an out-of-bounds array access, causing the process\n to crash. In some scenarios, this allows a remote attacker to\n cause a persistent denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.13-38+deb7u7.

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), the\nCVE-2015-0235\nissue has been fixed in version 2.18-1 of the glibc package.

\n

We recommend that you upgrade your eglibc packages.

\n
\n
\n
\n
", "3143": "
\n

Debian Security Advisory

\n

DSA-3143-1 virtualbox -- security update

\n
\n
Date Reported:
\n
28 Jan 2015
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0377, CVE-2015-0418.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in VirtualBox, a x86\nvirtualisation solution, which might result in denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.18-dfsg-2+deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.18-dfsg-2.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "3144": "
\n

Debian Security Advisory

\n

DSA-3144-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
29 Jan 2015
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u75-2.5.4-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u75-2.5.4-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3145": "
\n

Debian Security Advisory

\n

DSA-3145-1 privoxy -- security update

\n
\n
Date Reported:
\n
30 Jan 2015
\n
Affected Packages:
\n
\nprivoxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 776490.
In Mitre's CVE dictionary: CVE-2015-1381, CVE-2015-1382.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Privoxy, a privacy enhancing\nHTTP proxy, which might result in denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.0.19-2+deb7u2.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.0.21-7.

\n

We recommend that you upgrade your privoxy packages.

\n
\n
\n
\n
", "3146": "
\n

Debian Security Advisory

\n

DSA-3146-1 requests -- security update

\n
\n
Date Reported:
\n
30 Jan 2015
\n
Affected Packages:
\n
\nrequests\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 733108.
In Mitre's CVE dictionary: CVE-2014-1829, CVE-2014-1830.
\n
More information:
\n
\n

Jakub Wilk discovered that in requests, an HTTP library for the Python\nlanguage, authentication information was improperly handled when a\nredirect occured. This would allow remote servers to obtain two\ndifferent types of sensitive information: proxy passwords from the\nProxy-Authorization header\n(CVE-2014-1830), or netrc passwords from the Authorization header\n(CVE-2014-1829).

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.12.1-1+deb7u1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 2.3.0-1.

\n

We recommend that you upgrade your requests packages.

\n
\n
\n
\n
", "3147": "
\n

Debian Security Advisory

\n

DSA-3147-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
30 Jan 2015
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, information disclosure or denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b34-1.13.6-1~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "3148": "
\n

Debian Security Advisory

\n

DSA-3148-1 chromium-browser -- end of life

\n
\n
Date Reported:
\n
31 Jan 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
No
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Security support for the chromium web browser is now discontinued\nfor the stable distribution (wheezy). Chromium upstream stopped\nsupporting wheezy's build environment (gcc 4.7, make, etc.), so\nthere is no longer any practical way to continue building security\nupdates.

\n

Chromium users that desire continued security updates are encouraged\nto upgrade early to the upcoming stable release (jessie), Debian 8.

\n

An alternative is to switch to the iceweasel web browser, which will\ncontinue to recieve security updates in wheezy for some time.

\n

Note that until the official release happens, chromium package updates\nfor jessie may have a larger than usual delay due to possible bugs and\ntesting migration rules.

\n

Also, there will be no more DSAs announcing chromium package updates\nuntil jessie becomes officially released.

\n

Instructions for upgrading from Debian 7 to 8 are available at:\nhttps://www.debian.org/releases/jessie/amd64/release-notes/ch-upgrading.en.html

\n

Media for installing Debian 8 from scratch are also available\n(the release candidate media, jessie_di_rc1, are recommended):

\n\n
\n
\n
\n
", "3149": "
\n

Debian Security Advisory

\n

DSA-3149-1 condor -- security update

\n
\n
Date Reported:
\n
02 Feb 2015
\n
Affected Packages:
\n
\ncondor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775276.
In Mitre's CVE dictionary: CVE-2014-8126.
\n
More information:
\n
\n

Florian Weimer, of Red Hat Product Security, discovered an issue in\ncondor, a distributed workload management system. Upon job completion,\nit can optionally notify a user by sending an email; the mailx\ninvocation used in that process allowed for any authenticated user\nable to submit jobs, to execute arbitrary code with the privileges of\nthe condor user.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.8.2~dfsg.1-1+deb7u3.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version\n8.2.3~dfsg.1-6.

\n

We recommend that you upgrade your condor packages.

\n
\n
\n
\n
", "3150": "
\n

Debian Security Advisory

\n

DSA-3150-1 vlc -- security update

\n
\n
Date Reported:
\n
02 Feb 2015
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9626, CVE-2014-9627, CVE-2014-9628, CVE-2014-9629, CVE-2014-9630.
\n
More information:
\n
\n

Fabian Yamaguchi discovered multiple vulnerabilities in VLC, a multimedia\nplayer and streamer:

\n
    \n
  • CVE-2014-9626\n

    The MP4 demuxer, when parsing string boxes, did not properly check\n the length of the box, leading to a possible integer underflow when\n using this length value in a call to memcpy(). This could allow\n remote attackers to cause a denial of service (crash) or arbitrary\n code execution via crafted MP4 files.

    • \n
  • CVE-2014-9627\n

    The MP4 demuxer, when parsing string boxes, did not properly check\n that the conversion of the box length from 64bit integer to 32bit\n integer on 32bit platforms did not cause a truncation, leading to\n a possible buffer overflow. This could allow remote attackers to\n cause a denial of service (crash) or arbitrary code execution via\n crafted MP4 files.

    • \n
  • CVE-2014-9628\n

    The MP4 demuxer, when parsing string boxes, did not properly check\n the length of the box, leading to a possible buffer overflow. This\n could allow remote attackers to cause a denial of service (crash)\n or arbitrary code execution via crafted MP4 files.

    • \n
  • CVE-2014-9629\n

    The Dirac and Schroedinger encoders did not properly check for an\n integer overflow on 32bit platforms, leading to a possible buffer\n overflow. This could allow remote attackers to cause a denial of\n service (crash) or arbitrary code execution.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.3-5+deb7u2.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.2.0~rc2-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.0~rc2-2.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "3151": "
\n

Debian Security Advisory

\n

DSA-3151-1 python-django -- security update

\n
\n
Date Reported:
\n
03 Feb 2015
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775375.
In Mitre's CVE dictionary: CVE-2015-0219, CVE-2015-0220, CVE-2015-0221.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2015-0219\n

    Jedediah Smith reported that the WSGI environ in Django does not\n distinguish between headers containing dashes and headers containing\n underscores. A remote attacker could use this flaw to spoof WSGI\n headers.

    • \n
  • CVE-2015-0220\n

    Mikko Ohtamaa discovered that the django.util.http.is_safe_url()\n function in Django does not properly handle leading whitespaces in\n user-supplied redirect URLs. A remote attacker could potentially use\n this flaw to perform a cross-site scripting attack.

    • \n
  • CVE-2015-0221\n

    Alex Gaynor reported a flaw in the way Django handles reading files\n in the django.views.static.serve() view. A remote attacker could\n possibly use this flaw to mount a denial of service via resource\n consumption.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-1+deb7u9.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.7.1-1.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.7.1-1.1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3152": "
\n

Debian Security Advisory

\n

DSA-3152-1 unzip -- security update

\n
\n
Date Reported:
\n
03 Feb 2015
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 776589.
In Mitre's CVE dictionary: CVE-2014-9636.
\n
More information:
\n
\n

A flaw was found in the test_compr_eb() function allowing out-of-bounds\nread and write access to memory locations. By carefully crafting a\ncorrupt ZIP archive an attacker can trigger a heap overflow, resulting\nin application crash or possibly having other unspecified impact.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 6.0-8+deb7u2. Additionally this update corrects a defective\npatch applied to address CVE-2014-8139, which caused a regression with\nexecutable jar files.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 6.0-15. The defective patch applied to address CVE-2014-8139 was\ncorrected in version 6.0-16.

\n

We recommend that you upgrade your unzip packages.

\n
\n
\n
\n
", "3153": "
\n

Debian Security Advisory

\n

DSA-3153-1 krb5 -- security update

\n
\n
Date Reported:
\n
03 Feb 2015
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in krb5, the MIT\nimplementation of Kerberos:

\n
    \n
  • CVE-2014-5352\n

    Incorrect memory management in the libgssapi_krb5 library might\n result in denial of service or the execution of arbitrary code.

    • \n
  • CVE-2014-9421\n

    Incorrect memory management in kadmind's processing of XDR data\n might result in denial of service or the execution of arbitrary code.

    • \n
  • CVE-2014-9422\n

    Incorrect processing of two-component server principals might result\n in impersonation attacks.

    • \n
  • CVE-2014-9423\n

    An information leak in the libgssrpc library.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.10.1+dfsg-5+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+dfsg-17.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "3154": "
\n

Debian Security Advisory

\n

DSA-3154-1 ntp -- security update

\n
\n
Date Reported:
\n
05 Feb 2015
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9750, CVE-2014-9751.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the ntp package, an\nimplementation of the Network Time Protocol. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-9750\n

    Stephen Roettger of the Google Security Team, Sebastian Krahmer of\n the SUSE Security Team and Harlan Stenn of Network Time Foundation\n discovered that the length value in extension fields is not properly\n validated in several code paths in ntp_crypto.c, which could lead to\n information leakage or denial of service (ntpd crash).

    • \n
  • CVE-2014-9751\n

    Stephen Roettger of the Google Security Team reported that ACLs\n based on IPv6 ::1 addresses can be bypassed.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-4.

\n

We recommend that you upgrade your ntp packages.

\n
\n
\n
\n
", "3155": "
\n

Debian Security Advisory

\n

DSA-3155-1 postgresql-9.1 -- security update

\n
\n
Date Reported:
\n
06 Feb 2015
\n
Affected Packages:
\n
\npostgresql-9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database\nsystem.

\n
    \n

  • CVE-2014-8161:\nInformation leak

    \n

    A user with limited clearance on a table might have access to information\nin columns without SELECT rights on through server error messages.

    • \n

  • CVE-2015-0241:\nOut of boundaries read/write

    \n

    The function to_char() might read/write past the end of a buffer. This\nmight crash the server when a formatting template is processed.

    • \n

  • CVE-2015-0243:\nBuffer overruns in contrib/pgcrypto

    \n

    The pgcrypto module is vulnerable to stack buffer overrun that might\ncrash the server.

    • \n

  • CVE-2015-0244:\nSQL command injection

    \n

    Emil Lenngren reported that an attacker can inject SQL commands when the\nsynchronization between client and server is lost.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 9.1.15-0+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 9.1.14-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.1.15-0+deb8u1.

\n

We recommend that you upgrade your postgresql-9.1 packages.

\n
\n
\n
\n
", "3157": "
\n

Debian Security Advisory

\n

DSA-3157-1 ruby1.9.1 -- security update

\n
\n
Date Reported:
\n
09 Feb 2015
\n
Affected Packages:
\n
\nruby1.9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-4975, CVE-2014-8080, CVE-2014-8090.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the interpreter for the Ruby\nlanguage:

\n
    \n
  • CVE-2014-4975\n

    The encodes() function in pack.c had an off-by-one error that could\n\tlead to a stack-based buffer overflow. This could allow remote\n\tattackers to cause a denial of service (crash) or arbitrary code\n\texecution.

    • \n
  • CVE-2014-8080,\n CVE-2014-8090\n

    The REXML parser could be coerced into allocating large string\n\tobjects that could consume all available memory on the system. This\n\tcould allow remote attackers to cause a denial of service (crash).

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.9.3.194-8.1+deb7u3.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.1.5-1 of the ruby2.1 source package.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1.5-1 of the ruby2.1 source package.

\n

We recommend that you upgrade your ruby1.9.1 packages.

\n
\n
\n
\n
", "3158": "
\n

Debian Security Advisory

\n

DSA-3158-1 unrtf -- security update

\n
\n
Date Reported:
\n
09 Feb 2015
\n
Affected Packages:
\n
\nunrtf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772811.
In Mitre's CVE dictionary: CVE-2014-9274, CVE-2014-9275.
\n
More information:
\n
\n

Michal Zalewski and Hanno Boeck discovered several vulnerabilities in\nunrtf, a RTF to other formats converter, leading to a denial of service\n(application crash) or, potentially, the execution of arbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.21.5-3~deb7u1. This update is based on a new upstream version\nof unrtf including additional bug fixes, new features and incompatible\nchanges (especially PostScript support is dropped).

\n

For the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems have been fixed in version 0.21.5-2.

\n

We recommend that you upgrade your unrtf packages.

\n
\n
\n
\n
", "3159": "
\n

Debian Security Advisory

\n

DSA-3159-1 ruby1.8 -- security update

\n
\n
Date Reported:
\n
10 Feb 2015
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8080, CVE-2014-8090.
\n
More information:
\n
\n

It was discovered that the REXML parser, part of the interpreter for the\nRuby language, could be coerced into allocating large string objects that\ncould consume all available memory on the system. This could allow remote\nattackers to cause a denial of service (crash).

\n

For the stable distribution (wheezy), this problem has been fixed in version\n1.8.7.358-7.1+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem has been fixed in\nversion 2.1.5-1 of the ruby2.1 source package.

\n

For the unstable distribution (sid), this problem has been fixed in version\n2.1.5-1 of the ruby2.1 source package.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
\n
\n
", "3160": "
\n

Debian Security Advisory

\n

DSA-3160-1 xorg-server -- security update

\n
\n
Date Reported:
\n
11 Feb 2015
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0255.
\n
More information:
\n
\n

Olivier Fourdan discovered that missing input validation in the Xserver's\nhandling of XkbSetGeometry requests may result in an information leak\nor denial of service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.12.4-6+deb7u6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.16.4-1.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "3161": "
\n

Debian Security Advisory

\n

DSA-3161-1 dbus -- security update

\n
\n
Date Reported:
\n
11 Feb 2015
\n
Affected Packages:
\n
\ndbus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 777545.
In Mitre's CVE dictionary: CVE-2015-0245.
\n
More information:
\n
\n

Simon McVittie discovered a local denial of service flaw in dbus, an\nasynchronous inter-process communication system. On systems with\nsystemd-style service activation, dbus-daemon does not prevent forged\nActivationFailure messages from non-root processes. A malicious local\nuser could use this flaw to trick dbus-daemon into thinking that systemd\nfailed to activate a system service, resulting in an error reply back to\nthe requester.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.6.8-1+deb7u6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.16-1.

\n

We recommend that you upgrade your dbus packages.

\n
\n
\n
\n
", "3162": "
\n

Debian Security Advisory

\n

DSA-3162-1 bind9 -- security update

\n
\n
Date Reported:
\n
18 Feb 2015
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1349.
\n
More information:
\n
\n

Jan-Piet Mens discovered that the BIND DNS server would crash when\nprocessing an invalid DNSSEC key rollover, either due to an error on\nthe zone operator's part, or due to interference with network traffic\nby an attacker. This issue affects configurations with the directives\n\"dnssec-validation auto;\" (as enabled in the Debian default\nconfiguration) or \"dnssec-lookaside auto;\".

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:9.8.4.dfsg.P1-6+nmu2+deb7u4.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3163": "
\n

Debian Security Advisory

\n

DSA-3163-1 libreoffice -- security update

\n
\n
Date Reported:
\n
19 Feb 2015
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 771163.
In Mitre's CVE dictionary: CVE-2014-9093.
\n
More information:
\n
\n

It was discovered that LibreOffice, an office productivity suite, could\ntry to write to invalid memory areas when importing malformed RTF files.\nThis could allow remote attackers to cause a denial of service (crash)\nor arbitrary code execution via crafted RTF files.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4+dfsg2-0+deb7u3.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1:4.3.3-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:4.3.3-2.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3164": "
\n

Debian Security Advisory

\n

DSA-3164-1 typo3-src -- security update

\n
\n
Date Reported:
\n
21 Feb 2015
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778870.
In Mitre's CVE dictionary: CVE-2015-2047.
\n
More information:
\n
\n

Pierrick Caillon discovered that the authentication could be bypassed in\nthe Typo 3 content management system. Please refer to the upstream\nadvisory for additional information:\nhttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.5.19+dfsg1-5+wheezy4.

\n

The upcoming stable distribution (jessie) no longer includes Typo 3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.5.40+dfsg1-1.

\n

We recommend that you upgrade your typo3-src packages.

\n
\n
\n
\n
", "3165": "
\n

Debian Security Advisory

\n

DSA-3165-1 xdg-utils -- security update

\n
\n
Date Reported:
\n
21 Feb 2015
\n
Affected Packages:
\n
\nxdg-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 777722.
In Mitre's CVE dictionary: CVE-2015-1877.
\n
More information:
\n
\n

Jiri Horner discovered a way to cause xdg-open, a tool that automatically\nopens URLs in a user's preferred application, to execute arbitrary\ncommands remotely.

\n

This problem only affects /bin/sh implementations that don't sanitize\nlocal variables. Dash, which is the default /bin/sh in Debian is\naffected. Bash as /bin/sh is known to be unaffected.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.1.0~rc1+git20111210-6+deb7u3.

\n

For the upcoming stable (jessie) and unstable (sid) distributions,\nthis problem will be fixed soon.

\n

We recommend that you upgrade your xdg-utils packages.

\n
\n
\n
\n
", "3166": "
\n

Debian Security Advisory

\n

DSA-3166-1 e2fsprogs -- security update

\n
\n
Date Reported:
\n
22 Feb 2015
\n
Affected Packages:
\n
\ne2fsprogs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778948.
In Mitre's CVE dictionary: CVE-2015-0247, CVE-2015-1572.
\n
More information:
\n
\n

Jose Duart of the Google Security Team discovered a buffer overflow\nin e2fsprogs, a set of utilities for the ext2, ext3, and ext4 file\nsystems. This issue can possibly lead to arbitrary code execution if\na malicious device is plugged in, the system is configured to\nautomatically mount it, and the mounting process chooses to run fsck\non the device's malicious filesystem.

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.42.5-1.1+deb7u1.

\n

For the upcoming stable (jessie) and unstable (sid) distributions,\nthese problems will be fixed soon.

\n

We recommend that you upgrade your e2fsprogs packages.

\n
\n
\n
\n
", "3167": "
\n

Debian Security Advisory

\n

DSA-3167-1 sudo -- security update

\n
\n
Date Reported:
\n
22 Feb 2015
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 772707.
In Mitre's CVE dictionary: CVE-2014-9680.
\n
More information:
\n
\n

Jakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.

\n

We recommend that you upgrade your sudo packages.

\n
\n
\n
\n
", "3168": "
\n

Debian Security Advisory

\n

DSA-3168-1 ruby-redcloth -- security update

\n
\n
Date Reported:
\n
22 Feb 2015
\n
Affected Packages:
\n
\nruby-redcloth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 774748.
In Mitre's CVE dictionary: CVE-2012-6684.
\n
More information:
\n
\n

Kousuke Ebihara discovered that redcloth, a Ruby module used to\nconvert Textile markup to HTML, did not properly sanitize its\ninput. This allowed a remote attacker to perform a cross-site\nscripting attack by injecting arbitrary JavaScript code into the\ngenerated HTML.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 4.2.9-2+deb7u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.2.9-4.

\n

We recommend that you upgrade your ruby-redcloth packages.

\n
\n
\n
\n
", "3169": "
\n

Debian Security Advisory

\n

DSA-3169-1 eglibc -- security update

\n
\n
Date Reported:
\n
23 Feb 2015
\n
Affected Packages:
\n
\neglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 681888, Bug 751774, Bug 775572, Bug 777197.
In Mitre's CVE dictionary: CVE-2012-3406, CVE-2013-7424, CVE-2014-4043, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in eglibc, Debian's version of\nthe GNU C library:

\n
    \n
  • CVE-2012-3406\n

    The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka\n glibc) 2.5, 2.12, and probably other versions does not properly restrict\n the use of the alloca function when allocating the SPECS array, which\n allows context-dependent attackers to bypass the FORTIFY_SOURCE\n format-string protection mechanism and cause a denial of service (crash)\n or possibly execute arbitrary code via a crafted format string using\n positional parameters and a large number of format specifiers, a different\n vulnerability than\n CVE-2012-3404 and\n CVE-2012-3405.

    • \n
  • CVE-2013-7424\n

    An invalid free flaw was found in glibc's getaddrinfo() function when used\n with the AI_IDN flag. A remote attacker able to make an application call\n this function could use this flaw to execute arbitrary code with the\n permissions of the user running the application. Note that this flaw only\n affected applications using glibc compiled with libidn support.

    • \n
  • CVE-2014-4043\n

    The posix_spawn_file_actions_addopen function in glibc before 2.20 does not\n copy its path argument in accordance with the POSIX specification, which\n allows context-dependent attackers to trigger use-after-free\n vulnerabilities.

    • \n
  • CVE-2014-9402\n

    The getnetbyname function in glibc 2.21 or earlier will enter an infinite\n loop if the DNS backend is activated in the system Name Service Switch\n configuration, and the DNS resolver receives a positive answer while\n processing the network name.

    • \n
  • CVE-2015-1472 /\n CVE-2015-1473\n

    Under certain conditions wscanf can allocate too little memory for the\n to-be-scanned arguments and overflow the allocated buffer. The incorrect\n use of \"__libc_use_alloca (newsize)\" caused a different (and weaker)\n policy to be enforced which could allow a denial of service attack.

    • \n
\n

For the stable distribution (wheezy), these issues are fixed in version\n2.13-38+deb7u8 of the eglibc package.

\n

For the unstable distribution (sid), all the above issues are fixed in version\n2.19-15 of the glibc package.

\n

We recommend that you upgrade your eglibc packages.

\n
\n
\n
\n
", "3170": "
\n

Debian Security Advisory

\n

DSA-3170-1 linux -- security update

\n
\n
Date Reported:
\n
23 Feb 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7421, CVE-2014-7822, CVE-2014-8160, CVE-2014-8559, CVE-2014-9585, CVE-2014-9644, CVE-2014-9683, CVE-2015-0239, CVE-2015-1420, CVE-2015-1421, CVE-2015-1593.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service, information leaks or privilege\nescalation.

\n
    \n
  • CVE-2013-7421 /\n CVE-2014-9644\n

    It was discovered that the Crypto API allowed unprivileged users\n to load arbitrary kernel modules. A local user can use this flaw\n to exploit vulnerabilities in modules that would not normally be\n loaded.

    • \n
  • CVE-2014-7822\n

    Akira Fujita found that the splice() system call did not validate\n the given file offset and length. A local unprivileged user can use\n this flaw to cause filesystem corruption on ext4 filesystems, or\n possibly other effects.

    • \n
  • CVE-2014-8160\n

    Florian Westphal discovered that a netfilter (iptables/ip6tables) rule\n accepting packets to a specific SCTP, DCCP, GRE or UDPlite\n port/endpoint could result in incorrect connection tracking state.\n If only the generic connection tracking module (nf_conntrack) was\n loaded, and not the protocol-specific connection tracking module,\n this would allow access to any port/endpoint of the specified\n protocol.

    • \n
  • CVE-2014-8559\n

    It was found that kernel functions that iterate over a directory\n tree can dead-lock or live-lock in case some of the directory\n entries were recently deleted or dropped from the cache. A local\n unprivileged user can use this flaw for denial of service.

    • \n
  • CVE-2014-9585\n

    Andy Lutomirski discovered that address randomisation for the vDSO\n in 64-bit processes is extremely biased. A local unprivileged user\n could potentially use this flaw to bypass the ASLR protection\n mechanism.

    • \n
  • CVE-2014-9683\n

    Dmitry Chernenkov discovered that eCryptfs writes past the end of\n the allocated buffer during encrypted filename decoding, resulting\n in local denial of service.

    • \n
  • CVE-2015-0239\n

    It was found that KVM did not correctly emulate the x86 SYSENTER\n instruction. An unprivileged user within a guest system that has\n not enabled SYSENTER, for example because the emulated CPU vendor\n is AMD, could potentially use this flaw to cause a denial of\n service or privilege escalation in that guest.

    • \n
  • CVE-2015-1420\n

    It was discovered that the open_by_handle_at() system call reads\n the handle size from user memory a second time after validating\n it. A local user with the CAP_DAC_READ_SEARCH capability could use\n this flaw for privilege escalation.

    • \n
  • CVE-2015-1421\n

    It was found that the SCTP implementation could free an\n authentication state while it was still in use, resulting in heap\n corruption. This could allow remote users to cause a denial of\n service or privilege escalation.

    • \n
  • CVE-2015-1593\n

    It was found that address randomisation for the initial stack in\n 64-bit processes was limited to 20 rather than 22 bits of entropy.\n A local unprivileged user could potentially use this flaw to\n bypass the ASLR protection mechanism.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u2. Additionally this update fixes regressions\nintroduced in versions 3.2.65-1 and 3.2.65-1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be fixed\nsoon (a subset is fixed already).

\n

For the unstable distribution (sid), these problems will be fixed soon\n(a subset is fixed already).

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3171": "
\n

Debian Security Advisory

\n

DSA-3171-1 samba -- security update

\n
\n
Date Reported:
\n
23 Feb 2015
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0240.
\n
More information:
\n
\n

Richard van Eeden of Microsoft Vulnerability Research discovered that\nSamba, a SMB/CIFS file, print, and login server for Unix, contains a\nflaw in the netlogon server code which allows remote code execution with\nroot privileges from an unauthenticated connection.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.6.6-6+deb7u5.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3172": "
\n

Debian Security Advisory

\n

DSA-3172-1 cups -- security update

\n
\n
Date Reported:
\n
25 Feb 2015
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778387.
In Mitre's CVE dictionary: CVE-2014-9679.
\n
More information:
\n
\n

Peter De Wachter discovered that CUPS, the Common UNIX Printing\nSystem, did not correctly parse compressed raster files. By submitting\na specially crafted raster file, a remote attacker could use this\nvulnerability to trigger a buffer overflow.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.3-5+deb7u5.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 1.7.5-11.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "3173": "
\n

Debian Security Advisory

\n

DSA-3173-1 libgtk2-perl -- security update

\n
\n
Date Reported:
\n
25 Feb 2015
\n
Affected Packages:
\n
\nlibgtk2-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that libgtk2-perl, a Perl interface to the 2.x series\nof the Gimp Toolkit library, incorrectly frees memory which GTK+ still\nholds onto and might access later, leading to denial of service\n(application crash) or, potentially, to arbitrary code execution.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.244-1+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:1.2492-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.2492-4.

\n

We recommend that you upgrade your libgtk2-perl packages.

\n
\n
\n
\n
", "3174": "
\n

Debian Security Advisory

\n

DSA-3174-1 iceweasel -- security update

\n
\n
Date Reported:
\n
25 Feb 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.5.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3175": "
\n

Debian Security Advisory

\n

DSA-3175-1 kfreebsd-9 -- security update

\n
\n
Date Reported:
\n
25 Feb 2015
\n
Affected Packages:
\n
\nkfreebsd-9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1414.
\n
More information:
\n
\n

Mateusz Kocielski and Marek Kroemeke discovered that an integer overflow\nin IGMP processing may result in denial of service through malformed\nIGMP packets.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 9.0-10+deb70.9.

\n

We recommend that you upgrade your kfreebsd-9 packages.

\n
\n
\n
\n
", "3176": "
\n

Debian Security Advisory

\n

DSA-3176-1 request-tracker4 -- security update

\n
\n
Date Reported:
\n
26 Feb 2015
\n
Affected Packages:
\n
\nrequest-tracker4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9472, CVE-2015-1165, CVE-2015-1464.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Request Tracker, an\nextensible trouble-ticket tracking system. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2014-9472\n

    Christian Loos discovered a remote denial of service vulnerability,\n exploitable via the email gateway and affecting any installation\n which accepts mail from untrusted sources. Depending on RT's\n logging configuration, a remote attacker can take advantage of\n this flaw to cause CPU and excessive disk usage.

    • \n
  • CVE-2015-1165\n

    Christian Loos discovered an information disclosure flaw which may\n reveal RSS feeds URLs, and thus ticket data.

    • \n
  • CVE-2015-1464\n

    It was discovered that RSS feed URLs can be leveraged to perform\n session hijacking, allowing a user with the URL to log in as the\n user that created the feed.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.0.7-5+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.8-3.

\n

We recommend that you upgrade your request-tracker4 packages.

\n
\n
\n
\n
", "3177": "
\n

Debian Security Advisory

\n

DSA-3177-1 mod-gnutls -- security update

\n
\n
Date Reported:
\n
10 Mar 2015
\n
Affected Packages:
\n
\nmod-gnutls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 578663.
In Mitre's CVE dictionary: CVE-2015-2091.
\n
More information:
\n
\n

Thomas Klute discovered that in mod-gnutls, an Apache module providing\nSSL and TLS encryption with GnuTLS, a bug caused the server's client\nverify mode not to be considered at all, in case the directory's\nconfiguration was unset. Clients with invalid certificates were then\nable to leverage this flaw in order to get access to that directory.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.5.10-1.1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6-1.3.

\n

We recommend that you upgrade your mod-gnutls packages.

\n
\n
\n
\n
", "3178": "
\n

Debian Security Advisory

\n

DSA-3178-1 unace -- security update

\n
\n
Date Reported:
\n
02 Mar 2015
\n
Affected Packages:
\n
\nunace\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775003.
In Mitre's CVE dictionary: CVE-2015-2063.
\n
More information:
\n
\n

Jakub Wilk discovered that unace, an utility to extract, test and view\n.ace archives, contained an integer overflow leading to a buffer\noverflow. If a user or automated system were tricked into processing a\nspecially crafted ace archive, an attacker could cause a denial of\nservice (application crash) or, possibly, execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.2b-10+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.2b-12.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2b-12.

\n

We recommend that you upgrade your unace packages.

\n
\n
\n
\n
", "3179": "
\n

Debian Security Advisory

\n

DSA-3179-1 icedove -- security update

\n
\n
Date Reported:
\n
03 Mar 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail and news client: Multiple memory safety\nerrors and implementation errors may lead to the execution of arbitrary\ncode or information disclosure.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.0-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.5.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3180": "
\n

Debian Security Advisory

\n

DSA-3180-1 libarchive -- security update

\n
\n
Date Reported:
\n
05 Mar 2015
\n
Affected Packages:
\n
\nlibarchive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778266.
In Mitre's CVE dictionary: CVE-2015-2304.
\n
More information:
\n
\n

Alexander Cherepanov discovered that bsdcpio, an implementation of the\ncpio program part of the libarchive project, is susceptible to a\ndirectory traversal vulnerability via absolute paths.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.0.4-3+wheezy1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 3.1.2-11.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.2-11.

\n

We recommend that you upgrade your libarchive packages.

\n
\n
\n
\n
", "3181": "
\n

Debian Security Advisory

\n

DSA-3181-1 xen -- security update

\n
\n
Date Reported:
\n
10 Mar 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2044, CVE-2015-2045, CVE-2015-2151.
\n
More information:
\n
\n

Multiple security issues have been found in the Xen virtualisation\nsolution:

\n
    \n
  • CVE-2015-2044\n

    Information leak via x86 system device emulation.

    • \n
  • CVE-2015-2045\n

    Information leak in the HYPERVISOR_xen_version() hypercall.

    • \n
  • CVE-2015-2151\n

    Missing input sanitising in the x86 emulator could result in\n information disclosure, denial of service or potentially\n privilege escalation.

    • \n
\n

In addition the Xen developers reported an unfixable limitation in the\nhandling of non-standard PCI devices. Please refer to\nhttp://xenbits.xen.org/xsa/advisory-124.html for further\ninformation.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.1.4-3+deb7u5.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3182": "
\n

Debian Security Advisory

\n

DSA-3182-1 libssh2 -- security update

\n
\n
Date Reported:
\n
11 Mar 2015
\n
Affected Packages:
\n
\nlibssh2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780249.
In Mitre's CVE dictionary: CVE-2015-1782.
\n
More information:
\n
\n

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was\nreading and using the SSH_MSG_KEXINIT packet without doing sufficient\nrange checks when negotiating a new SSH session with a remote server. A\nmalicious attacker could man in the middle a real server and cause a\nclient using the libssh2 library to crash (denial of service) or\notherwise read and use unintended memory areas in this process.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.2-1.1+deb7u1.

\n

We recommend that you upgrade your libssh2 packages.

\n
\n
\n
\n
", "3183": "
\n

Debian Security Advisory

\n

DSA-3183-1 movabletype-opensource -- security update

\n
\n
Date Reported:
\n
12 Mar 2015
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 712602, Bug 774192.
In Mitre's CVE dictionary: CVE-2013-2184, CVE-2014-9057, CVE-2015-1592.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Movable Type, a\nblogging system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2013-2184\n

    Unsafe use of Storable::thaw in the handling of comments to blog\n posts could allow remote attackers to include and execute arbitrary\n local Perl files or possibly remotely execute arbitrary code.

    • \n
  • CVE-2014-9057\n

    Netanel Rubin from Check Point Software Technologies discovered a\n SQL injection vulnerability in the XML-RPC interface allowing\n remote attackers to execute arbitrary SQL commands.

    • \n
  • CVE-2015-1592\n

    The Perl Storable::thaw function is not properly used, allowing\n remote attackers to include and execute arbitrary local Perl files\n and possibly remotely execute arbitrary code.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.1.4+dfsg-4+deb7u2.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "3184": "
\n

Debian Security Advisory

\n

DSA-3184-1 gnupg -- security update

\n
\n
Date Reported:
\n
12 Mar 2015
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778652.
In Mitre's CVE dictionary: CVE-2014-3591, CVE-2015-0837, CVE-2015-1606.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:

\n
    \n
  • CVE-2014-3591\n

    The Elgamal decryption routine was susceptible to a side-channel\n attack discovered by researchers of Tel Aviv University. Ciphertext\n blinding was enabled to counteract it. Note that this may have a\n quite noticeable impact on Elgamal decryption performance.

    • \n
  • CVE-2015-0837\n

    The modular exponentiation routine mpi_powm() was susceptible to a\n side-channel attack caused by data-dependent timing variations when\n accessing its internal pre-computed table.

    • \n
  • CVE-2015-1606\n

    The keyring parsing code did not properly reject certain packet\n types not belonging in a keyring, which caused an access to memory\n already freed. This could allow remote attackers to cause a denial\n of service (crash) via crafted keyring files.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.12-7+deb7u7.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.4.18-7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-7.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "3185": "
\n

Debian Security Advisory

\n

DSA-3185-1 libgcrypt11 -- security update

\n
\n
Date Reported:
\n
12 Mar 2015
\n
Affected Packages:
\n
\nlibgcrypt11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3591, CVE-2015-0837.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in libgcrypt:

\n
    \n
  • CVE-2014-3591\n

    The Elgamal decryption routine was susceptible to a side-channel\n attack discovered by researchers of Tel Aviv University. Ciphertext\n blinding was enabled to counteract it. Note that this may have a\n quite noticeable impact on Elgamal decryption performance.

    • \n
  • CVE-2015-0837\n

    The modular exponentiation routine mpi_powm() was susceptible to a\n side-channel attack caused by data-dependent timing variations when\n accessing its internal pre-computed table.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.5.0-5+deb7u3.

\n

We recommend that you upgrade your libgcrypt11 packages.

\n
\n
\n
\n
", "3186": "
\n

Debian Security Advisory

\n

DSA-3186-1 nss -- security update

\n
\n
Date Reported:
\n
13 Mar 2015
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 773625.
In Mitre's CVE dictionary: CVE-2014-1569.
\n
More information:
\n
\n

It was discovered that the Mozilla Network Security Service library\n(nss) incorrectly handled certain ASN.1 lengths. A remote attacker could\npossibly use this issue to perform a data-smuggling attack.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:3.14.5-1+deb7u4.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:3.17.2-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.17.2-1.1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3187": "
\n

Debian Security Advisory

\n

DSA-3187-1 icu -- security update

\n
\n
Date Reported:
\n
15 Mar 2015
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 775884, Bug 776264, Bug 776265, Bug 776719.
In Mitre's CVE dictionary: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.8.1.1-12+deb7u2.

\n

For the upcoming stable (jessie) and unstable (sid) distributions, these\nproblems have been fixed in version 52.1-7.1.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "3188": "
\n

Debian Security Advisory

\n

DSA-3188-1 freetype -- security update

\n
\n
Date Reported:
\n
15 Mar 2015
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9666, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9675.
\n
More information:
\n
\n

Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening\nmalformed fonts may result in denial of service or the execution of\narbitrary code.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.9-1.1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.5.2-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "3189": "
\n

Debian Security Advisory

\n

DSA-3189-1 libav -- security update

\n
\n
Date Reported:
\n
15 Mar 2015
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7933, CVE-2014-8543, CVE-2014-8544, CVE-2014-8547, CVE-2014-8548, CVE-2014-9604.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttp://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.17

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6:0.8.17-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6:11.3-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3190": "
\n

Debian Security Advisory

\n

DSA-3190-1 putty -- security update

\n
\n
Date Reported:
\n
15 Mar 2015
\n
Affected Packages:
\n
\nputty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2157.
\n
More information:
\n
\n

Patrick Coleman discovered that the Putty SSH client failed to wipe out\nunused sensitive memory.

\n

In addition Florent Daigniere discovered that exponential values in\nDiffie Hellman exchanges were insufficienty restricted.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.62-9+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 0.63-10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.63-10.

\n

We recommend that you upgrade your putty packages.

\n
\n
\n
\n
", "3191": "
\n

Debian Security Advisory

\n

DSA-3191-1 gnutls26 -- security update

\n
\n
Date Reported:
\n
15 Mar 2015
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0282, CVE-2015-0294.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in GnuTLS, a library\nimplementing the TLS and SSL protocols. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2015-0282\n

    GnuTLS does not verify the RSA PKCS #1 signature algorithm to match\n the signature algorithm in the certificate, leading to a potential\n downgrade to a disallowed algorithm without detecting it.

    • \n
  • CVE-2015-0294\n

    It was reported that GnuTLS does not check whether the two signature\n algorithms match on certificate import.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.12.20-8+deb7u3.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "3192": "
\n

Debian Security Advisory

\n

DSA-3192-1 checkpw -- security update

\n
\n
Date Reported:
\n
17 Mar 2015
\n
Affected Packages:
\n
\ncheckpw\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780139.
In Mitre's CVE dictionary: CVE-2015-0885.
\n
More information:
\n
\n

Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a password\nauthentication program, has a flaw in processing account names which\ncontain double dashes. A remote attacker can use this flaw to cause a\ndenial of service (infinite loop).

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.02-1+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.02-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.02-1.1.

\n

We recommend that you upgrade your checkpw packages.

\n
\n
\n
\n
", "3193": "
\n

Debian Security Advisory

\n

DSA-3193-1 tcpdump -- security update

\n
\n
Date Reported:
\n
17 Mar 2015
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service (application crash) or, potentially, execution of arbitrary\ncode.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 4.3.0-1+deb7u2.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 4.6.2-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.6.2-4.

\n

We recommend that you upgrade your tcpdump packages.

\n
\n
\n
\n
", "3194": "
\n

Debian Security Advisory

\n

DSA-3194-1 libxfont -- security update

\n
\n
Date Reported:
\n
17 Mar 2015
\n
Affected Packages:
\n
\nlibxfont\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1802, CVE-2015-1803, CVE-2015-1804.
\n
More information:
\n
\n

Ilja van Sprundel, Alan Coopersmith and William Robinet discovered\nmultiple issues in libxfont's code to process BDF fonts, which might\nresult in privilege escalation.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.5-5.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your libxfont packages.

\n
\n
\n
\n
", "3195": "
\n

Debian Security Advisory

\n

DSA-3195-1 php5 -- security update

\n
\n
Date Reported:
\n
18 Mar 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9705, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2305.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the PHP language:

\n
    \n
  • CVE-2015-2305\n

    Guido Vranken discovered a heap overflow in the ereg extension\n (only applicable to 32 bit systems).

    • \n
  • CVE-2014-9705\n

    Buffer overflow in the enchant extension.

    • \n
  • CVE-2015-0231\n

    Stefan Esser discovered a use-after-free in the unserialisation\n of objects.

    • \n
  • CVE-2015-0232\n

    Alex Eubanks discovered incorrect memory management in the exif\n extension.

    • \n
  • CVE-2015-0273\n

    Use-after-free in the unserialisation of DateTimeZone.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.38-0+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 5.6.6+dfsg-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.6.6+dfsg-2.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3196": "
\n

Debian Security Advisory

\n

DSA-3196-1 file -- security update

\n
\n
Date Reported:
\n
18 Mar 2015
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9653.
\n
More information:
\n
\n

Hanno Boeck discovered that file's ELF parser is suspectible to denial\nof service.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.11-2+deb7u8.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1:5.22+15-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.22+15-1.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "3197": "
\n

Debian Security Advisory

\n

DSA-3197-1 openssl -- security update

\n
\n
Date Reported:
\n
19 Mar 2015
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2015-0286\n

    Stephen Henson discovered that the ASN1_TYPE_cmp() function\n can be crashed, resulting in denial of service.

    • \n
  • CVE-2015-0287\n

    Emilia Kaesper discovered a memory corruption in ASN.1 parsing.

    • \n
  • CVE-2015-0289\n

    Michal Zalewski discovered a NULL pointer dereference in the\n PKCS#7 parsing code, resulting in denial of service.

    • \n
  • CVE-2015-0292\n

    It was discovered that missing input sanitising in base64 decoding\n might result in memory corruption.

    • \n
  • CVE-2015-0209\n

    It was discovered that a malformed EC private key might result in\n memory corruption.

    • \n
  • CVE-2015-0288\n

    It was discovered that missing input sanitising in the\n X509_to_X509_REQ() function might result in denial of service.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.1e-2+deb7u15. In this update the export ciphers are removed\nfrom the default cipher list.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3198": "
\n

Debian Security Advisory

\n

DSA-3198-1 php5 -- security update

\n
\n
Date Reported:
\n
20 Mar 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2301, CVE-2015-2331, CVE-2015-2348, CVE-2015-2787.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the PHP language:

\n
    \n
  • CVE-2015-2301\n

    Use-after-free in the phar extension.

    • \n
  • CVE-2015-2331\n

    Emmanuel Law discovered an integer overflow in the processing\n of ZIP archives, resulting in denial of service or potentially\n the execution of arbitrary code.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.4.39-0+deb7u1. This update also fixes a regression in the\ncurl support introduced in DSA 3195.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3199": "
\n

Debian Security Advisory

\n

DSA-3199-1 xerces-c -- security update

\n
\n
Date Reported:
\n
20 Mar 2015
\n
Affected Packages:
\n
\nxerces-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780827.
In Mitre's CVE dictionary: CVE-2015-0252.
\n
More information:
\n
\n

Anton Rager and Jonathan Brossard from the Salesforce.com Product\nSecurity Team and Ben Laurie of Google discovered a denial of service\nvulnerability in xerces-c, a validating XML parser library for C++. The\nparser mishandles certain kinds of malformed input documents, resulting\nin a segmentation fault during a parse operation. An unauthenticated\nattacker could use this flaw to cause an application using the\nxerces-c library to crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 3.1.1-3+deb7u1.

\n

We recommend that you upgrade your xerces-c packages.

\n
\n
\n
\n
", "3200": "
\n

Debian Security Advisory

\n

DSA-3200-1 drupal7 -- security update

\n
\n
Date Reported:
\n
20 Mar 2015
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780772.
In Mitre's CVE dictionary: CVE-2015-2559, CVE-2015-2749, CVE-2015-2750.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the Drupal content management\nframework. More information can be found at\nhttps://www.drupal.org/SA-CORE-2015-001

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 7.14-2+deb7u9.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.32-1+deb8u2.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3201": "
\n

Debian Security Advisory

\n

DSA-3201-1 iceweasel -- security update

\n
\n
Date Reported:
\n
22 Mar 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0817, CVE-2015-0818.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2015-0817\n

    ilxu1a reported a flaw in Mozilla's implementation of typed array\n bounds checking in JavaScript just-in-time compilation (JIT) and its\n management of bounds checking for heap access. This flaw can be\n leveraged into the reading and writing of memory allowing for\n arbitary code execution on the local system.

    • \n
  • CVE-2015-0818\n

    Mariusz Mlynski discovered a method to run arbitrary scripts in a\n privileged context. This bypassed the same-origin policy protections\n by using a flaw in the processing of SVG format content navigation.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.5.3esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.5.3esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3202": "
\n

Debian Security Advisory

\n

DSA-3202-1 mono -- security update

\n
\n
Date Reported:
\n
22 Mar 2015
\n
Affected Packages:
\n
\nmono\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780751.
In Mitre's CVE dictionary: CVE-2015-2318, CVE-2015-2319, CVE-2015-2320.
\n
More information:
\n
\n

Researchers at INRIA and Xamarin discovered several vulnerabilities in\nmono, a platform for running and developing applications based on the\nECMA/ISO Standards. Mono's TLS stack contained several problems that\nhampered its capabilities: those issues could lead to client\nimpersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening\n(via FREAK).

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.10.8.1-8+deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.8+dfsg-10.

\n

We recommend that you upgrade your mono packages.

\n
\n
\n
\n
", "3203": "
\n

Debian Security Advisory

\n

DSA-3203-1 tor -- security update

\n
\n
Date Reported:
\n
22 Mar 2015
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2688, CVE-2015-2689.
\n
More information:
\n
\n

Several denial-of-service issues have been discovered in Tor, a\nconnection-based low-latency anonymous communication system.

\n
    \n

  • Jowr discovered that very high DNS query load on a relay could\n trigger an assertion error.

    • \n

  • A relay could crash with an assertion error if a buffer of exactly\n the wrong layout was passed to buf_pullup() at exactly the wrong\n time.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed\nin version 0.2.4.26-1.

\n

For the testing distribution (jessie) and unstable distribution (sid),\nthese problems have been fixed in version 0.2.5.11-1.

\n

Furthermore, this update disables support for SSLv3 in Tor. All\nversions of OpenSSL in use with Tor today support TLS 1.0 or later.

\n

Additionally, this release updates the geoIP database used by Tor as\nwell as the list of directory authority servers, which Tor clients use\nto bootstrap and who sign the Tor directory consensus document.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3204": "
\n

Debian Security Advisory

\n

DSA-3204-1 python-django -- security update

\n
\n
Date Reported:
\n
24 Mar 2015
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780873.
In Mitre's CVE dictionary: CVE-2015-2317.
\n
More information:
\n
\n

Daniel Chatfield discovered that python-django, a high-level Python web\ndevelopment framework, incorrectly handled user-supplied redirect URLs.\nA remote attacker could use this flaw to perform a cross-site scripting\nattack.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.4.5-1+deb7u11.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.7-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3205": "
\n

Debian Security Advisory

\n

DSA-3205-1 batik -- security update

\n
\n
Date Reported:
\n
27 Mar 2015
\n
Affected Packages:
\n
\nbatik\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780897.
In Mitre's CVE dictionary: CVE-2015-0250.
\n
More information:
\n
\n

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit\nfor processing SVG images, would load XML external entities by\ndefault. If a user or automated system were tricked into opening a\nspecially crafted SVG file, an attacker could possibly obtain access\nto arbitrary files or cause resource consumption.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.7+dfsg-3+deb7u1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 1.7+dfsg-5.

\n

We recommend that you upgrade your batik packages.

\n
\n
\n
\n
", "3206": "
\n

Debian Security Advisory

\n

DSA-3206-1 dulwich -- security update

\n
\n
Date Reported:
\n
28 Mar 2015
\n
Affected Packages:
\n
\ndulwich\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780958, Bug 780989.
In Mitre's CVE dictionary: CVE-2014-9706, CVE-2015-0838.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Dulwich, a Python\nimplementation of the file formats and protocols used by the Git version\ncontrol system. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2014-9706\n

    It was discovered that Dulwich allows writing to files under .git/\n when checking out working trees. This could lead to the execution of\n arbitrary code with the privileges of the user running an\n application based on Dulwich.

    • \n
  • CVE-2015-0838\n

    Ivan Fratric of the Google Security Team has found a buffer\n overflow in the C implementation of the apply_delta() function,\n used when accessing Git objects in pack files. An attacker could\n take advantage of this flaw to cause the execution of arbitrary\n code with the privileges of the user running a Git server or client\n based on Dulwich.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.8.5-2+deb7u2.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 0.9.7-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.10.1-1.

\n

We recommend that you upgrade your dulwich packages.

\n
\n
\n
\n
", "3207": "
\n

Debian Security Advisory

\n

DSA-3207-1 shibboleth-sp2 -- security update

\n
\n
Date Reported:
\n
28 Mar 2015
\n
Affected Packages:
\n
\nshibboleth-sp2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2684.
\n
More information:
\n
\n

A denial of service vulnerability was found in the Shibboleth (an\nfederated identity framework) Service Provider. When processing certain\nmalformed SAML message generated by an authenticated attacker, the\ndaemon could crash.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.3+dfsg-5+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2.5.3+dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.3+dfsg-2.

\n

We recommend that you upgrade your shibboleth-sp2 packages.

\n
\n
\n
\n
", "3208": "
\n

Debian Security Advisory

\n

DSA-3208-1 freexl -- security update

\n
\n
Date Reported:
\n
29 Mar 2015
\n
Affected Packages:
\n
\nfreexl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2753, CVE-2015-2754, CVE-2015-2776.
\n
More information:
\n
\n

Jodie Cunningham discovered multiple vulnerabilities in freexl, a\nlibrary to read Microsoft Excel spreadsheets, which might result in\ndenial of service or the execution of arbitrary code if a malformed Excel\nfile is opened.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.0.0b-1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.0.0g-1+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.0g-1+deb8u1.

\n

We recommend that you upgrade your freexl packages.

\n
\n
\n
\n
", "3209": "
\n

Debian Security Advisory

\n

DSA-3209-1 openldap -- security update

\n
\n
Date Reported:
\n
30 Mar 2015
\n
Affected Packages:
\n
\nopenldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 729367, Bug 761406, Bug 776988.
In Mitre's CVE dictionary: CVE-2013-4449, CVE-2014-9713, CVE-2015-1545.
\n
More information:
\n
\n

Multiple vulnerabilities were found in OpenLDAP, a free implementation\nof the Lightweight Directory Access Protocol.

\n
    \n
  • CVE-2013-4449\n

    Michael Vishchers from Seven Principles AG discovered a denial of\n service vulnerability in slapd, the directory server implementation.\n When the server is configured to used the RWM overlay, an attacker\n can make it crash by unbinding just after connecting, because of an\n issue with reference counting.

    • \n
  • CVE-2014-9713\n

    The default Debian configuration of the directory database allows\n every users to edit their own attributes. When LDAP directories are\n used for access control, and this is done using user attributes, an\n authenticated user can leverage this to gain access to unauthorized\n resources.\n\t

    \n

    Please note this is a Debian specific vulnerability.

    \n

    The new package won't use the unsafe access control rule for new\n databases, but existing configurations won't be automatically\n modified. Administrators are incited to look at the README.Debian\n file provided by the updated package if they need to fix the access\n control rule.

    • \n
  • CVE-2015-1545\n

    Ryan Tandy discovered a denial of service vulnerability in slapd.\n When using the deref overlay, providing an empty attribute list in\n a query makes the daemon crashes.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.4.31-2.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.4.40-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.40-4.

\n

We recommend that you upgrade your openldap packages.

\n
\n
\n
\n
", "3210": "
\n

Debian Security Advisory

\n

DSA-3210-1 wireshark -- security update

\n
\n
Date Reported:
\n
31 Mar 2015
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2188, CVE-2015-2189, CVE-2015-2191.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nWCP, pcapng and TNEF, which could result in denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.2-5wheezy15.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.12.1+g01b65bf-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.1+g01b65bf-4.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3211": "
\n

Debian Security Advisory

\n

DSA-3211-1 iceweasel -- security update

\n
\n
Date Reported:
\n
01 Apr 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, the bypass of security restrictions, denial\nof service or cross-site request forgery.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.6.0esr-1~deb7u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.6.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3212": "
\n

Debian Security Advisory

\n

DSA-3212-1 icedove -- security update

\n
\n
Date Reported:
\n
02 Apr 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code, the bypass of security restrictions or\ndenial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 31.6.0-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 31.6.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 31.6.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3213": "
\n

Debian Security Advisory

\n

DSA-3213-1 arj -- security update

\n
\n
Date Reported:
\n
06 Apr 2015
\n
Affected Packages:
\n
\narj\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 774015, Bug 774434, Bug 774435.
In Mitre's CVE dictionary: CVE-2015-0556, CVE-2015-0557, CVE-2015-2782.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in arj, an open source\nversion of the arj archiver. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2015-0556\n

    Jakub Wilk discovered that arj follows symlinks created during\n unpacking of an arj archive. A remote attacker could use this flaw\n to perform a directory traversal attack if a user or automated\n system were tricked into processing a specially crafted arj archive.

    • \n
  • CVE-2015-0557\n

    Jakub Wilk discovered that arj does not sufficiently protect from\n directory traversal while unpacking an arj archive containing file\n paths with multiple leading slashes. A remote attacker could use\n this flaw to write to arbitrary files if a user or automated system\n were tricked into processing a specially crafted arj archive.

    • \n
  • CVE-2015-2782\n

    Jakub Wilk and Guillem Jover discovered a buffer overflow\n vulnerability in arj. A remote attacker could use this flaw to cause\n an application crash or, possibly, execute arbitrary code with the\n privileges of the user running arj.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 3.10.22-10+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 3.10.22-13.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.10.22-13.

\n

We recommend that you upgrade your arj packages.

\n
\n
\n
\n
", "3214": "
\n

Debian Security Advisory

\n

DSA-3214-1 mailman -- security update

\n
\n
Date Reported:
\n
06 Apr 2015
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 781626.
In Mitre's CVE dictionary: CVE-2015-2775.
\n
More information:
\n
\n

A path traversal vulnerability was discovered in Mailman, the mailing\nlist manager. Installations using a transport script (such as\npostfix-to-mailman.py) to interface with their MTA instead of static\naliases were vulnerable to a path traversal attack. To successfully\nexploit this, an attacker needs write access on the local file system.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1:2.1.15-1+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.18-2.

\n

We recommend that you upgrade your mailman packages.

\n
\n
\n
\n
", "3215": "
\n

Debian Security Advisory

\n

DSA-3215-1 libgd2 -- security update

\n
\n
Date Reported:
\n
06 Apr 2015
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 744719.
In Mitre's CVE dictionary: CVE-2014-2497, CVE-2014-9709.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in libgd2, a graphics library:

\n
    \n
  • CVE-2014-2497\n

    The gdImageCreateFromXpm() function would try to dereference a NULL\n pointer when reading an XPM file with a special color table. This\n could allow remote attackers to cause a denial of service (crash) via\n crafted XPM files.

    • \n
  • CVE-2014-9709\n

    Importing an invalid GIF file using the gdImageCreateFromGif() function\n would cause a read buffer overflow that could allow remote attackers to\n cause a denial of service (crash) via crafted GIF files.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.36~rc1~dfsg-6.1+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 2.1.0-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1.0-5.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3216": "
\n

Debian Security Advisory

\n

DSA-3216-1 tor -- security update

\n
\n
Date Reported:
\n
06 Apr 2015
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2928, CVE-2015-2929.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Tor, a connection-based\nlow-latency anonymous communication system:

\n
    \n
  • CVE-2015-2928\n

    disgleirio discovered that a malicious client could trigger an\n assertion failure in a Tor instance providing a hidden service,\n thus rendering the service inaccessible.

    • \n
  • CVE-2015-2929\n

    DonnchaC discovered that Tor clients would crash with an\n assertion failure upon parsing specially crafted hidden service\n descriptors.

    • \n
\n

Introduction points would accept multiple INTRODUCE1 cells on one\ncircuit, making it inexpensive for an attacker to overload a hidden\nservice with introductions. Introduction points now no longer allow\nmultiple cells of that type on the same circuit.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 0.2.4.27-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.2.5.12-1.

\n

For the experimental distribution, these problems have been\nfixed in version 0.2.6.7-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3217": "
\n

Debian Security Advisory

\n

DSA-3217-1 dpkg -- security update

\n
\n
Date Reported:
\n
09 Apr 2015
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0840.
\n
More information:
\n
\n

Jann Horn discovered that the source package integrity verification in\ndpkg-source can be bypassed via a specially crafted Debian source\ncontrol file (.dsc). Note that this flaw only affects extraction of\nlocal Debian source packages via dpkg-source but not the installation of\npackages from the Debian archive.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.16.16. This update also includes non-security changes\npreviously scheduled for the next wheezy point release. See the Debian\nchangelog for details.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.17.25.

\n

We recommend that you upgrade your dpkg packages.

\n
\n
\n
\n
", "3218": "
\n

Debian Security Advisory

\n

DSA-3218-1 wesnoth-1.10 -- security update

\n
\n
Date Reported:
\n
10 Apr 2015
\n
Affected Packages:
\n
\nwesnoth-1.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0844.
\n
More information:
\n
\n

Ignacio R. Morelle discovered that missing path restrictions in the\nBattle of Wesnoth game could result in the disclosure of arbitrary\nfiles in the user's home directory if malicious campaigns/maps are\nloaded.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.10.3-3+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.10.7-2 and in version 1:1.12.1-1 of the wesnoth-1.12\nsource package.

\n

We recommend that you upgrade your wesnoth-1.10 packages.

\n
\n
\n
\n
", "3219": "
\n

Debian Security Advisory

\n

DSA-3219-1 libdbd-firebird-perl -- security update

\n
\n
Date Reported:
\n
11 Apr 2015
\n
Affected Packages:
\n
\nlibdbd-firebird-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780925.
In Mitre's CVE dictionary: CVE-2015-2788.
\n
More information:
\n
\n

Stefan Roas discovered a way to cause a buffer overflow in DBD-FireBird,\na Perl DBI driver for the Firebird RDBMS, in certain error conditions, due\nto the use of the sprintf() function to write to a fixed-size memory buffer.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.91-2+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.18-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.18-2.

\n

We recommend that you upgrade your libdbd-firebird-perl packages.

\n
\n
\n
\n
", "3220": "
\n

Debian Security Advisory

\n

DSA-3220-1 libtasn1-3 -- security update

\n
\n
Date Reported:
\n
11 Apr 2015
\n
Affected Packages:
\n
\nlibtasn1-3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2806.
\n
More information:
\n
\n

Hanno Boeck discovered a stack-based buffer overflow in the\nasn1_der_decoding function in Libtasn1, a library to manage ASN.1\nstructures. A remote attacker could take advantage of this flaw to cause\nan application using the Libtasn1 library to crash, or potentially to\nexecute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.13-2+deb7u2.

\n

We recommend that you upgrade your libtasn1-3 packages.

\n
\n
\n
\n
", "3221": "
\n

Debian Security Advisory

\n

DSA-3221-1 das-watchdog -- security update

\n
\n
Date Reported:
\n
12 Apr 2015
\n
Affected Packages:
\n
\ndas-watchdog\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 781806.
In Mitre's CVE dictionary: CVE-2015-2831.
\n
More information:
\n
\n

Adam Sampson discovered a buffer overflow in the handling of the\nXAUTHORITY environment variable in das-watchdog, a watchdog daemon to\nensure a realtime process won't hang the machine. A local user can\nexploit this flaw to escalate his privileges and execute arbitrary\ncode as root.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.9.0-2+deb7u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.0-3.1.

\n

We recommend that you upgrade your das-watchdog packages.

\n
\n
\n
\n
", "3222": "
\n

Debian Security Advisory

\n

DSA-3222-1 chrony -- security update

\n
\n
Date Reported:
\n
12 Apr 2015
\n
Affected Packages:
\n
\nchrony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782160.
In Mitre's CVE dictionary: CVE-2015-1821, CVE-2015-1822, CVE-2015-1853.
\n
More information:
\n
\n

Miroslav Lichvar of Red Hat discovered multiple vulnerabilities in chrony,\nan alternative NTP client and server:

\n
    \n
  • CVE-2015-1821\n

    Using particular address/subnet pairs when configuring access control\n would cause an invalid memory write. This could allow attackers to\n cause a denial of service (crash) or execute arbitrary code.

    • \n
  • CVE-2015-1822\n

    When allocating memory to save unacknowledged replies to authenticated\n command requests, a pointer would be left uninitialized, which could\n trigger an invalid memory write. This could allow attackers to cause a\n denial of service (crash) or execute arbitrary code.

    • \n
  • CVE-2015-1853\n

    When peering with other NTP hosts using authenticated symmetric\n association, the internal state variables would be updated before the\n MAC of the NTP messages was validated. This could allow a remote\n attacker to cause a denial of service by impeding synchronization\n between NTP peers.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.24-3.1+deb7u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.30-2.

\n

We recommend that you upgrade your chrony packages.

\n
\n
\n
\n
", "3223": "
\n

Debian Security Advisory

\n

DSA-3223-1 ntp -- security update

\n
\n
Date Reported:
\n
12 Apr 2015
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782095.
In Mitre's CVE dictionary: CVE-2015-1798, CVE-2015-1799, CVE-2015-3405.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in ntp, an implementation of the\nNetwork Time Protocol:

\n
    \n
  • CVE-2015-1798\n

    When configured to use a symmetric key with an NTP peer, ntpd would\n accept packets without MAC as if they had a valid MAC. This could\n allow a remote attacker to bypass the packet authentication and send\n malicious packets without having to know the symmetric key.

    • \n
  • CVE-2015-1799\n

    When peering with other NTP hosts using authenticated symmetric\n association, ntpd would update its internal state variables before\n the MAC of the NTP messages was validated. This could allow a remote\n attacker to cause a denial of service by impeding synchronization\n between NTP peers.

    • \n
\n

Additionally, it was discovered that generating MD5 keys using ntp-keygen\non big endian machines would either trigger an endless loop, or generate\nnon-random keys.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-2+deb7u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7.

\n

We recommend that you upgrade your ntp packages.

\n
\n
\n
\n
", "3224": "
\n

Debian Security Advisory

\n

DSA-3224-1 libx11 -- security update

\n
\n
Date Reported:
\n
12 Apr 2015
\n
Affected Packages:
\n
\nlibx11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7439.
\n
More information:
\n
\n

Abhishek Arya discovered a buffer overflow in the MakeBigReq macro\nprovided by libx11, which could result in denial of service or the\nexecution of arbitrary code.

\n

Several other xorg packages (e.g. libxrender) will be recompiled against\nthe fixed package after the release of this update. For detailed\ninformation on the status of recompiled packages please refer to the\nDebian Security Tracker at\nhttps://security-tracker.debian.org/tracker/CVE-2013-7439.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2:1.5.0-1+deb7u2.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2:1.6.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.6.0-1.

\n

We recommend that you upgrade your libx11 packages.

\n
\n
\n
\n
", "3225": "
\n

Debian Security Advisory

\n

DSA-3225-1 gst-plugins-bad0.10 -- security update

\n
\n
Date Reported:
\n
15 Apr 2015
\n
Affected Packages:
\n
\ngst-plugins-bad0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0797.
\n
More information:
\n
\n

Aki Helin discovered a buffer overflow in the GStreamer plugin for MP4\nplayback, which could lead to the execution of arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 0.10.23-7.1+deb7u2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your gst-plugins-bad0.10 packages.

\n
\n
\n
\n
", "3226": "
\n

Debian Security Advisory

\n

DSA-3226-1 inspircd -- security update

\n
\n
Date Reported:
\n
15 Apr 2015
\n
Affected Packages:
\n
\ninspircd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 780880.
In Mitre's CVE dictionary: CVE-2012-6696, CVE-2012-6697, CVE-2015-6674.
\n
More information:
\n
\n

Adam discovered several problems in inspircd, an IRC daemon:

\n
    \n

  • An incomplete patch for CVE-2012-1836\n\tfailed to adequately resolve the problem where maliciously crafted DNS\n\trequests could lead to remote code execution through a heap-based buffer\n\toverflow.

    • \n

  • The incorrect processing of specific DNS packets could trigger an\n\tinfinite loop, thus resulting in a denial of service.

    • \n
\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.0.5-1+deb7u1.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 2.0.16-1.

\n

We recommend that you upgrade your inspircd packages.

\n
\n
\n
\n
", "3227": "
\n

Debian Security Advisory

\n

DSA-3227-1 movabletype-opensource -- security update

\n
\n
Date Reported:
\n
15 Apr 2015
\n
Affected Packages:
\n
\nmovabletype-opensource\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0845.
\n
More information:
\n
\n

John Lightsey discovered a format string injection vulnerability in the\nlocalisation of templates in Movable Type, a blogging system. An\nunauthenticated remote attacker could take advantage of this flaw to\nexecute arbitrary code as the web server user.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 5.1.4+dfsg-4+deb7u3.

\n

We recommend that you upgrade your movabletype-opensource packages.

\n
\n
\n
\n
", "3228": "
\n

Debian Security Advisory

\n

DSA-3228-1 ppp -- security update

\n
\n
Date Reported:
\n
16 Apr 2015
\n
Affected Packages:
\n
\nppp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782450.
In Mitre's CVE dictionary: CVE-2015-3310.
\n
More information:
\n
\n

Emanuele Rocca discovered that ppp, a daemon implementing the\nPoint-to-Point Protocol, was subject to a buffer overflow when\ncommunicating with a RADIUS server. This would allow unauthenticated\nusers to cause a denial-of-service by crashing the daemon.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 2.4.5-5.1+deb7u2.

\n

For the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 2.4.6-3.1.

\n

We recommend that you upgrade your ppp packages.

\n
\n
\n
\n
", "3229": "
\n

Debian Security Advisory

\n

DSA-3229-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
19 Apr 2015
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782645.
In Mitre's CVE dictionary: CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.43. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 5.5.43-0+deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed in version 5.5.43-0+deb8u1. Updated packages are already available\nthrough jessie-security.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3230": "
\n

Debian Security Advisory

\n

DSA-3230-1 django-markupfield -- security update

\n
\n
Date Reported:
\n
20 Apr 2015
\n
Affected Packages:
\n
\ndjango-markupfield\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0846.
\n
More information:
\n
\n

James P. Turk discovered that the ReST renderer in django-markupfield,\na custom Django field for easy use of markup in text fields, didn't\ndisable the ..raw directive, allowing remote attackers to include\narbitrary files.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0.2-2+deb7u1.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 1.2.1-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1.

\n

We recommend that you upgrade your django-markupfield packages.

\n
\n
\n
\n
", "3231": "
\n

Debian Security Advisory

\n

DSA-3231-1 subversion -- security update

\n
\n
Date Reported:
\n
21 Apr 2015
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0248, CVE-2015-0251.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Subversion, a version control\nsystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-0248\n

    Subversion mod_dav_svn and svnserve were vulnerable to a remotely\n triggerable assertion DoS vulnerability for certain requests with\n dynamically evaluated revision numbers.

    • \n
  • CVE-2015-0251\n

    Subversion HTTP servers allow spoofing svn:author property values\n for new revisions via specially crafted v1 HTTP protocol request\n sequences.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u9.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.8.10-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.8.10-6.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3232": "
\n

Debian Security Advisory

\n

DSA-3232-1 curl -- security update

\n
\n
Date Reported:
\n
22 Apr 2015
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148.
\n
More information:
\n
\n

Several vulnerabilities were discovered in cURL, an URL transfer library:

\n
    \n
  • CVE-2015-3143\n

    NTLM-authenticated connections could be wrongly reused for requests\n without any credentials set, leading to HTTP requests being sent\n over the connection authenticated as a different user. This is\n similar to the issue fixed in DSA-2849-1.

    • \n
  • CVE-2015-3144\n

    When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This could\n allow remote attackers to cause a denial of service (crash). This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions.

    • \n
  • CVE-2015-3145\n

    When parsing HTTP cookies, if the parsed cookie's path element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This could allow remote attackers to\n cause a denial of service (crash). This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions.

    • \n
  • CVE-2015-3148\n

    When doing HTTP requests using the Negotiate authentication method\n along with NTLM, the connection used would not be marked as\n authenticated, making it possible to reuse it and send requests for\n one user over the connection authenticated as a different user.

    • \n
\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13.

\n

For the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3233": "
\n

Debian Security Advisory

\n

DSA-3233-1 wpa -- security update

\n
\n
Date Reported:
\n
24 Apr 2015
\n
Affected Packages:
\n
\nwpa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783148.
In Mitre's CVE dictionary: CVE-2015-1863.
\n
More information:
\n
\n

The Google security team and the smart hardware research group of\nAlibaba security team discovered a flaw in how wpa_supplicant used SSID\ninformation when creating or updating P2P peer entries. A remote\nattacker can use this flaw to cause wpa_supplicant to crash, expose\nmemory contents, and potentially execute arbitrary code.

\n

For the stable distribution (wheezy), this problem has been fixed in\nversion 1.0-3+deb7u2. Note that this issue does not affect the binary\npackages distributed in Debian as the CONFIG_P2P is not enabled for\nthe build.

\n

For the upcoming stable distribution (jessie), this problem has been\nfixed in version 2.3-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3-2.

\n

We recommend that you upgrade your wpa packages.

\n
\n
\n
\n
", "3234": "
\n

Debian Security Advisory

\n

DSA-3234-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
24 Apr 2015
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 6b35-1.13.7-1~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "3235": "
\n

Debian Security Advisory

\n

DSA-3235-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
24 Apr 2015
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure\nor denial of service.

\n

For the stable distribution (wheezy), these problems have been fixed in\nversion 7u79-2.5.5-1~deb7u1.

\n

For the upcoming stable distribution (jessie), these problems will be\nfixed soon in version 7u79-2.5.5-1~deb8u1 (the update will be available\nshortly after the final jessie release).

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.5-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3236": "
\n

Debian Security Advisory

\n

DSA-3236-1 libreoffice -- security update

\n
\n
Date Reported:
\n
25 Apr 2015
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1774.
\n
More information:
\n
\n

It was discovered that missing input sanitising in Libreoffice's filter\nfor HWP documents may result in the execution of arbitrary code if a\nmalformed document is opened.

\n

For the oldstable distribution (wheezy), this problem has been fixed in\nversion 1:3.5.4+dfsg2-0+deb7u4.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3237": "
\n

Debian Security Advisory

\n

DSA-3237-1 linux -- security update

\n
\n
Date Reported:
\n
26 Apr 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 741667, Bug 782515, Bug 782561, Bug 782698.
In Mitre's CVE dictionary: CVE-2014-8159, CVE-2014-9715, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3332, CVE-2015-3339.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2014-8159\n

    It was found that the Linux kernel's InfiniBand/RDMA subsystem did\n not properly sanitize input parameters while registering memory\n regions from user space via the (u)verbs API. A local user with\n access to a /dev/infiniband/uverbsX device could use this flaw to\n crash the system or, potentially, escalate their privileges on the\n system.

    • \n
  • CVE-2014-9715\n

    It was found that the netfilter connection tracking subsystem used\n too small a type as an offset within each connection's data\n structure, following a bug fix in Linux 3.2.33 and 3.6. In some\n configurations, this would lead to memory corruption and crashes\n (even without malicious traffic). This could potentially also\n result in violation of the netfilter policy or remote code\n execution.

    \n

    This can be mitigated by disabling connection tracking accounting:
    \nsysctl net.netfilter.nf_conntrack_acct=0

    • \n
  • CVE-2015-2041\n

    Sasha Levin discovered that the LLC subsystem exposed some variables\n as sysctls with the wrong type. On a 64-bit kernel, this possibly\n allows privilege escalation from a process with CAP_NET_ADMIN\n capability; it also results in a trivial information leak.

    • \n
  • CVE-2015-2042\n

    Sasha Levin discovered that the RDS subsystem exposed some variables\n as sysctls with the wrong type. On a 64-bit kernel, this results in\n a trivial information leak.

    • \n
  • CVE-2015-2150\n

    Jan Beulich discovered that Xen guests are currently permitted to\n modify all of the (writable) bits in the PCI command register of\n devices passed through to them. This in particular allows them to\n disable memory and I/O decoding on the device unless the device is\n an SR-IOV virtual function, which can result in denial of service\n to the host.

    • \n
  • CVE-2015-2830\n

    Andrew Lutomirski discovered that when a 64-bit task on an amd64\n kernel makes a fork(2) or clone(2) system call using int $0x80, the\n 32-bit compatibility flag is set (correctly) but is not cleared on\n return. As a result, both seccomp and audit will misinterpret the\n following system call by the task(s), possibly leading to a\n violation of security policy.

    • \n
  • CVE-2015-2922\n

    Modio AB discovered that the IPv6 subsystem would process a router\n advertisement that specifies no route but only a hop limit, which\n would then be applied to the interface that received it. This can\n result in loss of IPv6 connectivity beyond the local network.

    \n

    This may be mitigated by disabling processing of IPv6 router\n advertisements if they are not needed:
    \nsysctl net.ipv6.conf.default.accept_ra=0
    \nsysctl net.ipv6.conf.<interface>.accept_ra=0

    • \n
  • CVE-2015-3331\n

    Stephan Mueller discovered that the optimised implementation of\n RFC4106 GCM for x86 processors that support AESNI miscalculated\n buffer addresses in some cases. If an IPsec tunnel is configured to\n use this mode (also known as AES-GCM-ESP) this can lead to memory\n corruption and crashes (even without malicious traffic). This could\n potentially also result in remote code execution.

    • \n
  • CVE-2015-3332\n

    Ben Hutchings discovered that the TCP Fast Open feature regressed\n in Linux 3.16.7-ckt9, resulting in a kernel BUG when it is used.\n This can be used as a local denial of service.

    • \n
  • CVE-2015-3339\n

    It was found that the execve(2) system call can race with inode\n attribute changes made by chown(2). Although chown(2) clears the\n setuid/setgid bits of a file if it changes the respective owner ID,\n this race condition could result in execve(2) setting effective\n uid/gid to the new owner ID, a privilege escalation.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u1. The linux package in wheezy is not affected\nby CVE-2015-3332.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt9-3~deb8u1 or earlier versions. Additionally, this\nversion fixes a regression in the xen-netfront driver (#782698).

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.16.7-ckt9-3 or earlier versions. Additionally, this version\nfixes a regression in the xen-netfront driver (#782698).

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3238": "
\n

Debian Security Advisory

\n

DSA-3238-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
26 Apr 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1235, CVE-2015-1236, CVE-2015-1237, CVE-2015-1238, CVE-2015-1240, CVE-2015-1241, CVE-2015-1242, CVE-2015-1244, CVE-2015-1245, CVE-2015-1246, CVE-2015-1247, CVE-2015-1248, CVE-2015-1249, CVE-2015-3333, CVE-2015-3334, CVE-2015-3336.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1235\n

    A Same Origin Policy bypass issue was discovered in the HTML\n parser.

    • \n
  • CVE-2015-1236\n

    Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio\n API.

    • \n
  • CVE-2015-1237\n

    Khalil Zhani discovered a use-after-free issue in IPC.

    • \n
  • CVE-2015-1238\n

    cloudfuzzer discovered an out-of-bounds write in the skia\n library.

    • \n
  • CVE-2015-1240\n

    w3bd3vil discovered an out-of-bounds read in the WebGL\n implementation.

    • \n
  • CVE-2015-1241\n

    Phillip Moon and Matt Weston discovered a way to trigger local user\n interface actions remotely via a crafted website.

    • \n
  • CVE-2015-1242\n

    A type confusion issue was discovered in the v8 javascript\n library.

    • \n
  • CVE-2015-1244\n

    Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security\n policy.

    • \n
  • CVE-2015-1245\n

    Khalil Zhani discovered a use-after-free issue in the pdfium\n library.

    • \n
  • CVE-2015-1246\n

    Atte Kettunen discovered an out-of-bounds read issue in\n webkit/blink.

    • \n
  • CVE-2015-1247\n

    Jann Horn discovered that file: URLs in OpenSearch documents were not\n sanitized, which could allow local files to be read remotely when using\n the OpenSearch feature from a crafted website.

    • \n
  • CVE-2015-1248\n

    Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature,\n which could allow the remote execution of a downloaded executable\n file.

    • \n
  • CVE-2015-1249\n

    The chrome 41 development team found various issues from internal\n fuzzing, audits, and other studies.

    • \n
  • CVE-2015-3333\n

    Multiple issues were discovered and fixed in v8 4.2.7.14.

    • \n
  • CVE-2015-3334\n

    It was discovered that remote websites could capture video data from\n attached web cameras without permission.

    • \n
  • CVE-2015-3336\n

    It was discovered that remote websites could cause user interface\n disruptions like window fullscreening and mouse pointer locking.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 42.0.2311.90-1~deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 42.0.2311.90-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3239": "
\n

Debian Security Advisory

\n

DSA-3239-1 icecast2 -- security update

\n
\n
Date Reported:
\n
29 Apr 2015
\n
Affected Packages:
\n
\nicecast2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782120.
In Mitre's CVE dictionary: CVE-2015-3026.
\n
More information:
\n
\n

Juliane Holzt discovered that Icecast2, a streaming media server, could\ndereference a NULL pointer when URL authentication is configured and the\nstream_auth URL is trigged by a client without setting any credentials.\nThis could allow remote attackers to cause a denial of service (crash).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.4.0-1.1+deb8u1.

\n

For the testing distribution (stretch), this problem will be fixed in\nversion 2.4.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-1.

\n

We recommend that you upgrade your icecast2 packages.

\n
\n
\n
\n
", "3240": "
\n

Debian Security Advisory

\n

DSA-3240-1 curl -- security update

\n
\n
Date Reported:
\n
29 Apr 2015
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3153.
\n
More information:
\n
\n

It was discovered that cURL, an URL transfer library, if configured to\nuse a proxy server with the HTTPS protocol, by default could send to the\nproxy the same HTTP headers it sends to the destination server, possibly\nleaking sensitive information.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.38.0-4+deb8u2.

\n

For the testing distribution (stretch), this problem will be fixed in\nversion 7.42.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.42.1-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3241": "
\n

Debian Security Advisory

\n

DSA-3241-1 elasticsearch -- security update

\n
\n
Date Reported:
\n
29 Apr 2015
\n
Affected Packages:
\n
\nelasticsearch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3337.
\n
More information:
\n
\n

John Heasman discovered that the site plugin handling of the\nElasticsearch search engine was susceptible to directory traversal.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.3+dfsg-5+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your elasticsearch packages.

\n
\n
\n
\n
", "3242": "
\n

Debian Security Advisory

\n

DSA-3242-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
30 Apr 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1243, CVE-2015-1250.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser:

\n
    \n
  • CVE-2015-1243\n

    Saif El-Sherei discovered a use-after-free issue.

    • \n
  • CVE-2015-1250\n

    The chrome 42 team found and fixed multiple issues during internal\n auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 42.0.2311.135-1~deb8u1.

\n

For the testing distribution (stretch), this problem will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 42.0.2311.135-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3243": "
\n

Debian Security Advisory

\n

DSA-3243-1 libxml-libxml-perl -- security update

\n
\n
Date Reported:
\n
01 May 2015
\n
Affected Packages:
\n
\nlibxml-libxml-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783443.
In Mitre's CVE dictionary: CVE-2015-3451.
\n
More information:
\n
\n

Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface\nto the libxml2 library, did not respect the expand_entities parameter to\ndisable processing of external entities in some circumstances. This may\nallow attackers to gain read access to otherwise protected resources,\ndepending on how the library is used.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0001+dfsg-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0116+dfsg-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0116+dfsg-2.

\n

We recommend that you upgrade your libxml-libxml-perl packages.

\n
\n
\n
\n
", "3244": "
\n

Debian Security Advisory

\n

DSA-3244-1 owncloud -- security update

\n
\n
Date Reported:
\n
02 May 2015
\n
Affected Packages:
\n
\nowncloud\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3011, CVE-2015-3012, CVE-2015-3013.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in ownCloud, a cloud storage\nweb service for files, music, contacts, calendars and many more.

\n
    \n
  • CVE-2015-3011\n

    Hugh Davenport discovered that the contacts application shipped\n with ownCloud is vulnerable to multiple stored cross-site\n scripting attacks. This vulnerability is effectively exploitable\n in any browser.

    • \n
  • CVE-2015-3012\n

    Roy Jansen discovered that the documents application shipped with\n ownCloud is vulnerable to multiple stored cross-site scripting\n attacks. This vulnerability is not exploitable in browsers that\n support the current CSP standard.

    • \n
  • CVE-2015-3013\n

    Lukas Reschke discovered a blacklist bypass vulnerability, allowing\n authenticated remote attackers to bypass the file blacklist and\n upload files such as the .htaccess files. An attacker could leverage\n this bypass by uploading a .htaccess and execute arbitrary PHP code\n if the /data/ directory is stored inside the web root and a web\n server that interprets .htaccess files is used. On default Debian\n installations the data directory is outside of the web root and thus\n this vulnerability is not exploitable by default.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.4+dfsg-4~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 7.0.4+dfsg-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.4+dfsg-3.

\n

We recommend that you upgrade your owncloud packages.

\n
\n
\n
\n
", "3245": "
\n

Debian Security Advisory

\n

DSA-3245-1 ruby1.8 -- security update

\n
\n
Date Reported:
\n
02 May 2015
\n
Affected Packages:
\n
\nruby1.8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1855.
\n
More information:
\n
\n

It was discovered that the Ruby OpenSSL extension, part of the interpreter\nfor the Ruby language, did not properly implement hostname matching, in\nviolation of RFC 6125. This could allow remote attackers to perform a\nman-in-the-middle attack via crafted SSL certificates.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.8.7.358-7.1+deb7u3.

\n

We recommend that you upgrade your ruby1.8 packages.

\n
\n
\n
\n
", "3246": "
\n

Debian Security Advisory

\n

DSA-3246-1 ruby1.9.1 -- security update

\n
\n
Date Reported:
\n
02 May 2015
\n
Affected Packages:
\n
\nruby1.9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1855.
\n
More information:
\n
\n

It was discovered that the Ruby OpenSSL extension, part of the interpreter\nfor the Ruby language, did not properly implement hostname matching, in\nviolation of RFC 6125. This could allow remote attackers to perform a\nman-in-the-middle attack via crafted SSL certificates.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.9.3.194-8.1+deb7u5.

\n

We recommend that you upgrade your ruby1.9.1 packages.

\n
\n
\n
\n
", "3247": "
\n

Debian Security Advisory

\n

DSA-3247-1 ruby2.1 -- security update

\n
\n
Date Reported:
\n
02 May 2015
\n
Affected Packages:
\n
\nruby2.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1855.
\n
More information:
\n
\n

It was discovered that the Ruby OpenSSL extension, part of the interpreter\nfor the Ruby language, did not properly implement hostname matching, in\nviolation of RFC 6125. This could allow remote attackers to perform a\nman-in-the-middle attack via crafted SSL certificates.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.5-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed in\nversion 2.1.5-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.5-3.

\n

We recommend that you upgrade your ruby2.1 packages.

\n
\n
\n
\n
", "3248": "
\n

Debian Security Advisory

\n

DSA-3248-1 libphp-snoopy -- security update

\n
\n
Date Reported:
\n
02 May 2015
\n
Affected Packages:
\n
\nlibphp-snoopy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-5008.
\n
More information:
\n
\n

It was discovered that missing input saniting in Snoopy, a PHP class that\nsimulates a web browser may result in the execution of arbitrary\ncommands.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.0-1~deb7u1.

\n

For the stable distribution (jessie), this problem was fixed before\nthe initial release.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.

\n

We recommend that you upgrade your libphp-snoopy packages.

\n
\n
\n
\n
", "3249": "
\n

Debian Security Advisory

\n

DSA-3249-1 jqueryui -- security update

\n
\n
Date Reported:
\n
03 May 2015
\n
Affected Packages:
\n
\njqueryui\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2010-5312.
\n
More information:
\n
\n

Shadowman131 discovered that jqueryui, a JavaScript UI library for\ndynamic web applications, failed to properly sanitize its title\noption. This would allow a remote attacker to inject arbitrary code\nthrough cross-site scripting.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.8.ooops.21+dfsg-2+deb7u1.

\n

For the stable distribution (jessie), testing distribution (stretch)\nand unstable distribution (sid), this problem has been fixed in\nversion 1.10.1+dfsg-1.

\n

We recommend that you upgrade your jqueryui packages.

\n
\n
\n
\n
", "3250": "
\n

Debian Security Advisory

\n

DSA-3250-1 wordpress -- security update

\n
\n
Date Reported:
\n
04 May 2015
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783347, Bug 783554.
In Mitre's CVE dictionary: CVE-2015-3438, CVE-2015-3439, CVE-2015-3440.
\n
More information:
\n
\n

Multiple security issues have been discovered in Wordpress, a weblog\nmanager, that could allow remote attackers to upload files with invalid\nor unsafe names, mount social engineering attacks or compromise a site\nvia cross-site scripting, and inject SQL commands.

\n

More information can be found in the upstream advisories at\nhttps://wordpress.org/news/2015/04/wordpress-4-1-2/ and\nhttps://wordpress.org/news/2015/04/wordpress-4-2-1/

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed in\nversion 4.2.1+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3251": "
\n

Debian Security Advisory

\n

DSA-3251-1 dnsmasq -- security update

\n
\n
Date Reported:
\n
05 May 2015
\n
Affected Packages:
\n
\ndnsmasq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783459.
In Mitre's CVE dictionary: CVE-2015-3294.
\n
More information:
\n
\n

Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and\nDHCP/TFTP server, did not properly check the return value of the\nsetup_reply() function called during a TCP connection, which is used\nthen as a size argument in a function which writes data on the client's\nconnection. A remote attacker could exploit this issue via a specially\ncrafted DNS request to cause dnsmasq to crash, or potentially to obtain\nsensitive information from process memory.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.62-3+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.72-3+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your dnsmasq packages.

\n
\n
\n
\n
", "3252": "
\n

Debian Security Advisory

\n

DSA-3252-1 sqlite3 -- security update

\n
\n
Date Reported:
\n
06 May 2015
\n
Affected Packages:
\n
\nsqlite3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783968.
In Mitre's CVE dictionary: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416.
\n
More information:
\n
\n

Michal Zalewski discovered multiple vulnerabilities in SQLite, which\nmay result in denial of service or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.8.7.1-1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed in\nversion 3.8.9-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.8.9-1.

\n

We recommend that you upgrade your sqlite3 packages.

\n
\n
\n
\n
", "3253": "
\n

Debian Security Advisory

\n

DSA-3253-1 pound -- security update

\n
\n
Date Reported:
\n
07 May 2015
\n
Affected Packages:
\n
\npound\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 723731, Bug 727197, Bug 765539, Bug 765649.
In Mitre's CVE dictionary: CVE-2009-3555, CVE-2012-4929, CVE-2014-3566.
\n
More information:
\n
\n

Pound, a HTTP reverse proxy and load balancer, had several issues\nrelated to vulnerabilities in the Secure Sockets Layer (SSL) protocol.

\n

For Debian 7 (wheezy) this update adds a missing part to make it actually\npossible to disable client-initiated renegotiation and disables it by default\n(CVE-2009-3555).\nTLS compression is disabled (CVE-2012-4929),\nalthough this is normally already disabled by the OpenSSL system library.\nFinally it adds the ability to disable the SSLv3 protocol (CVE-2014-3566)\nentirely via the new DisableSSLv3 configuration directive, although it\nwill not disabled by default in this update. Additionally a non-security\nsensitive issue in redirect encoding is\naddressed.

\n

For Debian 8 (jessie) these issues have been fixed prior to the release,\nwith the exception of client-initiated renegotiation (CVE-2009-3555).\nThis update addresses that issue for jessie.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.6-2+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.6-6+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.6-6.1.

\n

We recommend that you upgrade your pound packages.

\n
\n
\n
\n
", "3254": "
\n

Debian Security Advisory

\n

DSA-3254-1 suricata -- security update

\n
\n
Date Reported:
\n
09 May 2015
\n
Affected Packages:
\n
\nsuricata\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0971.
\n
More information:
\n
\n

Kostya Kortchinsky of the Google Security Team discovered a flaw in the\nDER parser used to decode SSL/TLS certificates in suricata. A remote\nattacker can take advantage of this flaw to cause suricata to crash.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.7-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.8-1.

\n

We recommend that you upgrade your suricata packages.

\n
\n
\n
\n
", "3255": "
\n

Debian Security Advisory

\n

DSA-3255-1 zeromq3 -- security update

\n
\n
Date Reported:
\n
10 May 2015
\n
Affected Packages:
\n
\nzeromq3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 784366.
In Mitre's CVE dictionary: CVE-2014-9721.
\n
More information:
\n
\n

It was discovered that libzmq, a lightweight messaging kernel, is\nsusceptible to a protocol downgrade attack on sockets using the ZMTP v3\nprotocol. This could allow remote attackers to bypass ZMTP v3 security\nmechanisms by sending ZMTP v2 or earlier headers.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.0.5+dfsg-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed in\nversion 4.0.5+dfsg-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.0.5+dfsg-3.

\n

We recommend that you upgrade your zeromq3 packages.

\n
\n
\n
\n
", "3256": "
\n

Debian Security Advisory

\n

DSA-3256-1 libtasn1-6 -- security update

\n
\n
Date Reported:
\n
10 May 2015
\n
Affected Packages:
\n
\nlibtasn1-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3622.
\n
More information:
\n
\n

Hanno Boeck discovered a heap-based buffer overflow flaw in the way\nLibtasn1, a library to manage ASN.1 structures, decoded certain\nDER-encoded input. A specially crafted DER-encoded input could cause an\napplication using the Libtasn1 library to crash, or potentially to\nexecute arbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed in\nversion 4.4-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.4-3.

\n

We recommend that you upgrade your libtasn1-6 packages.

\n
\n
\n
\n
", "3257": "
\n

Debian Security Advisory

\n

DSA-3257-1 mercurial -- security update

\n
\n
Date Reported:
\n
11 May 2015
\n
Affected Packages:
\n
\nmercurial\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783237.
In Mitre's CVE dictionary: CVE-2014-9462.
\n
More information:
\n
\n

Jesse Hertz of Matasano Security discovered that Mercurial, a\ndistributed version control system, is prone to a command injection\nvulnerability via a crafted repository name in a clone command.

\n

For the oldstable distribution (wheezy), this problem has been fixed in\nversion 2.2.2-4+deb7u1. This update also includes a fix for\nCVE-2014-9390 previously scheduled for the next wheezy point release.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.2-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.4-1.

\n

We recommend that you upgrade your mercurial packages.

\n
\n
\n
\n
", "3258": "
\n

Debian Security Advisory

\n

DSA-3258-1 quassel -- security update

\n
\n
Date Reported:
\n
12 May 2015
\n
Affected Packages:
\n
\nquassel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783926.
In Mitre's CVE dictionary: CVE-2015-3427.
\n
More information:
\n
\n

It was discovered that the fix for\nCVE-2013-4422 in quassel, a\ndistributed IRC client, was incomplete. This could allow remote\nattackers to inject SQL queries after a database reconnection (e.g.\nwhen the backend PostgreSQL server is restarted).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:0.10.0-2.3+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed in\nversion 1:0.10.0-2.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.10.0-2.4.

\n

We recommend that you upgrade your quassel packages.

\n
\n
\n
\n
", "3259": "
\n

Debian Security Advisory

\n

DSA-3259-1 qemu -- security update

\n
\n
Date Reported:
\n
13 May 2015
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9718, CVE-2015-1779, CVE-2015-2756, CVE-2015-3456.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the qemu virtualisation\nsolution:

\n
    \n
  • CVE-2014-9718\n

    It was discovered that the IDE controller emulation is susceptible\n to denial of service.

    • \n
  • CVE-2015-1779\n

    Daniel P. Berrange discovered a denial of service vulnerability in\n the VNC web socket decoder.

    • \n
  • CVE-2015-2756\n

    Jan Beulich discovered that unmediated PCI command register could\n result in denial of service.

    • \n
  • CVE-2015-3456\n

    Jason Geffner discovered a buffer overflow in the emulated floppy\n disk drive, resulting in the potential execution of arbitrary code.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u7 of the qemu source package and in version\n1.1.2+dfsg-6+deb7u7 of the qemu-kvm source package. Only CVE-2015-3456\naffects oldstable.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3260": "
\n

Debian Security Advisory

\n

DSA-3260-1 iceweasel -- security update

\n
\n
Date Reported:
\n
13 May 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2011-3079, CVE-2015-0797, CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows and use-after-frees may lead to the execution of\narbitrary code, privilege escalation or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 31.7.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 31.7.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3261": "
\n

Debian Security Advisory

\n

DSA-3261-1 libmodule-signature-perl -- security update

\n
\n
Date Reported:
\n
15 May 2015
\n
Affected Packages:
\n
\nlibmodule-signature-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783451.
In Mitre's CVE dictionary: CVE-2015-3406, CVE-2015-3407, CVE-2015-3408, CVE-2015-3409.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in libmodule-signature-perl, a\nPerl module to manipulate CPAN SIGNATURE files. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2015-3406\n

    John Lightsey discovered that Module::Signature could parse the\n unsigned portion of the SIGNATURE file as the signed portion due to\n incorrect handling of PGP signature boundaries.

    • \n
  • CVE-2015-3407\n

    John Lightsey discovered that Module::Signature incorrectly handles\n files that are not listed in the SIGNATURE file. This includes some\n files in the t/ directory that would execute when tests are run.

    • \n
  • CVE-2015-3408\n

    John Lightsey discovered that Module::Signature uses two argument\n open() calls to read the files when generating checksums from the\n signed manifest. This allows to embed arbitrary shell commands into\n the SIGNATURE file that would execute during the signature\n verification process.

    • \n
  • CVE-2015-3409\n

    John Lightsey discovered that Module::Signature incorrectly handles\n module loading, allowing to load modules from relative paths in\n @INC. A remote attacker providing a malicious module could use this\n issue to execute arbitrary code during signature verification.

    • \n
\n

Note that libtest-signature-perl received an update for compatibility\nwith the fix for CVE-2015-3407\nin libmodule-signature-perl.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.68-1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.73-1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 0.78-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.78-1.

\n

We recommend that you upgrade your libmodule-signature-perl packages.

\n
\n
\n
\n
", "3262": "
\n

Debian Security Advisory

\n

DSA-3262-1 xen -- security update

\n
\n
Date Reported:
\n
18 May 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3456.
\n
More information:
\n
\n

Jason Geffner discovered a buffer overflow in the emulated floppy\ndisk drive, resulting in the potential execution of arbitrary code.\nThis only affects HVM guests.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.4-3+deb7u6.

\n

The stable distribution (jessie) is already fixed through the qemu\nupdate provided as DSA-3259-1.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3263": "
\n

Debian Security Advisory

\n

DSA-3263-1 proftpd-dfsg -- security update

\n
\n
Date Reported:
\n
19 May 2015
\n
Affected Packages:
\n
\nproftpd-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782781.
In Mitre's CVE dictionary: CVE-2015-3306.
\n
More information:
\n
\n

Vadim Melihow discovered that in proftpd-dfsg, an FTP server, the\nmod_copy module allowed unauthenticated users to copy files around on\nthe server, and possibly to execute arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.3.4a-5+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.3.5-1.1+deb8u1.

\n

For the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 1.3.5-2.

\n

We recommend that you upgrade your proftpd-dfsg packages.

\n
\n
\n
\n
", "3264": "
\n

Debian Security Advisory

\n

DSA-3264-1 icedove -- security update

\n
\n
Date Reported:
\n
19 May 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0797, CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nbuffer overflows and use-after-frees may lead to the execution of\narbitrary code, privilege escalation or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 31.7.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 31.7.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3265": "
\n

Debian Security Advisory

\n

DSA-3265-1 zendframework -- security update

\n
\n
Date Reported:
\n
20 May 2015
\n
Affected Packages:
\n
\nzendframework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 743175, Bug 754201.
In Mitre's CVE dictionary: CVE-2014-2681, CVE-2014-2682, CVE-2014-2683, CVE-2014-2684, CVE-2014-2685, CVE-2014-4914, CVE-2014-8088, CVE-2014-8089, CVE-2015-3154.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Zend Framework, a PHP\nframework. Except for CVE-2015-3154, all these issues were already fixed\nin the version initially shipped with Jessie.

\n
    \n
  • CVE-2014-2681\n

    Lukas Reschke reported a lack of protection against XML External\n Entity injection attacks in some functions. This fix extends the\n incomplete one from CVE-2012-5657.

    • \n
  • CVE-2014-2682\n

    Lukas Reschke reported a failure to consider that the\n libxml_disable_entity_loader setting is shared among threads in the\n PHP-FPM case. This fix extends the incomplete one from\n CVE-2012-5657.

    • \n
  • CVE-2014-2683\n

    Lukas Reschke reported a lack of protection against XML Entity\n Expansion attacks in some functions. This fix extends the incomplete\n one from CVE-2012-6532.

    • \n
  • CVE-2014-2684\n

    Christian Mainka and Vladislav Mladenov from the Ruhr-University\n Bochum reported an error in the consumer's verify method that lead\n to acceptance of wrongly sourced tokens.

    • \n
  • CVE-2014-2685\n

    Christian Mainka and Vladislav Mladenov from the Ruhr-University\n Bochum reported a specification violation in which signing of a\n single parameter is incorrectly considered sufficient.

    • \n
  • CVE-2014-4914\n

    Cassiano Dal Pizzol discovered that the implementation of the ORDER\n BY SQL statement in Zend_Db_Select contains a potential SQL\n injection when the query string passed contains parentheses.

    • \n
  • CVE-2014-8088\n

    Yury Dyachenko at Positive Research Center identified potential XML\n eXternal Entity injection vectors due to insecure usage of PHP's DOM\n extension.

    • \n
  • CVE-2014-8089\n

    Jonas Sandstr\u00f6m discovered an SQL injection vector when manually\n quoting value for sqlsrv extension, using null byte.

    • \n
  • CVE-2015-3154\n

    Filippo Tessarotto and Maks3w reported potential CRLF injection\n attacks in mail and HTTP headers.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.11.13-1.1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.9+dfsg-2+deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed\nin version 1.12.12+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.12+dfsg-1.

\n

We recommend that you upgrade your zendframework packages.

\n
\n
\n
\n
", "3266": "
\n

Debian Security Advisory

\n

DSA-3266-1 fuse -- security update

\n
\n
Date Reported:
\n
21 May 2015
\n
Affected Packages:
\n
\nfuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 786439.
In Mitre's CVE dictionary: CVE-2015-3202.
\n
More information:
\n
\n

Tavis Ormandy discovered that FUSE, a Filesystem in USErspace, does not\nscrub the environment before executing mount or umount with elevated\nprivileges. A local user can take advantage of this flaw to overwrite\narbitrary files and gain elevated privileges by accessing debugging\nfeatures via the environment that would not normally be safe for\nunprivileged users.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.9.0-2+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.9.3-15+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your fuse packages.

\n
\n
\n
\n
", "3267": "
\n

Debian Security Advisory

\n

DSA-3267-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
22 May 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1251, CVE-2015-1252, CVE-2015-1253, CVE-2015-1254, CVE-2015-1255, CVE-2015-1256, CVE-2015-1257, CVE-2015-1258, CVE-2015-1259, CVE-2015-1260, CVE-2015-1261, CVE-2015-1262, CVE-2015-1263, CVE-2015-1264, CVE-2015-1265.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1251\n

    SkyLined discovered a use-after-free issue in speech\n recognition.

    • \n
  • CVE-2015-1252\n

    An out-of-bounds write issue was discovered that could be used to\n escape from the sandbox.

    • \n
  • CVE-2015-1253\n

    A cross-origin bypass issue was discovered in the DOM parser.

    • \n
  • CVE-2015-1254\n

    A cross-origin bypass issue was discovered in the DOM editing\n feature.

    • \n
  • CVE-2015-1255\n

    Khalil Zhani discovered a use-after-free issue in WebAudio.

    • \n
  • CVE-2015-1256\n

    Atte Kettunen discovered a use-after-free issue in the SVG\n implementation.

    • \n
  • CVE-2015-1257\n

    miaubiz discovered an overflow issue in the SVG implementation.

    • \n
  • CVE-2015-1258\n

    cloudfuzzer discovered an invalid size parameter used in the\n libvpx library.

    • \n
  • CVE-2015-1259\n

    Atte Kettunen discovered an uninitialized memory issue in the\n pdfium library.

    • \n
  • CVE-2015-1260\n

    Khalil Zhani discovered multiple use-after-free issues in chromium's\n interface to the WebRTC library.

    • \n
  • CVE-2015-1261\n

    Juho Nurminen discovered a URL bar spoofing issue.

    • \n
  • CVE-2015-1262\n

    miaubiz discovered the use of an uninitialized class member in\n font handling.

    • \n
  • CVE-2015-1263\n

    Mike Ruddy discovered that downloading the spellcheck dictionary\n was not done over HTTPS.

    • \n
  • CVE-2015-1264\n

    K0r3Ph1L discovered a cross-site scripting issue that could be\n triggered by bookmarking a site.

    • \n
  • CVE-2015-1265\n

    The chrome 43 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.3.61.21.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 43.0.2357.65-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 43.0.2357.65-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3268": "
\n

Debian Security Advisory

\n

DSA-3268-1 ntfs-3g -- security update

\n
\n
Date Reported:
\n
22 May 2015
\n
Affected Packages:
\n
\nntfs-3g\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 786475.
In Mitre's CVE dictionary: CVE-2015-3202.
\n
More information:
\n
\n

Tavis Ormandy discovered that NTFS-3G, a read-write NTFS driver for\nFUSE, does not scrub the environment before executing mount or umount\nwith elevated privileges. A local user can take advantage of this flaw\nto overwrite arbitrary files and gain elevated privileges by accessing\ndebugging features via the environment that would not normally be safe\nfor unprivileged users.

\n

For the oldstable distribution (wheezy), this problem has been fixed in\nversion 1:2012.1.15AR.5-2.1+deb7u1. Note that this issue does not affect\nthe binary packages distributed in Debian in wheezy as ntfs-3g does not\nuse the embedded fuse-lite library.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2014.2.15AR.2-1+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your ntfs-3g packages.

\n
\n
\n
\n
", "3269": "
\n

Debian Security Advisory

\n

DSA-3269-1 postgresql-9.1 -- security update

\n
\n
Date Reported:
\n
22 May 2015
\n
Affected Packages:
\n
\npostgresql-9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3165, CVE-2015-3166, CVE-2015-3167.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL\ndatabase system.

\n
    \n

  • CVE-2015-3165\n (Remote crash)

    \n

    SSL clients disconnecting just before the authentication timeout\n expires can cause the server to crash.

    • \n

  • CVE-2015-3166\n (Information exposure)

    \n

    The replacement implementation of snprintf() failed to check for\n errors reported by the underlying system library calls; the main\n case that might be missed is out-of-memory situations. In the worst\n case this might lead to information exposure.

    • \n

  • CVE-2015-3167\n (Possible side-channel key exposure)

    \n

    In contrib/pgcrypto, some cases of decryption with an incorrect key\n could report other error message texts. Fix by using a\n one-size-fits-all message.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 9.1.16-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.1.16-0+deb8u1. (Jessie contains a reduced postgresql-9.1\npackage; only CVE-2015-3166 is fixed in the produced binary package\npostgresql-plperl-9.1. We recommend to upgrade to postgresql-9.4 to get\nthe full set of fixes. See the Jessie release notes for details.)

\n

The testing distribution (stretch) and the unstable distribution (sid)\ndo not contain the postgresql-9.1 package.

\n

We recommend that you upgrade your postgresql-9.1 packages.

\n
\n
\n
\n
", "3270": "
\n

Debian Security Advisory

\n

DSA-3270-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
22 May 2015
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3165, CVE-2015-3166, CVE-2015-3167.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.

\n
    \n

  • CVE-2015-3165\n(Remote crash)

    \n

    SSL clients disconnecting just before the authentication timeout\n expires can cause the server to crash.

    • \n

  • CVE-2015-3166\n(Information exposure)

    \n

    The replacement implementation of snprintf() failed to check for\n errors reported by the underlying system library calls; the main\n case that might be missed is out-of-memory situations. In the worst\n case this might lead to information exposure.

    • \n

  • CVE-2015-3167\n(Possible side-channel key exposure)

    \n

    In contrib/pgcrypto, some cases of decryption with an incorrect key\n could report other error message texts. Fix by using a\n one-size-fits-all message.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.2-0+deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.4.2-1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3271": "
\n

Debian Security Advisory

\n

DSA-3271-1 nbd -- security update

\n
\n
Date Reported:
\n
23 May 2015
\n
Affected Packages:
\n
\nnbd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 781547, Bug 784657.
In Mitre's CVE dictionary: CVE-2013-7441, CVE-2015-0847.
\n
More information:
\n
\n

Tuomas R\u00e4s\u00e4nen discovered that unsafe signal handling in nbd-server, the\nserver for the Network Block Device protocol, could allow remote\nattackers to cause a deadlock in the server process and thus a denial of\nservice.

\n

Tuomas R\u00e4s\u00e4nen also discovered that the modern-style negotiation was\ncarried out in the main server process before forking the actual client\nhandler. This could allow a remote attacker to cause a denial of service\n(crash) by querying a non-existent export. This issue only affected the\noldstable distribution (wheezy).

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.2-4~deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:3.8-4+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:3.10-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:3.10-1.

\n

We recommend that you upgrade your nbd packages.

\n
\n
\n
\n
", "3272": "
\n

Debian Security Advisory

\n

DSA-3272-1 ipsec-tools -- security update

\n
\n
Date Reported:
\n
23 May 2015
\n
Affected Packages:
\n
\nipsec-tools\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 785778.
In Mitre's CVE dictionary: CVE-2015-4047.
\n
More information:
\n
\n

Javantea discovered a NULL pointer dereference flaw in racoon, the\nInternet Key Exchange daemon of ipsec-tools. A remote attacker can use\nthis flaw to cause the IKE daemon to crash via specially crafted UDP\npackets, resulting in a denial of service.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:0.8.0-14+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:0.8.2+20140711-2+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your ipsec-tools packages.

\n
\n
\n
\n
", "3273": "
\n

Debian Security Advisory

\n

DSA-3273-1 tiff -- security update

\n
\n
Date Reported:
\n
25 May 2015
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-9330, CVE-2014-9655.
\n
More information:
\n
\n

William Robinet and Michal Zalewski discovered multiple vulnerabilities\nin the TIFF library and its tools, which may result in denial of\nservice or the execution of arbitrary code if a malformed TIFF file\nis processed.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u4.

\n

For the stable distribution (jessie), these problems have been fixed\nbefore the initial release.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "3274": "
\n

Debian Security Advisory

\n

DSA-3274-1 virtualbox -- security update

\n
\n
Date Reported:
\n
28 May 2015
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3456.
\n
More information:
\n
\n

Jason Geffner discovered a buffer overflow in the emulated floppy\ndisk drive, resulting in potential privilege escalation.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.18-dfsg-2+deb7u5.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.3.18-dfsg-3+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.3.28-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "3275": "
\n

Debian Security Advisory

\n

DSA-3275-1 fusionforge -- security update

\n
\n
Date Reported:
\n
30 May 2015
\n
Affected Packages:
\n
\nfusionforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0850.
\n
More information:
\n
\n

Ansgar Burchardt discovered that the Git plugin for FusionForge, a\nweb-based project-management and collaboration software, does not\nsufficiently validate user provided input as parameter to the method to\ncreate secondary Git repositories. A remote attacker can use this flaw\nto execute arbitrary code as root via a specially crafted URL.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.3.2+20141104-3+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your fusionforge packages.

\n
\n
\n
\n
", "3276": "
\n

Debian Security Advisory

\n

DSA-3276-1 symfony -- security update

\n
\n
Date Reported:
\n
31 May 2015
\n
Affected Packages:
\n
\nsymfony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4050.
\n
More information:
\n
\n

Jakub Zalas discovered that Symfony, a framework to create websites and\nweb applications, was vulnerable to restriction bypass. It was\naffecting applications with ESI or SSI support enabled, that use the\nFragmentListener. A malicious user could call any controller via the\n/_fragment path by providing an invalid hash in the URL (or removing\nit), bypassing URL signing and security rules.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.21+dfsg-4+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.7.0~beta2+dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7.0~beta2+dfsg-2.

\n

We recommend that you upgrade your symfony packages.

\n
\n
\n
\n
", "3277": "
\n

Debian Security Advisory

\n

DSA-3277-1 wireshark -- security update

\n
\n
Date Reported:
\n
02 Jun 2015
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3808, CVE-2015-3809, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2015-3814, CVE-2015-3815, CVE-2015-3906.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nLBMR, web sockets, WCP, X11, IEEE 802.11 and Android Logcat, which could\nresult in denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy16.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.12.5+g5819e5b-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.5+g5819e5b-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3278": "
\n

Debian Security Advisory

\n

DSA-3278-1 libapache-mod-jk -- security update

\n
\n
Date Reported:
\n
03 Jun 2015
\n
Affected Packages:
\n
\nlibapache-mod-jk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783233.
In Mitre's CVE dictionary: CVE-2014-8111.
\n
More information:
\n
\n

An information disclosure flaw due to incorrect JkMount/JkUnmount\ndirectives processing was found in the Apache 2 module mod_jk to forward\nrequests from the Apache web server to Tomcat. A JkUnmount rule for a\nsubtree of a previous JkMount rule could be ignored. This could allow a\nremote attacker to potentially access a private artifact in a tree that\nwould otherwise not be accessible to them.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:1.2.37-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:1.2.37-4+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:1.2.40+svn150520-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.2.40+svn150520-1.

\n

We recommend that you upgrade your libapache-mod-jk packages.

\n
\n
\n
\n
", "3279": "
\n

Debian Security Advisory

\n

DSA-3279-1 redis -- security update

\n
\n
Date Reported:
\n
06 Jun 2015
\n
Affected Packages:
\n
\nredis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4335.
\n
More information:
\n
\n

It was discovered that redis, a persistent key-value database, could\nexecute insecure Lua bytecode by way of the EVAL command. This could\nallow remote attackers to break out of the Lua sandbox and execute\narbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:2.8.17-1+deb8u1.

\n

For the testing distribution (stretch), this problem will be fixed\nin version 2:3.0.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.0.2-1.

\n

We recommend that you upgrade your redis packages.

\n
\n
\n
\n
", "3280": "
\n

Debian Security Advisory

\n

DSA-3280-1 php5 -- security update

\n
\n
Date Reported:
\n
07 Jun 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2783, CVE-2015-3329, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in PHP:

\n
    \n
  • CVE-2015-4025 /\n CVE-2015-4026\n

    Multiple function didn't check for NULL bytes in path names.

    • \n
  • CVE-2015-4024\n

    Denial of service when processing multipart/form-data requests.

    • \n
  • CVE-2015-4022\n

    Integer overflow in the ftp_genlist() function may result in\n denial of service or potentially the execution of arbitrary code.

    • \n
  • CVE-2015-4021\nCVE-2015-3329\nCVE-2015-2783\n

    Multiple vulnerabilities in the phar extension may result in\n denial of service or potentially the execution of arbitrary code\n when processing malformed archives.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.41-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.9+dfsg-0+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 5.6.9+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.6.9+dfsg-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3281": "
\n

Debian Security Advisory

\n

DSA-3281-1 -- Debian Security Team PGP/GPG key change notice

\n
\n
Date Reported:
\n
07 Jun 2015
\n
Affected Packages:
\n
\n \n
\n
Vulnerable:
\n
No
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This is a notice that the Debian Security Team has changed its PGP/GPG\ncontact key because of a periodic regular key rollover.

\n

The new key's fingerprint is:

\n0D59 D2B1 5144 766A 14D2 41C6 6BAF 400B 05C3 E651\n

The creation date is 2015-01-18 and it has been signed by the previous\nSecurity Team contact key and several individual team members.

\n

Please use the new key from now on for encrypted communication with the\nDebian Security Team. You can obtain the new key from a keyserver, e.g.\npgp.surfnet.nl.

\n

Our website has been updated to reflect this change.

\n

Note that this concerns only the key used for communication with the\nteam. The keys used to sign the security.debian.org APT archive or\nthe keys used to sign the security advisories have not changed.

\n
\n
\n
\n
", "3282": "
\n

Debian Security Advisory

\n

DSA-3282-1 strongswan -- security update

\n
\n
Date Reported:
\n
08 Jun 2015
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4171.
\n
More information:
\n
\n

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec\nsuite used to establish IPsec protected links.

\n

When an IKEv2 client authenticates the server with certificates and the\nclient authenticates itself to the server using pre-shared key or EAP,\nthe constraints on the server certificate are only enforced by the\nclient after all authentication steps are completed successfully. A\nrogue server which can authenticate using a valid certificate issued by\nany CA trusted by the client could trick the user into continuing the\nauthentication, revealing the username and password digest (for EAP) or\neven the cleartext password (if EAP-GTC is accepted).

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u7.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 5.3.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.1-1.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "3283": "
\n

Debian Security Advisory

\n

DSA-3283-1 cups -- security update

\n
\n
Date Reported:
\n
09 Jun 2015
\n
Affected Packages:
\n
\ncups\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1158, CVE-2015-1159.
\n
More information:
\n
\n

It was discovered that CUPS, the Common UNIX Printing System, is\nvulnerable to a remotely triggerable privilege escalation via cross-site\nscripting and bad print job submission used to replace cupsd.conf on the\nCUPS server.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.5.3-5+deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.5-11+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.7.5-12.

\n

We recommend that you upgrade your cups packages.

\n
\n
\n
\n
", "3284": "
\n

Debian Security Advisory

\n

DSA-3284-1 qemu -- security update

\n
\n
Date Reported:
\n
13 Jun 2015
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 787547, Bug 788460.
In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4037, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator.

\n
    \n
  • CVE-2015-3209\n

    Matt Tait of Google's Project Zero security team discovered a flaw\n in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\n packets with a length above 4096 bytes. A privileged guest user in a\n guest with an AMD PCNet ethernet card enabled can potentially use\n this flaw to execute arbitrary code on the host with the privileges\n of the hosting QEMU process.

    • \n
  • CVE-2015-4037\n

    Kurt Seifried of Red Hat Product Security discovered that QEMU's\n user mode networking stack uses predictable temporary file names\n when the -smb option is used. An unprivileged user can use this flaw\n to cause a denial of service.

    • \n
  • CVE-2015-4103\n

    Jan Beulich of SUSE discovered that the QEMU Xen code does not\n properly restrict write access to the host MSI message data field,\n allowing a malicious guest to cause a denial of service.

    • \n
  • CVE-2015-4104\n

    Jan Beulich of SUSE discovered that the QEMU Xen code does not\n properly restrict access to PCI MSI mask bits, allowing a malicious\n guest to cause a denial of service.

    • \n
  • CVE-2015-4105\n

    Jan Beulich of SUSE reported that the QEMU Xen code enables\n logging for PCI MSI-X pass-through error messages, allowing a\n malicious guest to cause a denial of service.

    • \n
  • CVE-2015-4106\n

    Jan Beulich of SUSE discovered that the QEMU Xen code does not\n properly restrict write access to the PCI config space for certain\n PCI pass-through devices, allowing a malicious guest to cause a\n denial of service, obtain sensitive information or potentially\n execute arbitrary code.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u8. Only CVE-2015-3209 and CVE-2015-4037\naffect oldstable.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:2.3+dfsg-6.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3285": "
\n

Debian Security Advisory

\n

DSA-3285-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
13 Jun 2015
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 788460.
In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4037.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2015-3209\n

    Matt Tait of Google's Project Zero security team discovered a flaw\n in the way QEMU's AMD PCnet Ethernet emulation handles multi-TMD\n packets with a length above 4096 bytes. A privileged guest user in a\n guest with an AMD PCNet ethernet card enabled can potentially use\n this flaw to execute arbitrary code on the host with the privileges\n of the hosting QEMU process.

    • \n
  • CVE-2015-4037\n

    Kurt Seifried of Red Hat Product Security discovered that QEMU's\n user mode networking stack uses predictable temporary file names\n when the -smb option is used. An unprivileged user can use this flaw\n to cause a denial of service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u8.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3286": "
\n

Debian Security Advisory

\n

DSA-3286-1 xen -- security update

\n
\n
Date Reported:
\n
13 Jun 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3209, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106, CVE-2015-4163, CVE-2015-4164.
\n
More information:
\n
\n

Multiple security issues have been found in the Xen virtualisation\nsolution:

\n
    \n
  • CVE-2015-3209\n

    Matt Tait discovered a flaw in the way QEMU's AMD PCnet Ethernet\n emulation handles multi-TMD packets with a length above 4096 bytes.\n A privileged guest user in a guest with an AMD PCNet ethernet card\n enabled can potentially use this flaw to execute arbitrary code on\n the host with the privileges of the hosting QEMU process.

    • \n
  • CVE-2015-4103\n

    Jan Beulich discovered that the QEMU Xen code does not properly\n restrict write access to the host MSI message data field, allowing\n a malicious guest to cause a denial of service.

    • \n
  • CVE-2015-4104\n

    Jan Beulich discovered that the QEMU Xen code does not properly\n restrict access to PCI MSI mask bits, allowing a malicious guest to\n cause a denial of service.

    • \n
  • CVE-2015-4105\n

    Jan Beulich reported that the QEMU Xen code enables logging for PCI\n MSI-X pass-through error messages, allowing a malicious guest to\n cause a denial of service.

    • \n
  • CVE-2015-4106\n

    Jan Beulich discovered that the QEMU Xen code does not properly restrict\n write access to the PCI config space for certain PCI pass-through devices,\n allowing a malicious guest to cause a denial of service, obtain sensitive\n information or potentially execute arbitrary code.

    • \n
  • CVE-2015-4163\n

    Jan Beulich discovered that a missing version check in the\n GNTTABOP_swap_grant_ref hypercall handler may result in denial of service.\n This only applies to Debian stable/jessie.

    • \n
  • CVE-2015-4164\n

    Andrew Cooper discovered a vulnerability in the iret hypercall handler,\n which may result in denial of service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.1.4-3+deb7u8.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u1. CVE-2015-3209, CVE-2015-4103, CVE-2015-4104,\nCVE-2015-4105 and CVE-2015-4106 don't affect the Xen package in stable\njessie, it uses the standard qemu package and has already been fixed in\nDSA-3284-1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3287": "
\n

Debian Security Advisory

\n

DSA-3287-1 openssl -- security update

\n
\n
Date Reported:
\n
13 Jun 2015
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-4000.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets\nLayer toolkit.

\n
    \n
  • CVE-2014-8176\n

    Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered\n that an invalid memory free could be triggered when buffering DTLS\n data. This could allow remote attackers to cause a denial of service\n (crash) or potentially execute arbitrary code. This issue only\n affected the oldstable distribution (wheezy).

    • \n
  • CVE-2015-1788\n

    Joseph Barr-Pixton discovered that an infinite loop could be triggered\n due to incorrect handling of malformed ECParameters structures. This\n could allow remote attackers to cause a denial of service.

    • \n
  • CVE-2015-1789\n

    Robert Swiecki and Hanno B\u00f6ck discovered that the X509_cmp_time\n function could read a few bytes out of bounds. This could allow remote\n attackers to cause a denial of service (crash) via crafted\n certificates and CRLs.

    • \n
  • CVE-2015-1790\n

    Michal Zalewski discovered that the PKCS#7 parsing code did not\n properly handle missing content which could lead to a NULL pointer\n dereference. This could allow remote attackers to cause a denial of\n service (crash) via crafted ASN.1-encoded PKCS#7 blobs.

    • \n
  • CVE-2015-1791\n

    Emilia K\u00e4sper discovered that a race condition could occur due to\n incorrect handling of NewSessionTicket in a multi-threaded client,\n leading to a double free. This could allow remote attackers to cause\n a denial of service (crash).

    • \n
  • CVE-2015-1792\n

    Johannes Bauer discovered that the CMS code could enter an infinite\n loop when verifying a signedData message, if presented with an\n unknown hash function OID. This could allow remote attackers to cause\n a denial of service.

    • \n
\n

Additionally OpenSSL will now reject handshakes using DH parameters\n\tshorter than 768 bits as a countermeasure against the Logjam attack\n\t(CVE-2015-4000).

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3288": "
\n

Debian Security Advisory

\n

DSA-3288-1 libav -- security update

\n
\n
Date Reported:
\n
13 Jun 2015
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3395, CVE-2015-3417.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at \nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 6:11.4-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 6:11.4-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6:11.4-1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3289": "
\n

Debian Security Advisory

\n

DSA-3289-1 p7zip -- security update

\n
\n
Date Reported:
\n
15 Jun 2015
\n
Affected Packages:
\n
\np7zip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 774660.
In Mitre's CVE dictionary: CVE-2015-1038.
\n
More information:
\n
\n

Alexander Cherepanov discovered that p7zip is susceptible to a\ndirectory traversal vulnerability. While extracting an archive, it\nwill extract symlinks and then follow them if they are referenced in\nfurther entries. This can be exploited by a rogue archive to write\nfiles outside the current directory.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 9.20.1~dfsg.1-4+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 9.20.1~dfsg.1-4.1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 9.20.1~dfsg.1-4.2.

\n

We recommend that you upgrade your p7zip packages.

\n
\n
\n
\n
", "3290": "
\n

Debian Security Advisory

\n

DSA-3290-1 linux -- security update

\n
\n
Date Reported:
\n
18 Jun 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1805, CVE-2015-3636, CVE-2015-4167.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information leaks\nor data corruption.

\n
    \n
  • CVE-2015-1805\n

    Red Hat discovered that the pipe iovec read and write\n implementations may iterate over the iovec twice but will modify the\n iovec such that the second iteration accesses the wrong memory. A\n local user could use this flaw to crash the system or possibly for\n privilege escalation. This may also result in data corruption and\n information leaks in pipes between non-malicious processes.

    • \n
  • CVE-2015-3636\n

    Wen Xu and wushi of KeenTeam discovered that users allowed to create\n ping sockets can use them to crash the system and, on 32-bit\n architectures, for privilege escalation. However, by default, no\n users on a Debian system have access to ping sockets.

    • \n
  • CVE-2015-4167\n

    Carl Henrik Lunde discovered that the UDF implementation is missing\n a necessary length checks. A local user that can mount devices could\n use this flaw to crash the system.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u2.

\n

For the stable distribution (jessie), these problems were fixed in\nversion 3.16.7-ckt11-1 or earlier, except for CVE-2015-4167 which will\nbe fixed later.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3291": "
\n

Debian Security Advisory

\n

DSA-3291-1 drupal7 -- security update

\n
\n
Date Reported:
\n
18 Jun 2015
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3231, CVE-2015-3232, CVE-2015-3233, CVE-2015-3234.
\n
More information:
\n
\n

Several vulnerabilities were found in drupal7, a content management\nplatform used to power websites.

\n
    \n
  • CVE-2015-3231\n

    Incorrect cache handling made private content viewed by user 1\n exposed to other, non-privileged users.

    • \n
  • CVE-2015-3232\n

    A flaw in the Field UI module made it possible for attackers to\n redirect users to malicious sites.

    • \n
  • CVE-2015-3233\n

    Due to insufficient URL validation, the Overlay module could be\n used to redirect users to malicious sites.

    • \n
  • CVE-2015-3234\n

    The OpenID module allowed an attacker to log in as other users,\n including administrators.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7.14-2+deb7u10.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.32-1+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.38.1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3292": "
\n

Debian Security Advisory

\n

DSA-3292-1 cinder -- security update

\n
\n
Date Reported:
\n
19 Jun 2015
\n
Affected Packages:
\n
\ncinder\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 788996.
In Mitre's CVE dictionary: CVE-2015-1851.
\n
More information:
\n
\n

Bastian Blank from credativ discovered that cinder, a\nstorage-as-a-service system for the OpenStack cloud computing suite,\ncontained a bug that would allow an authenticated user to read any\nfile from the cinder server.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2014.1.3-11+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2015.1.0+2015.06.16.git26.9634b76ba5-1.

\n

We recommend that you upgrade your cinder packages.

\n
\n
\n
\n
", "3293": "
\n

Debian Security Advisory

\n

DSA-3293-1 pyjwt -- security update

\n
\n
Date Reported:
\n
20 Jun 2015
\n
Affected Packages:
\n
\npyjwt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 781640.
\n
More information:
\n
\n

Tim McLean discovered that pyjwt, a Python implementation of JSON Web\nToken, would try to verify an HMAC signature using an RSA or ECDSA public\nkey as secret. This could allow remote attackers to trick applications\nexpecting tokens signed with asymmetric keys, into accepting arbitrary\ntokens. For more information see: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-1+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your pyjwt packages.

\n
\n
\n
\n
", "3294": "
\n

Debian Security Advisory

\n

DSA-3294-1 wireshark -- security update

\n
\n
Date Reported:
\n
23 Jun 2015
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4651, CVE-2015-4652.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for WCCP\nand GSM DTAP, which could result in denial of service.

\n

The oldstable distribution (wheezy) is not affected.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.12.6+gee1fce6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.6+gee1fce6-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3295": "
\n

Debian Security Advisory

\n

DSA-3295-1 cacti -- security update

\n
\n
Date Reported:
\n
24 Jun 2015
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2665, CVE-2015-2967, CVE-2015-4342, CVE-2015-4454.
\n
More information:
\n
\n

Several vulnerabilities (cross-site scripting and SQL injection) have\nbeen discovered in Cacti, a web interface for graphing of monitoring\nsystems.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.8a+dfsg-5+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-8+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8d+ds1-1.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "3296": "
\n

Debian Security Advisory

\n

DSA-3296-1 libcrypto++ -- security update

\n
\n
Date Reported:
\n
29 Jun 2015
\n
Affected Packages:
\n
\nlibcrypto++\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2141.
\n
More information:
\n
\n

Evgeny Sidorov discovered that libcrypto++, a general purpose C++\ncryptographic library, did not properly implement blinding to mask\nprivate key operations for the Rabin-Williams digital signature\nalgorithm. This could allow remote attackers to mount a timing attack\nand retrieve the user's private key.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 5.6.1-6+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u1.

\n

For the testing distribution (stretch), this problem will be fixed\nin version 5.6.1-7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.6.1-7.

\n

We recommend that you upgrade your libcrypto++ packages.

\n
\n
\n
\n
", "3297": "
\n

Debian Security Advisory

\n

DSA-3297-1 unattended-upgrades -- security update

\n
\n
Date Reported:
\n
29 Jun 2015
\n
Affected Packages:
\n
\nunattended-upgrades\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1330.
\n
More information:
\n
\n

It was discovered that unattended-upgrades, a script for automatic\ninstallation of security upgrades, did not properly authenticate\ndownloaded packages when the force-confold or force-confnew dpkg options\nwere enabled via the DPkg::Options::* apt configuration.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.79.5+wheezy2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.83.3.2+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed shortly.

\n

We recommend that you upgrade your unattended-upgrades packages.

\n
\n
\n
\n
", "3298": "
\n

Debian Security Advisory

\n

DSA-3298-1 jackrabbit -- security update

\n
\n
Date Reported:
\n
01 Jul 2015
\n
Affected Packages:
\n
\njackrabbit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1833.
\n
More information:
\n
\n

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a\nXXE/XEE attack. When processing a WebDAV request body containing XML,\nthe XML parser could be instructed to read content from network\nresources accessible to the host, identified by URI schemes such as\nhttp(s) or file. Depending on the WebDAV request, this could not\nonly be used to trigger internal network requests, but might also be\nused to insert said content into the request, potentially exposing it to\nthe attacker and others.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.3.6-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.6-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.10.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.10.1-1.

\n

We recommend that you upgrade your jackrabbit packages.

\n
\n
\n
\n
", "3299": "
\n

Debian Security Advisory

\n

DSA-3299-1 stunnel4 -- security update

\n
\n
Date Reported:
\n
02 Jul 2015
\n
Affected Packages:
\n
\nstunnel4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 785352.
In Mitre's CVE dictionary: CVE-2015-3644.
\n
More information:
\n
\n

Johan Olofsson discovered an authentication bypass vulnerability in\nStunnel, a program designed to work as an universal SSL tunnel for\nnetwork daemons. When Stunnel in server mode is used with the redirect\noption and certificate-based authentication is enabled with verify = 2\nor higher, then only the initial connection is redirected to the hosts\nspecified with redirect. This allows a remote attacker to bypass\nauthentication.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3:5.06-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3:5.18-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3:5.18-1.

\n

We recommend that you upgrade your stunnel4 packages.

\n
\n
\n
\n
", "3300": "
\n

Debian Security Advisory

\n

DSA-3300-1 iceweasel -- security update

\n
\n
Date Reported:
\n
04 Jul 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2743, CVE-2015-4000, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2728, CVE-2015-2731, CVE-2015-2724.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as\nthe LogJam vulnerability.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 31.8.0esr-1~deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 31.8.0esr-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 38.1.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3301": "
\n

Debian Security Advisory

\n

DSA-3301-1 haproxy -- security update

\n
\n
Date Reported:
\n
05 Jul 2015
\n
Affected Packages:
\n
\nhaproxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3281.
\n
More information:
\n
\n

Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast\nand reliable load balancing reverse proxy, when HTTP pipelining is used.\nA client can take advantage of this flaw to cause data corruption and\nretrieve uninitialized memory contents that exhibit data from a past\nrequest or session.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.8-3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.14-1.

\n

We recommend that you upgrade your haproxy packages.

\n
\n
\n
\n
", "3302": "
\n

Debian Security Advisory

\n

DSA-3302-1 libwmf -- security update

\n
\n
Date Reported:
\n
06 Jul 2015
\n
Affected Packages:
\n
\nlibwmf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696.
\n
More information:
\n
\n

Insufficient input sanitising in libwmf, a library to process Windows\nmetafile data, may result in denial of service or the execution of\narbitrary code if a malformed WMF file is opened.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.2.8.4-10.3+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.2.8.4-10.3+deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your libwmf packages.

\n
\n
\n
\n
", "3303": "
\n

Debian Security Advisory

\n

DSA-3303-1 cups-filters -- security update

\n
\n
Date Reported:
\n
07 Jul 2015
\n
Affected Packages:
\n
\ncups-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3258, CVE-2015-3279.
\n
More information:
\n
\n

It was discovered that the texttopdf utility, part of cups-filters, was\nsusceptible to multiple heap-based buffer overflows due to improper\nhandling of print jobs with a specially crafted line size. This could\nallow remote attackers to crash texttopdf or possibly execute arbitrary\ncode.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.18-2.1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.61-5+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.71-1.

\n

We recommend that you upgrade your cups-filters packages.

\n
\n
\n
\n
", "3304": "
\n

Debian Security Advisory

\n

DSA-3304-1 bind9 -- security update

\n
\n
Date Reported:
\n
07 Jul 2015
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4620.
\n
More information:
\n
\n

Breno Silveira Soares of Servico Federal de Processamento de Dados\n(SERPRO) discovered that the BIND DNS server is prone to a denial of\nservice vulnerability. A remote attacker who can cause a validating\nresolver to query a zone containing specifically constructed contents\ncan cause the resolver to terminate with an assertion failure, resulting\nin a denial of service to clients relying on the resolver.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3305": "
\n

Debian Security Advisory

\n

DSA-3305-1 python-django -- security update

\n
\n
Date Reported:
\n
08 Jul 2015
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5143, CVE-2015-5144.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework:

\n
    \n
  • CVE-2015-5143\n

    Eric Peterson and Lin Hua Cheng discovered that a new empty record\n used to be created in the session storage every time a session was\n accessed and an unknown session key was provided in the request\n cookie. This could allow remote attackers to saturate the session\n store or cause other users' session records to be evicted.

    • \n
  • CVE-2015-5144\n

    Sjoerd Job Postmus discovered that some built-in validators did not\n properly reject newlines in input values. This could allow remote\n attackers to inject headers in emails and HTTP responses.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u12.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.7-1+deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3306": "
\n

Debian Security Advisory

\n

DSA-3306-1 pdns -- security update

\n
\n
Date Reported:
\n
09 Jul 2015
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5470.
\n
More information:
\n
\n

Toshifumi Sakaguchi discovered that the patch applied to pdns, an\nauthoritative DNS server, fixing\nCVE-2015-1868, was insufficient in\nsome cases, allowing remote attackers to cause a denial of service\n(service-affecting CPU spikes and in some cases a crash).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.1-4+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.4.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.4.5-1.

\n

We recommend that you upgrade your pdns packages.

\n
\n
\n
\n
", "3307": "
\n

Debian Security Advisory

\n

DSA-3307-1 pdns-recursor -- security update

\n
\n
Date Reported:
\n
09 Jul 2015
\n
Affected Packages:
\n
\npdns-recursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5470.
\n
More information:
\n
\n

Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor,\na recursive DNS server, fixing\nCVE-2015-1868, was insufficient in some\ncases, allowing remote attackers to cause a denial of service\n(service-affecting CPU spikes and in some cases a crash).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.6.2-2+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.7.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.7.3-1.

\n

We recommend that you upgrade your pdns-recursor packages.

\n
\n
\n
\n
", "3308": "
\n

Debian Security Advisory

\n

DSA-3308-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
18 Jul 2015
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 792445.
In Mitre's CVE dictionary: CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.44. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.44-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.44-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3309": "
\n

Debian Security Advisory

\n

DSA-3309-1 tidy -- security update

\n
\n
Date Reported:
\n
18 Jul 2015
\n
Affected Packages:
\n
\ntidy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 792571.
In Mitre's CVE dictionary: CVE-2015-5522, CVE-2015-5523.
\n
More information:
\n
\n

Fernando Mu\u00f1oz discovered that invalid HTML input passed to tidy, an\nHTML syntax checker and reformatter, could trigger a buffer overflow.\nThis could allow remote attackers to cause a denial of service (crash)\nor potentially execute arbitrary code.

\n

Geoff McLane also discovered that a similar issue could trigger an\ninteger overflow, leading to a memory allocation of 4GB. This could\nallow remote attackers to cause a denial of service by saturating the\ntarget's memory.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 20091223cvs-1.2+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 20091223cvs-1.4+deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your tidy packages.

\n
\n
\n
\n
", "3310": "
\n

Debian Security Advisory

\n

DSA-3310-1 freexl -- security update

\n
\n
Date Reported:
\n
19 Jul 2015
\n
Affected Packages:
\n
\nfreexl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

It was discovered that an integer overflow in freexl, a library to parse\nMicrosoft Excel spreadsheets may result in denial of service if a\nmalformed Excel file is opened.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.0.0b-1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.0g-1+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.0.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.0.2-1.

\n

We recommend that you upgrade your freexl packages.

\n
\n
\n
\n
", "3311": "
\n

Debian Security Advisory

\n

DSA-3311-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
20 Jul 2015
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2643, CVE-2015-2648, CVE-2015-3152, CVE-2015-4752, CVE-2015-4757.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.20. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.20-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.20-1 or earlier versions.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3312": "
\n

Debian Security Advisory

\n

DSA-3312-1 cacti -- security update

\n
\n
Date Reported:
\n
22 Jul 2015
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4634.
\n
More information:
\n
\n

Multiple SQL injection vulnerabilities were discovered in cacti, a web\ninterface for graphing of monitoring systems.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.8.8a+dfsg-5+deb7u6.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.8.8b+dfsg-8+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.8.8e+ds1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.8e+ds1-1.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "3313": "
\n

Debian Security Advisory

\n

DSA-3313-1 linux -- security update

\n
\n
Date Reported:
\n
23 Jul 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3290, CVE-2015-3291, CVE-2015-4167, CVE-2015-5157, CVE-2015-5364, CVE-2015-5366.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation or denial of service.

\n
    \n
  • CVE-2015-3290\n

    Andy Lutomirski discovered that the Linux kernel does not properly\n handle nested NMIs. A local, unprivileged user could use this flaw\n for privilege escalation.

    • \n
  • CVE-2015-3291\n

    Andy Lutomirski discovered that under certain conditions a malicious\n userspace program can cause the kernel to skip NMIs leading to a\n denial of service.

    • \n
  • CVE-2015-4167\n

    Carl Henrik Lunde discovered that the UDF implementation is missing\n a necessary length check. A local user that can mount devices could\n use this flaw to crash the system.

    • \n
  • CVE-2015-5157\n

    Petr Matousek and Andy Lutomirski discovered that an NMI that\n interrupts userspace and encounters an IRET fault is incorrectly\n handled. A local, unprivileged user could use this flaw for denial\n of service or possibly for privilege escalation.

    • \n
  • CVE-2015-5364\n

    It was discovered that the Linux kernel does not properly handle\n invalid UDP checksums. A remote attacker could exploit this flaw to\n cause a denial of service using a flood of UDP packets with invalid\n checksums.

    • \n
  • CVE-2015-5366\n

    It was discovered that the Linux kernel does not properly handle\n invalid UDP checksums. A remote attacker can cause a denial of\n service against applications that use epoll by injecting a single\n packet with an invalid checksum.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.8-2 or earlier versions.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3314": "
\n

Debian Security Advisory

\n

DSA-3314-1 typo3-src -- end of life

\n
\n
Date Reported:
\n
23 Jul 2015
\n
Affected Packages:
\n
\ntypo3-src\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Upstream security support for Typo3 4.5.x ended three months ago and the\nsame now applies to the Debian packages as well.

\n

Newer versions of Typo3 are no longer packaged in Debian, so the\nrecommended alternative is to migrate to a custom installation of Typo3\n6.2.x (the current long term branch).

\n

If you cannot migrate for some reason, commercial support for 4.5 is\nstill available. Please see\nhttps://typo3.org/news/article/announcing-typo3-45-lts-regular-end-of-life-eol/\nfor additional information.

\n
\n
\n
\n
", "3315": "
\n

Debian Security Advisory

\n

DSA-3315-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
23 Jul 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269, CVE-2015-1270, CVE-2015-1271, CVE-2015-1272, CVE-2015-1273, CVE-2015-1274, CVE-2015-1276, CVE-2015-1277, CVE-2015-1278, CVE-2015-1279, CVE-2015-1280, CVE-2015-1281, CVE-2015-1282, CVE-2015-1283, CVE-2015-1284, CVE-2015-1285, CVE-2015-1286, CVE-2015-1287, CVE-2015-1288, CVE-2015-1289.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1266\n

    Intended access restrictions could be bypassed for certain URLs like\n chrome://gpu.

    • \n
  • CVE-2015-1267\n

    A way to bypass the Same Origin Policy was discovered.

    • \n
  • CVE-2015-1268\n

    Mariusz Mlynski also discovered a way to bypass the Same Origin Policy.

    • \n
  • CVE-2015-1269\n

    Mike Rudy discovered that hostnames were not properly compared in the\n HTTP Strict Transport Policy and HTTP Public Key Pinning features,\n which could allow those access restrictions to be bypassed.

    • \n
  • CVE-2015-1270\n

    Atte Kettunen discovered an uninitialized memory read in the ICU library.

    • \n
  • CVE-2015-1271\n

    cloudfuzzer discovered a buffer overflow in the pdfium library.

    • \n
  • CVE-2015-1272\n

    Chamal de Silva discovered race conditions in the GPU process\n implementation.

    • \n
  • CVE-2015-1273\n

    makosoft discovered a buffer overflow in openjpeg, which is used by\n the pdfium library embedded in chromium.

    • \n
  • CVE-2015-1274\n

    andrewm.bpi discovered that the auto-open list allowed certain file\n types to be executed immediately after download.

    • \n
  • CVE-2015-1276\n

    Colin Payne discovered a use-after-free issue in the IndexedDB\n implementation.

    • \n
  • CVE-2015-1277\n

    SkyLined discovered a use-after-free issue in chromium's accessibility\n implementation.

    • \n
  • CVE-2015-1278\n

    Chamal de Silva discovered a way to use PDF documents to spoof a URL.

    • \n
  • CVE-2015-1279\n

    mlafon discovered a buffer overflow in the pdfium library.

    • \n
  • CVE-2015-1280\n

    cloudfuzzer discovered a memory corruption issue in the SKIA library.

    • \n
  • CVE-2015-1281\n

    Masato Knugawa discovered a way to bypass the Content Security\n Policy.

    • \n
  • CVE-2015-1282\n

    Chamal de Silva discovered multiple use-after-free issues in the\n pdfium library.

    • \n
  • CVE-2015-1283\n

    Huzaifa Sidhpurwala discovered a buffer overflow in the expat\n library.

    • \n
  • CVE-2015-1284\n

    Atte Kettunen discovered that the maximum number of page frames\n was not correctly checked.

    • \n
  • CVE-2015-1285\n

    gazheyes discovered an information leak in the XSS auditor,\n which normally helps to prevent certain classes of cross-site\n scripting problems.

    • \n
  • CVE-2015-1286\n

    A cross-site scripting issue was discovered in the interface to\n the v8 javascript library.

    • \n
  • CVE-2015-1287\n

    filedescriptor discovered a way to bypass the Same Origin Policy.

    • \n
  • CVE-2015-1288\n

    Mike Ruddy discovered that the spellchecking dictionaries could\n still be downloaded over plain HTTP (related to CVE-2015-1263).

    • \n
  • CVE-2015-1289\n

    The chrome 44 development team found and fixed various issues\n during internal auditing.

    • \n
\n

In addition to the above issues, Google disabled the hotword extension\nby default in this version, which if enabled downloads files without\nthe user's intervention.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 44.0.2403.89-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 44.0.2403.89-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3316": "
\n

Debian Security Advisory

\n

DSA-3316-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
25 Jul 2015
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-8873, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure,\ndenial of service or insecure cryptography.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7u79-2.5.6-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u79-2.5.6-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u79-2.5.6-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3317": "
\n

Debian Security Advisory

\n

DSA-3317-1 lxc -- security update

\n
\n
Date Reported:
\n
25 Jul 2015
\n
Affected Packages:
\n
\nlxc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793298.
In Mitre's CVE dictionary: CVE-2015-1331, CVE-2015-1334.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in LXC, the Linux\nContainers userspace tools. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2015-1331\n

    Roman Fiedler discovered a directory traversal flaw in LXC when\n creating lock files. A local attacker could exploit this flaw to\n create an arbitrary file as the root user.

    • \n
  • CVE-2015-1334\n

    Roman Fiedler discovered that LXC incorrectly trusted the\n container's proc filesystem to set up AppArmor profile changes and\n SELinux domain transitions. A malicious container could create a\n fake proc filesystem and use this flaw to run programs inside the\n container that are not confined by AppArmor or SELinux.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:1.0.6-6+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:1.0.7-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:1.0.7-4.

\n

We recommend that you upgrade your lxc packages.

\n
\n
\n
\n
", "3318": "
\n

Debian Security Advisory

\n

DSA-3318-1 expat -- security update

\n
\n
Date Reported:
\n
26 Jul 2015
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793484.
In Mitre's CVE dictionary: CVE-2015-1283.
\n
More information:
\n
\n

Multiple integer overflows have been discovered in Expat, an XML parsing\nC library, which may result in denial of service or the execution of\narbitrary code if a malformed XML file is processed.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.1.0-1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.0-7.

\n

We recommend that you upgrade your expat packages.

\n
\n
\n
\n
", "3319": "
\n

Debian Security Advisory

\n

DSA-3319-1 bind9 -- security update

\n
\n
Date Reported:
\n
28 Jul 2015
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793903.
In Mitre's CVE dictionary: CVE-2015-5477.
\n
More information:
\n
\n

Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3320": "
\n

Debian Security Advisory

\n

DSA-3320-1 openafs -- security update

\n
\n
Date Reported:
\n
30 Jul 2015
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3282, CVE-2015-3283, CVE-2015-3284, CVE-2015-3285, CVE-2015-6587.
\n
More information:
\n
\n

It was discovered that OpenAFS, the implementation of the distributed\nfilesystem AFS, contained several flaws that could result in\ninformation leak, denial-of-service or kernel panic.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.6.1-3+deb7u3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.6.9-2+deb8u3.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "3321": "
\n

Debian Security Advisory

\n

DSA-3321-1 xmltooling -- security update

\n
\n
Date Reported:
\n
30 Jul 2015
\n
Affected Packages:
\n
\nxmltooling\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793855.
In Mitre's CVE dictionary: CVE-2015-0851.
\n
More information:
\n
\n

The InCommon Shibboleth Training team discovered that XMLTooling, a\nC++ XML parsing library, did not properly handle an exception when\nparsing well-formed but schema-invalid XML. This could allow remote\nattackers to cause a denial of service (crash) via crafted XML data.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.2-5+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.3-2+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed shortly.

\n

We recommend that you upgrade your xmltooling packages.

\n
\n
\n
\n
", "3322": "
\n

Debian Security Advisory

\n

DSA-3322-1 ruby-rack -- security update

\n
\n
Date Reported:
\n
31 Jul 2015
\n
Affected Packages:
\n
\nruby-rack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 789311.
In Mitre's CVE dictionary: CVE-2015-3225.
\n
More information:
\n
\n

Tomek Rabczak from the NCC Group discovered a flaw in the\nnormalize_params() method in Rack, a modular Ruby webserver interface.\nA remote attacker can use this flaw via specially crafted requests to\ncause a `SystemStackError` and potentially cause a denial of service\ncondition for the service.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.1-2.1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.5.2-3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.5.2-4.

\n

We recommend that you upgrade your ruby-rack packages.

\n
\n
\n
\n
", "3323": "
\n

Debian Security Advisory

\n

DSA-3323-1 icu -- security update

\n
\n
Date Reported:
\n
01 Aug 2015
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 778511, Bug 784773.
In Mitre's CVE dictionary: CVE-2014-6585, CVE-2014-8146, CVE-2014-8147, CVE-2015-4760.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.

\n
    \n
  • CVE-2014-8146\n

    The Unicode Bidirectional Algorithm implementation does not properly\n track directionally isolated pieces of text, which allows remote\n attackers to cause a denial of service (heap-based buffer overflow)\n or possibly execute arbitrary code via crafted text.

    • \n
  • CVE-2014-8147\n

    The Unicode Bidirectional Algorithm implementation uses an integer\n data type that is inconsistent with a header file, which allows\n remote attackers to cause a denial of service (incorrect malloc\n followed by invalid free) or possibly execute arbitrary code via\n crafted text.

    • \n
  • CVE-2015-4760\n

    The Layout Engine was missing multiple boundary checks. These could\n lead to buffer overflows and memory corruption. A specially crafted\n file could cause an application using ICU to parse untrusted font\n files to crash and, possibly, execute arbitrary code.

    • \n
\n

Additionally, it was discovered that the patch applied to ICU in DSA-3187-1\nfor CVE-2014-6585 was incomplete, possibly leading to an invalid memory\naccess. This could allow remote attackers to disclose portion of private\nmemory via crafted font files.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.8.1.1-12+deb7u3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 52.1-10.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 52.1-10.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "3324": "
\n

Debian Security Advisory

\n

DSA-3324-1 icedove -- security update

\n
\n
Date Reported:
\n
01 Aug 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2721, CVE-2015-2724, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-4000.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version\nof the Mozilla Thunderbird mail client: multiple memory safety errors,\nuse-after-frees and other implementation errors may lead to the\nexecution of arbitrary code or denial of service. This update also\naddresses a vulnerability in DHE key processing commonly known as\nthe LogJam vulnerability.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 31.8.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 31.8.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed\nshortly.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3325": "
\n

Debian Security Advisory

\n

DSA-3325-1 apache2 -- security update

\n
\n
Date Reported:
\n
01 Aug 2015
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3183, CVE-2015-3185.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Apache HTTPD server.

\n
    \n
  • CVE-2015-3183\n

    An HTTP request smuggling attack was possible due to a bug in\n parsing of chunked requests. A malicious client could force the\n server to misinterpret the request length, allowing cache poisoning\n or credential hijacking if an intermediary proxy is in use.

    • \n
  • CVE-2015-3185\n

    A design error in the ap_some_auth_required function renders the\n API unusuable in apache2 2.4.x. This could lead to modules using\n this API to allow access when they should otherwise not do so.\n The fix backports the new ap_some_authn_required API from 2.4.16.\n This issue does not affect the oldstable distribution (wheezy).

    • \n
\n

In addition, the updated package for the oldstable distribution (wheezy)\nremoves a limitation of the Diffie-Hellman (DH) parameters to 1024 bits.\nThis limitation may potentially allow an attacker with very large\ncomputing resources, like a nation-state, to break DH key exchange by\nprecomputation. The updated apache2 package also allows to configure\ncustom DH parameters. More information is contained in the\nchangelog.Debian.gz file.\nThese improvements were already present in the stable, testing, and\nunstable distributions.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.2.22-13+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.4.10-10+deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed\nsoon.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3326": "
\n

Debian Security Advisory

\n

DSA-3326-1 ghostscript -- security update

\n
\n
Date Reported:
\n
02 Aug 2015
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793489.
In Mitre's CVE dictionary: CVE-2015-3228.
\n
More information:
\n
\n

William Robinet and Stefan Cornelius discovered an integer overflow in\nGhostscript, the GPL PostScript/PDF interpreter, which may result in\ndenial of service or potentially execution of arbitrary code if a\nspecially crafted file is opened.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 9.05~dfsg-6.3+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 9.06~dfsg-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 9.15~dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 9.15~dfsg-1.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
\n
\n
", "3327": "
\n

Debian Security Advisory

\n

DSA-3327-1 squid3 -- security update

\n
\n
Date Reported:
\n
03 Aug 2015
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793128.
In Mitre's CVE dictionary: CVE-2015-5400.
\n
More information:
\n
\n

Alex Rousskov of The Measurement Factory discovered that Squid3, a fully\nfeatured web proxy cache, does not correctly handle CONNECT method peer\nresponses when configured with cache_peer and operating on explicit\nproxy traffic. This could allow remote clients to gain unrestricted\naccess through a gateway proxy to its backend proxy.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.1.20-2.2+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.8-6+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.6-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "3328": "
\n

Debian Security Advisory

\n

DSA-3328-1 wordpress -- security update

\n
\n
Date Reported:
\n
04 Aug 2015
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 784603.
In Mitre's CVE dictionary: CVE-2015-3429, CVE-2015-5622, CVE-2015-5623.
\n
More information:
\n
\n

Several vulnerabilities have been found in Wordpress, the popular\nblogging engine.

\n
    \n
  • CVE-2015-3429\n

    The file example.html in the Genericicons icon font package and\n twentyfifteen Wordpress theme allowed for cross site scripting.

    • \n
  • CVE-2015-5622\n

    The robustness of the shortcodes HTML tags filter has been\n improved. The parsing is a bit more strict, which may affect\n your installation.

    • \n
  • CVE-2015-5623\n

    A cross site scripting vulnerability allowed users with the\n Contributor or Author role to elevate their privileges.

    • \n
\n

The oldstable distribution (wheezy) is only affected by CVE-2015-5622.\nThis less critical issue will be fixed at a later time.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.3+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3329": "
\n

Debian Security Advisory

\n

DSA-3329-1 linux -- security update

\n
\n
Date Reported:
\n
07 Aug 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1333, CVE-2015-3212, CVE-2015-4692, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366, CVE-2015-5697, CVE-2015-5706, CVE-2015-5707.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel\nthat may lead to a privilege escalation, denial of service or\ninformation leak.

\n
    \n
  • CVE-2015-1333\n

    Colin Ian King discovered a flaw in the add_key function of the\n Linux kernel's keyring subsystem. A local user can exploit this flaw\n to cause a denial of service due to memory exhaustion.

    • \n
  • CVE-2015-3212\n

    Ji Jianwen of Red Hat Engineering discovered a flaw in the handling\n of the SCTPs automatic handling of dynamic multi-homed connections.\n A local attacker could use this flaw to cause a crash or potentially\n for privilege escalation.

    • \n
  • CVE-2015-4692\n

    A NULL pointer dereference flaw was found in the\n kvm_apic_has_events function in the KVM subsystem. A unprivileged\n local user could exploit this flaw to crash the system kernel\n resulting in denial of service.

    • \n
  • CVE-2015-4700\n

    Daniel Borkmann discovered a flaw in the Linux kernel implementation\n of the Berkeley Packet Filter which can be used by a local user to\n crash the system.

    • \n
  • CVE-2015-5364\n

    It was discovered that the Linux kernel does not properly handle\n invalid UDP checksums. A remote attacker could exploit this flaw to\n cause a denial of service using a flood of UDP packets with invalid\n checksums.

    • \n
  • CVE-2015-5366\n

    It was discovered that the Linux kernel does not properly handle\n invalid UDP checksums. A remote attacker can cause a denial of\n service against applications that use epoll by injecting a single\n packet with an invalid checksum.

    • \n
  • CVE-2015-5697\n

    A flaw was discovered in the md driver in the Linux kernel leading\n to an information leak.

    • \n
  • CVE-2015-5706\n

    An user triggerable use-after-free vulnerability in path lookup in\n the Linux kernel could potentially lead to privilege escalation.

    • \n
  • CVE-2015-5707\n

    An integer overflow in the SCSI generic driver in the Linux kernel\n was discovered. A local user with write permission on a SCSI generic\n device could potentially exploit this flaw for privilege escalation.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u3. CVE-2015-1333, CVE-2015-4692 and\nCVE-2015-5706 do not affect the wheezy distribution.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u3, except CVE-2015-5364 and CVE-2015-5366\nwhich were fixed already in DSA-3313-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.3-1 or earlier versions.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3330": "
\n

Debian Security Advisory

\n

DSA-3330-1 activemq -- security update

\n
\n
Date Reported:
\n
07 Aug 2015
\n
Affected Packages:
\n
\nactivemq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-3576.
\n
More information:
\n
\n

It was discovered that the Apache ActiveMQ message broker is susceptible\nto denial of service through an undocumented, remote shutdown command.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 5.6.0+dfsg-1+deb7u1. This update also fixes CVE-2014-3612\nand CVE-2014-3600.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.0+dfsg1-4+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your activemq packages.

\n
\n
\n
\n
", "3331": "
\n

Debian Security Advisory

\n

DSA-3331-1 subversion -- security update

\n
\n
Date Reported:
\n
10 Aug 2015
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3184, CVE-2015-3187.
\n
More information:
\n
\n

Several security issues have been found in the server components of the\nversion control system subversion.

\n
    \n
  • CVE-2015-3184\n

    Subversion's mod_authz_svn does not properly restrict anonymous\n access in some mixed anonymous/authenticated environments when\n using Apache httpd 2.4. The result is that anonymous access may\n be possible to files for which only authenticated access should\n be possible. This issue does not affect the oldstable distribution\n (wheezy) because it only contains Apache httpd 2.2.

    \n
    • \n
  • CVE-2015-3187\n

    Subversion servers, both httpd and svnserve, will reveal some\n paths that should be hidden by path-based authz. When a node is\n copied from an unreadable location to a readable location the\n unreadable path may be revealed. This vulnerablity only reveals\n the path, it does not reveal the contents of the path.

    • \n
\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.6.17dfsg-4+deb7u10.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.8.10-6+deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed in\nversion 1.9.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0-1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3332": "
\n

Debian Security Advisory

\n

DSA-3332-1 wordpress -- security update

\n
\n
Date Reported:
\n
11 Aug 2015
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 794548, Bug 794560.
In Mitre's CVE dictionary: CVE-2015-2213, CVE-2015-5622, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5734.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in Wordpress, the popular\nblogging engine.

\n
    \n
  • CVE-2015-2213\n

    SQL Injection allowed a remote attacker to compromise the site.

    • \n
  • CVE-2015-5622\n

    The robustness of the shortcodes HTML tags filter has been\n improved. The parsing is a bit more strict, which may affect\n your installation. This is the corrected version of the patch\n that needed to be reverted in DSA 3328-2.

    • \n
  • CVE-2015-5730\n

    A potential timing side-channel attack in widgets.

    • \n
  • CVE-2015-5731\n

    An attacker could lock a post that was being edited.

    • \n
  • CVE-2015-5732\n

    Cross site scripting in a widget title allows an attacker to\n steal sensitive information.

    • \n
  • CVE-2015-5734\n

    Fix some broken links in the legacy theme preview.

    • \n
\n

The issues were discovered by Marc-Alexandre Montpas of Sucuri,\nHelen Hou-Sand\u00ed of the WordPress security team, Netanel Rubin of Check Point,\nIvan Grigorov, Johannes Schmitt of Scrutinizer and Mohamed A. Baset.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.4+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3333": "
\n

Debian Security Advisory

\n

DSA-3333-1 iceweasel -- security update

\n
\n
Date Reported:
\n
12 Aug 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4473, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492, CVE-2015-4493.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\nbypass of the same-origin policy or denial of service.

\n

Debian follows the extended support releases (ESR) of Firefox. Support\nfor the 31.x series has ended, so starting with this update we're now\nfollowing the 38.x releases.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.2.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.2.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3334": "
\n

Debian Security Advisory

\n

DSA-3334-1 gnutls28 -- security update

\n
\n
Date Reported:
\n
12 Aug 2015
\n
Affected Packages:
\n
\ngnutls28\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 795068.
In Mitre's CVE dictionary: CVE-2015-6251.
\n
More information:
\n
\n

Kurt Roeckx discovered that decoding a specific certificate with very\nlong DistinguishedName (DN) entries leads to double free. A remote\nattacker can take advantage of this flaw by creating a specially crafted\ncertificate that, when processed by an application compiled against\nGnuTLS, could cause the application to crash resulting in a denial of\nservice.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.3.8-6+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.17-1.

\n

We recommend that you upgrade your gnutls28 packages.

\n
\n
\n
\n
", "3335": "
\n

Debian Security Advisory

\n

DSA-3335-1 request-tracker4 -- security update

\n
\n
Date Reported:
\n
13 Aug 2015
\n
Affected Packages:
\n
\nrequest-tracker4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5475, CVE-2015-6506.
\n
More information:
\n
\n

It was discovered that Request Tracker, an extensible trouble-ticket\ntracking system is susceptible to a cross-site scripting attack via the\nuser and group rights management pages (CVE-2015-5475) and via the\ncryptography interface, allowing an attacker with a carefully-crafted\nkey to inject JavaScript into RT's user interface. Installations which\nuse neither GnuPG nor S/MIME are unaffected by the second cross-site\nscripting vulnerability.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.7-5+deb7u4. The oldstable distribution (wheezy) is only\naffected by CVE-2015-5475.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.2.8-3+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.11-2.

\n

We recommend that you upgrade your request-tracker4 packages.

\n
\n
\n
\n
", "3336": "
\n

Debian Security Advisory

\n

DSA-3336-1 nss -- security update

\n
\n
Date Reported:
\n
17 Aug 2015
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2721, CVE-2015-2730.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in nss, the Mozilla Network\nSecurity Service library. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2015-2721\n

    Karthikeyan Bhargavan discovered that NSS incorrectly handles state\n transitions for the TLS state machine. A man-in-the-middle attacker\n could exploit this flaw to skip the ServerKeyExchange message and\n remove the forward-secrecy property.

    • \n
  • CVE-2015-2730\n

    Watson Ladd discovered that NSS does not properly perform Elliptical\n Curve Cryptography (ECC) multiplication, allowing a remote attacker\n to potentially spoof ECDSA signatures.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.14.5-1+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:3.17.2-1.1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2:3.19.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:3.19.1-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3337": "
\n

Debian Security Advisory

\n

DSA-3337-1 gdk-pixbuf -- security update

\n
\n
Date Reported:
\n
18 Aug 2015
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4491.
\n
More information:
\n
\n

Gustavo Grieco discovered a heap overflow in the processing of BMP images\nwhich may result in the execution of arbitrary code if a malformed image\nis opened.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.26.1-1+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.31.1-2+deb8u4.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.31.7-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.31.7-1.

\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
\n
\n
", "3338": "
\n

Debian Security Advisory

\n

DSA-3338-1 python-django -- security update

\n
\n
Date Reported:
\n
18 Aug 2015
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5963, CVE-2015-5964.
\n
More information:
\n
\n

Lin Hua Cheng discovered that a session could be created when anonymously\naccessing the django.contrib.auth.views.logout view. This could allow\nremote attackers to saturate the session store or cause other users'\nsession records to be evicted.

\n

Additionally the contrib.sessions.backends.base.SessionBase.flush() and\ncache_db.SessionStore.flush() methods have been modified to avoid\ncreating a new empty session as well.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u13.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.7-1+deb8u2.

\n

For the unstable distribution (sid), these problems will be fixed\nshortly.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3339": "
\n

Debian Security Advisory

\n

DSA-3339-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
19 Aug 2015
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure,\ndenial of service or insecure cryptography.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 6b36-1.13.8-1~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "3340": "
\n

Debian Security Advisory

\n

DSA-3340-1 zendframework -- security update

\n
\n
Date Reported:
\n
19 Aug 2015
\n
Affected Packages:
\n
\nzendframework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5161.
\n
More information:
\n
\n

Dawid Golunski discovered that when running under PHP-FPM in a threaded\nenvironment, Zend Framework, a PHP framework, did not properly handle\nXML data in multibyte encoding. This could be used by remote attackers\nto perform an XML External Entity attack via crafted XML data.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.11.13-1.1+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.12.9+dfsg-2+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.12.14+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.12.14+dfsg-1.

\n

We recommend that you upgrade your zendframework packages.

\n
\n
\n
\n
", "3341": "
\n

Debian Security Advisory

\n

DSA-3341-1 conntrack -- security update

\n
\n
Date Reported:
\n
20 Aug 2015
\n
Affected Packages:
\n
\nconntrack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 796103.
In Mitre's CVE dictionary: CVE-2015-6496.
\n
More information:
\n
\n

It was discovered that in certain configurations, if the relevant\nconntrack kernel module is not loaded, conntrackd will crash when\nhandling DCCP, SCTP or ICMPv6 packets.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:1.2.1-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:1.4.2-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.4.2-3.

\n

We recommend that you upgrade your conntrack packages.

\n
\n
\n
\n
", "3342": "
\n

Debian Security Advisory

\n

DSA-3342-1 vlc -- security update

\n
\n
Date Reported:
\n
20 Aug 2015
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5949.
\n
More information:
\n
\n

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a\nmultimedia player and streamer, could dereference an arbitrary pointer\ndue to insufficient restrictions on a writable buffer. This could allow\nremote attackers to execute arbitrary code via crafted 3GP files.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.2.0~rc2-2+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed shortly.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "3343": "
\n

Debian Security Advisory

\n

DSA-3343-1 twig -- security update

\n
\n
Date Reported:
\n
26 Aug 2015
\n
Affected Packages:
\n
\ntwig\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7809.
\n
More information:
\n
\n

James Kettle, Alain Tiemblo, Christophe Coevoet and Fabien Potencier\ndiscovered that twig, a templating engine for PHP, did not correctly\nprocess its input. End users allowed to submit twig templates could\nuse specially crafted code to trigger remote code execution, even in\nsandboxed templates.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.16.2-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 1.20.0-1.

\n

We recommend that you upgrade your twig packages.

\n
\n
\n
\n
", "3344": "
\n

Debian Security Advisory

\n

DSA-3344-1 php5 -- security update

\n
\n
Date Reported:
\n
27 Aug 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4598, CVE-2015-4643, CVE-2015-4644, CVE-2015-5589, CVE-2015-5590, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the PHP language:

\n
    \n
  • CVE-2015-4598\n

    thoger at redhat dot com discovered that paths containing a NUL\n character were improperly handled, thus allowing an attacker to\n manipulate unexpected files on the server.

    • \n
  • CVE-2015-4643\n

    Max Spelsberg discovered an integer overflow flaw leading to a\n heap-based buffer overflow in PHP's FTP extension, when parsing\n listings in FTP server responses. This could lead to a a crash or\n execution of arbitrary code.

    • \n
  • CVE-2015-4644\n

    A denial of service through a crash could be caused by a segfault\n in the php_pgsql_meta_data function.

    • \n
  • CVE-2015-5589\n

    kwrnel at hotmail dot com discovered that PHP could crash when\n processing an invalid phar file, thus leading to a denial of\n service.

    • \n
  • CVE-2015-5590\n

    jared at enhancesoft dot com discovered a buffer overflow in the\n phar_fix_filepath function, that could causes a crash or execution\n of arbitrary code.

    • \n

  • Additionally, several other vulnerabilites were fixed:

    \n

    sean dot heelan at gmail dot com discovered a problem in the\n unserialization of some items, that could lead to arbitrary code\n execution.

    \n

    stewie at mail dot ru discovered that the phar extension improperly\n handled zip archives with relative paths, which would allow an\n attacker to overwrite files outside of the destination directory.

    \n

    taoguangchen at icloud dot com discovered several use-after-free\n vulnerabilities that could lead to arbitrary code execution.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.44-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.12+dfsg-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.6.12+dfsg-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3345": "
\n

Debian Security Advisory

\n

DSA-3345-1 iceweasel -- security update

\n
\n
Date Reported:
\n
29 Aug 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4497, CVE-2015-4498.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2015-4497\n

    Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free\n vulnerability which occurs when resizing of a canvas element is\n triggered in concert with style changes. A web page containing\n malicious content can cause Iceweasel to crash, or potentially,\n execute arbitrary code with the privileges of the user running\n Iceweasel.

    • \n
  • CVE-2015-4498\n

    Bas Venis reported a flaw in the handling of add-ons installation. A\n remote attacker can take advantage of this flaw to bypass the add-on\n installation prompt and trick a user into installing an add-on from\n a malicious source.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.2.1esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.2.1esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.2.1esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3346": "
\n

Debian Security Advisory

\n

DSA-3346-1 drupal7 -- security update

\n
\n
Date Reported:
\n
31 Aug 2015
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6658, CVE-2015-6659, CVE-2015-6660, CVE-2015-6661, CVE-2015-6665.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Drupal, a content management\nframework:

\n
    \n
  • CVE-2015-6658\n

    The form autocomplete functionality did not properly sanitize the\n requested URL, allowing remote attackers to perform a cross-site\n scripting attack.

    • \n
  • CVE-2015-6659\n

    The SQL comment filtering system could allow a user with elevated\n permissions to inject malicious code in SQL comments.

    • \n
  • CVE-2015-6660\n

    The form API did not perform form token validation early enough,\n allowing the file upload callbacks to be run with untrusted input.\n This could allow remote attackers to upload files to the site under\n another user's account.

    • \n
  • CVE-2015-6661\n

    Users without the access content permission could see the titles\n of nodes that they do not have access to, if the nodes were added to\n a menu on the site that the users have access to.

    • \n
  • CVE-2015-6665\n

    Remote attackers could perform a cross-site scripting attack by\n invoking Drupal.ajax() on a whitelisted HTML element.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7.14-2+deb7u11.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.32-1+deb8u5.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 7.39-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.39-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3347": "
\n

Debian Security Advisory

\n

DSA-3347-1 pdns -- security update

\n
\n
Date Reported:
\n
02 Sep 2015
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5230.
\n
More information:
\n
\n

Pyry Hakulinen and Ashish Shakla at Automattic discovered that pdns,\nan authoritative DNS server, was incorrectly processing some DNS\npackets; this would enable a remote attacker to trigger a DoS by\nsending specially crafted packets causing the server to crash.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.1-4+deb8u3.

\n

For the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 3.4.6-1.

\n

We recommend that you upgrade your pdns packages.

\n
\n
\n
\n
", "3348": "
\n

Debian Security Advisory

\n

DSA-3348-1 qemu -- security update

\n
\n
Date Reported:
\n
02 Sep 2015
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 793811, Bug 794610, Bug 795087, Bug 795461, Bug 796465.
In Mitre's CVE dictionary: CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5225, CVE-2015-5745.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator.

\n
    \n
  • CVE-2015-3214\n

    Matt Tait of Google's Project Zero security team discovered a flaw\n in the QEMU i8254 PIT emulation. A privileged guest user in a guest\n with QEMU PIT emulation enabled could potentially use this flaw to\n execute arbitrary code on the host with the privileges of the\n hosting QEMU process.

    • \n
  • CVE-2015-5154\n

    Kevin Wolf of Red Hat discovered a heap buffer overflow flaw in the\n IDE subsystem in QEMU while processing certain ATAPI commands. A\n privileged guest user in a guest with the CDROM drive enabled could\n potentially use this flaw to execute arbitrary code on the host with\n the privileges of the hosting QEMU process.

    • \n
  • CVE-2015-5165\n

    Donghai Zhu discovered that the QEMU model of the RTL8139 network\n card did not sufficiently validate inputs in the C+ mode offload\n emulation, allowing a malicious guest to read uninitialized memory\n from the QEMU process's heap.

    • \n
  • CVE-2015-5225\n

    Mr Qinghao Tang from QIHU 360 Inc. and Mr Zuozhi from Alibaba Inc\n discovered a buffer overflow flaw in the VNC display driver leading\n to heap memory corruption. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.

    • \n
  • CVE-2015-5745\n

    A buffer overflow vulnerability was discovered in the way QEMU\n handles the virtio-serial device. A malicious guest could use this\n flaw to mount a denial of service (QEMU process crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only\naffected by CVE-2015-5165 and CVE-2015-5745.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:2.4+dfsg-1a.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3349": "
\n

Debian Security Advisory

\n

DSA-3349-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
02 Sep 2015
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5165, CVE-2015-5745.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2015-5165\n

    Donghai Zhu discovered that the QEMU model of the RTL8139 network\n card did not sufficiently validate inputs in the C+ mode offload\n emulation, allowing a malicious guest to read uninitialized memory\n from the QEMU process's heap.

    • \n
  • CVE-2015-5745\n

    A buffer overflow vulnerability was discovered in the way QEMU\n handles the virtio-serial device. A malicious guest could use this\n flaw to mount a denial of service (QEMU process crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u9.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3350": "
\n

Debian Security Advisory

\n

DSA-3350-1 bind9 -- security update

\n
\n
Date Reported:
\n
02 Sep 2015
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5722.
\n
More information:
\n
\n

Hanno Boeck discovered that incorrect validation of DNSSEC-signed records\nin the Bind DNS server could result in denial of service.

\n

Updates for the oldstable distribution (wheezy) will be released shortly.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 9.9.5.dfsg-9+deb8u3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3351": "
\n

Debian Security Advisory

\n

DSA-3351-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
03 Sep 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1291, CVE-2015-1292, CVE-2015-1293, CVE-2015-1294, CVE-2015-1295, CVE-2015-1296, CVE-2015-1297, CVE-2015-1298, CVE-2015-1299, CVE-2015-1300, CVE-2015-1301.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1291\n

    A cross-origin bypass issue was discovered in DOM.

    • \n
  • CVE-2015-1292\n

    Mariusz Mlynski discovered a cross-origin bypass issue in ServiceWorker.

    • \n
  • CVE-2015-1293\n

    Mariusz Mlynski discovered a cross-origin bypass issue in DOM.

    • \n
  • CVE-2015-1294\n

    cloudfuzzer discovered a use-after-free issue in the Skia graphics\n library.

    • \n
  • CVE-2015-1295\n

    A use-after-free issue was discovered in the printing component.

    • \n
  • CVE-2015-1296\n

    zcorpan discovered a character spoofing issue.

    • \n
  • CVE-2015-1297\n

    Alexander Kashev discovered a permission scoping error.

    • \n
  • CVE-2015-1298\n

    Rob Wu discovered an error validating the URL of extensions.

    • \n
  • CVE-2015-1299\n

    taro.suzuki.dev discovered a use-after-free issue in the Blink/WebKit\n library.

    • \n
  • CVE-2015-1300\n

    cgvwzq discovered an information disclosure issue in the Blink/WebKit\n library.

    • \n
  • CVE-2015-1301\n

    The chrome 45 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the libv8 library, version 4.5.103.29.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.0.2454.85-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed\nonce the gcc-5 transition completes.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.0.2454.85-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3352": "
\n

Debian Security Advisory

\n

DSA-3352-1 screen -- security update

\n
\n
Date Reported:
\n
04 Sep 2015
\n
Affected Packages:
\n
\nscreen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 797624.
In Mitre's CVE dictionary: CVE-2015-6806.
\n
More information:
\n
\n

A vulnerability was found in screen causing a stack overflow which\nresults in crashing the screen server process, resulting in denial\nof service.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.0~20120320gitdb59704-7+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.2.1-3+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this problem\nhas been fixed in version 4.3.1-2.

\n

We recommend that you upgrade your screen packages.

\n
\n
\n
\n
", "3353": "
\n

Debian Security Advisory

\n

DSA-3353-1 openslp-dfsg -- security update

\n
\n
Date Reported:
\n
05 Sep 2015
\n
Affected Packages:
\n
\nopenslp-dfsg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 795429.
In Mitre's CVE dictionary: CVE-2015-5177.
\n
More information:
\n
\n

Qinghao Tang of QIHU 360 discovered a double free flaw in OpenSLP, an\nimplementation of the IETF Service Location Protocol. This could allow\nremote attackers to cause a denial of service (crash).

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.2.1-9+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.2.1-10+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.1-11.

\n

We recommend that you upgrade your openslp-dfsg packages.

\n
\n
\n
\n
", "3354": "
\n

Debian Security Advisory

\n

DSA-3354-1 spice -- security update

\n
\n
Date Reported:
\n
08 Sep 2015
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 797976.
In Mitre's CVE dictionary: CVE-2015-3247.
\n
More information:
\n
\n

Frediano Ziglio of Red Hat discovered a race condition flaw in spice's\nworker_update_monitors_config() function, leading to a heap-based memory\ncorruption. A malicious user in a guest can take advantage of this flaw\nto cause a denial of service (QEMU process crash) or, potentially\nexecute arbitrary code on the host with the privileges of the hosting\nQEMU process.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.12.5-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.12.5-1.2.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "3355": "
\n

Debian Security Advisory

\n

DSA-3355-1 libvdpau -- security update

\n
\n
Date Reported:
\n
10 Sep 2015
\n
Affected Packages:
\n
\nlibvdpau\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 797895.
In Mitre's CVE dictionary: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200.
\n
More information:
\n
\n

Florian Weimer of Red Hat Product Security discovered that libvdpau, the\nVDPAU wrapper library, did not properly validate environment variables,\nallowing local attackers to gain additional privileges.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.4.1-7+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.8-3+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.

\n

We recommend that you upgrade your libvdpau packages.

\n
\n
\n
\n
", "3356": "
\n

Debian Security Advisory

\n

DSA-3356-1 openldap -- security update

\n
\n
Date Reported:
\n
12 Sep 2015
\n
Affected Packages:
\n
\nopenldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 798622.
In Mitre's CVE dictionary: CVE-2015-6908.
\n
More information:
\n
\n

Denis Andzakovic discovered that OpenLDAP, a free implementation of the\nLightweight Directory Access Protocol, does not properly handle BER\ndata. An unauthenticated remote attacker can use this flaw to cause a\ndenial of service (slapd daemon crash) via a specially crafted packet.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.4.31-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.4.40+dfsg-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.42+dfsg-2.

\n

We recommend that you upgrade your openldap packages.

\n
\n
\n
\n
", "3357": "
\n

Debian Security Advisory

\n

DSA-3357-1 vzctl -- security update

\n
\n
Date Reported:
\n
13 Sep 2015
\n
Affected Packages:
\n
\nvzctl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6927.
\n
More information:
\n
\n

It was discovered that vzctl, a set of control tools for the OpenVZ\nserver virtualisation solution, determined the storage layout of\ncontainers based on the presence of an XML file inside the container.\nAn attacker with local root privileges in a simfs-based container\ncould gain control over ploop-based containers. Further information on\nthe prerequisites of such an attack can be found at\nsrc.openvz.org.

\n

The oldstable distribution (wheezy) is not affected.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.8-1+deb8u2. During the update existing configurations are\nautomatically updated.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 4.9.4-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.9.4-2.

\n

We recommend that you upgrade your vzctl packages.

\n
\n
\n
\n
", "3358": "
\n

Debian Security Advisory

\n

DSA-3358-1 php5 -- security update

\n
\n
Date Reported:
\n
13 Sep 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6834, CVE-2015-6835, CVE-2015-6836, CVE-2015-6837, CVE-2015-6838.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to new upstream\nversions (5.4.45 and 5.6.13), which include additional bug fixes. Please\nrefer to the upstream changelog for more information:

\n\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.13+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3359": "
\n

Debian Security Advisory

\n

DSA-3359-1 virtualbox -- security update

\n
\n
Date Reported:
\n
13 Sep 2015
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2594.
\n
More information:
\n
\n

This update fixes an unspecified security issue in VirtualBox related to\nguests using bridged networking via WiFi. Oracle no longer provides\ninformation on specific security vulnerabilities in VirtualBox. To still\nsupport users of the already released Debian releases we've decided to\nupdate these to the respective 4.1.40 and 4.3.30 bugfix releases.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.40-dfsg-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.3.30-dfsg-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 4.3.30-dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.3.30-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "3360": "
\n

Debian Security Advisory

\n

DSA-3360-1 icu -- security update

\n
\n
Date Reported:
\n
15 Sep 2015
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 798647.
In Mitre's CVE dictionary: CVE-2015-1270.
\n
More information:
\n
\n

It was discovered that the International Components for Unicode (ICU)\nlibrary mishandles converter names starting with x-, which allows\nremote attackers to cause a denial of service (read of uninitialized\nmemory) or possibly have unspecified other impact via a crafted file.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 52.1-8+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 55.1-5.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 55.1-5.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "3361": "
\n

Debian Security Advisory

\n

DSA-3361-1 qemu -- security update

\n
\n
Date Reported:
\n
18 Sep 2015
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 798101, Bug 799073, Bug 799074.
In Mitre's CVE dictionary: CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator.

\n
    \n
  • CVE-2015-5278\n

    Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash).

    • \n
  • CVE-2015-5279\n

    Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\n in the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.

    • \n
  • CVE-2015-6815\n

    Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the e1000 NIC emulation. A privileged guest user could use this flaw\n to mount a denial of service (QEMU process crash).

    • \n
  • CVE-2015-6855\n

    Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\n subsystem in QEMU occurring while executing IDE's\n WIN_READ_NATIVE_MAX command to determine the maximum size of a\n drive. A privileged guest user could use this flaw to mount a\n denial of service (QEMU process crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u11.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u4.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:2.4+dfsg-3 or earlier.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:2.4+dfsg-3 or earlier.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3362": "
\n

Debian Security Advisory

\n

DSA-3362-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
18 Sep 2015
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5278, CVE-2015-5279, CVE-2015-6815, CVE-2015-6855.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2015-5278\n

    Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash).

    • \n
  • CVE-2015-5279\n

    Qinghao Tang of QIHU 360 Inc. discovered a heap buffer overflow flaw\n in the NE2000 NIC emulation. A privileged guest user could use this\n flaw to mount a denial of service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.

    • \n
  • CVE-2015-6815\n

    Qinghao Tang of QIHU 360 Inc. discovered an infinite loop issue in\n the e1000 NIC emulation. A privileged guest user could use this flaw\n to mount a denial of service (QEMU process crash).

    • \n
  • CVE-2015-6855\n

    Qinghao Tang of QIHU 360 Inc. discovered a flaw in the IDE\n subsystem in QEMU occurring while executing IDE's\n WIN_READ_NATIVE_MAX command to determine the maximum size of a\n drive. A privileged guest user could use this flaw to mount a\n denial of service (QEMU process crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u11.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3363": "
\n

Debian Security Advisory

\n

DSA-3363-1 owncloud-client -- security update

\n
\n
Date Reported:
\n
20 Sep 2015
\n
Affected Packages:
\n
\nowncloud-client\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4456.
\n
More information:
\n
\n

Johannes Kliemann discovered a vulnerability in ownCloud Desktop Client,\nthe client-side of the ownCloud file sharing services. The vulnerability\nallows man-in-the-middle attacks in situations where the server is using\nself-signed certificates and the connection is already established. If\nthe user in the client side manually distrusts the new certificate, the\nfile syncing will continue using the malicious server as valid.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.7.0~beta1+really1.6.4+dfsg-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.8.4+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.4+dfsg-1.

\n

We recommend that you upgrade your owncloud-client packages.

\n
\n
\n
\n
", "3364": "
\n

Debian Security Advisory

\n

DSA-3364-1 linux -- security update

\n
\n
Date Reported:
\n
21 Sep 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 796036.
In Mitre's CVE dictionary: CVE-2015-8215, CVE-2015-2925, CVE-2015-5156, CVE-2015-6252, CVE-2015-6937, CVE-2015-7312.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation or denial of service.

\n
    \n
  • CVE-2015-8215\n

    It was discovered that NetworkManager would set IPv6 MTUs based on\n the values received in IPv6 RAs (Router Advertisements), without\n sufficiently validating these values. A remote attacker could\n exploit this attack to disable IPv6 connectivity. This has been\n mitigated by adding validation in the kernel.

    • \n
  • CVE-2015-2925\n

    Jann Horn discovered that when a subdirectory of a filesystem is\n bind-mounted into a container that has its own user and mount\n namespaces, a process with CAP_SYS_ADMIN capability in the user\n namespace can access files outside of the subdirectory. The\n default Debian configuration mitigated this as it does not allow\n unprivileged users to create new user namespaces.

    • \n
  • CVE-2015-5156\n

    Jason Wang discovered that when a virtio_net device is connected\n to a bridge in the same VM, a series of TCP packets forwarded\n through the bridge may cause a heap buffer overflow. A remote\n attacker could use this to cause a denial of service (crash) or\n possibly for privilege escalation.

    • \n
  • CVE-2015-6252\n

    Michael S. Tsirkin of Red Hat Engineering found that the vhost\n driver leaked file descriptors passed to it with the\n VHOST_SET_LOG_FD ioctl command. A privileged local user with access\n to the /dev/vhost-net file, either directly or via libvirt, could\n use this to cause a denial of service (hang or crash).

    • \n
  • CVE-2015-6937\n

    It was found that the Reliable Datagram Sockets (RDS) protocol\n implementation did not verify that an underlying transport exists\n when creating a connection. Depending on how a local RDS\n application initialised its sockets, a remote attacker might be\n able to cause a denial of service (crash) by sending a crafted\n packet.

    • \n
  • CVE-2015-7312\n

    Xavier Chantry discovered that the patch provided by the aufs\n project to correct behaviour of memory-mapped files from an aufs\n mount introduced a race condition in the msync() system call.\n Ben Hutchings found that it also introduced a similar bug in the\n madvise_remove() function. A local attacker could use this to\n cause a denial of service or possibly for privilege escalation.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u4.\nCVE-2015-2925 and\nCVE-2015-7312 do\nnot affect the wheezy distribution.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u4.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3365": "
\n

Debian Security Advisory

\n

DSA-3365-1 iceweasel -- security update

\n
\n
Date Reported:
\n
23 Sep 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code,\ninformation disclosure or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.3.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.3.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.3.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3366": "
\n

Debian Security Advisory

\n

DSA-3366-1 rpcbind -- security update

\n
\n
Date Reported:
\n
23 Sep 2015
\n
Affected Packages:
\n
\nrpcbind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 799307.
In Mitre's CVE dictionary: CVE-2015-7236.
\n
More information:
\n
\n

A remotely triggerable use-after-free vulnerability was found in\nrpcbind, a server that converts RPC program numbers into universal\naddresses. A remote attacker can take advantage of this flaw to mount a\ndenial of service (rpcbind crash).

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.2.0-8+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.1-6+deb8u1.

\n

We recommend that you upgrade your rpcbind packages.

\n
\n
\n
\n
", "3367": "
\n

Debian Security Advisory

\n

DSA-3367-1 wireshark -- security update

\n
\n
Date Reported:
\n
24 Sep 2015
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6241, CVE-2015-6242, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6247, CVE-2015-6248, CVE-2015-6249.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nZigBee, GSM RLC/MAC, WaveAgent, ptvcursor, OpenFlow, WCCP and in internal\nfunctions which could result in denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u3.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.12.7+g7fc8978-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.12.7+g7fc8978-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3368": "
\n

Debian Security Advisory

\n

DSA-3368-1 cyrus-sasl2 -- security update

\n
\n
Date Reported:
\n
25 Sep 2015
\n
Affected Packages:
\n
\ncyrus-sasl2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 784112.
In Mitre's CVE dictionary: CVE-2013-4122.
\n
More information:
\n
\n

It was discovered that cyrus-sasl2, a library implementing the Simple\nAuthentication and Security Layer, does not properly handle certain\ninvalid password salts. A remote attacker can take advantage of this\nflaw to cause a denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.26.dfsg1-13+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.26.dfsg1-14.

\n

We recommend that you upgrade your cyrus-sasl2 packages.

\n
\n
\n
\n
", "3369": "
\n

Debian Security Advisory

\n

DSA-3369-1 zendframework -- security update

\n
\n
Date Reported:
\n
06 Oct 2015
\n
Affected Packages:
\n
\nzendframework\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5723, CVE-2015-7695.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in Zend Framework, a PHP\nframework:

\n
    \n
  • CVE-2015-5723\n

    It was discovered that due to incorrect permissions masks when\n creating directories, local attackers could potentially execute\n arbitrary code or escalate privileges.

    • \n
  • ZF2015-08 (no CVE assigned)\n

    Chris Kings-Lynne discovered an SQL injection vector caused by\n missing null byte filtering in the MS SQL PDO backend, and a similar\n issue was also found in the SQLite backend.

    • \n
\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.11.13-1.1+deb7u4.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.12.9+dfsg-2+deb8u4.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.12.16+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.12.16+dfsg-1.

\n

We recommend that you upgrade your zendframework packages.

\n
\n
\n
\n
", "3370": "
\n

Debian Security Advisory

\n

DSA-3370-1 freetype -- security update

\n
\n
Date Reported:
\n
06 Oct 2015
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 798619, Bug 798620.
In Mitre's CVE dictionary: CVE-2014-9745, CVE-2014-9746, CVE-2014-9747.
\n
More information:
\n
\n

It was discovered that FreeType did not properly handle some malformed\ninputs. This could allow remote attackers to cause a denial of service\n(crash) via crafted font files.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.4.9-1.1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.5.2-3+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.6-1.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "3371": "
\n

Debian Security Advisory

\n

DSA-3371-1 spice -- security update

\n
\n
Date Reported:
\n
09 Oct 2015
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 801089, Bug 801091.
In Mitre's CVE dictionary: CVE-2015-5260, CVE-2015-5261.
\n
More information:
\n
\n

Frediano Ziglio of Red Hat discovered several vulnerabilities in spice,\na SPICE protocol client and server library. A malicious guest can\nexploit these flaws to cause a denial of service (QEMU process crash),\nexecute arbitrary code on the host with the privileges of the hosting\nQEMU process or read and write arbitrary memory locations on the host.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.11.0-1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.12.5-1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.12.5-1.3.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "3372": "
\n

Debian Security Advisory

\n

DSA-3372-1 linux -- security update

\n
\n
Date Reported:
\n
13 Oct 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2925, CVE-2015-5257, CVE-2015-5283, CVE-2015-7613.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, unauthorised\ninformation disclosure or unauthorised information modification.

\n
    \n
  • CVE-2015-2925\n

    Jann Horn discovered that when a subdirectory of a filesystem was\n bind-mounted into a chroot or mount namespace, a user that should\n be confined to that chroot or namespace could access the whole of\n that filesystem if they had write permission on an ancestor of\n the subdirectory. This is not a common configuration for wheezy,\n and the issue has previously been fixed for jessie.

    • \n
  • CVE-2015-5257\n

    Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB\n device could cause a denial of service (crash) by imitating a\n Whiteheat USB serial device but presenting a smaller number of\n endpoints.

    • \n
  • CVE-2015-5283\n

    Marcelo Ricardo Leitner discovered that creating multiple SCTP\n sockets at the same time could cause a denial of service (crash)\n if the sctp module had not previously been loaded. This issue\n only affects jessie.

    • \n
  • CVE-2015-7613\n

    Dmitry Vyukov discovered that System V IPC objects (message queues\n and shared memory segments) were made accessible before their\n ownership and other attributes were fully initialised. If a local\n user can race against another user or service creating a new IPC\n object, this may result in unauthorised information disclosure,\n unauthorised information modification, denial of service and/or\n privilege escalation.

    \n

    A similar issue existed with System V semaphore arrays, but was\n less severe because they were always cleared before being fully\n initialised.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.2.3-1 or earlier versions.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3373": "
\n

Debian Security Advisory

\n

DSA-3373-1 owncloud -- security update

\n
\n
Date Reported:
\n
18 Oct 2015
\n
Affected Packages:
\n
\nowncloud\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 800126.
In Mitre's CVE dictionary: CVE-2015-4716, CVE-2015-4717, CVE-2015-4718, CVE-2015-5953, CVE-2015-5954, CVE-2015-6500, CVE-2015-6670, CVE-2015-7699.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in ownCloud, a cloud storage\nweb service for files, music, contacts, calendars and many more. These\nflaws may lead to the execution of arbitrary code, authorization bypass,\ninformation disclosure, cross-site scripting or denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.4+dfsg-4~deb8u3.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 7.0.10~dfsg-2 or earlier versions.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.10~dfsg-2 or earlier versions.

\n

We recommend that you upgrade your owncloud packages.

\n
\n
\n
\n
", "3374": "
\n

Debian Security Advisory

\n

DSA-3374-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
19 Oct 2015
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5288, CVE-2015-5289.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.

\n
    \n
  • CVE-2015-5288\n

    Josh Kupershmidt discovered a vulnerability in the crypt() function\n in the pgCrypto extension. Certain invalid salt arguments can cause\n the server to crash or to disclose a few bytes of server memory.

    • \n
  • CVE-2015-5289\n

    Oskari Saarenmaa discovered that json or jsonb input values\n constructed from arbitrary user input can crash the PostgreSQL\n server and cause a denial of service.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.5-0+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 9.4.5-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.4.5-1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3375": "
\n

Debian Security Advisory

\n

DSA-3375-1 wordpress -- security update

\n
\n
Date Reported:
\n
19 Oct 2015
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 799140.
In Mitre's CVE dictionary: CVE-2015-5714, CVE-2015-5715, CVE-2015-7989.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in Wordpress, the popular\nblogging engine.

\n
    \n
  • CVE-2015-5714\n

    A cross-site scripting vulnerability when processing shortcode tags\n has been discovered.

    \n

    The issue has been fixed by not allowing unclosed HTML elements in\n attributes.

    • \n
  • CVE-2015-5715\n

    A vulnerability has been discovered, allowing users without proper\n permissions to publish private posts and make them sticky.

    \n

    The issue has been fixed in the XMLRPC code of Wordpress by not\n allowing private posts to be sticky.

    • \n
  • CVE-2015-7989\n

    A cross-site scripting vulnerability in user list tables has been\n discovered.

    \n

    The issue has been fixed by URL-escaping email addresses in those\n user lists.

    • \n
\n

For the oldstable distribution (wheezy), these problems will be fixed\nin later update.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u5.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 4.3.1+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3376": "
\n

Debian Security Advisory

\n

DSA-3376-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
20 Oct 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1303, CVE-2015-1304, CVE-2015-6755, CVE-2015-6756, CVE-2015-6757, CVE-2015-6758, CVE-2015-6759, CVE-2015-6760, CVE-2015-6761, CVE-2015-6762, CVE-2015-6763.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1303\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the DOM implementation.

    • \n
  • CVE-2015-1304\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the v8 javascript library.

    • \n
  • CVE-2015-6755\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in blink/webkit.

    • \n
  • CVE-2015-6756\n

    A use-after-free issue was found in the pdfium library.

    • \n
  • CVE-2015-6757\n

    Collin Payne found a use-after-free issue in the ServiceWorker\n implementation.

    • \n
  • CVE-2015-6758\n

    Atte Kettunen found an issue in the pdfium library.

    • \n
  • CVE-2015-6759\n

    Muneaki Nishimura discovered an information leak.

    • \n
  • CVE-2015-6760\n

    Ronald Crane discovered a logic error in the ANGLE library\n involving lost device events.

    • \n
  • CVE-2015-6761\n

    Aki Helin and Khalil Zhani discovered a memory corruption issue in\n the ffmpeg library.

    • \n
  • CVE-2015-6762\n

    Muneaki Nishimura discovered a way to bypass the Same Origin Policy\n in the CSS implementation.

    • \n
  • CVE-2015-6763\n

    The chrome 46 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.6.85.23.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 46.0.2490.71-1~deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 46.0.2490.71-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3377": "
\n

Debian Security Advisory

\n

DSA-3377-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
24 Oct 2015
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802564.
In Mitre's CVE dictionary: CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.46. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.46-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.46-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3378": "
\n

Debian Security Advisory

\n

DSA-3378-1 gdk-pixbuf -- security update

\n
\n
Date Reported:
\n
24 Oct 2015
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7673, CVE-2015-7674.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2015-7673\n

    Gustavo Grieco discovered a heap overflow in the processing of TGA\n images which may result in the execution of arbitrary code or denial\n of service (process crash) if a malformed image is opened.

    • \n
  • CVE-2015-7674\n

    Gustavo Grieco discovered an integer overflow flaw in the processing\n of GIF images which may result in the execution of arbitrary code or\n denial of service (process crash) if a malformed image is opened.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.26.1-1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u3.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.32.1-1 or earlier.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.32.1-1 or earlier.

\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
\n
\n
", "3379": "
\n

Debian Security Advisory

\n

DSA-3379-1 miniupnpc -- security update

\n
\n
Date Reported:
\n
25 Oct 2015
\n
Affected Packages:
\n
\nminiupnpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802650.
In Mitre's CVE dictionary: CVE-2015-6031.
\n
More information:
\n
\n

Aleksandar Nikolic of Cisco Talos discovered a buffer overflow\nvulnerability in the XML parser functionality of miniupnpc, a UPnP IGD\nclient lightweight library. A remote attacker can take advantage of this\nflaw to cause an application using the miniupnpc library to crash, or\npotentially to execute arbitrary code with the privileges of the user\nrunning the application.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.5-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.9.20140610-2+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your miniupnpc packages.

\n
\n
\n
\n
", "3380": "
\n

Debian Security Advisory

\n

DSA-3380-1 php5 -- security update

\n
\n
Date Reported:
\n
27 Oct 2015
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7803, CVE-2015-7804.
\n
More information:
\n
\n

Two vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n
    \n
  • CVE-2015-7803\n

    The phar extension could crash with a NULL pointer dereference\n when processing tar archives containing links referring to\n non-existing files. This could lead to a denial of service.

    • \n
  • CVE-2015-7804\n

    The phar extension does not correctly process directory entries\n found in archive files with the name \"/\", leading to a denial of\n service and, potentially, information disclosure.

    • \n
\n

The update for Debian stable (jessie) contains additional bug fixes\nfrom PHP upstream version 5.6.14, as described in the upstream\nchangelog:

\n\n

Note to users of the oldstable distribution (wheezy): PHP 5.4 has\nreached end-of-life on September 14th, 2015. As a result, there will\nbe no more new upstream releases. The security support of PHP 5.4 in\nDebian oldstable (wheezy) will be best effort only, and you are\nstrongly advised to upgrade to latest Debian stable release (jessie),\nwhich includes PHP 5.6.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.4.45-0+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.14+dfsg-0+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 5.6.14+dfsg-1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3381": "
\n

Debian Security Advisory

\n

DSA-3381-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
27 Oct 2015
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the execution\nof arbitrary code, breakouts of the Java sandbox, information disclosure,\nor denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7u85-2.6.1-6~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u85-2.6.1-5~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u85-2.6.1-6.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3382": "
\n

Debian Security Advisory

\n

DSA-3382-1 phpmyadmin -- security update

\n
\n
Date Reported:
\n
28 Oct 2015
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 774194.
In Mitre's CVE dictionary: CVE-2014-8958, CVE-2014-9218, CVE-2015-2206, CVE-2015-3902, CVE-2015-3903, CVE-2015-6830, CVE-2015-7873.
\n
More information:
\n
\n

Several issues have been fixed in phpMyAdmin, the web administration\ntool for MySQL.

\n
    \n
  • CVE-2014-8958\n (Wheezy only)\n

    Multiple cross-site scripting (XSS) vulnerabilities.

    • \n
  • CVE-2014-9218\n (Wheezy only)\n

    Denial of service (resource consumption) via a long password.

    • \n
  • CVE-2015-2206\n

    Risk of BREACH attack due to reflected parameter.

    • \n
  • CVE-2015-3902\n

    XSRF/CSRF vulnerability in phpMyAdmin setup.

    • \n
  • CVE-2015-3903\n (Jessie only)\n

    Vulnerability allowing man-in-the-middle attack on API call to GitHub.

    • \n
  • CVE-2015-6830\n (Jessie only)\n

    Vulnerability that allows bypassing the reCaptcha test.

    • \n
  • CVE-2015-7873\n (Jessie only)\n

    Content spoofing vulnerability when redirecting user to an\n external site.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4:3.4.11.1-2+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.5.1-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "3383": "
\n

Debian Security Advisory

\n

DSA-3383-1 wordpress -- security update

\n
\n
Date Reported:
\n
29 Oct 2015
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 794560, Bug 799140.
In Mitre's CVE dictionary: CVE-2015-2213, CVE-2015-5622, CVE-2015-5714, CVE-2015-5715, CVE-2015-5731, CVE-2015-5732, CVE-2015-5734, CVE-2015-7989.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Wordpress, a web blogging\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-2213\n

    SQL Injection allowed a remote attacker to compromise the site.

    • \n
  • CVE-2015-5622\n

    The robustness of the shortcodes HTML tags filter has been improved.\n The parsing is a bit more strict, which may affect your\n installation.

    • \n
  • CVE-2015-5714\n

    A cross-site scripting vulnerability when processing shortcode tags.

    • \n
  • CVE-2015-5715\n

    A vulnerability has been discovered, allowing users without proper\n permissions to publish private posts and make them sticky.

    • \n
  • CVE-2015-5731\n

    An attacker could lock a post that was being edited.

    • \n
  • CVE-2015-5732\n

    Cross-site scripting in a widget title allows an attacker to steal\n sensitive information.

    • \n
  • CVE-2015-5734\n

    Fix some broken links in the legacy theme preview.

    • \n
  • CVE-2015-7989\n

    A cross-site scripting vulnerability in user list tables.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u8.

\n

For the stable distribution (jessie), these problems have been fixed\nin version 4.1+dfsg-1+deb8u5 or earlier in DSA-3332-1 and DSA-3375-1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 4.3.1+dfsg-1 or earlier versions.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.1+dfsg-1 or earlier versions.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3384": "
\n

Debian Security Advisory

\n

DSA-3384-1 virtualbox -- security update

\n
\n
Date Reported:
\n
29 Oct 2015
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4813, CVE-2015-4896.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in VirtualBox, an x86\nvirtualisation solution.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.1.42-dfsg-1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.3.32-dfsg-1+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 5.0.8-dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.0.8-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "3385": "
\n

Debian Security Advisory

\n

DSA-3385-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
31 Oct 2015
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802874.
In Mitre's CVE dictionary: CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4895, CVE-2015-4913.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.22. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.22-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.22-1 or earlier.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3386": "
\n

Debian Security Advisory

\n

DSA-3386-1 unzip -- security update

\n
\n
Date Reported:
\n
31 Oct 2015
\n
Affected Packages:
\n
\nunzip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802160, Bug 802162.
In Mitre's CVE dictionary: CVE-2015-7696, CVE-2015-7697.
\n
More information:
\n
\n

Two vulnerabilities have been found in unzip, a de-archiver for .zip\nfiles. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-7696\n

    Gustavo Grieco discovered that unzip incorrectly handled certain\n password protected archives. If a user or automated system were\n tricked into processing a specially crafted zip archive, an attacker\n could possibly execute arbitrary code.

    • \n
  • CVE-2015-7697\n

    Gustavo Grieco discovered that unzip incorrectly handled certain\n malformed archives. If a user or automated system were tricked into\n processing a specially crafted zip archive, an attacker could\n possibly cause unzip to hang, resulting in a denial of service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0-8+deb7u4.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 6.0-16+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 6.0-19.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 6.0-19.

\n

We recommend that you upgrade your unzip packages.

\n
\n
\n
\n
", "3387": "
\n

Debian Security Advisory

\n

DSA-3387-1 openafs -- security update

\n
\n
Date Reported:
\n
01 Nov 2015
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7762, CVE-2015-7763.
\n
More information:
\n
\n

John Stumpo discovered that OpenAFS, a distributed file system, does\nnot fully initialize certain network packets before transmitting them.\nThis can lead to a disclosure of the plaintext of previously processed\npackets.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.6.1-3+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.6.9-2+deb8u4.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 1.6.15-1.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "3388": "
\n

Debian Security Advisory

\n

DSA-3388-1 ntp -- security update

\n
\n
Date Reported:
\n
01 Nov 2015
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9750, CVE-2014-9751, CVE-2015-3405, CVE-2015-5146, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-5300, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7850, CVE-2015-7852, CVE-2015-7855, CVE-2015-7871.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:

\n
    \n
  • CVE-2015-5146\n

    A flaw was found in the way ntpd processed certain remote\n configuration packets. An attacker could use a specially crafted\n package to cause ntpd to crash if:

    \n
      \n
    • ntpd enabled remote configuration
      • \n
    • The attacker had the knowledge of the configuration password
      • \n
    • The attacker had access to a computer entrusted to perform remote\n configuration
      • \n
    \n

    Note that remote configuration is disabled by default in NTP.

    • \n
  • CVE-2015-5194\n

    It was found that ntpd could crash due to an uninitialized\n variable when processing malformed logconfig configuration\n commands.

    • \n
  • CVE-2015-5195\n

    It was found that ntpd exits with a segmentation fault when a\n statistics type that was not enabled during compilation (e.g.\n timingstats) is referenced by the statistics or filegen\n configuration command.

    • \n
  • CVE-2015-5219\n

    It was discovered that sntp program would hang in an infinite loop\n when a crafted NTP packet was received, related to the conversion\n of the precision value in the packet to double.

    • \n
  • CVE-2015-5300\n

    It was found that ntpd did not correctly implement the -g option:

    \n

    Normally, ntpd exits with a message to the system log if the offset\n exceeds the panic threshold, which is 1000 s by default. This\n option allows the time to be set to any value without restriction;\n however, this can happen only once. If the threshold is exceeded\n after that, ntpd will exit with a message to the system log. This\n option can be used with the -q and -x options.

    \n

    ntpd could actually step the clock multiple times by more than the\n panic threshold if its clock discipline doesn't have enough time to\n reach the sync state and stay there for at least one update. If a\n man-in-the-middle attacker can control the NTP traffic since ntpd\n was started (or maybe up to 15-30 minutes after that), they can\n prevent the client from reaching the sync state and force it to step\n its clock by any amount any number of times, which can be used by\n attackers to expire certificates, etc.

    \n

    This is contrary to what the documentation says. Normally, the\n assumption is that an MITM attacker can step the clock more than the\n panic threshold only once when ntpd starts and to make a larger\n adjustment the attacker has to divide it into multiple smaller\n steps, each taking 15 minutes, which is slow.

    • \n
  • CVE-2015-7691,\n CVE-2015-7692,\n CVE-2015-7702\n

    It was found that the fix for\n CVE-2014-9750\n was incomplete: three issues were found in the value length checks in\n ntp_crypto.c, where a packet with particular autokey operations that\n contained malicious data was not always being completely validated. Receipt\n of these packets can cause ntpd to crash.

    • \n
  • CVE-2015-7701\n

    A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd is\n configured to use autokey authentication, an attacker could send\n packets to ntpd that would, after several days of ongoing attack,\n cause it to run out of memory.

    • \n
  • CVE-2015-7703\n

    Miroslav Lichvar of Red Hat found that the :config command can be\n used to set the pidfile and driftfile paths without any\n restrictions. A remote attacker could use this flaw to overwrite a\n file on the file system with a file containing the pid of the ntpd\n process (immediately) or the current estimated drift of the system\n clock (in hourly intervals). For example:

    \n

    ntpq -c ':config pidfile /tmp/ntp.pid'\nntpq -c ':config driftfile /tmp/ntp.drift'

    \n

    In Debian ntpd is configured to drop root privileges, which limits\n the impact of this issue.

    • \n
  • CVE-2015-7704\n

    If ntpd as an NTP client receives a Kiss-of-Death (KoD) packet\n from the server to reduce its polling rate, it doesn't check if the\n originate timestamp in the reply matches the transmit timestamp from\n its request. An off-path attacker can send a crafted KoD packet to\n the client, which will increase the client's polling interval to a\n large value and effectively disable synchronization with the server.

    • \n
  • CVE-2015-7850\n

    An exploitable denial of service vulnerability exists in the remote\n configuration functionality of the Network Time Protocol. A\n specially crafted configuration file could cause an endless loop\n resulting in a denial of service. An attacker could provide a\n malicious configuration file to trigger this vulnerability.

    • \n
  • CVE-2015-7852\n

    A potential off by one vulnerability exists in the cookedprint\n functionality of ntpq. A specially crafted buffer could cause a\n buffer overflow potentially resulting in null byte being written out\n of bounds.

    • \n
  • CVE-2015-7855\n

    It was found that NTP's decodenetnum() would abort with an assertion\n failure when processing a mode 6 or mode 7 packet containing an\n unusually long data value where a network address was expected. This\n could allow an authenticated attacker to crash ntpd.

    • \n
  • CVE-2015-7871\n

    An error handling logic error exists within ntpd that manifests due\n to improper error condition handling associated with certain\n crypto-NAK packets. An unauthenticated, off-path attacker can force\n ntpd processes on targeted servers to peer with time sources of the\n attacker's choosing by transmitting symmetric active crypto-NAK\n packets to ntpd. This attack bypasses the authentication typically\n required to establish a peer association and allows an attacker to\n make arbitrary changes to system time.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:4.2.6.p5+dfsg-2+deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p4+dfsg-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p4+dfsg-3.

\n

We recommend that you upgrade your ntp packages.

\n
\n
\n
\n
", "3389": "
\n

Debian Security Advisory

\n

DSA-3389-1 elasticsearch -- end-of-life

\n
\n
Date Reported:
\n
01 Nov 2015
\n
Affected Packages:
\n
\nelasticsearch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Security support for elasticsearch in jessie is hereby discontinued. The\nproject no longer releases information on fixed security issues which\nallow backporting them to released versions of Debian and actively\ndiscourages from doing so.

\n

elasticsearch will also be removed from Debian stretch (the next stable\nDebian release), but will continue to remain in unstable.

\n
\n
\n
\n
", "3390": "
\n

Debian Security Advisory

\n

DSA-3390-1 xen -- security update

\n
\n
Date Reported:
\n
02 Nov 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7835.
\n
More information:
\n
\n

It was discovered that the code to validate level 2 page table entries\nis bypassed when certain conditions are satisfied. A malicious PV guest\nadministrator can take advantage of this flaw to gain privileges via a\ncrafted superpage mapping.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.1.4-3+deb7u9.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.4.1-9+deb8u2.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3391": "
\n

Debian Security Advisory

\n

DSA-3391-1 php-horde -- security update

\n
\n
Date Reported:
\n
03 Nov 2015
\n
Affected Packages:
\n
\nphp-horde\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 803641.
In Mitre's CVE dictionary: CVE-2015-7984.
\n
More information:
\n
\n

It was discovered that the web-based administration interface in the\nHorde Application Framework did not guard against Cross-Site Request\nForgery (CSRF) attacks. As a result, other, malicious web pages could\ncause Horde applications to perform actions as the Horde user.

\n

The oldstable distribution (wheezy) did not contain php-horde\npackages.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1+debian0-2+deb8u2.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem has been fixed in version 5.2.8+debian0-1.

\n

We recommend that you upgrade your php-horde packages.

\n
\n
\n
\n
", "3392": "
\n

Debian Security Advisory

\n

DSA-3392-1 freeimage -- security update

\n
\n
Date Reported:
\n
04 Nov 2015
\n
Affected Packages:
\n
\nfreeimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 797165.
In Mitre's CVE dictionary: CVE-2015-0852.
\n
More information:
\n
\n

Pengsu Cheng discovered that FreeImage, a library for graphic image\nformats, contained multiple integer underflows that could lead to a\ndenial of service: remote attackers were able to trigger a crash by\nsupplying a specially crafted image.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.15.1-1.1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.15.4-4.2.

\n

For the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 3.15.4-6.

\n

We recommend that you upgrade your freeimage packages.

\n
\n
\n
\n
", "3393": "
\n

Debian Security Advisory

\n

DSA-3393-1 iceweasel -- security update

\n
\n
Date Reported:
\n
04 Nov 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code, information disclosure or\ndenial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.4.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.4.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.4.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3394": "
\n

Debian Security Advisory

\n

DSA-3394-1 libreoffice -- security update

\n
\n
Date Reported:
\n
05 Nov 2015
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in LibreOffice, a\nfull-featured office productivity:

\n
    \n
  • CVE-2015-4551\n

    Federico Scrinzi discovered an information leak in the handling of\n ODF documents. Quoting from\n https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/:\n The LinkUpdateMode feature controls whether documents inserted into\n Writer or Calc via links will either not get updated, or prompt to\n update, or automatically update, when the parent document is loaded.\n The configuration of this option was stored in the document. That\n flawed approach enabled documents to be crafted with links to\n plausible targets on the victims host computer. The contents of\n those automatically inserted after load links can be concealed in\n hidden sections and retrieved by the attacker if the document is\n saved and returned to sender, or via http requests if the user has\n selected lower security settings for that document.

    • \n
  • CVE-2015-5212\n

    A buffer overflow in parsing the printer setup information in ODF\n documents may result in the execution of arbitrary code.

    • \n
  • CVE-2015-5213 /\n CVE-2015-5214\n

    A buffer overflow and an integer overflow in parsing\n Microsoft Word documents may result in the execution of arbitrary code.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.5.4+dfsg2-0+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:4.3.3-2+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:5.0.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:5.0.2-1.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3395": "
\n

Debian Security Advisory

\n

DSA-3395-1 krb5 -- security update

\n
\n
Date Reported:
\n
06 Nov 2015
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 803083, Bug 803084, Bug 803088.
In Mitre's CVE dictionary: CVE-2015-2695, CVE-2015-2696, CVE-2015-2697.
\n
More information:
\n
\n

Several vulnerabilities were discovered in krb5, the MIT implementation\nof Kerberos. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2015-2695\n

    It was discovered that applications which call gss_inquire_context()\n on a partially-established SPNEGO context can cause the GSS-API\n library to read from a pointer using the wrong type, leading to a\n process crash.

    • \n
  • CVE-2015-2696\n

    It was discovered that applications which call gss_inquire_context()\n on a partially-established IAKERB context can cause the GSS-API\n library to read from a pointer using the wrong type, leading to a\n process crash.

    • \n
  • CVE-2015-2697\n

    It was discovered that the build_principal_va() function incorrectly\n handles input strings. An authenticated attacker can take advantage\n of this flaw to cause a KDC to crash using a TGS request with a\n large realm field beginning with a null byte.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.10.1+dfsg-5+deb7u4.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+dfsg-19+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.13.2+dfsg-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.13.2+dfsg-3.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "3396": "
\n

Debian Security Advisory

\n

DSA-3396-1 linux -- security update

\n
\n
Date Reported:
\n
10 Nov 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5307, CVE-2015-7833, CVE-2015-7872, CVE-2015-7990.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service.

\n
    \n
  • CVE-2015-5307\n

    Ben Serebrin from Google discovered a guest to host denial of\n service flaw affecting the KVM hypervisor. A malicious guest can\n trigger an infinite stream of alignment check (#AC) exceptions\n causing the processor microcode to enter an infinite loop where the\n core never receives another interrupt. This leads to a panic of the\n host kernel.

    • \n
  • CVE-2015-7833\n

    Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\n flaw in the processing of certain USB device descriptors in the\n usbvision driver. An attacker with physical access to the system can\n use this flaw to crash the system.

    • \n
  • CVE-2015-7872\n

    Dmitry Vyukov discovered a vulnerability in the keyrings garbage\n collector allowing a local user to trigger a kernel panic.

    • \n
  • CVE-2015-7990\n

    It was discovered that the fix for CVE-2015-6937 was incomplete. A\n race condition when sending a message on unbound socket can still\n cause a NULL pointer dereference. A remote attacker might be able to\n cause a denial of service (crash) by sending a crafted packet.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.68-1+deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u6.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3397": "
\n

Debian Security Advisory

\n

DSA-3397-1 wpa -- security update

\n
\n
Date Reported:
\n
10 Nov 2015
\n
Affected Packages:
\n
\nwpa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 787371, Bug 787372, Bug 787373, Bug 795740, Bug 804707, Bug 804708, Bug 804710.
In Mitre's CVE dictionary: CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146, CVE-2015-5310, CVE-2015-5314, CVE-2015-5315, CVE-2015-5316, CVE-2015-8041.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in wpa_supplicant and\nhostapd. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-4141\n

    Kostya Kortchinsky of the Google Security Team discovered a\n vulnerability in the WPS UPnP function with HTTP chunked transfer\n encoding which may result in a denial of service.

    • \n
  • CVE-2015-4142\n

    Kostya Kortchinsky of the Google Security Team discovered a\n vulnerability in the WMM Action frame processing which may result in\n a denial of service.

    • \n
  • CVE-2015-4143\nCVE-2015-4144\nCVE-2015-4145\nCVE-2015-4146\n

    Kostya Kortchinsky of the Google Security Team discovered that\n EAP-pwd payload is not properly validated which may result in a\n denial of service.

    • \n
  • CVE-2015-5310\n

    Jouni Malinen discovered a flaw in the WMM Sleep Mode Response frame\n processing. A remote attacker can take advantage of this flaw to\n mount a denial of service.

    • \n
  • CVE-2015-5314\nCVE-2015-5315\n

    Jouni Malinen discovered a flaw in the handling of EAP-pwd messages\n which may result in a denial of service.

    • \n
  • CVE-2015-5316\n

    Jouni Malinen discovered a flaw in the handling of EAP-pwd Confirm\n messages which may result in a denial of service.

    • \n
  • CVE-2015-8041\n

    Incomplete WPS and P2P NFC NDEF record payload length validation may\n result in a denial of service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0-3+deb7u3. The oldstable distribution (wheezy) is only\naffected by\nCVE-2015-4141,\nCVE-2015-4142,\nCVE-2015-4143 and\nCVE-2015-8041.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.3-1+deb8u3.

\n

We recommend that you upgrade your wpa packages.

\n
\n
\n
\n
", "3398": "
\n

Debian Security Advisory

\n

DSA-3398-1 strongswan -- security update

\n
\n
Date Reported:
\n
16 Nov 2015
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8023.
\n
More information:
\n
\n

Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.

\n

Due to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.

\n

It's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication:

\n

EAP method EAP_MSCHAPV2 succeeded, no MSK established

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 5.3.3-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.3.3-3.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "3399": "
\n

Debian Security Advisory

\n

DSA-3399-1 libpng -- security update

\n
\n
Date Reported:
\n
18 Nov 2015
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 803078, Bug 805113.
In Mitre's CVE dictionary: CVE-2015-7981, CVE-2015-8126.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the libpng PNG library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-7981\n

    Qixue Xiao discovered an out-of-bounds read vulnerability in the\n png_convert_to_rfc1123 function. A remote attacker can potentially\n take advantage of this flaw to cause disclosure of information from\n process memory.

    • \n
  • CVE-2015-8126\n

    Multiple buffer overflows were discovered in the png_set_PLTE and\n png_get_PLTE functions. A remote attacker can take advantage of this\n flaw to cause a denial of service (application crash) via a small\n bit-depth value in an IHDR (image header) chunk in a PNG image.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.2.54-1.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "3400": "
\n

Debian Security Advisory

\n

DSA-3400-1 lxc -- security update

\n
\n
Date Reported:
\n
19 Nov 2015
\n
Affected Packages:
\n
\nlxc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 800471.
In Mitre's CVE dictionary: CVE-2015-1335.
\n
More information:
\n
\n

Roman Fiedler discovered a directory traversal flaw in LXC, the Linux\nContainers userspace tools. A local attacker with access to a LXC\ncontainer could exploit this flaw to run programs inside the container\nthat are not confined by AppArmor or expose unintended files in the host\nto the container.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:1.0.6-6+deb8u2.

\n

We recommend that you upgrade your lxc packages.

\n
\n
\n
\n
", "3401": "
\n

Debian Security Advisory

\n

DSA-3401-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
22 Nov 2015
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4871.
\n
More information:
\n
\n

It was discovered that rebinding a receiver of a direct method handle\nmay allow a protected method to be accessed.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 7u91-2.6.3-1~deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7u91-2.6.3-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7u91-2.6.3-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3402": "
\n

Debian Security Advisory

\n

DSA-3402-1 symfony -- security update

\n
\n
Date Reported:
\n
24 Nov 2015
\n
Affected Packages:
\n
\nsymfony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8124, CVE-2015-8125.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in symfony, a framework to\ncreate websites and web applications. The Common Vulnerabilities and\nExposures project identifies the following problems:

\n
    \n
  • CVE-2015-8124\n

    The RedTeam Pentesting GmbH team discovered a session fixation\n vulnerability within the Remember Me login feature, allowing an\n attacker to impersonate the victim towards the web application if\n the session id value was previously known to the attacker.

    • \n
  • CVE-2015-8125\n

    Several potential remote timing attack vulnerabilities were\n discovered in classes from the Symfony Security component and in the\n legacy CSRF implementation from the Symfony Form component.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.3.21+dfsg-4+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.7.7+dfsg-1.

\n

We recommend that you upgrade your symfony packages.

\n
\n
\n
\n
", "3403": "
\n

Debian Security Advisory

\n

DSA-3403-1 libcommons-collections3-java -- security update

\n
\n
Date Reported:
\n
24 Nov 2015
\n
Affected Packages:
\n
\nlibcommons-collections3-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This update backports changes from the commons-collections 3.2.2 release\nwhich disable the deserialisation of the functors classes unless the\nsystem property org.apache.commons.collections.enableUnsafeSerialization\nis set to true. This fixes a vulnerability in unsafe applications\ndeserialising objects from untrusted sources without sanitising the\ninput data. Classes considered unsafe are: CloneTransformer, ForClosure,\nInstantiateFactory, InstantiateTransformer, InvokerTransformer,\nPrototypeCloneFactory, PrototypeSerializationFactory and WhileClosure.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.2.1-5+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.2.1-7+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.2.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.2-1.

\n

We recommend that you upgrade your libcommons-collections3-java packages.

\n
\n
\n
\n
", "3404": "
\n

Debian Security Advisory

\n

DSA-3404-1 python-django -- security update

\n
\n
Date Reported:
\n
25 Nov 2015
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8213.
\n
More information:
\n
\n

Ryan Butterfield discovered a vulnerability in the date template filter\nin python-django, a high-level Python web development framework. A\nremote attacker can take advantage of this flaw to obtain any secret in\nthe application's settings.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.5-1+deb7u14.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.7.7-1+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.7-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3405": "
\n

Debian Security Advisory

\n

DSA-3405-1 smokeping -- security update

\n
\n
Date Reported:
\n
25 Nov 2015
\n
Affected Packages:
\n
\nsmokeping\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0859.
\n
More information:
\n
\n

Tero Marttila discovered that the Debian packaging for smokeping\ninstalled it in such a way that the CGI implementation of Apache httpd\n(mod_cgi) passed additional arguments to the smokeping_cgi program,\npotentially leading to arbitrary code execution in response to crafted\nHTTP requests.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.6.8-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.6.9-1+deb8u1.

\n

We recommend that you upgrade your smokeping packages.

\n
\n
\n
\n
", "3406": "
\n

Debian Security Advisory

\n

DSA-3406-1 nspr -- security update

\n
\n
Date Reported:
\n
25 Nov 2015
\n
Affected Packages:
\n
\nnspr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7183.
\n
More information:
\n
\n

It was discovered that incorrect memory allocation in the NetScape\nPortable Runtime library might result in denial of service or the\nexecution of arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2:4.9.2-1+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:4.10.7-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2:4.10.10-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:4.10.10-1.

\n

We recommend that you upgrade your nspr packages.

\n
\n
\n
\n
", "3407": "
\n

Debian Security Advisory

\n

DSA-3407-1 dpkg -- security update

\n
\n
Date Reported:
\n
26 Nov 2015
\n
Affected Packages:
\n
\ndpkg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0860.
\n
More information:
\n
\n

Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb\ncomponent of dpkg, the Debian package management system. This flaw could\npotentially lead to arbitrary code execution if a user or an automated\nsystem were tricked into processing a specially crafted Debian binary\npackage (.deb) in the old style Debian binary package format.

\n

This update also includes updated translations and additional bug fixes.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.16.17.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.17.26.

\n

We recommend that you upgrade your dpkg packages.

\n
\n
\n
\n
", "3408": "
\n

Debian Security Advisory

\n

DSA-3408-1 gnutls26 -- security update

\n
\n
Date Reported:
\n
01 Dec 2015
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8313.
\n
More information:
\n
\n

It was discovered that GnuTLS, a library implementing the TLS and SSL\nprotocols, incorrectly validates the first byte of padding in CBC modes.\nA remote attacker can possibly take advantage of this flaw to perform a\npadding oracle attack.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u4.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "3409": "
\n

Debian Security Advisory

\n

DSA-3409-1 putty -- security update

\n
\n
Date Reported:
\n
01 Dec 2015
\n
Affected Packages:
\n
\nputty\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5309.
\n
More information:
\n
\n

A memory-corrupting integer overflow in the handling of the ECH (erase\ncharacters) control sequence was discovered in PuTTY's terminal\nemulator. A remote attacker can take advantage of this flaw to mount a\ndenial of service or potentially to execute arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.62-9+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.63-10+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.66-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.66-1.

\n

We recommend that you upgrade your putty packages.

\n
\n
\n
\n
", "3410": "
\n

Debian Security Advisory

\n

DSA-3410-1 icedove -- security update

\n
\n
Date Reported:
\n
01 Dec 2015
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.4.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.4.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.4.0-1.

\n

In addition enigmail has been updated to a release compatible with the\nnew ESR38 series.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3411": "
\n

Debian Security Advisory

\n

DSA-3411-1 cups-filters -- security update

\n
\n
Date Reported:
\n
02 Dec 2015
\n
Affected Packages:
\n
\ncups-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8327.
\n
More information:
\n
\n

Michal Kowalczyk discovered that missing input sanitising in the\nfoomatic-rip print filter might result in the execution of arbitrary\ncommands.

\n

The oldstable distribution (wheezy) is not affected.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.61-5+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.0-1.

\n

We recommend that you upgrade your cups-filters packages.

\n
\n
\n
\n
", "3412": "
\n

Debian Security Advisory

\n

DSA-3412-1 redis -- security update

\n
\n
Date Reported:
\n
03 Dec 2015
\n
Affected Packages:
\n
\nredis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 804419.
In Mitre's CVE dictionary: CVE-2015-8080.
\n
More information:
\n
\n

Luca Bruno discovered an integer overflow flaw leading to a stack-based\nbuffer overflow in redis, a persistent key-value database. A remote\nattacker can use this flaw to cause a denial of service (application\ncrash).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:2.8.17-1+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2:3.0.5-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.0.5-4.

\n

We recommend that you upgrade your redis packages.

\n
\n
\n
\n
", "3413": "
\n

Debian Security Advisory

\n

DSA-3413-1 openssl -- security update

\n
\n
Date Reported:
\n
04 Dec 2015
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2015-3194\n

    Loic Jonas Etienne of Qnective AG discovered that the signature\n verification routines will crash with a NULL pointer dereference if\n presented with an ASN.1 signature using the RSA PSS algorithm and\n absent mask generation function parameter. A remote attacker can\n exploit this flaw to crash any certificate verification operation\n and mount a denial of service attack.

    • \n
  • CVE-2015-3195\n

    Adam Langley of Google/BoringSSL discovered that OpenSSL will leak\n memory when presented with a malformed X509_ATTRIBUTE structure.

    • \n
  • CVE-2015-3196\n

    A race condition flaw in the handling of PSK identify hints was\n discovered, potentially leading to a double free of the identify\n hint data.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3414": "
\n

Debian Security Advisory

\n

DSA-3414-1 xen -- security update

\n
\n
Date Reported:
\n
09 Dec 2015
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3259, CVE-2015-3340, CVE-2015-5307, CVE-2015-6654, CVE-2015-7311, CVE-2015-7812, CVE-2015-7813, CVE-2015-7814, CVE-2015-7969, CVE-2015-7970, CVE-2015-7971, CVE-2015-7972, CVE-2015-8104.
\n
More information:
\n
\n

Multiple security issues have been found in the Xen virtualisation\nsolution, which may result in denial of service or information\ndisclosure.

\n

For the oldstable distribution (wheezy), an update will be provided\nlater.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u3.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3415": "
\n

Debian Security Advisory

\n

DSA-3415-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
09 Dec 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-1302, CVE-2015-6764, CVE-2015-6765, CVE-2015-6766, CVE-2015-6767, CVE-2015-6768, CVE-2015-6769, CVE-2015-6770, CVE-2015-6771, CVE-2015-6772, CVE-2015-6773, CVE-2015-6774, CVE-2015-6775, CVE-2015-6776, CVE-2015-6777, CVE-2015-6778, CVE-2015-6779, CVE-2015-6780, CVE-2015-6781, CVE-2015-6782, CVE-2015-6784, CVE-2015-6785, CVE-2015-6786.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2015-1302\n

    Rub Wu discovered an information leak in the pdfium library.

    • \n
  • CVE-2015-6764\n

    Guang Gong discovered an out-of-bounds read issue in the v8\n javascript library.

    • \n
  • CVE-2015-6765\n

    A use-after-free issue was discovered in AppCache.

    • \n
  • CVE-2015-6766\n

    A use-after-free issue was discovered in AppCache.

    • \n
  • CVE-2015-6767\n

    A use-after-free issue was discovered in AppCache.

    • \n
  • CVE-2015-6768\n

    Mariusz Mlynski discovered a way to bypass the Same Origin\n Policy.

    • \n
  • CVE-2015-6769\n

    Mariusz Mlynski discovered a way to bypass the Same Origin\n Policy.

    • \n
  • CVE-2015-6770\n

    Mariusz Mlynski discovered a way to bypass the Same Origin\n Policy.

    • \n
  • CVE-2015-6771\n

    An out-of-bounds read issue was discovered in the v8\n javascript library.

    • \n
  • CVE-2015-6772\n

    Mariusz Mlynski discovered a way to bypass the Same Origin\n Policy.

    • \n
  • CVE-2015-6773\n

    cloudfuzzer discovered an out-of-bounds read issue in the\n skia library.

    • \n
  • CVE-2015-6774\n

    A use-after-free issue was found in extensions binding.

    • \n
  • CVE-2015-6775\n

    Atte Kettunen discovered a type confusion issue in the pdfium\n library.

    • \n
  • CVE-2015-6776\n

    Hanno B\u00f6ck dicovered an out-of-bounds access issue in the\n openjpeg library, which is used by pdfium.

    • \n
  • CVE-2015-6777\n

    Long Liu found a use-after-free issue.

    • \n
  • CVE-2015-6778\n

    Karl Skomski found an out-of-bounds read issue in the pdfium\n library.

    • \n
  • CVE-2015-6779\n

    Til Jasper Ullrich discovered that the pdfium library does\n not sanitize chrome: URLs.

    • \n
  • CVE-2015-6780\n

    Khalil Zhani discovered a use-after-free issue.

    • \n
  • CVE-2015-6781\n

    miaubiz discovered an integer overflow issue in the sfntly\n library.

    • \n
  • CVE-2015-6782\n

    Luan Herrera discovered a URL spoofing issue.

    • \n
  • CVE-2015-6784\n

    Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.

    • \n
  • CVE-2015-6785\n

    Michael Ficarra discovered a way to bypass the Content\n Security Policy.

    • \n
  • CVE-2015-6786\n

    Michael Ficarra discovered another way to bypass the Content\n Security Policy.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 47.0.2526.73-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.73-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3416": "
\n

Debian Security Advisory

\n

DSA-3416-1 libphp-phpmailer -- security update

\n
\n
Date Reported:
\n
13 Dec 2015
\n
Affected Packages:
\n
\nlibphp-phpmailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807265.
In Mitre's CVE dictionary: CVE-2015-8476.
\n
More information:
\n
\n

Takeshi Terada discovered a vulnerability in PHPMailer, a PHP library for\nemail transfer, used by many CMSs. The library accepted email addresses\nand SMTP commands containing line breaks, which can be abused by an\nattacker to inject messages.

\n

For the oldstable distribution (wheezy), this problem has been fixed in\nversion 5.1-1.1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-1.

\n

We recommend that you upgrade your libphp-phpmailer packages.

\n
\n
\n
\n
", "3417": "
\n

Debian Security Advisory

\n

DSA-3417-1 bouncycastle -- security update

\n
\n
Date Reported:
\n
14 Dec 2015
\n
Affected Packages:
\n
\nbouncycastle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802671.
In Mitre's CVE dictionary: CVE-2015-7940.
\n
More information:
\n
\n

Tibor Jager, J\u00f6rg Schwenk, and Juraj Somorovsky, from Horst G\u00f6rtz\nInstitute for IT Security, published a paper in ESORICS 2015 where they\ndescribe an invalid curve attack in Bouncy Castle Crypto, a Java library\nfor cryptography. An attacker is able to recover private Elliptic Curve\nkeys from different applications, for example, TLS servers.

\n

More information:\nhttp://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html\n
\nPractical Invalid Curve Attacks on TLS-ECDH:\nhttp://euklid.org/pdf/ECC_Invalid_Curve.pdf

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.44+dfsg-3.1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.51-2.

\n

We recommend that you upgrade your bouncycastle packages.

\n
\n
\n
\n
", "3418": "
\n

Debian Security Advisory

\n

DSA-3418-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
14 Dec 2015
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6788, CVE-2015-6789, CVE-2015-6790, CVE-2015-6791.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2015-6788\n

    A type confusion issue was discovered in the handling of extensions.

    • \n
  • CVE-2015-6789\n

    cloudfuzzer discovered a use-after-free issue.

    • \n
  • CVE-2015-6790\n

    Inti De Ceukelaire discovered a way to inject HTML into\n serialized web pages.

    • \n
  • CVE-2015-6791\n

    The chrome 47 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.7.80.23.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 47.0.2526.80-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 47.0.2526.80-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3419": "
\n

Debian Security Advisory

\n

DSA-3419-1 cups-filters -- security update

\n
\n
Date Reported:
\n
15 Dec 2015
\n
Affected Packages:
\n
\ncups-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807930.
In Mitre's CVE dictionary: CVE-2015-8560.
\n
More information:
\n
\n

Adam Chester discovered that missing input sanitising in the\nfoomatic-rip print filter might result in the execution of arbitrary\ncommands.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.61-5+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.0-1.

\n

We recommend that you upgrade your cups-filters packages.

\n
\n
\n
\n
", "3420": "
\n

Debian Security Advisory

\n

DSA-3420-1 bind9 -- security update

\n
\n
Date Reported:
\n
15 Dec 2015
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 808081.
In Mitre's CVE dictionary: CVE-2015-8000.
\n
More information:
\n
\n

It was discovered that the BIND DNS server does not properly handle the\nparsing of incoming responses, allowing some records with an incorrect\nclass to be accepted by BIND instead of being rejected as malformed.\nThis can trigger a REQUIRE assertion failure when those records are\nsubsequently cached. A remote attacker can exploit this flaw to cause a\ndenial of service against servers performing recursive queries.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u8.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u4.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3421": "
\n

Debian Security Advisory

\n

DSA-3421-1 grub2 -- security update

\n
\n
Date Reported:
\n
16 Dec 2015
\n
Affected Packages:
\n
\ngrub2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807614.
In Mitre's CVE dictionary: CVE-2015-8370.
\n
More information:
\n
\n

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group,\nfound an integer underflow vulnerability in Grub2, a popular bootloader.\nA local attacker can bypass the Grub2 authentication by inserting a\ncrafted input as username or password.

\n

More information:\nhttp://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
\nCVE-2015-8370

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.99-27+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.02~beta2-22+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.02~beta2-33.

\n

We recommend that you upgrade your grub2 packages.

\n
\n
\n
\n
", "3422": "
\n

Debian Security Advisory

\n

DSA-3422-1 iceweasel -- security update

\n
\n
Date Reported:
\n
16 Dec 2015
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7222.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\ninteger overflows, use-after-frees and other implementation errors\nmay lead to the execution of arbitrary code, bypass of the same-origin\npolicy or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.5.0esr-1~deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.5.0esr-1~deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.5.0esr-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3423": "
\n

Debian Security Advisory

\n

DSA-3423-1 cacti -- security update

\n
\n
Date Reported:
\n
16 Dec 2015
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807599.
In Mitre's CVE dictionary: CVE-2015-8369.
\n
More information:
\n
\n

Several SQL injection vulnerabilities have been discovered in Cacti, an\nRRDTool frontend written in PHP. Specially crafted input can be used by\nan attacker in the rra_id value of the graph.php script to execute\narbitrary SQL commands on the database.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.8.8a+dfsg-5+deb7u7.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.8.8b+dfsg-8+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.8.8f+ds1-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.8f+ds1-3.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "3424": "
\n

Debian Security Advisory

\n

DSA-3424-1 subversion -- security update

\n
\n
Date Reported:
\n
16 Dec 2015
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5343.
\n
More information:
\n
\n

Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows\nan attacker with write access to the server to execute arbitrary code or\ncause a denial of service.

\n

The oldstable distribution (wheezy) is not affected.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.8.10-6+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3-1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3425": "
\n

Debian Security Advisory

\n

DSA-3425-1 tryton-server -- security update

\n
\n
Date Reported:
\n
17 Dec 2015
\n
Affected Packages:
\n
\ntryton-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0861.
\n
More information:
\n
\n

C\u00e9dric Krier discovered a vulnerability in the server-side of Tryton, an\napplication framework written in Python. An authenticated malicious\nuser can write arbitrary values in record fields due missed checks of\naccess permissions when multiple records are written.

\n

The oldstable distribution (wheezy) is not affected.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.0-3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.8.1-1.

\n

We recommend that you upgrade your tryton-server packages.

\n
\n
\n
\n
", "3426": "
\n

Debian Security Advisory

\n

DSA-3426-1 linux -- security update

\n
\n
Date Reported:
\n
17 Dec 2015
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7446, CVE-2015-7799, CVE-2015-7833, CVE-2015-8104, CVE-2015-8374, CVE-2015-8543.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information leak\nor data loss.

\n
    \n
  • CVE-2013-7446\n

    Dmitry Vyukov discovered that a particular sequence of valid\n operations on local (AF_UNIX) sockets can result in a\n use-after-free. This may be used to cause a denial of service\n (crash) or possibly for privilege escalation.

    • \n
  • CVE-2015-7799\n

    It was discovered that a user granted access to /dev/ppp can cause a\n denial of service (crash) by passing invalid parameters to the\n PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes.

    • \n
  • CVE-2015-7833\n

    Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\n flaw in the processing of certain USB device descriptors in the\n usbvision driver. An attacker with physical access to the system can\n use this flaw to crash the system. This was partly fixed by the\n changes listed in DSA 3396-1.

    • \n
  • CVE-2015-8104\n

    Jan Beulich reported a guest to host denial-of-service flaw\n affecting the KVM hypervisor running on AMD processors. A malicious\n guest can trigger an infinite stream of debug (#DB) exceptions\n causing the processor microcode to enter an infinite loop where the\n core never receives another interrupt. This leads to a panic of the\n host kernel.

    • \n
  • CVE-2015-8374\n

    It was discovered that Btrfs did not correctly implement truncation\n of compressed inline extents. This could lead to an information\n leak, if a file is truncated and later made readable by other users.\n Additionally, it could cause data loss. This has been fixed for the\n stable distribution (jessie) only.

    • \n
  • CVE-2015-8543\n

    It was discovered that a local user permitted to create raw sockets\n could cause a denial-of-service by specifying an invalid protocol\n number for the socket. The attacker must have the CAP_NET_RAW\n capability in their user namespace. This has been fixed for the\n stable distribution (jessie) only.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u1. In addition, this update contains several\nchanges originally targeted for the upcoming Wheezy point release.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u1. In addition, this update contains several\nchanges originally targeted for the upcoming Jessie point release.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3427": "
\n

Debian Security Advisory

\n

DSA-3427-1 blueman -- security update

\n
\n
Date Reported:
\n
18 Dec 2015
\n
Affected Packages:
\n
\nblueman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8612.
\n
More information:
\n
\n

It was discovered that the Mechanism plugin of Blueman, a graphical\nBluetooth manager, allows local privilege escalation.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.23-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.99~alpha1-1+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your blueman packages.

\n
\n
\n
\n
", "3428": "
\n

Debian Security Advisory

\n

DSA-3428-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
18 Dec 2015
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7810.
\n
More information:
\n
\n

It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 8.0.21-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.0.21-2.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3429": "
\n

Debian Security Advisory

\n

DSA-3429-1 foomatic-filters -- security update

\n
\n
Date Reported:
\n
21 Dec 2015
\n
Affected Packages:
\n
\nfoomatic-filters\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 806886, Bug 807993.
In Mitre's CVE dictionary: CVE-2015-8327, CVE-2015-8560.
\n
More information:
\n
\n

Michal Kowalczyk and Adam Chester discovered that missing input\nsanitising in the foomatic-rip print filter might result in the\nexecution of arbitrary commands.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.17-1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.17-5+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.17-7.

\n

We recommend that you upgrade your foomatic-filters packages.

\n
\n
\n
\n
", "3430": "
\n

Debian Security Advisory

\n

DSA-3430-1 libxml2 -- security update

\n
\n
Date Reported:
\n
23 Dec 2015
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 782782, Bug 782985, Bug 783010, Bug 802827, Bug 803942, Bug 806384.
In Mitre's CVE dictionary: CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317, CVE-2015-8710.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause that application to use an\nexcessive amount of CPU, leak potentially sensitive information, or\ncrash the application.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.8.0+dfsg1-7+wheezy5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.9.3+dfsg1-1 or earlier versions.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.9.3+dfsg1-1 or earlier versions.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "3431": "
\n

Debian Security Advisory

\n

DSA-3431-1 ganeti -- security update

\n
\n
Date Reported:
\n
01 Jan 2016
\n
Affected Packages:
\n
\nganeti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7944, CVE-2015-7945.
\n
More information:
\n
\n

Pierre Kim discovered two vulnerabilities in the restful API of Ganeti,\na virtual server cluster management tool. SSL parameter negotiation\ncould result in denial of service and the DRBD secret could leak.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.5.2-1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.12.4-1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.15.2-1.

\n

We recommend that you upgrade your ganeti packages.

\n
\n
\n
\n
", "3432": "
\n

Debian Security Advisory

\n

DSA-3432-1 icedove -- security update

\n
\n
Date Reported:
\n
01 Jan 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.5.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.5.0-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 38.5.0esr-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.5.0esr-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3433": "
\n

Debian Security Advisory

\n

DSA-3433-1 samba -- security update

\n
\n
Date Reported:
\n
02 Jan 2016
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2015-3223\n

    Thilo Uttendorfer of Linux Information Systems AG discovered that a\n malicious request can cause the Samba LDAP server to hang, spinning\n using CPU. A remote attacker can take advantage of this flaw to\n mount a denial of service.

    • \n
  • CVE-2015-5252\n

    Jan Yenya Kasprzak and the Computer Systems Unit team at Faculty\n of Informatics, Masaryk University discovered that insufficient\n symlink verification could allow data access outside an exported\n share path.

    • \n
  • CVE-2015-5296\n

    Stefan Metzmacher of SerNet discovered that Samba does not ensure\n that signing is negotiated when creating an encrypted client\n connection to a server. This allows a man-in-the-middle attacker to\n downgrade the connection and connect using the supplied credentials\n as an unsigned, unencrypted connection.

    • \n
  • CVE-2015-5299\n

    It was discovered that a missing access control check in the VFS\n shadow_copy2 module could allow unauthorized users to access\n snapshots.

    • \n
  • CVE-2015-5330\n

    Douglas Bagnall of Catalyst discovered that the Samba LDAP server\n is vulnerable to a remote memory read attack. A remote attacker can\n obtain sensitive information from daemon heap memory by sending\n crafted packets and then either read an error message, or a\n database value.

    • \n
  • CVE-2015-7540\n

    It was discovered that a malicious client can send packets that\n cause the LDAP server provided by the AD DC in the samba daemon\n process to consume unlimited memory and be terminated.

    • \n
  • CVE-2015-8467\n

    Andrew Bartlett of the Samba Team and Catalyst discovered that a\n Samba server deployed as an AD DC can expose Windows DCs in the same\n domain to a denial of service via the creation of multiple machine\n accounts. This issue is related to the MS15-096 / CVE-2015-2535\n security issue in Windows.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u6. The oldstable distribution (wheezy) is only\naffected by CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u1. The fixes for CVE-2015-3223 and\nCVE-2015-5330 required an update to ldb 2:1.1.17-2+deb8u1 to correct the\ndefects.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.1.22+dfsg-1. The fixes for CVE-2015-3223 and CVE-2015-5330\nrequired an update to ldb 2:1.1.24-1 to correct the defects.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3434": "
\n

Debian Security Advisory

\n

DSA-3434-1 linux -- security update

\n
\n
Date Reported:
\n
05 Jan 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 808293, Bug 808602, Bug 808953, Bug 808973.
In Mitre's CVE dictionary: CVE-2015-7513, CVE-2015-7550, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8709.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak.

\n
    \n
  • CVE-2015-7513\n

    It was discovered that a local user permitted to use the x86 KVM\n subsystem could configure the PIT emulation to cause a denial of\n service (crash).

    • \n
  • CVE-2015-7550\n

    Dmitry Vyukov discovered a race condition in the keyring subsystem\n that allows a local user to cause a denial of service (crash).

    • \n
  • CVE-2015-8543\n

    It was discovered that a local user permitted to create raw sockets\n could cause a denial-of-service by specifying an invalid protocol\n number for the socket. The attacker must have the CAP_NET_RAW\n capability.

    • \n
  • CVE-2015-8550\n

    Felix Wilhelm of ERNW discovered that the Xen PV backend drivers\n may read critical data from shared memory multiple times. This\n flaw can be used by a guest kernel to cause a denial of service\n (crash) on the host, or possibly for privilege escalation.

    • \n
  • CVE-2015-8551 /\n CVE-2015-8552\n

    Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\n backend driver does not adequately validate the device state when\n a guest configures MSIs. This flaw can be used by a guest kernel\n to cause a denial of service (crash or disk space exhaustion) on\n the host.

    • \n
  • CVE-2015-8569\n

    Dmitry Vyukov discovered a flaw in the PPTP sockets implementation\n that leads to an information leak to local users.

    • \n
  • CVE-2015-8575\n

    David Miller discovered a flaw in the Bluetooth SCO sockets\n implementation that leads to an information leak to local users.

    • \n
  • CVE-2015-8709\n

    Jann Horn discovered a flaw in the permission checks for use of\n the ptrace feature. A local user who has the CAP_SYS_PTRACE\n capability within their own user namespace could use this flaw for\n privilege escalation if a more privileged process ever enters that\n user namespace. This affects at least the LXC system.

    • \n
\n

In addition, this update fixes some regressions in the previous update:

\n
    \n
  • #808293\n

    A regression in the UDP implementation prevented freeradius and\n some other applications from receiving data.

    • \n
  • #808602 /\n #808953\n

    A regression in the USB XHCI driver prevented use of some devices\n in USB 3 SuperSpeed ports.

    • \n
  • #808973\n

    A fix to the radeon driver interacted with an existing bug to\n cause a crash at boot when using some AMD/ATI graphics cards.\n This issue only affects wheezy.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not\naffected by CVE-2015-8709.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u2.\nCVE-2015-8543\nwas already fixed in version 3.16.7-ckt20-1+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.3.3-3 or earlier.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3435": "
\n

Debian Security Advisory

\n

DSA-3435-1 git -- security update

\n
\n
Date Reported:
\n
05 Jan 2016
\n
Affected Packages:
\n
\ngit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7545.
\n
More information:
\n
\n

Blake Burkhart discovered that the Git git-remote-ext helper incorrectly\nhandled recursive clones of git repositories. A remote attacker could\npossibly use this issue to execute arbitary code by injecting commands\nvia crafted URLs.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:1.7.10.4-1+wheezy2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.4-2.1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:2.6.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.6.1-1.

\n

We recommend that you upgrade your git packages.

\n
\n
\n
\n
", "3436": "
\n

Debian Security Advisory

\n

DSA-3436-1 openssl -- security update

\n
\n
Date Reported:
\n
08 Jan 2016
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575.
\n
More information:
\n
\n

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in\nthe TLS 1.2 protocol which could allow the MD5 hash function to be used\nfor signing ServerKeyExchange and Client Authentication packets during a\nTLS handshake. A man-in-the-middle attacker could exploit this flaw to\nconduct collision attacks to impersonate a TLS server or an\nauthenticated TLS client.

\n

More information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.0.1e-2+deb7u19.

\n

For the stable distribution (jessie), the testing distribution (stretch)\nand the unstable distribution (sid), this issue was already addressed in\nversion 1.0.1f-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3437": "
\n

Debian Security Advisory

\n

DSA-3437-1 gnutls26 -- security update

\n
\n
Date Reported:
\n
09 Jan 2016
\n
Affected Packages:
\n
\ngnutls26\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575.
\n
More information:
\n
\n

Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in\nthe TLS 1.2 protocol which could allow the MD5 hash function to be used\nfor signing ServerKeyExchange and Client Authentication packets during a\nTLS handshake. A man-in-the-middle attacker could exploit this flaw to\nconduct collision attacks to impersonate a TLS server or an\nauthenticated TLS client.

\n

More information can be found at\nhttps://www.mitls.org/pages/attacks/SLOTH

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.12.20-8+deb7u5.

\n

We recommend that you upgrade your gnutls26 packages.

\n
\n
\n
\n
", "3438": "
\n

Debian Security Advisory

\n

DSA-3438-1 xscreensaver -- security update

\n
\n
Date Reported:
\n
09 Jan 2016
\n
Affected Packages:
\n
\nxscreensaver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802914.
In Mitre's CVE dictionary: CVE-2015-8025.
\n
More information:
\n
\n

It was discovered that unplugging one of the monitors in a multi-monitor\nsetup can cause xscreensaver to crash. Someone with physical access to\na machine could use this problem to bypass a locked session.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 5.15-3+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.30-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this problem\nhas been fixed in version 5.34-1.

\n

We recommend that you upgrade your xscreensaver packages.

\n
\n
\n
\n
", "3439": "
\n

Debian Security Advisory

\n

DSA-3439-1 prosody -- security update

\n
\n
Date Reported:
\n
10 Jan 2016
\n
Affected Packages:
\n
\nprosody\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1231, CVE-2016-1232.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Prosody, a lightweight\nJabber/XMPP server. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2016-1231\n

    Kim Alvefur discovered a flaw in Prosody's HTTP file-serving module\n that allows it to serve requests outside of the configured public\n root directory. A remote attacker can exploit this flaw to access\n private files including sensitive data. The default configuration\n does not enable the mod_http_files module and thus is not\n vulnerable.

    • \n
  • CVE-2016-1232\n

    Thijs Alkemade discovered that Prosody's generation of the secret\n token for server-to-server dialback authentication relied upon a\n weak random number generator that was not cryptographically secure.\n A remote attacker can take advantage of this flaw to guess at\n probable values of the secret key and impersonate the affected\n domain to other servers on the network.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.2-4+deb7u3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.9.7-2+deb8u2.

\n

We recommend that you upgrade your prosody packages.

\n
\n
\n
\n
", "3440": "
\n

Debian Security Advisory

\n

DSA-3440-1 sudo -- security update

\n
\n
Date Reported:
\n
11 Jan 2016
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 804149.
In Mitre's CVE dictionary: CVE-2015-5602.
\n
More information:
\n
\n

When sudo is configured to allow a user to edit files under a directory\nthat they can already write to without using sudo, they can actually\nedit (read and write) arbitrary files. Daniel Svartman reported that a\nconfiguration like this might be introduced unintentionally if the\neditable files are specified using wildcards, for example:

\n
operator ALL=(root) sudoedit /home/*/*/test.txt
\n

The default behaviour of sudo has been changed so that it does not allow\nediting of a file in a directory that the user can write to, or that is\nreached by following a symlink in a directory that the user can write\nto. These restrictions can be disabled, but this is strongly\ndiscouraged.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.8.5p2-1+nmu3+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.8.10p3-1+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.8.15-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.15-1.1.

\n

We recommend that you upgrade your sudo packages.

\n
\n
\n
\n
", "3441": "
\n

Debian Security Advisory

\n

DSA-3441-1 perl -- security update

\n
\n
Date Reported:
\n
11 Jan 2016
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 810719.
In Mitre's CVE dictionary: CVE-2015-8607.
\n
More information:
\n
\n

David Golden of MongoDB discovered that File::Spec::canonpath() in Perl\nreturned untainted strings even if passed tainted input. This defect\nundermines taint propagation, which is sometimes used to ensure that\nunvalidated user input does not reach sensitive code.

\n

The oldstable distribution (wheezy) is not affected by this problem.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.20.2-3+deb8u2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "3442": "
\n

Debian Security Advisory

\n

DSA-3442-1 isc-dhcp -- security update

\n
\n
Date Reported:
\n
13 Jan 2016
\n
Affected Packages:
\n
\nisc-dhcp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 810875.
In Mitre's CVE dictionary: CVE-2015-8605.
\n
More information:
\n
\n

It was discovered that a maliciously crafted packet can crash any of\nthe isc-dhcp applications. This includes the DHCP client, relay, and\nserver application. Only IPv4 setups are affected.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.2.2.dfsg.1-5+deb70u8.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.3.1-6+deb8u2.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem will be fixed soon.

\n

We recommend that you upgrade your isc-dhcp packages.

\n
\n
\n
\n
", "3443": "
\n

Debian Security Advisory

\n

DSA-3443-1 libpng -- security update

\n
\n
Date Reported:
\n
13 Jan 2016
\n
Affected Packages:
\n
\nlibpng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807112, Bug 807694.
In Mitre's CVE dictionary: CVE-2015-8472, CVE-2015-8540.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the libpng PNG library.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-8472\n

    It was discovered that the original fix for\n CVE-2015-8126 was\n incomplete and did not detect a potential overrun by applications\n using png_set_PLTE directly. A remote attacker can take advantage of\n this flaw to cause a denial of service (application crash).

    • \n
  • CVE-2015-8540\n

    Xiao Qixue and Chen Yu discovered a flaw in the png_check_keyword\n function. A remote attacker can potentially take advantage of this\n flaw to cause a denial of service (application crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.49-1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.2.50-2+deb8u2.

\n

We recommend that you upgrade your libpng packages.

\n
\n
\n
\n
", "3444": "
\n

Debian Security Advisory

\n

DSA-3444-1 wordpress -- security update

\n
\n
Date Reported:
\n
13 Jan 2016
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 810325.
In Mitre's CVE dictionary: CVE-2016-1564.
\n
More information:
\n
\n

Crtc4L discovered a cross-site scripting vulnerability in wordpress, a\nweb blogging tool, allowing a remote authenticated administrator to\ncompromise the site.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.6.1+dfsg-1~deb7u9.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.1+dfsg-1+deb8u7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.4.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3445": "
\n

Debian Security Advisory

\n

DSA-3445-1 pygments -- security update

\n
\n
Date Reported:
\n
13 Jan 2016
\n
Affected Packages:
\n
\npygments\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802828.
In Mitre's CVE dictionary: CVE-2015-8557.
\n
More information:
\n
\n

Javantea discovered that pygments, a generic syntax highlighter, is\nprone to a shell injection vulnerability allowing a remote attacker to\nexecute arbitrary code via shell metacharacters in a font name.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.5+dfsg-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.1+dfsg-1.1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.0.1+dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.1+dfsg-2.

\n

We recommend that you upgrade your pygments packages.

\n
\n
\n
\n
", "3446": "
\n

Debian Security Advisory

\n

DSA-3446-1 openssh -- security update

\n
\n
Date Reported:
\n
14 Jan 2016
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 810984.
In Mitre's CVE dictionary: CVE-2016-0777, CVE-2016-0778.
\n
More information:
\n
\n

The Qualys Security team discovered two vulnerabilities in the roaming\ncode of the OpenSSH client (an implementation of the SSH protocol\nsuite).

\n

SSH roaming enables a client, in case an SSH connection breaks\nunexpectedly, to resume it at a later time, provided the server also\nsupports it.

\n

The OpenSSH server doesn't support roaming, but the OpenSSH client\nsupports it (even though it's not documented) and it's enabled by\ndefault.

\n
    \n
  • CVE-2016-0777\n

    An information leak (memory disclosure) can be exploited by a rogue\n SSH server to trick a client into leaking sensitive data from the\n client memory, including for example private keys.

    • \n
  • CVE-2016-0778\n

    A buffer overflow (leading to file descriptor leak), can also be\n exploited by a rogue SSH server, but due to another bug in the code\n is possibly not exploitable, and only under certain conditions (not\n the default configuration), when using ProxyCommand, ForwardAgent or\n ForwardX11.

    • \n
\n

This security update completely disables the roaming code in the OpenSSH\nclient.

\n

It is also possible to disable roaming by adding the (undocumented)\noption UseRoaming no to the global /etc/ssh/ssh_config file, or to the\nuser configuration in ~/.ssh/config, or by passing -oUseRoaming=no on\nthe command line.

\n

Users with passphrase-less private keys, especially in non interactive\nsetups (automated jobs using ssh, scp, rsync+ssh etc.) are advised to\nupdate their keys if they have connected to an SSH server they don't\ntrust.

\n

More details about identifying an attack and mitigations will be\navailable in the Qualys Security Advisory.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:6.0p1-4+deb7u3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:6.7p1-5+deb8u1.

\n

For the testing distribution (stretch) and unstable distribution (sid), these\nproblems will be fixed in a later version.

\n

We recommend that you upgrade your openssh packages.

\n
\n
\n
\n
", "3447": "
\n

Debian Security Advisory

\n

DSA-3447-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
17 Jan 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-7810.
\n
More information:
\n
\n

It was discovered that malicious web applications could use the\nExpression Language to bypass protections of a Security Manager as\nexpressions were evaluated within a privileged code section.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 7.0.28-4+deb7u3. This update also provides fixes for\nCVE-2013-4444, CVE-2014-0075, CVE-2014-0099, CVE-2014-0227 and\nCVE-2014-0230, which were all fixed for the stable distribution (jessie)\nalready.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 7.0.61-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0.61-1.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3448": "
\n

Debian Security Advisory

\n

DSA-3448-1 linux -- security update

\n
\n
Date Reported:
\n
19 Jan 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4312, CVE-2015-7566, CVE-2015-8767, CVE-2016-0723, CVE-2016-0728.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation or denial-of-service.

\n
    \n
  • CVE-2013-4312\n

    Tetsuo Handa discovered that it is possible for a process to open\n far more files than the process' limit leading to denial-of-service\n conditions.

    • \n
  • CVE-2015-7566\n

    Ralf Spenneberg of OpenSource Security reported that the visor\n driver crashes when a specially crafted USB device without bulk-out\n endpoint is detected.

    • \n
  • CVE-2015-8767\n

    An SCTP denial-of-service was discovered which can be triggered by a\n local attacker during a heartbeat timeout event after the 4-way\n handshake.

    • \n
  • CVE-2016-0723\n

    A use-after-free vulnerability was discovered in the TIOCGETD ioctl.\n A local attacker could use this flaw for denial-of-service.

    • \n
  • CVE-2016-0728\n

    The Perception Point research team discovered a use-after-free\n vulnerability in the keyring facility, possibly leading to local\n privilege escalation.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u3.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3449": "
\n

Debian Security Advisory

\n

DSA-3449-1 bind9 -- security update

\n
\n
Date Reported:
\n
19 Jan 2016
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8704.
\n
More information:
\n
\n

It was discovered that specific APL RR data could trigger an INSIST\nfailure in apl_42.c and cause the BIND DNS server to exit, leading to a\ndenial-of-service.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u9.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u5.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3450": "
\n

Debian Security Advisory

\n

DSA-3450-1 ecryptfs-utils -- security update

\n
\n
Date Reported:
\n
20 Jan 2016
\n
Affected Packages:
\n
\necryptfs-utils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1572.
\n
More information:
\n
\n

Jann Horn discovered that the setuid-root mount.ecryptfs_private helper\nin the ecryptfs-utils would mount over any target directory that the\nuser owns, including a directory in procfs. A local attacker could use\nthis flaw to escalate his privileges.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 99-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 103-5+deb8u1.

\n

We recommend that you upgrade your ecryptfs-utils packages.

\n
\n
\n
\n
", "3451": "
\n

Debian Security Advisory

\n

DSA-3451-1 fuse -- security update

\n
\n
Date Reported:
\n
20 Jan 2016
\n
Affected Packages:
\n
\nfuse\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1233.
\n
More information:
\n
\n

Jann Horn discovered a vulnerability in the fuse (Filesystem in\nUserspace) package in Debian. The fuse package ships an udev rule\nadjusting permissions on the related /dev/cuse character device, making\nit world writable.

\n

This permits a local, unprivileged attacker to create an\narbitrarily-named character device in /dev and modify the memory of any\nprocess that opens it and performs an ioctl on it.

\n

This in turn might allow a local, unprivileged attacker to escalate to\nroot privileges.

\n

For the oldstable distribution (wheezy), the fuse package is not affected.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.9.3-15+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.9.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9.5-1.

\n

We recommend that you upgrade your fuse packages.

\n
\n
\n
\n
", "3452": "
\n

Debian Security Advisory

\n

DSA-3452-1 claws-mail -- security update

\n
\n
Date Reported:
\n
23 Jan 2016
\n
Affected Packages:
\n
\nclaws-mail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8614.
\n
More information:
\n
\n

DrWhax of the Tails project reported that Claws Mail is missing\nrange checks in some text conversion functions. A remote attacker\ncould exploit this to run arbitrary code under the account of a user\nthat receives a message from them using Claws Mail.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.8.1-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.11.1-3+deb8u1.

\n

We recommend that you upgrade your claws-mail packages.

\n
\n
\n
\n
", "3453": "
\n

Debian Security Advisory

\n

DSA-3453-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
25 Jan 2016
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-2047.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.23. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.23-0+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 10.0.23-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.23-1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3454": "
\n

Debian Security Advisory

\n

DSA-3454-1 virtualbox -- security update

\n
\n
Date Reported:
\n
27 Jan 2016
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5307, CVE-2015-8104, CVE-2016-0495, CVE-2016-0592.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in VirtualBox, an x86\nvirtualisation solution.

\n

Upstream support for the 4.1 release series has ended and since no\ninformation is available which would allow backports of isolated security\nfixes, security support for virtualbox in wheezy/oldstable needed to be\nended as well.\nIf you use virtualbox with externally procured VMs (e.g. through vagrant)\nwe advise you to update to Debian jessie.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.3.36-dfsg-1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 5.0.14-dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.0.14-dfsg-1.

\n

We recommend that you upgrade your virtualbox packages.

\n
\n
\n
\n
", "3455": "
\n

Debian Security Advisory

\n

DSA-3455-1 curl -- security update

\n
\n
Date Reported:
\n
27 Jan 2016
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0755.
\n
More information:
\n
\n

Isaac Boukris discovered that cURL, an URL transfer library, reused\nNTLM-authenticated proxy connections without properly making sure that\nthe connection was authenticated with the same credentials as set for\nthe new transfer. This could lead to HTTP requests being sent over the\nconnection authenticated as a different user.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.38.0-4+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.47.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3456": "
\n

Debian Security Advisory

\n

DSA-3456-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
27 Jan 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6792, CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the chromium web browser.

\n
    \n
  • CVE-2015-6792\n

    An issue was found in the handling of MIDI files.

    • \n
  • CVE-2016-1612\n

    cloudfuzzer discovered a logic error related to receiver\n compatibility in the v8 javascript library.

    • \n
  • CVE-2016-1613\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-1614\n

    Christoph Diehl discovered an information leak in Webkit/Blink.

    • \n
  • CVE-2016-1615\n

    Ron Masas discovered a way to spoof URLs.

    • \n
  • CVE-2016-1616\n

    Luan Herrera discovered a way to spoof URLs.

    • \n
  • CVE-2016-1617\n

    jenuis discovered a way to discover whether an HSTS web site had\n been visited.

    • \n
  • CVE-2016-1618\n

    Aaron Toponce discovered the use of weak random number\n generator.

    • \n
  • CVE-2016-1619\n

    Keve Nagy discovered an out-of-bounds-read issue in the pdfium\n library.

    • \n
  • CVE-2016-1620\n

    The chrome 48 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.7.271.17.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 48.0.2564.82-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 48.0.2564.82-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3457": "
\n

Debian Security Advisory

\n

DSA-3457-1 iceweasel -- security update

\n
\n
Date Reported:
\n
27 Jan 2016
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575, CVE-2016-1930, CVE-2016-1935.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and a\nbuffer overflow may lead to the execution of arbitrary code. In addition\nthe bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.6.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.6.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 44.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3458": "
\n

Debian Security Advisory

\n

DSA-3458-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
27 Jan 2016
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, information disclosur, denial of service and insecure\ncryptography.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7u95-2.6.4-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u95-2.6.4-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7u95-2.6.4-1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3459": "
\n

Debian Security Advisory

\n

DSA-3459-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
28 Jan 2016
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 811428.
In Mitre's CVE dictionary: CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.47. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 5.5.47-0+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.47-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3460": "
\n

Debian Security Advisory

\n

DSA-3460-1 privoxy -- security update

\n
\n
Date Reported:
\n
30 Jan 2016
\n
Affected Packages:
\n
\nprivoxy\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1982, CVE-2016-1983.
\n
More information:
\n
\n

It was discovered that privoxy, a web proxy with advanced filtering\ncapabilities, contained invalid reads that could enable a remote\nattacker to crash the application, thus causing a Denial of Service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.0.19-2+deb7u3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.0.21-7+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 3.0.24-1.

\n

We recommend that you upgrade your privoxy packages.

\n
\n
\n
\n
", "3461": "
\n

Debian Security Advisory

\n

DSA-3461-1 freetype -- security update

\n
\n
Date Reported:
\n
30 Jan 2016
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 777656.
In Mitre's CVE dictionary: CVE-2014-9674.
\n
More information:
\n
\n

Mateusz Jurczyk discovered multiple vulnerabilities in\nFreetype. Opening malformed fonts may result in denial of service or\nthe execution of arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.4.9-1.1+deb7u3.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "3462": "
\n

Debian Security Advisory

\n

DSA-3462-1 radicale -- security update

\n
\n
Date Reported:
\n
30 Jan 2016
\n
Affected Packages:
\n
\nradicale\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 809920.
In Mitre's CVE dictionary: CVE-2015-8747, CVE-2015-8748.
\n
More information:
\n
\n

Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server.

\n
    \n
  • CVE-2015-8747\n

    The (not configured by default and not available on Wheezy)\n multifilesystem storage backend allows read and write access to\n arbitrary files (still subject to the DAC permissions of the user\n the radicale server is running as).

    • \n
  • CVE-2015-8748\n

    If an attacker is able to authenticate with a user name like `.*',\n he can bypass read/write limitations imposed by regex-based rules,\n including the built-in rules `owner_write' (read for everybody,\n write for the calendar owner) and `owner_only' (read and write for\n the the calendar owner).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.7-1.1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.9-1+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.1.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.1-1.

\n

We recommend that you upgrade your radicale packages.

\n
\n
\n
\n
", "3463": "
\n

Debian Security Advisory

\n

DSA-3463-1 prosody -- security update

\n
\n
Date Reported:
\n
31 Jan 2016
\n
Affected Packages:
\n
\nprosody\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0756.
\n
More information:
\n
\n

It was discovered that insecure handling of dialback keys may allow\na malicious XMPP server to impersonate another server.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.8.2-4+deb7u4.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.9.7-2+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.9.10-1.

\n

We recommend that you upgrade your prosody packages.

\n
\n
\n
\n
", "3464": "
\n

Debian Security Advisory

\n

DSA-3464-1 rails -- security update

\n
\n
Date Reported:
\n
31 Jan 2016
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3226, CVE-2015-3227, CVE-2015-7576, CVE-2015-7577, CVE-2015-7581, CVE-2016-0751, CVE-2016-0752, CVE-2016-0753.
\n
More information:
\n
\n

Multiple security issues have been discovered in the Ruby on Rails web\napplication development framework, which may result in denial of service,\ncross-site scripting, information disclosure or bypass of input\nvalidation.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.1-1.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "3465": "
\n

Debian Security Advisory

\n

DSA-3465-1 openjdk-6 -- security update

\n
\n
Date Reported:
\n
02 Feb 2016
\n
Affected Packages:
\n
\nopenjdk-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, information disclosure, denial of service and insecure\ncryptography.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 6b38-1.13.10-1~deb7u1.

\n

We recommend that you upgrade your openjdk-6 packages.

\n
\n
\n
\n
", "3466": "
\n

Debian Security Advisory

\n

DSA-3466-1 krb5 -- security update

\n
\n
Date Reported:
\n
04 Feb 2016
\n
Affected Packages:
\n
\nkrb5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 813126, Bug 813127, Bug 813296.
In Mitre's CVE dictionary: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631.
\n
More information:
\n
\n

Several vulnerabilities were discovered in krb5, the MIT implementation\nof Kerberos. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2015-8629\n

    It was discovered that an authenticated attacker can cause kadmind\n to read beyond the end of allocated memory by sending a string\n without a terminating zero byte. Information leakage may be possible\n for an attacker with permission to modify the database.

    • \n
  • CVE-2015-8630\n

    It was discovered that an authenticated attacker with permission to\n modify a principal entry can cause kadmind to dereference a null\n pointer by supplying a null policy value but including KADM5_POLICY\n in the mask.

    • \n
  • CVE-2015-8631\n

    It was discovered that an authenticated attacker can cause kadmind\n to leak memory by supplying a null principal name in a request which\n uses one. Repeating these requests will eventually cause kadmind to\n exhaust all available memory.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is\nnot affected by CVE-2015-8630.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+dfsg-19+deb8u2.

\n

We recommend that you upgrade your krb5 packages.

\n
\n
\n
\n
", "3467": "
\n

Debian Security Advisory

\n

DSA-3467-1 tiff -- security update

\n
\n
Date Reported:
\n
06 Feb 2016
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 808968, Bug 809021.
In Mitre's CVE dictionary: CVE-2015-8665, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784.
\n
More information:
\n
\n

Several vulnerabilities have been found in tiff, a Tag Image File Format\nlibrary. Multiple out-of-bounds read and write flaws could cause an\napplication using the tiff library to crash.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 4.0.2-6+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 4.0.6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.6-1.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "3468": "
\n

Debian Security Advisory

\n

DSA-3468-1 polarssl -- security update

\n
\n
Date Reported:
\n
06 Feb 2016
\n
Affected Packages:
\n
\npolarssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 801413.
In Mitre's CVE dictionary: CVE-2015-5291, CVE-2015-8036.
\n
More information:
\n
\n

It was discovered that polarssl, a library providing SSL and TLS\nsupport, contained two heap-based buffer overflows that could allow a\nremote attacker to trigger denial of service (via application crash)\nor arbitrary code execution.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.9-1~deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.9-2.1+deb8u1.

\n

We recommend that you upgrade your polarssl packages.

\n
\n
\n
\n
", "3469": "
\n

Debian Security Advisory

\n

DSA-3469-1 qemu -- security update

\n
\n
Date Reported:
\n
08 Feb 2016
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 799452, Bug 806373, Bug 806741, Bug 806742, Bug 808130, Bug 808144, Bug 810519, Bug 810527, Bug 811201, Bug 812307.
In Mitre's CVE dictionary: CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a full virtualization\nsolution on x86 hardware.

\n
    \n
  • CVE-2015-7295\n

    Jason Wang of Red Hat Inc. discovered that the Virtual Network\n Device support is vulnerable to denial-of-service (via resource\n exhaustion), that could occur when receiving large packets.

    • \n
  • CVE-2015-7504\n

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a heap-based buffer overflow that could result in\n denial-of-service (via application crash) or arbitrary code\n execution.

    • \n
  • CVE-2015-7512\n

    Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a buffer overflow that could result in denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2015-8345\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100\n emulator contains a flaw that could lead to an infinite loop when\n processing Command Blocks, eventually resulting in\n denial-of-service (via application crash).

    • \n
  • CVE-2015-8504\n

    Lian Yihan of Qihoo 360 Inc. discovered that the VNC display\n driver support is vulnerable to an arithmetic exception flaw that\n could lead to denial-of-service (via application crash).

    • \n
  • CVE-2015-8558\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI\n emulation support contains a flaw that could lead to an infinite\n loop during communication between the host controller and a device\n driver. This could lead to denial-of-service (via resource\n exhaustion).

    • \n
  • CVE-2015-8743\n

    Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is\n vulnerable to an out-of-bound read/write access issue, potentially\n resulting in information leak or memory corruption.

    • \n
  • CVE-2016-1568\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI\n emulation support is vulnerable to a use-after-free issue, that\n could lead to denial-of-service (via application crash) or\n arbitrary code execution.

    • \n
  • CVE-2016-1714\n

    Donghai Zhu of Alibaba discovered that the Firmware Configuration\n emulation support is vulnerable to an out-of-bound read/write\n access issue, that could lead to denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2016-1922\n

    Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests\n support is vulnerable to a null pointer dereference issue, that\n could lead to denial-of-service (via application crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6a+deb7u12.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3470": "
\n

Debian Security Advisory

\n

DSA-3470-1 qemu-kvm -- security update

\n
\n
Date Reported:
\n
08 Feb 2016
\n
Affected Packages:
\n
\nqemu-kvm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 799452, Bug 806373, Bug 806741, Bug 806742, Bug 808130, Bug 808144, Bug 810519, Bug 810527, Bug 811201.
In Mitre's CVE dictionary: CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu-kvm, a full\nvirtualization solution on x86 hardware.

\n
    \n
  • CVE-2015-7295\n

    Jason Wang of Red Hat Inc. discovered that the Virtual Network\n Device support is vulnerable to denial-of-service (via resource\n exhaustion), that could occur when receiving large packets.

    • \n
  • CVE-2015-7504\n

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a heap-based buffer overflow that could result in\n denial-of-service (via application crash) or arbitrary code\n execution.

    • \n
  • CVE-2015-7512\n

    Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a buffer overflow that could result in denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2015-8345\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100\n emulator contains a flaw that could lead to an infinite loop when\n processing Command Blocks, eventually resulting in\n denial-of-service (via application crash).

    • \n
  • CVE-2015-8504\n

    Lian Yihan of Qihoo 360 Inc. discovered that the VNC display\n driver support is vulnerable to an arithmetic exception flaw that\n could lead to denial-of-service (via application crash).

    • \n
  • CVE-2015-8558\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI\n emulation support contains a flaw that could lead to an infinite\n loop during communication between the host controller and a device\n driver. This could lead to denial-of-service (via resource\n exhaustion).

    • \n
  • CVE-2015-8743\n

    Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is\n vulnerable to an out-of-bound read/write access issue, potentially\n resulting in information leak or memory corruption.

    • \n
  • CVE-2016-1568\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI\n emulation support is vulnerable to a use-after-free issue, that\n could lead to denial-of-service (via application crash) or\n arbitrary code execution.

    • \n
  • CVE-2016-1714\n

    Donghai Zhu of Alibaba discovered that the Firmware Configuration\n emulation support is vulnerable to an out-of-bound read/write\n access issue, that could lead to denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2016-1922\n

    Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests\n support is vulnerable to a null pointer dereference issue, that\n could lead to denial-of-service (via application crash).

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.1.2+dfsg-6+deb7u12.

\n

We recommend that you upgrade your qemu-kvm packages.

\n
\n
\n
\n
", "3471": "
\n

Debian Security Advisory

\n

DSA-3471-1 qemu -- security update

\n
\n
Date Reported:
\n
08 Feb 2016
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 799452, Bug 806373, Bug 806741, Bug 806742, Bug 808130, Bug 808131, Bug 808144, Bug 808145, Bug 809229, Bug 809232, Bug 810519, Bug 810527, Bug 811201, Bug 812307, Bug 809237, Bug 809237.
In Mitre's CVE dictionary: CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-7549, CVE-2015-8345, CVE-2015-8504, CVE-2015-8550, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a full virtualization\nsolution on x86 hardware.

\n
    \n
  • CVE-2015-7295\n

    Jason Wang of Red Hat Inc. discovered that the Virtual Network\n Device support is vulnerable to denial-of-service, that could\n occur when receiving large packets.

    • \n
  • CVE-2015-7504\n

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a heap-based buffer overflow that could result in\n denial-of-service (via application crash) or arbitrary code\n execution.

    • \n
  • CVE-2015-7512\n

    Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc.\n discovered that the PC-Net II ethernet controller is vulnerable to\n a buffer overflow that could result in denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2015-7549\n

    Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360\n Inc. discovered that the PCI MSI-X emulator is vulnerable to a\n null pointer dereference issue, that could lead to\n denial-of-service (via application crash).

    • \n
  • CVE-2015-8345\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100\n emulator contains a flaw that could lead to an infinite loop when\n processing Command Blocks, eventually resulting in\n denial-of-service (via application crash).

    • \n
  • CVE-2015-8504\n

    Lian Yihan of Qihoo 360 Inc. discovered that the VNC display\n driver support is vulnerable to an arithmetic exception flaw that\n could lead to denial-of-service (via application crash).

    • \n
  • CVE-2015-8550\n

    Felix Wilhelm of ERNW Research discovered that the PV backend drivers are\n vulnerable to double fetch vulnerabilities, possibly resulting in\n arbitrary code execution.

    • \n
  • CVE-2015-8558\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI\n emulation support contains a flaw that could lead to an infinite\n loop during communication between the host controller and a device\n driver. This could lead to denial-of-service (via resource\n exhaustion).

    • \n
  • CVE-2015-8567\nCVE-2015-8568\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the vmxnet3 device\n emulator could be used to intentionally leak host memory, thus\n resulting in denial-of-service.

    • \n
  • CVE-2015-8613\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the SCSI MegaRAID\n SAS HBA emulation support is vulnerable to a stack-based buffer\n overflow issue, that could lead to denial-of-service (via\n application crash).

    • \n
  • CVE-2015-8619\n

    Ling Liu of Qihoo 360 Inc. discovered that the Human Monitor\n Interface support is vulnerable to an out-of-bound write access\n issue that could result in denial-of-service (via application\n crash).

    • \n
  • CVE-2015-8743\n

    Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is\n vulnerable to an out-of-bound read/write access issue, potentially\n resulting in information leak or memory corruption.

    • \n
  • CVE-2015-8744\n

    The vmxnet3 driver incorrectly processes small packets, which could\n result in denial-of-service (via application crash).

    • \n
  • CVE-2015-8745\n

    The vmxnet3 driver incorrectly processes Interrupt Mask Registers,\n which could result in denial-of-service (via application crash).

    • \n
  • CVE-2016-1568\n

    Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI\n emulation support is vulnerable to a use-after-free issue, that\n could lead to denial-of-service (via application crash) or\n arbitrary code execution.

    • \n
  • CVE-2016-1714\n

    Donghai Zhu of Alibaba discovered that the Firmware Configuration\n emulation support is vulnerable to an out-of-bound read/write\n access issue, that could lead to denial-of-service (via\n application crash) or arbitrary code execution.

    • \n
  • CVE-2016-1922\n

    Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests\n support is vulnerable to a null pointer dereference issue, that\n could lead to denial-of-service (via application crash).

    • \n
  • CVE-2016-1981\n

    The e1000 driver is vulnerable to an infinite loop issue that\n could lead to denial-of-service (via application crash).

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u5a.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3472": "
\n

Debian Security Advisory

\n

DSA-3472-1 wordpress -- security update

\n
\n
Date Reported:
\n
08 Feb 2016
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 813697.
In Mitre's CVE dictionary: CVE-2016-2221, CVE-2016-2222.
\n
More information:
\n
\n

Two vulnerabilities were discovered in wordpress, a web blogging tool.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2016-2221\n

    Shailesh Suthar discovered an open redirection vulnerability.

    • \n
  • CVE-2016-2222\n

    Ronni Skansing discovered a server-side request forgery (SSRF)\n vulnerability.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.6.1+dfsg-1~deb7u10.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.4.2+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3473": "
\n

Debian Security Advisory

\n

DSA-3473-1 nginx -- security update

\n
\n
Date Reported:
\n
11 Feb 2016
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812806.
In Mitre's CVE dictionary: CVE-2016-0742, CVE-2016-0746, CVE-2016-0747.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the resolver in nginx, a\nsmall, powerful, scalable web/proxy server, leading to denial of service\nor, potentially, to arbitrary code execution. These only affect nginx if\nthe resolver directive is used in a configuration file.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.1-2.2+wheezy4.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.6.2-5+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.9.10-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.10-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "3474": "
\n

Debian Security Advisory

\n

DSA-3474-1 libgcrypt20 -- security update

\n
\n
Date Reported:
\n
12 Feb 2016
\n
Affected Packages:
\n
\nlibgcrypt20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7511.
\n
More information:
\n
\n

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered\nthat the ECDH secret decryption keys in applications using the\nlibgcrypt20 library could be leaked via a side-channel attack.

\n

See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.6.3-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.6.5-2.

\n

We recommend that you upgrade your libgcrypt20 packages.

\n
\n
\n
\n
", "3475": "
\n

Debian Security Advisory

\n

DSA-3475-1 postgresql-9.1 -- security update

\n
\n
Date Reported:
\n
13 Feb 2016
\n
Affected Packages:
\n
\npostgresql-9.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5288, CVE-2016-0766, CVE-2016-0773.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.1, a SQL\ndatabase system.

\n
    \n
  • CVE-2015-5288\n

    Josh Kupershmidt discovered a vulnerability in the crypt() function\n in the pgCrypto extension. Certain invalid salt arguments can cause\n the server to crash or to disclose a few bytes of server memory.

    • \n
  • CVE-2016-0766\n

    A privilege escalation vulnerability for users of PL/Java was\n discovered. Certain custom configuration settings (GUCs) for PL/Java\n will now be modifiable only by the database superuser to mitigate\n this issue.

    • \n
  • CVE-2016-0773\n

    Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL\n processes specially crafted regular expressions. Very large\n character ranges in bracket expressions could cause infinite\n loops or memory overwrites. A remote attacker can exploit this\n flaw to cause a denial of service or, potentially, to execute\n arbitrary code.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 9.1.20-0+deb7u1.

\n

We recommend that you upgrade your postgresql-9.1 packages.

\n
\n
\n
\n
", "3476": "
\n

Debian Security Advisory

\n

DSA-3476-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
13 Feb 2016
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0766, CVE-2016-0773.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.

\n
    \n
  • CVE-2016-0766\n

    A privilege escalation vulnerability for users of PL/Java was\n discovered. Certain custom configuration settings (GUCs) for PL/Java\n will now be modifiable only by the database superuser to mitigate\n this issue.

    • \n
  • CVE-2016-0773\n

    Tom Lane and Greg Stark discovered a flaw in the way PostgreSQL\n processes specially crafted regular expressions. Very large\n character ranges in bracket expressions could cause infinite\n loops or memory overwrites. A remote attacker can exploit this\n flaw to cause a denial of service or, potentially, to execute\n arbitrary code.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.6-0+deb8u1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3477": "
\n

Debian Security Advisory

\n

DSA-3477-1 iceweasel -- security update

\n
\n
Date Reported:
\n
14 Feb 2016
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1523, CVE-2016-1526.
\n
More information:
\n
\n

Holger Fuhrmannek discovered that missing input sanitising in the\nGraphite font rendering engine could result in the execution of arbitrary\ncode.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 38.6.1esr-1~deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 38.6.1esr-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 44.0-1.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3478": "
\n

Debian Security Advisory

\n

DSA-3478-1 libgcrypt11 -- security update

\n
\n
Date Reported:
\n
15 Feb 2016
\n
Affected Packages:
\n
\nlibgcrypt11\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7511.
\n
More information:
\n
\n

Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered\nthat the ECDH secret decryption keys in applications using the\nlibgcrypt11 library could be leaked via a side-channel attack.

\n

See https://www.cs.tau.ac.IL/~tromer/ecdh/ for details.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.5.0-5+deb7u4.

\n

We recommend that you upgrade your libgcrypt11 packages.

\n
\n
\n
\n
", "3479": "
\n

Debian Security Advisory

\n

DSA-3479-1 graphite2 -- security update

\n
\n
Date Reported:
\n
15 Feb 2016
\n
Affected Packages:
\n
\ngraphite2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.3.5-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.5-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.3.5-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.5-1.

\n

We recommend that you upgrade your graphite2 packages.

\n
\n
\n
\n
", "3480": "
\n

Debian Security Advisory

\n

DSA-3480-1 eglibc -- security update

\n
\n
Date Reported:
\n
16 Feb 2016
\n
Affected Packages:
\n
\neglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 779587, Bug 796105, Bug 798316, Bug 801691, Bug 803927, Bug 812441, Bug 812445, Bug 812455.
In Mitre's CVE dictionary: CVE-2014-8121, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in the GNU C Library, eglibc.

\n

The CVE-2015-7547 vulnerability listed below is considered to have\ncritical impact.

\n
    \n
  • CVE-2014-8121\n

    Robin Hack discovered that the nss_files database did not\n correctly implement enumeration interleaved with name-based or\n ID-based lookups. This could cause the enumeration enter an\n endless loop, leading to a denial of service.

    • \n
  • CVE-2015-1781\n

    Arjun Shankar discovered that the _r variants of host name\n resolution functions (like gethostbyname_r), when performing DNS\n name resolution, suffered from a buffer overflow if a misaligned\n buffer was supplied by the applications, leading to a crash or,\n potentially, arbitrary code execution. Most applications are not\n affected by this vulnerability because they use aligned buffers.

    • \n
  • CVE-2015-7547\n

    The Google Security Team and Red Hat discovered that the eglibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services.

    • \n
  • CVE-2015-8776\n

    Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known.

    • \n
  • CVE-2015-8777\n

    Hector Marco-Gisbert reported that LD_POINTER_GUARD was not\n ignored for SUID programs, enabling an unintended bypass of a\n security feature. This update causes eglibc to always ignore the\n LD_POINTER_GUARD environment variable.

    • \n
  • CVE-2015-8778\n

    Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time.

    • \n
  • CVE-2015-8779\n

    The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known.

    • \n
\n

The following fixed vulnerabilities currently lack CVE assignment:

\n
    \n

  • Joseph Myers reported that an integer overflow in the\n strxfrm can lead to heap-based buffer overflow, possibly allowing\n arbitrary code execution. In addition, a fallback path in strxfrm\n uses an unbounded stack allocation (stack overflow), leading to a\n crash or erroneous application behavior.

    • \n

  • Kostya Serebryany reported that the fnmatch function could skip\n over the terminating NUL character of a malformed pattern, causing\n an application calling fnmatch to crash (denial of service).

    • \n

  • Joseph Myers reported that the IO_wstr_overflow function,\n internally used by wide-oriented character streams, suffered from\n an integer overflow, leading to a heap-based buffer overflow. On\n GNU/Linux systems, wide-oriented character streams are rarely\n used, and no affected applications are known.

    • \n

  • Andreas Schwab reported a memory leak (memory allocation without a\n matching deallocation) while processing certain DNS answers in\n getaddrinfo, related to the _nss_dns_gethostbyname4_r function.\n This vulnerability could lead to a denial of service.

    • \n
\n

While it is only necessary to ensure that all processes are not using\nthe old eglibc anymore, it is recommended to reboot the machines after\napplying the security upgrade.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.13-38+deb7u10.

\n

We recommend that you upgrade your eglibc packages.

\n
\n
\n
\n
", "3481": "
\n

Debian Security Advisory

\n

DSA-3481-1 glibc -- security update

\n
\n
Date Reported:
\n
16 Feb 2016
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812441, Bug 812445, Bug 812455.
In Mitre's CVE dictionary: CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in the GNU C Library, glibc.

\n

The first vulnerability listed below is considered to have critical\nimpact.

\n
    \n
  • CVE-2015-7547\n

    The Google Security Team and Red Hat discovered that the glibc\n host name resolver function, getaddrinfo, when processing\n AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its\n internal buffers, leading to a stack-based buffer overflow and\n arbitrary code execution. This vulnerability affects most\n applications which perform host name resolution using getaddrinfo,\n including system services.

    • \n
  • CVE-2015-8776\n

    Adam Nielsen discovered that if an invalid separated time value\n is passed to strftime, the strftime function could crash or leak\n information. Applications normally pass only valid time\n information to strftime; no affected applications are known.

    • \n
  • CVE-2015-8778\n

    Szabolcs Nagy reported that the rarely-used hcreate and hcreate_r\n functions did not check the size argument properly, leading to a\n crash (denial of service) for certain arguments. No impacted\n applications are known at this time.

    • \n
  • CVE-2015-8779\n

    The catopen function contains several unbound stack allocations\n (stack overflows), causing it the crash the process (denial of\n service). No applications where this issue has a security impact\n are currently known.

    • \n
\n

While it is only necessary to ensure that all processes are not using\nthe old glibc anymore, it is recommended to reboot the machines after\napplying the security upgrade.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.19-18+deb8u3.

\n

For the unstable distribution (sid), these problems will be fixed in\nversion 2.21-8.

\n

We recommend that you upgrade your glibc packages.

\n
\n
\n
\n
", "3482": "
\n

Debian Security Advisory

\n

DSA-3482-1 libreoffice -- security update

\n
\n
Date Reported:
\n
17 Feb 2016
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0794, CVE-2016-0795.
\n
More information:
\n
\n

An anonymous contributor working with VeriSign iDefense Labs\ndiscovered that libreoffice, a full-featured office productivity\nsuite, did not correctly handle Lotus WordPro files. This would enable\nan attacker to crash the program, or execute arbitrary code, by\nsupplying a specially crafted LWP file.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.5.4+dfsg2-0+deb7u6.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:4.3.3-2+deb8u3.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 1:5.0.5~rc1-1.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3483": "
\n

Debian Security Advisory

\n

DSA-3483-1 cpio -- security update

\n
\n
Date Reported:
\n
19 Feb 2016
\n
Affected Packages:
\n
\ncpio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812401.
In Mitre's CVE dictionary: CVE-2016-2037.
\n
More information:
\n
\n

Gustavo Grieco discovered an out-of-bounds write vulnerability in cpio,\na tool for creating and extracting cpio archive files, leading to a\ndenial of service (application crash).

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.11+dfsg-0.1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.11+dfsg-4.1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.11+dfsg-5.

\n

We recommend that you upgrade your cpio packages.

\n
\n
\n
\n
", "3484": "
\n

Debian Security Advisory

\n

DSA-3484-1 xdelta3 -- security update

\n
\n
Date Reported:
\n
19 Feb 2016
\n
Affected Packages:
\n
\nxdelta3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 814067.
In Mitre's CVE dictionary: CVE-2014-9765.
\n
More information:
\n
\n

Stepan Golosunov discovered that xdelta3, a diff utility which works\nwith binary files, is affected by a buffer overflow vulnerability within\nthe main_get_appheader function, which may lead to the execution of\narbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.0.dfsg-1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.0.8-dfsg-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.0.8-dfsg-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.0.8-dfsg-1.1.

\n

We recommend that you upgrade your xdelta3 packages.

\n
\n
\n
\n
", "3485": "
\n

Debian Security Advisory

\n

DSA-3485-1 didiwiki -- security update

\n
\n
Date Reported:
\n
20 Feb 2016
\n
Affected Packages:
\n
\ndidiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 815111.
In Mitre's CVE dictionary: CVE-2013-7448.
\n
More information:
\n
\n

Alexander Izmailov discovered that didiwiki, a wiki implementation,\nfailed to correctly validate user-supplied input, thus allowing a\nmalicious user to access any part of the filesystem.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.5-11+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.5-11+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 0.5-12.

\n

We recommend that you upgrade your didiwiki packages.

\n
\n
\n
\n
", "3486": "
\n

Debian Security Advisory

\n

DSA-3486-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
21 Feb 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627, CVE-2016-1628, CVE-2016-1629.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1622\n

    It was discovered that a maliciously crafted extension could bypass\n the Same Origin Policy.

    • \n
  • CVE-2016-1623\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy.

    • \n
  • CVE-2016-1624\n

    lukezli discovered a buffer overflow issue in the Brotli library.

    • \n
  • CVE-2016-1625\n

    Jann Horn discovered a way to cause the Chrome Instant feature to\n navigate to unintended destinations.

    • \n
  • CVE-2016-1626\n

    An out-of-bounds read issue was discovered in the openjpeg library.

    • \n
  • CVE-2016-1627\n

    It was discovered that the Developer Tools did not validate URLs.

    • \n
  • CVE-2016-1628\n

    An out-of-bounds read issue was discovered in the pdfium library.

    • \n
  • CVE-2016-1629\n

    A way to bypass the Same Origin Policy was discovered in Blink/WebKit,\n along with a way to escape the chromium sandbox.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 48.0.2564.116-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 48.0.2564.116-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3487": "
\n

Debian Security Advisory

\n

DSA-3487-1 libssh2 -- security update

\n
\n
Date Reported:
\n
23 Feb 2016
\n
Affected Packages:
\n
\nlibssh2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 815662.
In Mitre's CVE dictionary: CVE-2016-0787.
\n
More information:
\n
\n

Andreas Schneider reported that libssh2, a SSH2 client-side library,\npasses the number of bytes to a function that expects number of bits\nduring the SSHv2 handshake when libssh2 is to get a suitable value for\ngroup order in the Diffie-Hellman negotiation. This weakens\nsignificantly the handshake security, potentially allowing an\neavesdropper with enough resources to decrypt or intercept SSH sessions.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.2-1.1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.3-4.1+deb8u1.

\n

We recommend that you upgrade your libssh2 packages.

\n
\n
\n
\n
", "3488": "
\n

Debian Security Advisory

\n

DSA-3488-1 libssh -- security update

\n
\n
Date Reported:
\n
23 Feb 2016
\n
Affected Packages:
\n
\nlibssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 815663.
In Mitre's CVE dictionary: CVE-2016-0739.
\n
More information:
\n
\n

Aris Adamantiadis discovered that libssh, a tiny C SSH library,\nincorrectly generated a short ephemeral secret for the\ndiffie-hellman-group1 and diffie-hellman-group14 key exchange methods.\nThe resulting secret is 128 bits long, instead of the recommended sizes\nof 1024 and 2048 bits respectively. This flaw could allow an\neavesdropper with enough resources to decrypt or intercept SSH sessions.

\n

For the oldstable distribution (wheezy), this problem has been fixed in\nversion 0.5.4-1+deb7u3. This update also includes fixes for\nCVE-2014-8132\nand CVE-2015-3146,\nwhich were previously scheduled for the next wheezy point release.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.6.3-4+deb8u2.

\n

We recommend that you upgrade your libssh packages.

\n
\n
\n
\n
", "3489": "
\n

Debian Security Advisory

\n

DSA-3489-1 lighttpd -- security update

\n
\n
Date Reported:
\n
23 Feb 2016
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 765702.
In Mitre's CVE dictionary: CVE-2014-3566.
\n
More information:
\n
\n

lighttpd, a small webserver, is vulnerable to the POODLE attack via\nthe use of SSLv3. This protocol is now disabled by default.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.31-4+deb7u4.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "3490": "
\n

Debian Security Advisory

\n

DSA-3490-1 websvn -- security update

\n
\n
Date Reported:
\n
23 Feb 2016
\n
Affected Packages:
\n
\nwebsvn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2511.
\n
More information:
\n
\n

Jakub Palaczynski discovered that websvn, a web viewer for Subversion\nrepositories, does not correctly sanitize user-supplied input, which\nallows a remote user to run reflected cross-site scripting attacks.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.3.3-1.1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.3-1.2+deb8u1.

\n

We recommend that you upgrade your websvn packages.

\n
\n
\n
\n
", "3491": "
\n

Debian Security Advisory

\n

DSA-3491-1 icedove -- security update

\n
\n
Date Reported:
\n
24 Feb 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7575, CVE-2016-1523, CVE-2016-1526, CVE-2016-1930, CVE-2016-1935.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.6.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.6.0-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 38.6.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.6.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3492": "
\n

Debian Security Advisory

\n

DSA-3492-2 gajim -- security update

\n
\n
Date Reported:
\n
28 Feb 2016
\n
Affected Packages:
\n
\ngajim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 816158.
\n
More information:
\n
\n

The wheezy part of the previous gajim update, DSA-3492-1, was\nincorrectly built resulting in an unsatisfiable dependency. This update\ncorrects that problem. For reference, the original advisory text\nfollows.

\n

Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabber\nclient. Gajim didn't verify the origin of roster update, allowing an\nattacker to spoof them and potentially allowing her to intercept\nmessages.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.15.1-4.1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.16-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.16.5-0.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.16.5-0.1.

\n

We recommend that you upgrade your gajim packages.

\n
\n
\n
\n
", "3493": "
\n

Debian Security Advisory

\n

DSA-3493-1 xerces-c -- security update

\n
\n
Date Reported:
\n
25 Feb 2016
\n
Affected Packages:
\n
\nxerces-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 815907.
In Mitre's CVE dictionary: CVE-2016-0729.
\n
More information:
\n
\n

Gustavo Grieco discovered that xerces-c, a validating XML parser library\nfor C++, mishandles certain kinds of malformed input documents,\nresulting in buffer overflows during processing and error reporting.\nThese flaws could lead to a denial of service in applications using the\nxerces-c library, or potentially, to the execution of arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.1.1-3+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-5.1+deb8u1.

\n

We recommend that you upgrade your xerces-c packages.

\n
\n
\n
\n
", "3494": "
\n

Debian Security Advisory

\n

DSA-3494-1 cacti -- security update

\n
\n
Date Reported:
\n
27 Feb 2016
\n
Affected Packages:
\n
\ncacti\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8377, CVE-2015-8604.
\n
More information:
\n
\n

Two SQL injection vulnerabilities were discovered in cacti, a web\ninterface for graphing of monitoring systems. Specially crafted input\ncan be used by an attacker in parameters of the graphs_new.php script to\nexecute arbitrary SQL commands on the database.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.8.8a+dfsg-5+deb7u8.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.8.8b+dfsg-8+deb8u4.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 0.8.8f+ds1-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.8.8f+ds1-4.

\n

We recommend that you upgrade your cacti packages.

\n
\n
\n
\n
", "3495": "
\n

Debian Security Advisory

\n

DSA-3495-1 xymon -- security update

\n
\n
Date Reported:
\n
29 Feb 2016
\n
Affected Packages:
\n
\nxymon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2054, CVE-2016-2055, CVE-2016-2056, CVE-2016-2057, CVE-2016-2058.
\n
More information:
\n
\n

Markus Krell discovered that xymon, a network- and\napplications-monitoring system, was vulnerable to the following\nsecurity issues:

\n
    \n
  • CVE-2016-2054\n

    The incorrect handling of user-supplied input in the config\n command can trigger a stack-based buffer overflow, resulting in\n denial of service (via application crash) or remote code execution.

    • \n
  • CVE-2016-2055\n

    The incorrect handling of user-supplied input in the config\n command can lead to an information leak by serving sensitive\n configuration files to a remote user.

    • \n
  • CVE-2016-2056\n

    The commands handling password management do not properly validate\n user-supplied input, and are thus vulnerable to shell command\n injection by a remote user.

    • \n
  • CVE-2016-2057\n

    Incorrect permissions on an internal queuing system allow a user\n with a local account on the xymon master server to bypass all\n network-based access control lists, and thus inject messages\n directly into xymon.

    • \n
  • CVE-2016-2058\n

    Incorrect escaping of user-supplied input in status webpages can\n be used to trigger reflected cross-site scripting attacks.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.3.17-6+deb8u1.

\n

We recommend that you upgrade your xymon packages.

\n
\n
\n
\n
", "3496": "
\n

Debian Security Advisory

\n

DSA-3496-1 php-horde-core -- security update

\n
\n
Date Reported:
\n
28 Feb 2016
\n
Affected Packages:
\n
\nphp-horde-core\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 813590.
In Mitre's CVE dictionary: CVE-2015-8807.
\n
More information:
\n
\n

It was discovered that php-horde-core, a set of classes providing the\ncore functionality of the Horde Application Framework, is prone to a\ncross-site scripting vulnerability.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.15.0+debian0-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.22.4+debian0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.22.4+debian0-1.

\n

We recommend that you upgrade your php-horde-core packages.

\n
\n
\n
\n
", "3497": "
\n

Debian Security Advisory

\n

DSA-3497-1 php-horde -- security update

\n
\n
Date Reported:
\n
28 Feb 2016
\n
Affected Packages:
\n
\nphp-horde\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 813573.
In Mitre's CVE dictionary: CVE-2016-2228.
\n
More information:
\n
\n

It was discovered that php-horde, a flexible, modular, general-purpose\nweb application framework written in PHP, is prone to a cross-site\nscripting vulnerability.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1+debian0-2+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 5.2.9+debian0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.9+debian0-1.

\n

We recommend that you upgrade your php-horde packages.

\n
\n
\n
\n
", "3498": "
\n

Debian Security Advisory

\n

DSA-3498-1 drupal7 -- security update

\n
\n
Date Reported:
\n
28 Feb 2016
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3162, CVE-2016-3163, CVE-2016-3164, CVE-2016-3168, CVE-2016-3169, CVE-2016-3170.
\n
More information:
\n
\n

Multiple security vulnerabilities have been found in the Drupal content\nmanagement framework. For additional information, please refer to the\nupstream advisory at https://www.drupal.org/SA-CORE-2016-001

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 7.14-2+deb7u12.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.32-1+deb8u6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.43-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3499": "
\n

Debian Security Advisory

\n

DSA-3499-1 pillow -- security update

\n
\n
Date Reported:
\n
28 Feb 2016
\n
Affected Packages:
\n
\npillow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0740, CVE-2016-0775, CVE-2016-2533.
\n
More information:
\n
\n

Multiple security vulnerabilities have been found in Pillow, a Python\nimaging library, which may result in denial of service or the execution\nof arbitrary code if a malformed FLI, PCD or Tiff files is processed.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.1.7-4+deb7u2 of the python-imaging source package.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.6.1-2+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.1.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.1-1.

\n

We recommend that you upgrade your pillow packages.

\n
\n
\n
\n
", "3500": "
\n

Debian Security Advisory

\n

DSA-3500-1 openssl -- security update

\n
\n
Date Reported:
\n
01 Mar 2016
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2842.
\n
More information:
\n
\n

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.

\n
    \n
  • CVE-2016-0702\n

    Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin\n from Technion and Tel Aviv University, and Nadia Heninger from the\n University of Pennsylvania discovered a side-channel attack which\n makes use of cache-bank conflicts on the Intel Sandy-Bridge\n microarchitecture. This could allow local attackers to recover RSA\n private keys.

    • \n
  • CVE-2016-0705\n

    Adam Langley from Google discovered a double free bug when parsing\n malformed DSA private keys. This could allow remote attackers to\n cause a denial of service or memory corruption in applications\n parsing DSA private keys received from untrusted sources.

    • \n
  • CVE-2016-0797\n

    Guido Vranken discovered an integer overflow in the BN_hex2bn and\n BN_dec2bn functions that can lead to a NULL pointer dereference and\n heap corruption. This could allow remote attackers to cause a denial\n of service or memory corruption in applications processing hex or\n dec data received from untrusted sources.

    • \n
  • CVE-2016-0798\n

    Emilia K\u00e4sper of the OpenSSL development team discovered a memory\n leak in the SRP database lookup code. To mitigate the memory leak,\n the seed handling in SRP_VBASE_get_by_user is now disabled even if\n the user has configured a seed. Applications are advised to migrate\n to the SRP_VBASE_get1_by_user function.

    • \n
  • CVE-2016-0799,\nCVE-2016-2842\n

    Guido Vranken discovered an integer overflow in the BIO_*printf\n functions that could lead to an OOB read when printing very long\n strings. Additionally the internal doapr_outch function can attempt\n to write to an arbitrary memory location in the event of a memory\n allocation failure. These issues will only occur on platforms where\n sizeof(size_t)> sizeof(int) like many 64 bit systems. This could\n allow remote attackers to cause a denial of service or memory\n corruption in applications that pass large amounts of untrusted data\n to the BIO_*printf functions.

    • \n
\n

Additionally the EXPORT and LOW ciphers were disabled since thay could\nbe used as part of the DROWN\n(CVE-2016-0800)\nand SLOTH\n(CVE-2015-7575)\nattacks, but note that the oldstable (wheezy) and stable (jessie)\ndistributions are not affected by those attacks since the SSLv2 protocol\nhas already been dropped in the openssl package version 1.0.0c-2.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u20.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u4.

\n

For the unstable distribution (sid), these problems will be fixed shortly.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3501": "
\n

Debian Security Advisory

\n

DSA-3501-1 perl -- security update

\n
\n
Date Reported:
\n
01 Mar 2016
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2381.
\n
More information:
\n
\n

Stephane Chazelas discovered a bug in the environment handling in Perl.\nPerl provides a Perl-space hash variable, %ENV, in which environment\nvariables can be looked up. If a variable appears twice in envp, only\nthe last value would appear in %ENV, but getenv would return the first.\nPerl's taint security mechanism would be applied to the value in %ENV,\nbut not to the other rest of the environment. This could result in an\nambiguous environment causing environment variables to be propagated to\nsubprocesses, despite the protections supposedly offered by taint\nchecking.

\n

With this update Perl changes the behavior to match the following:

\n
    \n
  1. %ENV is populated with the first environment variable, as getenv\n would return.
    2. \n
  2. Duplicate environment entries are removed.
    3. \n
\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 5.14.2-21+deb7u3.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.20.2-3+deb8u4.

\n

For the unstable distribution (sid), this problem will be fixed in\nversion 5.22.1-8.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "3502": "
\n

Debian Security Advisory

\n

DSA-3502-1 roundup -- security update

\n
\n
Date Reported:
\n
03 Mar 2016
\n
Affected Packages:
\n
\nroundup\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-6276.
\n
More information:
\n
\n

Ralf Schlatterbeck discovered an information leak in roundup, a\nweb-based issue tracking system. An authenticated attacker could use it\nto see sensitive details about other users, including their hashed\npassword.

\n

After applying the update, which will fix the shipped templates, the\nsite administrator should ensure the instanced versions (in\n/var/lib/roundup usually) are also updated, either by patching them\nmanually or by recreating them.

\n

More info can be found in the upstream documentation at\nhttp://www.roundup-tracker.org/docs/upgrading.html#user-data-visibility

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.20-1.1+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.20-1.1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distribution, this problem has not\nyet been fixed.

\n

We recommend that you upgrade your roundup packages.

\n
\n
\n
\n
", "3503": "
\n

Debian Security Advisory

\n

DSA-3503-1 linux -- security update

\n
\n
Date Reported:
\n
03 Mar 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4312, CVE-2016-2847, CVE-2015-7566, CVE-2015-8767, CVE-2015-8785, CVE-2015-8812, CVE-2015-8816, CVE-2015-8830, CVE-2016-0723, CVE-2016-0774, CVE-2016-2069, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549, CVE-2016-2550.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service, information\nleak or data loss.

\n
    \n
  • CVE-2013-4312,\nCVE-2016-2847\n

    Tetsuo Handa discovered that users can use pipes queued on local\n (Unix) sockets to allocate an unfair share of kernel memory, leading\n to denial-of-service (resource exhaustion).

    \n

    This issue was previously mitigated for the stable suite by limiting\n the total number of files queued by each user on local sockets. The\n new kernel version in both suites includes that mitigation plus\n limits on the total size of pipe buffers allocated for each user.

    • \n
  • CVE-2015-7566\n

    Ralf Spenneberg of OpenSource Security reported that the visor\n driver crashes when a specially crafted USB device without bulk-out\n endpoint is detected.

    • \n
  • CVE-2015-8767\n

    An SCTP denial-of-service was discovered which can be triggered by a\n local attacker during a heartbeat timeout event after the 4-way\n handshake.

    • \n
  • CVE-2015-8785\n

    It was discovered that local users permitted to write to a file on a\n FUSE filesystem could cause a denial of service (unkillable loop in\n the kernel).

    • \n
  • CVE-2015-8812\n

    A flaw was found in the iw_cxgb3 Infiniband driver. Whenever it\n could not send a packet because the network was congested, it would\n free the packet buffer but later attempt to send the packet again.\n This use-after-free could result in a denial of service (crash or\n hang), data loss or privilege escalation.

    • \n
  • CVE-2015-8816\n

    A use-after-free vulnerability was discovered in the USB hub driver.\n This may be used by a physically present user for privilege\n escalation.

    • \n
  • CVE-2015-8830\n

    Ben Hawkes of Google Project Zero reported that the AIO interface\n permitted reading or writing 2 GiB of data or more in a single\n chunk, which could lead to an integer overflow when applied to\n certain filesystems, socket or device types. The full security\n impact has not been evaluated.

    • \n
  • CVE-2016-0723\n

    A use-after-free vulnerability was discovered in the TIOCGETD ioctl.\n A local attacker could use this flaw for denial-of-service.

    • \n
  • CVE-2016-0774\n

    It was found that the fix for CVE-2015-1805 in kernel versions older\n than Linux 3.16 did not correctly handle the case of a partially\n failed atomic read. A local, unprivileged user could use this flaw\n to crash the system or leak kernel memory to user space.

    • \n
  • CVE-2016-2069\n

    Andy Lutomirski discovered a race condition in flushing of the TLB\n when switching tasks on an x86 system. On an SMP system this could\n possibly lead to a crash, information leak or privilege escalation.

    • \n
  • CVE-2016-2384\n

    Andrey Konovalov found that a crafted USB MIDI device with an\n invalid USB descriptor could trigger a double-free. This may be used\n by a physically present user for privilege escalation.

    • \n
  • CVE-2016-2543\n

    Dmitry Vyukov found that the core sound sequencer driver (snd-seq)\n lacked a necessary check for a null pointer, allowing a user\n with access to a sound sequencer device to cause a denial-of service (crash).

    • \n
  • CVE-2016-2544,\nCVE-2016-2546,\nCVE-2016-2547,\nCVE-2016-2548\n

    Dmitry Vyukov found various race conditions in the sound subsystem\n (ALSA)'s management of timers. A user with access to sound devices\n could use these to cause a denial-of-service (crash or hang) or\n possibly for privilege escalation.

    • \n
  • CVE-2016-2545\n

    Dmitry Vyukov found a flaw in list manipulation in the sound\n subsystem (ALSA)'s management of timers. A user with access to sound\n devices could use this to cause a denial-of-service (crash or hang)\n or possibly for privilege escalation.

    • \n
  • CVE-2016-2549\n

    Dmitry Vyukov found a potential deadlock in the sound subsystem\n (ALSA)'s use of high resolution timers. A user with access to sound\n devices could use this to cause a denial-of-service (hang).

    • \n
  • CVE-2016-2550\n

    The original mitigation of\n CVE-2013-4312,\n limiting the total number\n of files a user could queue on local sockets, was flawed. A user\n given a local socket opened by another user, for example through the\n systemd socket activation mechanism, could make use of the other\n user's quota, again leading to a denial-of-service (resource\n exhaustion). This is fixed by accounting queued files to the sender\n rather than the socket opener.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u3. The oldstable distribution (wheezy) is not\naffected by CVE-2015-8830.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u4. CVE-2013-4312, CVE-2015-7566, CVE-2015-8767 and\nCVE-2016-0723 were already fixed in DSA-3448-1. CVE-2016-0774 does not\naffect the stable distribution.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3504": "
\n

Debian Security Advisory

\n

DSA-3504-1 bsh -- security update

\n
\n
Date Reported:
\n
04 Mar 2016
\n
Affected Packages:
\n
\nbsh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2510.
\n
More information:
\n
\n

Alvaro Mu\u00f1oz and Christian Schneider discovered that BeanShell, an\nembeddable Java source interpreter, could be leveraged to execute\narbitrary commands: applications including BeanShell in their\nclasspath are vulnerable to this flaw if they deserialize data from an\nuntrusted source.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0b4-12+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0b4-15+deb8u1.

\n

For the testing distribution (stretch) and unstable distribution\n(sid), this problem has been fixed in version 2.0b4-16.

\n

We recommend that you upgrade your bsh packages.

\n
\n
\n
\n
", "3505": "
\n

Debian Security Advisory

\n

DSA-3505-1 wireshark -- security update

\n
\n
Date Reported:
\n
04 Mar 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7830, CVE-2015-8711, CVE-2015-8712, CVE-2015-8713, CVE-2015-8714, CVE-2015-8715, CVE-2015-8716, CVE-2015-8717, CVE-2015-8718, CVE-2015-8719, CVE-2015-8720, CVE-2015-8721, CVE-2015-8722, CVE-2015-8723, CVE-2015-8724, CVE-2015-8725, CVE-2015-8726, CVE-2015-8727, CVE-2015-8728, CVE-2015-8729, CVE-2015-8730, CVE-2015-8732, CVE-2015-8733.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nPcapng, NBAP, UMTS FP, DCOM, AllJoyn, T.38, SDP, NLM, DNS, BED, SCTP,\n802.11, DIAMETER, VeriWave, RVSP, ANSi A, GSM A, Ascend, NBAP, ZigBee ZCL\nand Sniffer which could result in denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy17.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u4.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3506": "
\n

Debian Security Advisory

\n

DSA-3506-1 libav -- security update

\n
\n
Date Reported:
\n
04 Mar 2016
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1897, CVE-2016-1898, CVE-2016-2326.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 6:0.8.17-2.

\n

For the stable distribution (jessie), libav has been updated to\n6:11.6-1~deb8u1 which brings several further bugfixes as detailed in\nthe upstream changelog:\n\nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.6

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3507": "
\n

Debian Security Advisory

\n

DSA-3507-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
05 Mar 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8126, CVE-2016-1630, CVE-2016-1631, CVE-2016-1632, CVE-2016-1633, CVE-2016-1634, CVE-2016-1635, CVE-2016-1636, CVE-2016-1637, CVE-2016-1638, CVE-2016-1639, CVE-2016-1640, CVE-2016-1641, CVE-2016-1642.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2015-8126\n

    Joerg Bornemann discovered multiple buffer overflow issues in the\n libpng library.

    • \n
  • CVE-2016-1630\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in Blink/Webkit.

    • \n
  • CVE-2016-1631\n

    Mariusz Mlynski discovered a way to bypass the Same Origin Policy\n in the Pepper Plugin API.

    • \n
  • CVE-2016-1632\n

    A bad cast was discovered.

    • \n
  • CVE-2016-1633\n

    cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

    • \n
  • CVE-2016-1634\n

    cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

    • \n
  • CVE-2016-1635\n

    Rob Wu discovered a use-after-free issue in Blink/Webkit.

    • \n
  • CVE-2016-1636\n

    A way to bypass SubResource Integrity validation was discovered.

    • \n
  • CVE-2016-1637\n

    Keve Nagy discovered an information leak in the skia library.

    • \n
  • CVE-2016-1638\n

    Rob Wu discovered a WebAPI bypass issue.

    • \n
  • CVE-2016-1639\n

    Khalil Zhani discovered a use-after-free issue in the WebRTC\n implementation.

    • \n
  • CVE-2016-1640\n

    Luan Herrera discovered an issue with the Extensions user interface.

    • \n
  • CVE-2016-1641\n

    Atte Kettunen discovered a use-after-free issue in the handling of\n favorite icons.

    • \n
  • CVE-2016-1642\n

    The chrome 49 development team found and fixed various issues\n during internal auditing. Also multiple issues were fixed in\n the v8 javascript library, version 4.9.385.26.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.75-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.75-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3508": "
\n

Debian Security Advisory

\n

DSA-3508-1 jasper -- security update

\n
\n
Date Reported:
\n
06 Mar 2016
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812978, Bug 816625, Bug 816626.
In Mitre's CVE dictionary: CVE-2016-1577, CVE-2016-2089, CVE-2016-2116.
\n
More information:
\n
\n

Several vulnerabilities were discovered in JasPer, a library for\nmanipulating JPEG-2000 files. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-1577\n

    Jacob Baines discovered a double-free flaw in the\n jas_iccattrval_destroy function. A remote attacker could exploit\n this flaw to cause an application using the JasPer library to crash,\n or potentially, to execute arbitrary code with the privileges of the\n user running the application.

    • \n
  • CVE-2016-2089\n

    The Qihoo 360 Codesafe Team discovered a NULL pointer dereference\n flaw within the jas_matrix_clip function. A remote attacker could\n exploit this flaw to cause an application using the JasPer library\n to crash, resulting in a denial-of-service.

    • \n
  • CVE-2016-2116\n

    Tyler Hicks discovered a memory leak flaw in the\n jas_iccprof_createfrombuf function. A remote attacker could exploit\n this flaw to cause the JasPer library to consume memory, resulting\n in a denial-of-service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.900.1-13+deb7u4.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u1.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3509": "
\n

Debian Security Advisory

\n

DSA-3509-1 rails -- security update

\n
\n
Date Reported:
\n
09 Mar 2016
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2097, CVE-2016-2098.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Rails, a web application\nframework written in Ruby. Both vulnerabilities affect Action Pack, which\nhandles the web requests for Rails.

\n
    \n
  • CVE-2016-2097\n

    Crafted requests to Action View, one of the components of Action Pack,\n might result in rendering files from arbitrary locations, including\n files beyond the application's view directory. This vulnerability is\n the result of an incomplete fix of\n CVE-2016-0752.\n This bug was found by Jyoti Singh and Tobias Kraze from Makandra.

    • \n
  • CVE-2016-2098\n

    If a web applications does not properly sanitize user inputs, an\n attacker might control the arguments of the render method in a\n controller or a view, resulting in the possibility of executing\n arbitrary ruby code.\n This bug was found by Tobias Kraze from Makandra and joernchen of\n Phenoelit.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.8-1+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2:4.2.5.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.2.5.2-1.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "3510": "
\n

Debian Security Advisory

\n

DSA-3510-1 iceweasel -- security update

\n
\n
Date Reported:
\n
09 Mar 2016
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1950, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors,\nbuffer overflows, use-after-frees and other implementation errors may\nlead to the execution of arbitrary code, denial of service, address bar\nspoofing and overwriting local files.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.7.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.7.0esr-1~deb8u1.

\n

For the unstable distribution (sid), Debian is in the process of moving\nback towards using the Firefox name. These problems will soon be fixed\nin the firefox-esr source package.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3511": "
\n

Debian Security Advisory

\n

DSA-3511-1 bind9 -- security update

\n
\n
Date Reported:
\n
09 Mar 2016
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1285, CVE-2016-1286.
\n
More information:
\n
\n

Two vulnerabilites have been discovered in ISC's BIND DNS server.

\n
    \n
  • CVE-2016-1285\n

    A maliciously crafted rdnc, a way to remotely administer a BIND server,\n operation can cause named to crash, resulting in denial of service.

    • \n
  • CVE-2016-1286\n

    An error parsing DNAME resource records can cause named to crash,\n resulting in denial of service.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u10.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:9.9.5.dfsg-9+deb8u6.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems will be fixed soon.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3512": "
\n

Debian Security Advisory

\n

DSA-3512-1 libotr -- security update

\n
\n
Date Reported:
\n
09 Mar 2016
\n
Affected Packages:
\n
\nlibotr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2851.
\n
More information:
\n
\n

Markus Vervier of X41 D-Sec GmbH discovered an integer overflow\nvulnerability in libotr, an off-the-record (OTR) messaging library, in\nthe way how the sizes of portions of incoming messages were stored. A\nremote attacker can exploit this flaw by sending crafted messages to an\napplication that is using libotr to perform denial of service attacks\n(application crash), or potentially, execute arbitrary code with the\nprivileges of the user running the application.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.2.1-1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.1.0-2+deb8u1.

\n

We recommend that you upgrade your libotr packages.

\n
\n
\n
\n
", "3513": "
\n

Debian Security Advisory

\n

DSA-3513-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
10 Mar 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1643, CVE-2016-1644, CVE-2016-1645.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1643\n

    cloudfuzzer discovered a type confusion issue in Blink/Webkit.

    • \n
  • CVE-2016-1644\n

    Atte Kettunen discovered a use-after-free issue in Blink/Webkit.

    • \n
  • CVE-2016-1645\n

    An out-of-bounds write issue was discovered in the pdfium library.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.87-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.87-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3514": "
\n

Debian Security Advisory

\n

DSA-3514-1 samba -- security update

\n
\n
Date Reported:
\n
12 Mar 2016
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812429.
In Mitre's CVE dictionary: CVE-2015-7560, CVE-2016-0771.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2015-7560\n

    Jeremy Allison of Google, Inc. and the Samba Team discovered that\n Samba incorrectly handles getting and setting ACLs on a symlink\n path. An authenticated malicious client can use SMB1 UNIX extensions\n to create a symlink to a file or directory, and then use non-UNIX\n SMB1 calls to overwrite the contents of the ACL on the file or\n directory linked to.

    • \n
  • CVE-2016-0771\n

    Garming Sam and Douglas Bagnall of Catalyst IT discovered that Samba\n is vulnerable to an out-of-bounds read issue during DNS TXT record\n handling, if Samba is deployed as an AD DC and chosen to run the\n internal DNS server. A remote attacker can exploit this flaw to\n cause a denial of service (Samba crash), or potentially, to allow\n leakage of memory from the server in the form of a DNS TXT reply.

    • \n
\n

Additionally this update includes a fix for a regression introduced due\nto the upstream fix for CVE-2015-5252 in DSA-3433-1 in setups where the\nshare path is '/'.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u7. The oldstable distribution (wheezy) is not\naffected by CVE-2016-0771.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.1.17+dfsg-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.6+dfsg-1.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3515": "
\n

Debian Security Advisory

\n

DSA-3515-1 graphite2 -- security update

\n
\n
Date Reported:
\n
13 Mar 2016
\n
Affected Packages:
\n
\ngraphite2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.3.6-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.6-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.3.6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.6-1.

\n

We recommend that you upgrade your graphite2 packages.

\n
\n
\n
\n
", "3516": "
\n

Debian Security Advisory

\n

DSA-3516-1 wireshark -- security update

\n
\n
Date Reported:
\n
13 Mar 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8731, CVE-2016-2523, CVE-2016-2530, CVE-2016-2531, CVE-2016-2532, CVE-2016-4417, CVE-2016-4418, CVE-2016-4421.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nDNP, RSL, LLRP, GSM A-bis OML, ASN 1 BER which could result in denial\nof service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.8.2-5wheezy18.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u5.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.0.2+ga16e22e-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.2+ga16e22e-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3517": "
\n

Debian Security Advisory

\n

DSA-3517-1 exim4 -- security update

\n
\n
Date Reported:
\n
14 Mar 2016
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1531.
\n
More information:
\n
\n

A local root privilege escalation vulnerability was found in Exim,\nDebian's default mail transfer agent, in configurations using the\nperl_startup option (Only Exim via exim4-daemon-heavy enables Perl\nsupport).

\n

To address the vulnerability, updated Exim versions clean the complete\nexecution environment by default, affecting Exim and subprocesses such\nas transports calling other programs, and thus may break existing\ninstallations. New configuration options (keep_environment,\nadd_environment) were introduced to adjust this behavior.

\n

More information can be found in the upstream advisory at\nhttps://www.exim.org/static/doc/CVE-2016-1531.txt

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 4.80-7+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.84.2-1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 4.86.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.86.2-1.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "3518": "
\n

Debian Security Advisory

\n

DSA-3518-1 spip -- security update

\n
\n
Date Reported:
\n
16 Mar 2016
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3153, CVE-2016-3154.
\n
More information:
\n
\n

Several vulnerabilities were found in SPIP, a website engine for\npublishing, resulting in code injection.

\n
    \n
  • CVE-2016-3153\n

    g0uZ et sambecks, from team root-me, discovered that arbitrary PHP\n code could be injected when adding content.

    • \n
  • CVE-2016-3154\n

    Gilles Vincent discovered that deserializing untrusted content\n could result in arbitrary objects injection.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.1.17-1+deb7u5.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.0.17-2+deb8u2.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 3.0.22-1.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "3519": "
\n

Debian Security Advisory

\n

DSA-3519-1 xen -- security update

\n
\n
Date Reported:
\n
17 Mar 2016
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8339, CVE-2015-8340, CVE-2015-8341, CVE-2015-8550, CVE-2015-8555, CVE-2016-1570, CVE-2016-1571, CVE-2016-2270, CVE-2016-2271.
\n
More information:
\n
\n

Multiple security issues have been found in the Xen virtualisation\nsolution, which may result in denial of service or information disclosure.

\n

The oldstable distribution (wheezy) will be updated in a separate DSA.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3520": "
\n

Debian Security Advisory

\n

DSA-3520-1 icedove -- security update

\n
\n
Date Reported:
\n
18 Mar 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1950, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1966, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\ninteger overflows, buffer overflows and other implementation errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 38.7.0-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.7.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 38.7.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3521": "
\n

Debian Security Advisory

\n

DSA-3521-1 git -- security update

\n
\n
Date Reported:
\n
19 Mar 2016
\n
Affected Packages:
\n
\ngit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 818318.
In Mitre's CVE dictionary: CVE-2016-2315, CVE-2016-2324.
\n
More information:
\n
\n

Lael Cellier discovered two buffer overflow vulnerabilities in git, a\nfast, scalable, distributed revision control system, which could be\nexploited for remote execution of arbitrary code.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:1.7.10.4-1+wheezy3.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1.4-2.1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:2.8.0~rc3-1.\nCVE-2016-2315\nwas already fixed in version 1:2.7.0-1.

\n

We recommend that you upgrade your git packages.

\n
\n
\n
\n
", "3522": "
\n

Debian Security Advisory

\n

DSA-3522-1 squid3 -- security update

\n
\n
Date Reported:
\n
20 Mar 2016
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2571.
\n
More information:
\n
\n

Alex Rousskov from The Measurement Factory discovered that Squid3, a\nfully featured web proxy cache, does not properly handle errors for\ncertain malformed HTTP responses. A remote HTTP server can exploit this\nflaw to cause a denial of service (assertion failure and daemon exit).

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.1.20-2.2+deb7u4.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.8-6+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.5.15-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.15-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "3523": "
\n

Debian Security Advisory

\n

DSA-3523-1 iceweasel -- security update

\n
\n
Date Reported:
\n
20 Mar 2016
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

This update disables the Graphite font shaping library in Iceweasel,\nDebian's version of the Mozilla Firefox web browser.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 38.7.1esr-1~deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 38.7.1esr-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 45.0.1esr-1 of the firefox-esr source package.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3524": "
\n

Debian Security Advisory

\n

DSA-3524-1 activemq -- security update

\n
\n
Date Reported:
\n
20 Mar 2016
\n
Affected Packages:
\n
\nactivemq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5254.
\n
More information:
\n
\n

It was discovered that the ActiveMQ Java message broker performs unsafe\ndeserialisation. For additional information, please refer to the\nupstream advisory at\nhttp://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 5.6.0+dfsg-1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.0+dfsg1-4+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 5.13.2+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.13.2+dfsg-1.

\n

We recommend that you upgrade your activemq packages.

\n
\n
\n
\n
", "3525": "
\n

Debian Security Advisory

\n

DSA-3525-1 pixman -- security update

\n
\n
Date Reported:
\n
22 Mar 2016
\n
Affected Packages:
\n
\npixman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9766.
\n
More information:
\n
\n

Vincent LE GARREC discovered an integer overflow in pixman, a\npixel-manipulation library for X and cairo. A remote attacker can\nexploit this flaw to cause an application using the pixman library to\ncrash, or potentially, to execute arbitrary code with the privileges of\nthe user running the application.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.26.0-4+deb7u2.

\n

For the stable distribution (jessie), the testing distribution (stretch)\nand the unstable distribution (sid), this problem was already fixed in\nversion 0.32.6-1.

\n

We recommend that you upgrade your pixman packages.

\n
\n
\n
\n
", "3526": "
\n

Debian Security Advisory

\n

DSA-3526-1 libmatroska -- security update

\n
\n
Date Reported:
\n
23 Mar 2016
\n
Affected Packages:
\n
\nlibmatroska\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8792.
\n
More information:
\n
\n

It was discovered that libmatroska, an extensible open standard\naudio/video container format, incorrectly processed EBML lacing. By\nproviding maliciously crafted input, an attacker could use this flaw\nto force some leakage of information located in the process heap\nmemory.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.3.0-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.1-2+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 1.4.4-1.

\n

We recommend that you upgrade your libmatroska packages.

\n
\n
\n
\n
", "3527": "
\n

Debian Security Advisory

\n

DSA-3527-1 inspircd -- security update

\n
\n
Date Reported:
\n
24 Mar 2016
\n
Affected Packages:
\n
\ninspircd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8702.
\n
More information:
\n
\n

It was discovered that inspircd, an IRC daemon, incorrectly handled\nPTR lookups of connecting users. This flaw allowed a remote attacker\nto crash the application by setting up malformed DNS records, thus\ncausing a denial-of-service,

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.5-1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.17-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 2.0.20-1.

\n

We recommend that you upgrade your inspircd packages.

\n
\n
\n
\n
", "3528": "
\n

Debian Security Advisory

\n

DSA-3528-1 pidgin-otr -- security update

\n
\n
Date Reported:
\n
23 Mar 2016
\n
Affected Packages:
\n
\npidgin-otr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8833.
\n
More information:
\n
\n

Stefan Sperling discovered that pidgin-otr, a Pidgin plugin\nimplementing Off-The-Record messaging, contained a use-after-free\nbug. This could be used by a malicious remote user to intentionally\ncrash the application, thus causing a denial-of-service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.0.1-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 4.0.2-1.

\n

We recommend that you upgrade your pidgin-otr packages.

\n
\n
\n
\n
", "3529": "
\n

Debian Security Advisory

\n

DSA-3529-1 redmine -- security update

\n
\n
Date Reported:
\n
23 Mar 2016
\n
Affected Packages:
\n
\nredmine\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8474, CVE-2015-8346, CVE-2015-8473, CVE-2015-8537.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in Redmine, a project management\nweb application, which may result in information disclosure.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.0~20140825-8~deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 3.2.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.0-1.

\n

We recommend that you upgrade your redmine packages.

\n
\n
\n
\n
", "3530": "
\n

Debian Security Advisory

\n

DSA-3530-1 tomcat6 -- security update

\n
\n
Date Reported:
\n
25 Mar 2016
\n
Affected Packages:
\n
\ntomcat6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227, CVE-2014-0230, CVE-2014-7810, CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763.
\n
More information:
\n
\n

Multiple security vulnerabilities have been fixed in the Tomcat servlet\nand JSP engine, which may result on bypass of security manager\nrestrictions, information disclosure, denial of service or session\nfixation.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 6.0.45+dfsg-1~deb7u1.

\n

We recommend that you upgrade your tomcat6 packages.

\n
\n
\n
\n
", "3531": "
\n

Debian Security Advisory

\n

DSA-3531-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
25 Mar 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1646\n

    Wen Xu discovered an out-of-bounds read issue in the v8 library.

    • \n
  • CVE-2016-1647\n

    A use-after-free issue was discovered.

    • \n
  • CVE-2016-1648\n

    A use-after-free issue was discovered in the handling of extensions.

    • \n
  • CVE-2016-1649\n

    lokihardt discovered a buffer overflow issue in the Almost Native\n Graphics Layer Engine (ANGLE) library.

    • \n
  • CVE-2016-1650\n

    The chrome development team found and fixed various issues during\n internal auditing. Also multiple issues were fixed in the v8\n javascript library, version 4.9.385.33.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 49.0.2623.108-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 49.0.2623.108-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3532": "
\n

Debian Security Advisory

\n

DSA-3532-1 quagga -- security update

\n
\n
Date Reported:
\n
27 Mar 2016
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 819179.
In Mitre's CVE dictionary: CVE-2016-2342.
\n
More information:
\n
\n

Kostya Kortchinsky discovered a stack-based buffer overflow\nvulnerability in the VPNv4 NLRI parser in bgpd in quagga, a BGP/OSPF/RIP\nrouting daemon. A remote attacker can exploit this flaw to cause a\ndenial of service (daemon crash), or potentially, execution of arbitrary\ncode, if bgpd is configured with BGP peers enabled for VPNv4.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.99.22.4-1+wheezy2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "3533": "
\n

Debian Security Advisory

\n

DSA-3533-1 openvswitch -- security update

\n
\n
Date Reported:
\n
29 Mar 2016
\n
Affected Packages:
\n
\nopenvswitch\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2074.
\n
More information:
\n
\n

Kashyap Thimmaraju and Bhargava Shastry discovered a remotely\ntriggerable buffer overflow vulnerability in openvswitch, a production\nquality, multilayer virtual switch implementation. Specially crafted\nMPLS packets could overflow the buffer reserved for MPLS labels in an\nOVS internal data structure. A remote attacker can take advantage of\nthis flaw to cause a denial of service, or potentially, execution of\narbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.0+git20140819-3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.3.0+git20140819-4.

\n

We recommend that you upgrade your openvswitch packages.

\n
\n
\n
\n
", "3534": "
\n

Debian Security Advisory

\n

DSA-3534-1 dhcpcd -- security update

\n
\n
Date Reported:
\n
29 Mar 2016
\n
Affected Packages:
\n
\ndhcpcd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6698, CVE-2012-6699, CVE-2012-6700.
\n
More information:
\n
\n

Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP\nclient, which may result in denial of service.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1:3.2.3-11+deb7u1.

\n

We recommend that you upgrade your dhcpcd packages.

\n
\n
\n
\n
", "3535": "
\n

Debian Security Advisory

\n

DSA-3535-1 kamailio -- security update

\n
\n
Date Reported:
\n
29 Mar 2016
\n
Affected Packages:
\n
\nkamailio\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2385.
\n
More information:
\n
\n

Stelios Tsampas discovered a buffer overflow in the Kamailio SIP proxy\nwhich might result in the execution of arbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.2.0-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 4.3.4-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.3.4-2.

\n

We recommend that you upgrade your kamailio packages.

\n
\n
\n
\n
", "3536": "
\n

Debian Security Advisory

\n

DSA-3536-1 libstruts1.2-java -- security update

\n
\n
Date Reported:
\n
31 Mar 2016
\n
Affected Packages:
\n
\nlibstruts1.2-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0899.
\n
More information:
\n
\n

It was discovered that libstruts1.2-java, a Java framework for MVC\napplications, contains a bug in its multi-page validation code. This\nallows input validation to be bypassed, even if MPV is not used\ndirectly.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.2.9-5+deb7u2.

\n

We recommend that you upgrade your libstruts1.2-java packages.

\n
\n
\n
\n
", "3537": "
\n

Debian Security Advisory

\n

DSA-3537-1 imlib2 -- security update

\n
\n
Date Reported:
\n
31 Mar 2016
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9762, CVE-2014-9763, CVE-2014-9764.
\n
More information:
\n
\n

Several vulnerabilities were discovered in imlib2, an image\nmanipulation library.

\n
    \n
  • CVE-2014-9762\n

    A segmentation fault could occur when opening GIFs without a\n colormap.

    • \n
  • CVE-2014-9763\n

    Several divisions by zero, resulting in a program crash, could\n occur when handling PNM files.

    • \n
  • CVE-2014-9764\n

    A segmentation fault could occur when opening GIFs with feh.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.6-2+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 1.4.7-1.

\n

We recommend that you upgrade your imlib2 packages.

\n
\n
\n
\n
", "3538": "
\n

Debian Security Advisory

\n

DSA-3538-1 libebml -- security update

\n
\n
Date Reported:
\n
31 Mar 2016
\n
Affected Packages:
\n
\nlibebml\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8789, CVE-2015-8790, CVE-2015-8791.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libebml, a library for\nmanipulating Extensible Binary Meta Language files.

\n
    \n
  • CVE-2015-8789\n

    Context-dependent attackers could trigger a use-after-free\n vulnerability by providing a maliciously crafted EBML document.

    • \n
  • CVE-2015-8790\n

    Context-dependent attackers could obtain sensitive information\n from the process' heap memory by using a maliciously crafted UTF-8\n string.

    • \n
  • CVE-2015-8791\n

    Context-dependent attackers could obtain sensitive information\n from the process' heap memory by using a maliciously crafted\n length value in an EBML id.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.2.2-2+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.0-2+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 1.3.3-1.

\n

We recommend that you upgrade your libebml packages.

\n
\n
\n
\n
", "3539": "
\n

Debian Security Advisory

\n

DSA-3539-1 srtp -- security update

\n
\n
Date Reported:
\n
02 Apr 2016
\n
Affected Packages:
\n
\nsrtp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 807698.
In Mitre's CVE dictionary: CVE-2015-6360.
\n
More information:
\n
\n

Randell Jesup and the Firefox team discovered that srtp, Cisco's\nreference implementation of the Secure Real-time Transport Protocol\n(SRTP), does not properly handle RTP header CSRC count and extension\nheader length. A remote attacker can exploit this vulnerability to crash\nan application linked against libsrtp, resulting in a denial of service.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 1.4.4+20100615~dfsg-2+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.5~20130609~dfsg-1.1+deb8u1.

\n

We recommend that you upgrade your srtp packages.

\n
\n
\n
\n
", "3540": "
\n

Debian Security Advisory

\n

DSA-3540-1 lhasa -- security update

\n
\n
Date Reported:
\n
03 Apr 2016
\n
Affected Packages:
\n
\nlhasa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2347.
\n
More information:
\n
\n

Marcin Noga discovered an integer underflow in Lhasa, a lzh archive\ndecompressor, which might result in the execution of arbitrary code if\na malformed archive is processed.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.0.7-2+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.0+git3fe46-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.3.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.3.1-1.

\n

We recommend that you upgrade your lhasa packages.

\n
\n
\n
\n
", "3541": "
\n

Debian Security Advisory

\n

DSA-3541-1 roundcube -- security update

\n
\n
Date Reported:
\n
05 Apr 2016
\n
Affected Packages:
\n
\nroundcube\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8770.
\n
More information:
\n
\n

High-Tech Bridge Security Research Lab discovered that Roundcube, a\nwebmail client, contained a path traversal vulnerability. This flaw\ncould be exploited by an attacker to access sensitive files on the\nserver, or even execute arbitrary code.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.7.2-9+deb7u2.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 1.1.4+dfsg.1-1.

\n

We recommend that you upgrade your roundcube packages.

\n
\n
\n
\n
", "3542": "
\n

Debian Security Advisory

\n

DSA-3542-1 mercurial -- security update

\n
\n
Date Reported:
\n
05 Apr 2016
\n
Affected Packages:
\n
\nmercurial\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 819504.
In Mitre's CVE dictionary: CVE-2016-3068, CVE-2016-3069, CVE-2016-3630.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Mercurial, a distributed\nversion control system. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2016-3068\n

    Blake Burkhart discovered that Mercurial allows URLs for Git\n subrepositories that could result in arbitrary code execution on\n clone.

    • \n
  • CVE-2016-3069\n

    Blake Burkhart discovered that Mercurial allows arbitrary code\n execution when converting Git repositories with specially\n crafted names.

    • \n
  • CVE-2016-3630\n

    It was discovered that Mercurial does not properly perform bounds-checking\n in its binary delta decoder, which may be exploitable for\n remote code execution via clone, push or pull.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2.2.2-4+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.1.2-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.7.3-1.

\n

We recommend that you upgrade your mercurial packages.

\n
\n
\n
\n
", "3543": "
\n

Debian Security Advisory

\n

DSA-3543-1 oar -- security update

\n
\n
Date Reported:
\n
05 Apr 2016
\n
Affected Packages:
\n
\noar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1235.
\n
More information:
\n
\n

Emmanuel Thome discovered that missing sanitising in the oarsh command\nof OAR, a software used to manage jobs and resources of HPC clusters,\ncould result in privilege escalation.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.5.2-3+deb7u1.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.5.4-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.7-1.

\n

We recommend that you upgrade your oar packages.

\n
\n
\n
\n
", "3544": "
\n

Debian Security Advisory

\n

DSA-3544-1 python-django -- security update

\n
\n
Date Reported:
\n
07 Apr 2016
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 816434.
In Mitre's CVE dictionary: CVE-2016-2512, CVE-2016-2513.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-2512\n

    Mark Striemer discovered that some user-supplied redirect URLs\n containing basic authentication credentials are incorrectly handled,\n potentially allowing a remote attacker to perform a malicious\n redirect or a cross-site scripting attack.

    • \n
  • CVE-2016-2513\n

    Sjoerd Job Postmus discovered that Django allows user enumeration\n through timing difference on password hasher work factor upgrades.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u16.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.7-1+deb8u4.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.9.4-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3545": "
\n

Debian Security Advisory

\n

DSA-3545-1 cgit -- security update

\n
\n
Date Reported:
\n
07 Apr 2016
\n
Affected Packages:
\n
\ncgit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812411.
In Mitre's CVE dictionary: CVE-2016-1899, CVE-2016-1900, CVE-2016-1901.
\n
More information:
\n
\n

Several vulnerabilities were discovered in cgit, a fast web frontend for\ngit repositories written in C. A remote attacker can take advantage of\nthese flaws to perform cross-site scripting, header injection or denial\nof service attacks.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.10.2.git2.0.1-3+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 0.12.0.git2.7.0-1 or earlier.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.12.0.git2.7.0-1 or earlier.

\n

We recommend that you upgrade your cgit packages.

\n
\n
\n
\n
", "3546": "
\n

Debian Security Advisory

\n

DSA-3546-1 optipng -- security update

\n
\n
Date Reported:
\n
07 Apr 2016
\n
Affected Packages:
\n
\noptipng\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2191, CVE-2016-3981, CVE-2016-3982.
\n
More information:
\n
\n

Hans Jerry Illikainen discovered that missing input sanitising in the\nBMP processing code of the optipng PNG optimiser may result in denial of\nservice or the execution of arbitrary code if a malformed file is\nprocessed.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 0.6.4-1+deb7u2. This update also fixes CVE-2015-7801,\nwhich was originally targeted for a wheezy point update.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.7.5-1+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your optipng packages.

\n
\n
\n
\n
", "3547": "
\n

Debian Security Advisory

\n

DSA-3547-1 imagemagick -- security update

\n
\n
Date Reported:
\n
11 Apr 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 811308.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Imagemagick, a program suite for\nimage manipulation. This update fixes a large number of potential security\nproblems such as null-pointer access and buffer-overflows that might lead\nto memory leaks or denial of service. None of these security problems have\na CVE number assigned.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 8:6.7.7.10-5+deb7u4.

\n

For the stable distribution (jessie), this problem was already fixed in\nversion 8:6.8.9.9-5+deb8u1, in the last point release.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3548": "
\n

Debian Security Advisory

\n

DSA-3548-1 samba -- security update

\n
\n
Date Reported:
\n
13 Apr 2016
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2015-5370\n

    Jouni Knuutinen from Synopsys discovered flaws in the Samba DCE-RPC\n code which can lead to denial of service (crashes and high cpu\n consumption) and man-in-the-middle attacks.

    • \n
  • CVE-2016-2110\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that the\n feature negotiation of NTLMSSP does not protect against downgrade\n attacks.

    • \n
  • CVE-2016-2111\n

    When Samba is configured as domain controller, it allows remote\n attackers to spoof the computer name of a secure channel's endpoint,\n and obtain sensitive session information. This flaw corresponds to\n the same vulnerability as CVE-2015-0005 for Windows, discovered by\n Alberto Solino from Core Security.

    • \n
  • CVE-2016-2112\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can downgrade LDAP connections to avoid\n integrity protection.

    • \n
  • CVE-2016-2113\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that\n man-in-the-middle attacks are possible for client triggered LDAP\n connections and ncacn_http connections.

    • \n
  • CVE-2016-2114\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that Samba\n does not enforce required smb signing even if explicitly configured.

    • \n
  • CVE-2016-2115\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that SMB\n connections for IPC traffic are not integrity-protected.

    • \n
  • CVE-2016-2118\n

    Stefan Metzmacher of SerNet and the Samba Team discovered that a\n man-in-the-middle attacker can intercept any DCERPC traffic between\n a client and a server in order to impersonate the client and obtain\n the same privileges as the authenticated user account.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 2:3.6.6-6+deb7u9. The oldstable distribution is not affected\nby CVE-2016-2113 and CVE-2016-2114.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.2.10+dfsg-0+deb8u1. The issues were addressed by upgrading\nto the new upstream version 4.2.10, which includes additional changes\nand bugfixes. The depending libraries ldb, talloc, tdb and tevent\nrequired as well an update to new upstream versions for this update.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.3.7+dfsg-1.

\n

Please refer to

\n\n

for further details (in particular for new options and defaults).

\n

We'd like to thank Andreas Schneider and Guenther Deschner (Red Hat),\nStefan Metzmacher and Ralph Boehme (SerNet) and Aurelien Aptel (SUSE)\nfor the massive backporting work required to support Samba 3.6 and Samba\n4.2 and Andrew Bartlett (Catalyst), Jelmer Vernooij and Mathieu Parent\nfor their help in preparing updates of Samba and the underlying\ninfrastructure libraries.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3549": "
\n

Debian Security Advisory

\n

DSA-3549-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
15 Apr 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1651, CVE-2016-1652, CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1651\n

    An out-of-bounds read issue was discovered in the pdfium library.

    • \n
  • CVE-2016-1652\n

    A cross-site scripting issue was discovered in extension bindings.

    • \n
  • CVE-2016-1653\n

    Choongwoo Han discovered an out-of-bounds write issue in the v8\n javascript library.

    • \n
  • CVE-2016-1654\n

    Atte Kettunen discovered an uninitialized memory read condition.

    • \n
  • CVE-2016-1655\n

    Rob Wu discovered a use-after-free issue related to extensions.

    • \n
  • CVE-2016-1657\n

    Luan Herrera discovered a way to spoof URLs.

    • \n
  • CVE-2016-1658\n

    Antonio Sanso discovered an information leak related to extensions.

    • \n
  • CVE-2016-1659\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 50.0.2661.75-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 50.0.2661.75-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3550": "
\n

Debian Security Advisory

\n

DSA-3550-1 openssh -- security update

\n
\n
Date Reported:
\n
15 Apr 2016
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8325.
\n
More information:
\n
\n

Shayan Sadigh discovered a vulnerability in OpenSSH: If PAM support is\nenabled and the sshd PAM configuration is configured to read userspecified\nenvironment variables and the UseLogin option is enabled, a\nlocal user may escalate her privileges to root.

\n

In Debian UseLogin is not enabled by default.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 6.0p1-4+deb7u4.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 6.7p1-5+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:7.2p2-3.

\n

We recommend that you upgrade your openssh packages.

\n
\n
\n
\n
", "3551": "
\n

Debian Security Advisory

\n

DSA-3551-1 fuseiso -- security update

\n
\n
Date Reported:
\n
16 Apr 2016
\n
Affected Packages:
\n
\nfuseiso\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 779047.
In Mitre's CVE dictionary: CVE-2015-8836, CVE-2015-8837.
\n
More information:
\n
\n

It was discovered that fuseiso, a user-space implementation of the\nISO 9660 file system based on FUSE, contains several vulnerabilities.

\n
    \n
  • CVE-2015-8836\n

    A stack-based buffer overflow may allow attackers who can trick a\n user into mounting a crafted ISO 9660 file system to cause a\n denial of service (crash), or, potentially, execute arbitrary\n code.

    • \n
  • CVE-2015-8837\n

    An integer overflow leads to a heap-based buffer overflow, which\n allows an attacker (who can trick a user into mounting a crafted\n ISO 9660 file system) to cause a denial of service (crash), or,\n potentially, execute arbitrary code.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 20070708-3+deb7u1.

\n

The stable distribution (jessie) does not contain fuseiso packages.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 20070708-3.2.

\n

We recommend that you upgrade your fuseiso packages.

\n
\n
\n
\n
", "3552": "
\n

Debian Security Advisory

\n

DSA-3552-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
17 Apr 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763.
\n
More information:
\n
\n

Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure,\nthe bypass of CSRF protections and bypass of the SecurityManager.

\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 7.0.28-4+deb7u4. This update also fixes CVE-2014-0119 and\nCVE-2014-0096.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 7.0.68-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.68-1.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3553": "
\n

Debian Security Advisory

\n

DSA-3553-1 varnish -- security update

\n
\n
Date Reported:
\n
22 Apr 2016
\n
Affected Packages:
\n
\nvarnish\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 783510.
In Mitre's CVE dictionary: CVE-2015-8852.
\n
More information:
\n
\n

R\u00e9gis Leroy from Makina Corpus discovered that varnish, a caching HTTP\nreverse proxy, is vulnerable to HTTP smuggling issues, potentially\nresulting in cache poisoning or bypassing of access control policies.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 3.0.2-2+deb7u2.

\n

We recommend that you upgrade your varnish packages.

\n
\n
\n
\n
", "3554": "
\n

Debian Security Advisory

\n

DSA-3554-1 xen -- security update

\n
\n
Date Reported:
\n
21 Apr 2016
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3158, CVE-2016-3159, CVE-2016-3960.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2016-3158,\nCVE-2016-3159 (XSA-172)\n

    Jan Beulich from SUSE discovered that Xen does not properly handle\n writes to the hardware FSW.ES bit when running on AMD64 processors.\n A malicious domain can take advantage of this flaw to obtain address\n space usage and timing information, about another domain, at a\n fairly low rate.

    • \n
  • CVE-2016-3960 (XSA-173)\n

    Ling Liu and Yihan Lian of the Cloud Security Team, Qihoo 360\n discovered an integer overflow in the x86 shadow pagetable code. A\n HVM guest using shadow pagetables can cause the host to crash. A PV\n guest using shadow pagetables (i.e. being migrated) with PV\n superpages enabled (which is not the default) can crash the host, or\n corrupt hypervisor memory, potentially leading to privilege\n escalation.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u5.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3555": "
\n

Debian Security Advisory

\n

DSA-3555-1 imlib2 -- security update

\n
\n
Date Reported:
\n
23 Apr 2016
\n
Affected Packages:
\n
\nimlib2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 639414, Bug 785369, Bug 819818, Bug 820206, Bug 821732.
In Mitre's CVE dictionary: CVE-2011-5326, CVE-2014-9771, CVE-2016-3993, CVE-2016-3994, CVE-2016-4024.
\n
More information:
\n
\n

Several vulnerabilities were discovered in imlib2, an image manipulation\nlibrary.

\n
    \n
  • CVE-2011-5326\n

    Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse\n results in a floating point exception.

    • \n
  • CVE-2014-9771\n

    It was discovered that an integer overflow could lead to invalid\n memory reads and unreasonably large memory allocations.

    • \n
  • CVE-2016-3993\n

    Yuriy M. Kaminskiy discovered that drawing using coordinates from\n an untrusted source could lead to an out-of-bound memory read, which\n in turn could result in an application crash.

    • \n
  • CVE-2016-3994\n

    Jakub Wilk discovered that a malformed image could lead to an\n out-of-bound read in the GIF loader, which may result in an\n application crash or information leak.

    • \n
  • CVE-2016-4024\n

    Yuriy M. Kaminskiy discovered an integer overflow that could lead to\n an insufficient heap allocation and out-of-bound memory write.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 1.4.5-1+deb7u2.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.6-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.8-1.

\n

We recommend that you upgrade your imlib2 packages.

\n
\n
\n
\n
", "3556": "
\n

Debian Security Advisory

\n

DSA-3556-1 libgd2 -- security update

\n
\n
Date Reported:
\n
24 Apr 2016
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 822242.
In Mitre's CVE dictionary: CVE-2016-3074.
\n
More information:
\n
\n

Hans Jerry Illikainen discovered that libgd2, a library for programmatic\ngraphics creation and manipulation, suffers of a signedness\nvulnerability which may result in a heap overflow when processing\nspecially crafted compressed gd2 data. A remote attacker can take\nadvantage of this flaw to cause an application using the libgd2 library\nto crash, or potentially, to execute arbitrary code with the privileges\nof the user running the application.

\n

For the oldstable distribution (wheezy), this problem has been fixed\nin version 2.0.36~rc1~dfsg-6.1+deb7u2.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.1-4.1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3557": "
\n

Debian Security Advisory

\n

DSA-3557-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
26 Apr 2016
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 821100.
In Mitre's CVE dictionary: CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-2047.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.49. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.49-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3558": "
\n

Debian Security Advisory

\n

DSA-3558-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
26 Apr 2016
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0636, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox, denial of service or information disclosure.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u101-2.6.6-1~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3559": "
\n

Debian Security Advisory

\n

DSA-3559-1 iceweasel -- security update

\n
\n
Date Reported:
\n
27 Apr 2016
\n
Affected Packages:
\n
\niceweasel\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2805, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814.
\n
More information:
\n
\n

Multiple security issues have been found in Iceweasel, Debian's version\nof the Mozilla Firefox web browser: Multiple memory safety errors and\nbuffer overflows may lead to the execution of arbitrary code or denial\nof service.

\n

For the oldstable distribution (wheezy), these problems have been fixed in\nversion 38.8.0esr-1~deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.1.0esr-1 of the firefox-esr source package and version\n46.0-1 of the firefox source package.

\n

We recommend that you upgrade your iceweasel packages.

\n
\n
\n
\n
", "3560": "
\n

Debian Security Advisory

\n

DSA-3560-1 php5 -- security update

\n
\n
Date Reported:
\n
27 Apr 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8865, CVE-2016-4070, CVE-2016-4071, CVE-2016-4072, CVE-2016-4073.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.20, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.20+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3561": "
\n

Debian Security Advisory

\n

DSA-3561-1 subversion -- security update

\n
\n
Date Reported:
\n
29 Apr 2016
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2167, CVE-2016-2168.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Subversion, a version control\nsystem. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2016-2167\n

    Daniel Shahaf and James McCoy discovered that an implementation\n error in the authentication against the Cyrus SASL library would\n permit a remote user to specify a realm string which is a prefix of\n the expected realm string and potentially allowing a user to\n authenticate using the wrong realm.

    • \n
  • CVE-2016-2168\n

    Ivan Zhakov of VisualSVN discovered a remotely triggerable denial\n of service vulnerability in the mod_authz_svn module during COPY or\n MOVE authorization check. An authenticated remote attacker could\n take advantage of this flaw to cause a denial of service\n (Subversion server crash) via COPY or MOVE requests with specially\n crafted header.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.8.10-6+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9.4-1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3562": "
\n

Debian Security Advisory

\n

DSA-3562-1 tardiff -- security update

\n
\n
Date Reported:
\n
01 May 2016
\n
Affected Packages:
\n
\ntardiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-0857, CVE-2015-0858.
\n
More information:
\n
\n

Several vulnerabilities were discovered in tardiff, a tarball comparison\ntool. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2015-0857\n

    Rainer Mueller and Florian Weimer discovered that tardiff is prone\n to shell command injections via shell meta-characters in filenames\n in tar files or via shell meta-characters in the tar filename\n itself.

    • \n
  • CVE-2015-0858\n

    Florian Weimer discovered that tardiff uses predictable temporary\n directories for unpacking tarballs. A malicious user can use this\n flaw to overwrite files with permissions of the user running the\n tardiff command line tool.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.1-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.1-5 and partially in earlier versions.

\n

We recommend that you upgrade your tardiff packages.

\n
\n
\n
\n
", "3563": "
\n

Debian Security Advisory

\n

DSA-3563-1 poppler -- security update

\n
\n
Date Reported:
\n
01 May 2016
\n
Affected Packages:
\n
\npoppler\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8868.
\n
More information:
\n
\n

It was discovered that a heap overflow in the Poppler PDF library may\nresult in denial of service and potentially the execution of arbitrary\ncode if a malformed PDF file is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.26.5-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.38.0-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.38.0-3.

\n

We recommend that you upgrade your poppler packages.

\n
\n
\n
\n
", "3564": "
\n

Debian Security Advisory

\n

DSA-3564-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
02 May 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1660, CVE-2016-1661, CVE-2016-1662, CVE-2016-1663, CVE-2016-1664, CVE-2016-1665, CVE-2016-1666.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1660\n

    Atte Kettunen discovered an out-of-bounds write issue.

    • \n
  • CVE-2016-1661\n

    Wadih Matar discovered a memory corruption issue.

    • \n
  • CVE-2016-1662\n

    Rob Wu discovered a use-after-free issue related to extensions.

    • \n
  • CVE-2016-1663\n

    A use-after-free issue was discovered in Blink's bindings to V8.

    • \n
  • CVE-2016-1664\n

    Wadih Matar discovered a way to spoof URLs.

    • \n
  • CVE-2016-1665\n

    gksgudtjr456 discovered an information leak in the v8 javascript\n library.

    • \n
  • CVE-2016-1666\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 50.0.2661.94-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 50.0.2661.94-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3565": "
\n

Debian Security Advisory

\n

DSA-3565-1 botan1.10 -- security update

\n
\n
Date Reported:
\n
02 May 2016
\n
Affected Packages:
\n
\nbotan1.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 817932, Bug 822698.
In Mitre's CVE dictionary: CVE-2015-5726, CVE-2015-5727, CVE-2015-7827, CVE-2016-2194, CVE-2016-2195, CVE-2016-2849.
\n
More information:
\n
\n

Several security vulnerabilities were found in botan1.10, a C++\nlibrary which provides support for many common cryptographic\noperations, including encryption, authentication, X.509v3 certificates\nand CRLs.

\n
    \n
  • CVE-2015-5726\n

    The BER decoder would crash due to reading from offset 0 of an\n empty vector if it encountered a BIT STRING which did not contain\n any data at all. This can be used to easily crash applications\n reading untrusted ASN.1 data, but does not seem exploitable for\n code execution.

    • \n
  • CVE-2015-5727\n

    The BER decoder would allocate a fairly arbitrary amount of memory\n in a length field, even if there was no chance the read request\n would succeed. This might cause the process to run out of memory or\n invoke the OOM killer.

    • \n
  • CVE-2015-7827\n

    Use constant time PKCS #1 unpadding to avoid possible side channel\n attack against RSA decryption

    • \n
  • CVE-2016-2194\n

    Infinite loop in modular square root algorithm.\n The ressol function implementing the Tonelli-Shanks algorithm for\n finding square roots could be sent into a nearly infinite loop due\n to a misplaced conditional check. This could occur if a composite\n modulus is provided, as this algorithm is only defined for primes.\n This function is exposed to attacker controlled input via the\n OS2ECP function during ECC point decompression.

    • \n
  • CVE-2016-2195\n

    Fix Heap overflow on invalid ECC point.

    • \n
  • CVE-2016-2849\n

    Use constant time modular inverse algorithm to avoid possible\n side channel attack against ECDSA.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.10.8-2+deb8u1.

\n

We recommend that you upgrade your botan1.10 packages.

\n
\n
\n
\n
", "3566": "
\n

Debian Security Advisory

\n

DSA-3566-1 openssl -- security update

\n
\n
Date Reported:
\n
03 May 2016
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109.
\n
More information:
\n
\n

Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer\ntoolkit.

\n
    \n
  • CVE-2016-2105\n

    Guido Vranken discovered that an overflow can occur in the function\n EVP_EncodeUpdate(), used for Base64 encoding, if an attacker can\n supply a large amount of data. This could lead to a heap corruption.

    • \n
  • CVE-2016-2106\n

    Guido Vranken discovered that an overflow can occur in the function\n EVP_EncryptUpdate() if an attacker can supply a large amount of data.\n This could lead to a heap corruption.

    • \n
  • CVE-2016-2107\n

    Juraj Somorovsky discovered a padding oracle in the AES CBC cipher\n implementation based on the AES-NI instruction set. This could allow\n an attacker to decrypt TLS traffic encrypted with one of the cipher\n suites based on AES CBC.

    • \n
  • CVE-2016-2108\n

    David Benjamin from Google discovered that two separate bugs in the\n ASN.1 encoder, related to handling of negative zero integer values\n and large universal tags, could lead to an out-of-bounds write.

    • \n
  • CVE-2016-2109\n

    Brian Carpenter discovered that when ASN.1 data is read from a BIO\n using functions such as d2i_CMS_bio(), a short invalid encoding can\n cause allocation of large amounts of memory potentially consuming\n excessive resources or exhausting memory.

    • \n
\n

Additional information about these issues can be found in the OpenSSL\nsecurity advisory at https://www.openssl.org/news/secadv/20160503.txt

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2h-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3567": "
\n

Debian Security Advisory

\n

DSA-3567-1 libpam-sshauth -- security update

\n
\n
Date Reported:
\n
04 May 2016
\n
Affected Packages:
\n
\nlibpam-sshauth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4422.
\n
More information:
\n
\n

It was discovered that libpam-sshauth, a PAM module to authenticate\nusing an SSH server, does not correctly handle system users. In certain\nconfigurations an attacker can take advantage of this flaw to gain root\nprivileges.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.3.1-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 0.4.1-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.4.1-2.

\n

We recommend that you upgrade your libpam-sshauth packages.

\n
\n
\n
\n
", "3568": "
\n

Debian Security Advisory

\n

DSA-3568-1 libtasn1-6 -- security update

\n
\n
Date Reported:
\n
05 May 2016
\n
Affected Packages:
\n
\nlibtasn1-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4008.
\n
More information:
\n
\n

Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to\nmanage ASN.1 structures, does not correctly handle certain malformed DER\ncertificates. A remote attacker can take advantage of this flaw to cause\nan application using the Libtasn1 library to hang, resulting in a denial\nof service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 4.8-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.8-1.

\n

We recommend that you upgrade your libtasn1-6 packages.

\n
\n
\n
\n
", "3569": "
\n

Debian Security Advisory

\n

DSA-3569-1 openafs -- security update

\n
\n
Date Reported:
\n
05 May 2016
\n
Affected Packages:
\n
\nopenafs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8312, CVE-2016-2860.
\n
More information:
\n
\n

Two vulnerabilities were discovered in openafs, an implementation of the\ndistributed filesystem AFS. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2015-8312\n

    Potential denial of service caused by a bug in the pioctl\n logic allowing a local user to overrun a kernel buffer with a\n single NUL byte.

    • \n
  • CVE-2016-2860\n

    Peter Iannucci discovered that users from foreign Kerberos realms\n can create groups as if they were administrators.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.6.9-2+deb8u5.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.6.17-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.6.17-1.

\n

We recommend that you upgrade your openafs packages.

\n
\n
\n
\n
", "3570": "
\n

Debian Security Advisory

\n

DSA-3570-1 mercurial -- security update

\n
\n
Date Reported:
\n
05 May 2016
\n
Affected Packages:
\n
\nmercurial\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3105.
\n
More information:
\n
\n

Blake Burkhart discovered an arbitrary code execution flaw in\nMercurial, a distributed version control system, when using the convert\nextension on Git repositories with specially crafted names. This flaw in\nparticular affects automated code conversion services that allow\narbitrary repository names.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.2-2+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.8.1-1.

\n

We recommend that you upgrade your mercurial packages.

\n
\n
\n
\n
", "3571": "
\n

Debian Security Advisory

\n

DSA-3571-1 ikiwiki -- security update

\n
\n
Date Reported:
\n
08 May 2016
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4561.
\n
More information:
\n
\n

Simon McVittie discovered a cross-site scripting vulnerability in the\nerror reporting of Ikiwiki, a wiki compiler. This update also hardens\nikiwiki's use of imagemagick in the img plugin.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.20141016.3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.20160506.

\n

We recommend that you upgrade your ikiwiki packages.

\n
\n
\n
\n
", "3572": "
\n

Debian Security Advisory

\n

DSA-3572-1 websvn -- security update

\n
\n
Date Reported:
\n
09 May 2016
\n
Affected Packages:
\n
\nwebsvn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1236.
\n
More information:
\n
\n

Nitin Venkatesh discovered that websvn, a web viewer for Subversion\nrepositories, is susceptible to cross-site scripting attacks via\nspecially crafted file and directory names in repositories.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.3-1.2+deb8u2.

\n

We recommend that you upgrade your websvn packages.

\n
\n
\n
\n
", "3573": "
\n

Debian Security Advisory

\n

DSA-3573-1 qemu -- security update

\n
\n
Date Reported:
\n
09 May 2016
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823830.
In Mitre's CVE dictionary: CVE-2016-3710, CVE-2016-3712.
\n
More information:
\n
\n

Several vulnerabilities were discovered in qemu, a fast processor\nemulator.

\n
    \n
  • CVE-2016-3710\n

    Wei Xiao and Qinghao Tang of 360.cn Inc discovered an out-of-bounds\n read and write flaw in the QEMU VGA module. A privileged guest user\n could use this flaw to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.

    • \n
  • CVE-2016-3712\n

    Zuozhi Fzz of Alibaba Inc discovered potential integer overflow\n or out-of-bounds read access issues in the QEMU VGA module. A\n privileged guest user could use this flaw to mount a denial of\n service (QEMU process crash).

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:2.1+dfsg-12+deb8u6.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3574": "
\n

Debian Security Advisory

\n

DSA-3574-1 libarchive -- security update

\n
\n
Date Reported:
\n
10 May 2016
\n
Affected Packages:
\n
\nlibarchive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823893.
In Mitre's CVE dictionary: CVE-2016-1541.
\n
More information:
\n
\n

Rock Stevens, Andrew Ruef and Marcin Icewall Noga discovered a\nheap-based buffer overflow vulnerability in the zip_read_mac_metadata\nfunction in libarchive, a multi-format archive and compression library,\nwhich may lead to the execution of arbitrary code if a user or automated\nsystem is tricked into processing a specially crafted ZIP file.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.2-11+deb8u1.

\n

We recommend that you upgrade your libarchive packages.

\n
\n
\n
\n
", "3575": "
\n

Debian Security Advisory

\n

DSA-3575-1 libxstream-java -- security update

\n
\n
Date Reported:
\n
12 May 2016
\n
Affected Packages:
\n
\nlibxstream-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3674.
\n
More information:
\n
\n

It was discovered that XStream, a Java library to serialize objects to\nXML and back again, was susceptible to XML External Entity attacks.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.7-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.4.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.9-1.

\n

We recommend that you upgrade your libxstream-java packages.

\n
\n
\n
\n
", "3576": "
\n

Debian Security Advisory

\n

DSA-3576-1 icedove -- security update

\n
\n
Date Reported:
\n
13 May 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1979, CVE-2016-2805, CVE-2016-2807.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 38.8.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3577": "
\n

Debian Security Advisory

\n

DSA-3577-1 jansson -- security update

\n
\n
Date Reported:
\n
14 May 2016
\n
Affected Packages:
\n
\njansson\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823238.
In Mitre's CVE dictionary: CVE-2016-4425.
\n
More information:
\n
\n

Gustavo Grieco discovered that jansson, a C library for encoding,\ndecoding and manipulating JSON data, did not limit the recursion depth\nwhen parsing JSON arrays and objects. This could allow remote attackers\nto cause a denial of service (crash) via stack exhaustion, using crafted\nJSON data.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.7-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.7-5.

\n

We recommend that you upgrade your jansson packages.

\n
\n
\n
\n
", "3578": "
\n

Debian Security Advisory

\n

DSA-3578-1 libidn -- security update

\n
\n
Date Reported:
\n
14 May 2016
\n
Affected Packages:
\n
\nlibidn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2059.
\n
More information:
\n
\n

It was discovered that libidn, the GNU library for Internationalized\nDomain Names (IDNs), did not correctly handle invalid UTF-8 input,\ncausing an out-of-bounds read. This could allow attackers to disclose\nsensitive information from an application using the libidn library.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.29-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.31-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.31-1.

\n

We recommend that you upgrade your libidn packages.

\n
\n
\n
\n
", "3579": "
\n

Debian Security Advisory

\n

DSA-3579-1 xerces-c -- security update

\n
\n
Date Reported:
\n
16 May 2016
\n
Affected Packages:
\n
\nxerces-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823863.
In Mitre's CVE dictionary: CVE-2016-2099.
\n
More information:
\n
\n

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a\nvalidating XML parser library for C++, due to not properly handling\ninvalid characters in XML input documents in the DTDScanner.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-5.1+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 3.1.3+debian-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.3+debian-2.

\n

We recommend that you upgrade your xerces-c packages.

\n
\n
\n
\n
", "3580": "
\n

Debian Security Advisory

\n

DSA-3580-1 imagemagick -- security update

\n
\n
Date Reported:
\n
16 May 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823542.
In Mitre's CVE dictionary: CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718.
\n
More information:
\n
\n

Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered\nseveral vulnerabilities in ImageMagick, a program suite for image\nmanipulation. These vulnerabilities, collectively known as ImageTragick,\nare the consequence of lack of sanitization of untrusted input. An\nattacker with control on the image input could, with the privileges of\nthe user running the application, execute code\n(CVE-2016-3714), make HTTP\nGET or FTP requests (CVE-2016-3718),\nor delete (CVE-2016-3715), move\n(CVE-2016-3716), or read\n(CVE-2016-3717) local files.

\n

These vulnerabilities are particularly critical if Imagemagick processes\nimages coming from remote parties, such as part of a web service.

\n

The update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL, and\nPLT) and indirect reads via /etc/ImageMagick-6/policy.xml file. In\naddition, we introduce extra preventions, including some sanitization for\ninput filenames in http/https delegates, the full remotion of PLT/Gnuplot\ndecoder, and the need of explicit reference in the filename for the\ninsecure coders.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u2.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3581": "
\n

Debian Security Advisory

\n

DSA-3581-1 libndp -- security update

\n
\n
Date Reported:
\n
17 May 2016
\n
Affected Packages:
\n
\nlibndp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 824545.
In Mitre's CVE dictionary: CVE-2016-3698.
\n
More information:
\n
\n

Julien Bernard discovered that libndp, a library for the IPv6 Neighbor\nDiscovery Protocol, does not properly perform input and origin checks\nduring the reception of a NDP message. An attacker in a non-local\nnetwork could use this flaw to advertise a node as a router, and cause a\ndenial of service attack, or act as a man-in-the-middle.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4-2+deb8u1.

\n

We recommend that you upgrade your libndp packages.

\n
\n
\n
\n
", "3582": "
\n

Debian Security Advisory

\n

DSA-3582-1 expat -- security update

\n
\n
Date Reported:
\n
18 May 2016
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0718, CVE-2016-4472.
\n
More information:
\n
\n

Gustavo Grieco discovered that Expat, an XML parsing C library, does not\nproperly handle certain kinds of malformed input documents, resulting in\nbuffer overflows during processing and error reporting. A remote\nattacker can take advantage of this flaw to cause an application using\nthe Expat library to crash, or potentially, to execute arbitrary code\nwith the privileges of the user running the application.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-6+deb8u2. Additionally this update refreshes the fix for\nCVE-2015-1283 to avoid relying on undefined behavior.

\n

We recommend that you upgrade your expat packages.

\n
\n
\n
\n
", "3583": "
\n

Debian Security Advisory

\n

DSA-3583-1 swift-plugin-s3 -- security update

\n
\n
Date Reported:
\n
18 May 2016
\n
Affected Packages:
\n
\nswift-plugin-s3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 822688.
In Mitre's CVE dictionary: CVE-2015-8466.
\n
More information:
\n
\n

It was discovered that the swift3 (S3 compatibility) middleware plugin\nfor Swift performed insufficient validation of date headers which might\nresult in replay attacks.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.7-5+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.9-1.

\n

We recommend that you upgrade your swift-plugin-s3 packages.

\n
\n
\n
\n
", "3584": "
\n

Debian Security Advisory

\n

DSA-3584-1 librsvg -- security update

\n
\n
Date Reported:
\n
19 May 2016
\n
Affected Packages:
\n
\nlibrsvg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7558, CVE-2016-4348.
\n
More information:
\n
\n

Gustavo Grieco discovered several flaws in the way librsvg, a SAX-based\nrenderer library for SVG files, parses SVG files with circular\ndefinitions. A remote attacker can take advantage of these flaws to\ncause an application using the librsvg library to crash.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.40.5-1+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.40.12-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.40.12-1.

\n

We recommend that you upgrade your librsvg packages.

\n
\n
\n
\n
", "3585": "
\n

Debian Security Advisory

\n

DSA-3585-1 wireshark -- security update

\n
\n
Date Reported:
\n
22 May 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4006, CVE-2016-4079, CVE-2016-4080, CVE-2016-4081, CVE-2016-4082, CVE-2016-4085.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nPKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u6.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.0.3+geed34f0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.3+geed34f0-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3586": "
\n

Debian Security Advisory

\n

DSA-3586-1 atheme-services -- security update

\n
\n
Date Reported:
\n
23 May 2016
\n
Affected Packages:
\n
\natheme-services\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4478.
\n
More information:
\n
\n

It was discovered that a buffer overflow in the XMLRPC response encoding\ncode of the Atheme IRC services may result in denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 6.0.11-2+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 7.0.7-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0.7-2.

\n

We recommend that you upgrade your atheme-services packages.

\n
\n
\n
\n
", "3587": "
\n

Debian Security Advisory

\n

DSA-3587-1 libgd2 -- security update

\n
\n
Date Reported:
\n
27 May 2016
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 824627.
In Mitre's CVE dictionary: CVE-2013-7456, CVE-2015-8874, CVE-2015-8877.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-5+deb8u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.1-1 or earlier.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3588": "
\n

Debian Security Advisory

\n

DSA-3588-1 symfony -- security update

\n
\n
Date Reported:
\n
29 May 2016
\n
Affected Packages:
\n
\nsymfony\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1902, CVE-2016-4423.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Symfony, a PHP framework.

\n
    \n
  • CVE-2016-1902\n

    Lander Brandt discovered that the class SecureRandom might generate\n weak random numbers for cryptographic use under certain settings. If\n the functions random_bytes() or openssl_random_pseudo_bytes() are not\n available, the output of SecureRandom should not be consider secure.

    • \n
  • CVE-2016-4423\n

    Marek Alaksa from Citadelo discovered that it is possible to fill up\n the session storage space by submitting inexistent large usernames.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.3.21+dfsg-4+deb8u3.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.8.6+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.8.6+dfsg-1.

\n

We recommend that you upgrade your symfony packages.

\n
\n
\n
\n
", "3589": "
\n

Debian Security Advisory

\n

DSA-3589-1 gdk-pixbuf -- security update

\n
\n
Date Reported:
\n
30 May 2016
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7552, CVE-2015-8875.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in gdk-pixbuf, a toolkit\nfor image loading and pixel buffer manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using gdk-pixbuf (application crash), or potentially, to\nexecute arbitrary code with the privileges of the user running the\napplication, if a malformed image is opened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.31.1-2+deb8u5.

\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
\n
\n
", "3590": "
\n

Debian Security Advisory

\n

DSA-3590-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
01 Jun 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1672, CVE-2016-1673, CVE-2016-1674, CVE-2016-1675, CVE-2016-1676, CVE-2016-1677, CVE-2016-1678, CVE-2016-1679, CVE-2016-1680, CVE-2016-1681, CVE-2016-1682, CVE-2016-1683, CVE-2016-1684, CVE-2016-1685, CVE-2016-1686, CVE-2016-1687, CVE-2016-1688, CVE-2016-1689, CVE-2016-1690, CVE-2016-1691, CVE-2016-1692, CVE-2016-1693, CVE-2016-1694, CVE-2016-1695.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1667\n

    Mariusz Mylinski discovered a cross-origin bypass.

    • \n
  • CVE-2016-1668\n

    Mariusz Mylinski discovered a cross-origin bypass in bindings to v8.

    • \n
  • CVE-2016-1669\n

    Choongwoo Han discovered a buffer overflow in the v8 javascript\n library.

    • \n
  • CVE-2016-1670\n

    A race condition was found that could cause the renderer process\n to reuse ids that should have been unique.

    • \n
  • CVE-2016-1672\n

    Mariusz Mylinski discovered a cross-origin bypass in extension\n bindings.

    • \n
  • CVE-2016-1673\n

    Mariusz Mylinski discovered a cross-origin bypass in Blink/Webkit.

    • \n
  • CVE-2016-1674\n

    Mariusz Mylinski discovered another cross-origin bypass in extension\n bindings.

    • \n
  • CVE-2016-1675\n

    Mariusz Mylinski discovered another cross-origin bypass in\n Blink/Webkit.

    • \n
  • CVE-2016-1676\n

    Rob Wu discovered a cross-origin bypass in extension bindings.

    • \n
  • CVE-2016-1677\n

    Guang Gong discovered a type confusion issue in the v8 javascript\n library.

    • \n
  • CVE-2016-1678\n

    Christian Holler discovered an overflow issue in the v8 javascript\n library.

    • \n
  • CVE-2016-1679\n

    Rob Wu discovered a use-after-free issue in the bindings to v8.

    • \n
  • CVE-2016-1680\n

    Atte Kettunen discovered a use-after-free issue in the skia library.

    • \n
  • CVE-2016-1681\n

    Aleksandar Nikolic discovered an overflow issue in the pdfium\n library.

    • \n
  • CVE-2016-1682\n

    KingstonTime discovered a way to bypass the Content Security Policy.

    • \n
  • CVE-2016-1683\n

    Nicolas Gregoire discovered an out-of-bounds write issue in the\n libxslt library.

    • \n
  • CVE-2016-1684\n

    Nicolas Gregoire discovered an integer overflow issue in the\n libxslt library.

    • \n
  • CVE-2016-1685\n

    Ke Liu discovered an out-of-bounds read issue in the pdfium library.

    • \n
  • CVE-2016-1686\n

    Ke Liu discovered another out-of-bounds read issue in the pdfium\n library.

    • \n
  • CVE-2016-1687\n

    Rob Wu discovered an information leak in the handling of extensions.

    • \n
  • CVE-2016-1688\n

    Max Korenko discovered an out-of-bounds read issue in the v8\n javascript library.

    • \n
  • CVE-2016-1689\n

    Rob Wu discovered a buffer overflow issue.

    • \n
  • CVE-2016-1690\n

    Rob Wu discovered a use-after-free issue.

    • \n
  • CVE-2016-1691\n

    Atte Kettunen discovered a buffer overflow issue in the skia library.

    • \n
  • CVE-2016-1692\n

    Til Jasper Ullrich discovered a cross-origin bypass issue.

    • \n
  • CVE-2016-1693\n

    Khalil Zhani discovered that the Software Removal Tool download was\n done over an HTTP connection.

    • \n
  • CVE-2016-1694\n

    Ryan Lester and Bryant Zadegan discovered that pinned public keys\n would be removed when clearing the browser cache.

    • \n
  • CVE-2016-1695\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 51.0.2704.63-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 51.0.2704.63-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3591": "
\n

Debian Security Advisory

\n

DSA-3591-1 imagemagick -- security update

\n
\n
Date Reported:
\n
01 Jun 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 825799.
In Mitre's CVE dictionary: CVE-2016-5118.
\n
More information:
\n
\n

Bob Friesenhahn from the GraphicsMagick project discovered a command\ninjection vulnerability in ImageMagick, a program suite for image\nmanipulation. An attacker with control on input image or the input\nfilename can execute arbitrary commands with the privileges of the user\nrunning the application.

\n

This update removes the possibility of using pipe (|) in filenames to\ninteract with imagemagick.

\n

It is important that you upgrade the libmagickcore-6.q16-2 and not just\nthe imagemagick package. Applications using libmagickcore-6.q16-2 might\nalso be affected and need to be restarted after the upgrade.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 8:6.8.9.9-5+deb8u3.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3592": "
\n

Debian Security Advisory

\n

DSA-3592-1 nginx -- security update

\n
\n
Date Reported:
\n
01 Jun 2016
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4450.
\n
More information:
\n
\n

It was discovered that a NULL pointer dereference in the Nginx code\nresponsible for saving client request bodies to a temporary file might\nresult in denial of service: Malformed requests could crash worker\nprocesses.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "3593": "
\n

Debian Security Advisory

\n

DSA-3593-1 libxml2 -- security update

\n
\n
Date Reported:
\n
02 Jun 2016
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 812807, Bug 813613, Bug 819006, Bug 823405, Bug 823414.
In Mitre's CVE dictionary: CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially the execution of arbitrary code with the\nprivileges of the user running the application.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u2.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "3594": "
\n

Debian Security Advisory

\n

DSA-3594-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
04 Jun 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1696, CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1696\n

    A cross-origin bypass was found in the bindings to extensions.

    • \n
  • CVE-2016-1697\n

    Mariusz Mlynski discovered a cross-origin bypass in Blink/Webkit.

    • \n
  • CVE-2016-1698\n

    Rob Wu discovered an information leak.

    • \n
  • CVE-2016-1699\n

    Gregory Panakkal discovered an issue in the Developer Tools\n feature.

    • \n
  • CVE-2016-1700\n

    Rob Wu discovered a use-after-free issue in extensions.

    • \n
  • CVE-2016-1701\n

    Rob Wu discovered a use-after-free issue in the autofill feature.

    • \n
  • CVE-2016-1702\n

    cloudfuzzer discovered an out-of-bounds read issue in the skia\n library.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 51.0.2704.79-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 51.0.2704.79-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3595": "
\n

Debian Security Advisory

\n

DSA-3595-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
05 Jun 2016
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823325.
In Mitre's CVE dictionary: CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0666, CVE-2016-0668.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.25. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.25-0+deb8u1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3596": "
\n

Debian Security Advisory

\n

DSA-3596-1 spice -- security update

\n
\n
Date Reported:
\n
06 Jun 2016
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0749, CVE-2016-2150.
\n
More information:
\n
\n

Several vulnerabilities were discovered in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-0749\n

    Jing Zhao of Red Hat discovered a memory allocation flaw, leading to\n a heap-based buffer overflow in spice's smartcard interaction. A\n user connecting to a guest VM via spice can take advantage of this\n flaw to cause a denial-of-service (QEMU process crash), or\n potentially to execute arbitrary code on the host with the\n privileges of the hosting QEMU process.

    • \n
  • CVE-2016-2150\n

    Frediano Ziglio of Red Hat discovered that a malicious guest inside\n a virtual machine can take control of the corresponding QEMU process\n in the host using crafted primary surface parameters.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.12.5-1+deb8u3.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "3597": "
\n

Debian Security Advisory

\n

DSA-3597-1 expat -- security update

\n
\n
Date Reported:
\n
07 Jun 2016
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2012-6702, CVE-2016-5300.
\n
More information:
\n
\n

Two related issues have been discovered in Expat, a C library for parsing\nXML.

\n
    \n
  • CVE-2012-6702\n

    It was introduced when\n CVE-2012-0876\n was addressed. Stefan S\u00f8rensen discovered that the use of the function\n XML_Parse() seeds the random number generator generating repeated outputs\n for rand() calls.

    • \n
  • CVE-2016-5300\n

    It is the product of an incomplete solution for\n CVE-2012-0876.\n The parser poorly seeds the random number generator allowing an attacker to\n cause a denial of service (CPU consumption) via an XML file with crafted\n identifiers.

    • \n
\n

You might need to manually restart programs and services using expat\nlibraries.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-6+deb8u3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.1.1-3.

\n

We recommend that you upgrade your expat packages.

\n
\n
\n
\n
", "3598": "
\n

Debian Security Advisory

\n

DSA-3598-1 vlc -- security update

\n
\n
Date Reported:
\n
07 Jun 2016
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5108.
\n
More information:
\n
\n

Patrick Coleman discovered that missing input sanitising in the ADPCM\ndecoder of the VLC media player may result in the execution of arbitrary\ncode if a malformed media file is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.2.4-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.4-1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "3599": "
\n

Debian Security Advisory

\n

DSA-3599-1 p7zip -- security update

\n
\n
Date Reported:
\n
09 Jun 2016
\n
Affected Packages:
\n
\np7zip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 824160.
In Mitre's CVE dictionary: CVE-2016-2335.
\n
More information:
\n
\n

Marcin Icewall Noga of Cisco Talos discovered an out-of-bound read\nvulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr\nfile archiver with high compression ratio. A remote attacker can take\nadvantage of this flaw to cause a denial-of-service or, potentially the\nexecution of arbitrary code with the privileges of the user running\np7zip, if a specially crafted UDF file is processed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 9.20.1~dfsg.1-4.1+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 15.14.1+dfsg-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 15.14.1+dfsg-2.

\n

We recommend that you upgrade your p7zip packages.

\n
\n
\n
\n
", "3600": "
\n

Debian Security Advisory

\n

DSA-3600-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
09 Jun 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2828, CVE-2016-2831.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nspoofing.

\n

Wait, Firefox? No more references to Iceweasel? That's right, Debian no\nlonger applies a custom branding. Please see these links for further\ninformation: https://glandium.org/blog/?p=3622,\n\nhttps://en.wikipedia.org/wiki/Mozilla_software_rebranded_by_Debian

\n

Debian follows the extended support releases (ESR) of Firefox. Support\nfor the 38.x series has ended, so starting with this update we're now\nfollowing the 45.x releases and this update to the next ESR is also the\npoint where we reapply the original branding.

\n

Transition packages for the iceweasel packages are provided which\nautomatically upgrade to the new version. Since new binary packages need\nto be installed, make sure to allow that in your upgrade procedure (e.g.\nby using apt-get dist-upgrade instead of apt-get upgrade).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.2.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.2.0esr-1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3601": "
\n

Debian Security Advisory

\n

DSA-3601-1 icedove -- security update

\n
\n
Date Reported:
\n
13 Jun 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2806.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.

\n

Debian follows the extended support releases (ESR) of Thunderbird. Support\nfor the 38.x series has ended, so starting with this update we're now\nfollowing the 45.x releases.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.1.0-1~deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:45.1.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:45.1.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3602": "
\n

Debian Security Advisory

\n

DSA-3602-1 php5 -- security update

\n
\n
Date Reported:
\n
14 Jun 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2013-7456, CVE-2016-3074, CVE-2016-4537, CVE-2016-4538, CVE-2016-4539, CVE-2016-4540, CVE-2016-4541, CVE-2016-4542, CVE-2016-4543, CVE-2016-4544, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.22, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.22+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3603": "
\n

Debian Security Advisory

\n

DSA-3603-1 libav -- security update

\n
\n
Date Reported:
\n
14 Jun 2016
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3062.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 6:11.7-1~deb8u1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3604": "
\n

Debian Security Advisory

\n

DSA-3604-1 drupal7 -- security update

\n
\n
Date Reported:
\n
16 Jun 2016
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6211.
\n
More information:
\n
\n

A privilege escalation vulnerability has been found in the User module\nof the Drupal content management framework. For additional information,\nplease refer to the upstream advisory at\nhttps://www.drupal.org/SA-CORE-2016-002.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.32-1+deb8u7.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.44-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3605": "
\n

Debian Security Advisory

\n

DSA-3605-1 libxslt -- security update

\n
\n
Date Reported:
\n
19 Jun 2016
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802971.
In Mitre's CVE dictionary: CVE-2015-7995, CVE-2016-1683, CVE-2016-1684.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libxslt, an XSLT processing\nruntime library, which could lead to information disclosure or\ndenial-of-service (application crash) against an application using the\nlibxslt library.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.1.28-2+deb8u1.

\n

We recommend that you upgrade your libxslt packages.

\n
\n
\n
\n
", "3606": "
\n

Debian Security Advisory

\n

DSA-3606-1 libpdfbox-java -- security update

\n
\n
Date Reported:
\n
24 Jun 2016
\n
Affected Packages:
\n
\nlibpdfbox-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2175.
\n
More information:
\n
\n

It was discovered that pdfbox, a PDF library for Java, was susceptible\nto XML External Entity attacks.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:1.8.7+dfsg-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:1.8.12-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.8.12-1.

\n

We recommend that you upgrade your libpdfbox-java packages.

\n
\n
\n
\n
", "3607": "
\n

Debian Security Advisory

\n

DSA-3607-1 linux -- security update

\n
\n
Date Reported:
\n
28 Jun 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7515, CVE-2016-0821, CVE-2016-1237, CVE-2016-1583, CVE-2016-2117, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3070, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3157, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4470, CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4581, CVE-2016-4805, CVE-2016-4913, CVE-2016-4997, CVE-2016-4998, CVE-2016-5243, CVE-2016-5244.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2015-7515,\n CVE-2016-2184,\n CVE-2016-2185,\n CVE-2016-2186,\n CVE-2016-2187,\n CVE-2016-3136,\n CVE-2016-3137,\n CVE-2016-3138,\n CVE-2016-3140\n

    Ralf Spenneberg of OpenSource Security reported that various USB\n drivers do not sufficiently validate USB descriptors. This\n allowed a physically present user with a specially designed USB\n device to cause a denial of service (crash).

    • \n
  • CVE-2016-0821\n

    Solar Designer noted that the list poisoning feature, intended\n to mitigate the effects of bugs in list manipulation in the\n kernel, used poison values within the range of virtual addresses\n that can be allocated by user processes.

    • \n
  • CVE-2016-1237\n

    David Sinquin discovered that nfsd does not check permissions when\n setting ACLs, allowing users to grant themselves permissions to a\n file by setting the ACL.

    • \n
  • CVE-2016-1583\n

    Jann Horn of Google Project Zero reported that the eCryptfs\n filesystem could be used together with the proc filesystem to\n cause a kernel stack overflow. If the ecryptfs-utils package is\n installed, local users could exploit this, via the\n mount.ecryptfs_private program, for denial of service (crash) or\n possibly for privilege escalation.

    • \n
  • CVE-2016-2117\n

    Justin Yackoski of Cryptonite discovered that the Atheros L2\n ethernet driver incorrectly enables scatter/gather I/O. A remote\n attacker could take advantage of this flaw to obtain potentially\n sensitive information from kernel memory.

    • \n
  • CVE-2016-2143\n

    Marcin Koscielnicki discovered that the fork implementation in the\n Linux kernel on s390 platforms mishandles the case of four\n page-table levels, which allows local users to cause a denial of\n service (system crash).

    • \n
  • CVE-2016-3070\n

    Jan Stancek of Red Hat discovered a local denial of service\n vulnerability in AIO handling.

    • \n
  • CVE-2016-3134\n

    The Google Project Zero team found that the netfilter subsystem does\n not sufficiently validate filter table entries. A user with the\n CAP_NET_ADMIN capability could use this for denial of service\n (crash) or possibly for privilege escalation. Debian disables\n unprivileged user namespaces by default, if locally enabled with the\n kernel.unprivileged_userns_clone sysctl, this allows privilege\n escalation.

    • \n
  • CVE-2016-3156\n

    Solar Designer discovered that the IPv4 implementation in the Linux\n kernel did not perform the destruction of inet device objects\n properly. An attacker in a guest OS could use this to cause a denial\n of service (networking outage) in the host OS.

    • \n
  • CVE-2016-3157 /\n XSA-171\n

    Andy Lutomirski discovered that the x86_64 (amd64) task switching\n implementation did not correctly update the I/O permission level\n when running as a Xen paravirtual (PV) guest. In some\n configurations this would allow local users to cause a denial of\n service (crash) or to escalate their privileges within the guest.

    • \n
  • CVE-2016-3672\n

    Hector Marco and Ismael Ripoll noted that it was possible to disable\n Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs\n by removing the stack resource limit. This made it easier for local\n users to exploit security flaws in programs that have the setuid or\n setgid flag set.

    • \n
  • CVE-2016-3951\n

    It was discovered that the cdc_ncm driver would free memory\n prematurely if certain errors occurred during its initialisation.\n This allowed a physically present user with a specially designed\n USB device to cause a denial of service (crash) or possibly to\n escalate their privileges.

    • \n
  • CVE-2016-3955\n

    Ignat Korchagin reported that the usbip subsystem did not check\n the length of data received for a USB buffer. This allowed denial\n of service (crash) or privilege escalation on a system configured\n as a usbip client, by the usbip server or by an attacker able to\n impersonate it over the network. A system configured as a usbip\n server might be similarly vulnerable to physically present users.

    • \n
  • CVE-2016-3961 /\n XSA-174\n

    Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\n hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\n paravirtualised (PV) guest, although Xen does not support huge\n pages. This allowed users with access to /dev/hugepages to cause a\n denial of service (crash) in the guest.

    • \n
  • CVE-2016-4470\n

    David Howells of Red Hat discovered that a local user can trigger a\n flaw in the Linux kernel's handling of key lookups in the keychain\n subsystem, leading to a denial of service (crash) or possibly to\n privilege escalation.

    • \n
  • CVE-2016-4482,\n CVE-2016-4485,\n CVE-2016-4486,\n CVE-2016-4569,\n CVE-2016-4578,\n CVE-2016-4580,\n CVE-2016-5243,\n CVE-2016-5244\n

    Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA\n timer, x25, tipc, and rds facilities leaked information from the\n kernel stack.

    • \n
  • CVE-2016-4565\n

    Jann Horn of Google Project Zero reported that various components\n in the InfiniBand stack implemented unusual semantics for the\n write() operation. On a system with InfiniBand drivers loaded,\n local users could use this for denial of service or privilege\n escalation.

    • \n
  • CVE-2016-4581\n

    Tycho Andersen discovered that in some situations the Linux kernel\n did not handle propagated mounts correctly. A local user can take\n advantage of this flaw to cause a denial of service (system crash).

    • \n
  • CVE-2016-4805\n

    Baozeng Ding discovered a use-after-free in the generic PPP layer in\n the Linux kernel. A local user can take advantage of this flaw to\n cause a denial of service (system crash), or potentially escalate\n their privileges.

    • \n
  • CVE-2016-4913\n

    Al Viro found that the ISO9660 filesystem implementation did not\n correctly count the length of certain invalid name entries.\n Reading a directory containing such name entries would leak\n information from kernel memory. Users permitted to mount disks or\n disk images could use this to obtain sensitive information.

    • \n
  • CVE-2016-4997 /\n CVE-2016-4998\n

    Jesse Hertz and Tim Newsham discovered that missing input sanitising\n in Netfilter socket handling may result in denial of service. Debian\n disables unprivileged user namespaces by default, if locally enabled\n with the kernel.unprivileged_userns_clone sysctl, this also allows\n privilege escalation.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt25-2+deb8u2.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3608": "
\n

Debian Security Advisory

\n

DSA-3608-1 libreoffice -- security update

\n
\n
Date Reported:
\n
29 Jun 2016
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-4324.
\n
More information:
\n
\n

Aleksandar Nikolic discovered that missing input sanitising in the RTF\nparser in Libreoffice may result in the execution of arbitrary code if\na malformed documented is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u5.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:5.1.4~rc1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.1.4~rc1-1.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3609": "
\n

Debian Security Advisory

\n

DSA-3609-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
29 Jun 2016
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092.
\n
More information:
\n
\n

Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in information disclosure, the\nbypass of CSRF protections, bypass of the SecurityManager or denial of\nservice.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8.0.36-1.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3610": "
\n

Debian Security Advisory

\n

DSA-3610-1 xerces-c -- security update

\n
\n
Date Reported:
\n
29 Jun 2016
\n
Affected Packages:
\n
\nxerces-c\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 828990.
In Mitre's CVE dictionary: CVE-2016-4463.
\n
More information:
\n
\n

Brandon Perry discovered that xerces-c, a validating XML parser library\nfor C++, fails to successfully parse a DTD that is deeply nested,\ncausing a stack overflow. A remote unauthenticated attacker can take\nadvantage of this flaw to cause a denial of service against applications\nusing the xerces-c library.

\n

Additionally this update includes an enhancement to enable applications\nto fully disable DTD processing through the use of an environment\nvariable (XERCES_DISABLE_DTD).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-5.1+deb8u3.

\n

We recommend that you upgrade your xerces-c packages.

\n
\n
\n
\n
", "3611": "
\n

Debian Security Advisory

\n

DSA-3611-1 libcommons-fileupload-java -- security update

\n
\n
Date Reported:
\n
30 Jun 2016
\n
Affected Packages:
\n
\nlibcommons-fileupload-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3092.
\n
More information:
\n
\n

The TERASOLUNA Framework Development Team discovered a denial of service\nvulnerability in Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications. A remote attacker can take advantage of this flaw\nby sending file upload requests that cause the HTTP server using the\nApache Commons Fileupload library to become unresponsive, preventing the\nserver from servicing other requests.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.3.1-1+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.3.2-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.3.2-1.

\n

We recommend that you upgrade your libcommons-fileupload-java packages.

\n
\n
\n
\n
", "3612": "
\n

Debian Security Advisory

\n

DSA-3612-1 gimp -- security update

\n
\n
Date Reported:
\n
01 Jul 2016
\n
Affected Packages:
\n
\ngimp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 828179.
In Mitre's CVE dictionary: CVE-2016-4994.
\n
More information:
\n
\n

Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is\nprone to a use-after-free vulnerability in the channel and layer\nproperties parsing process when loading a XCF file. An attacker can take\nadvantage of this flaw to potentially execute arbitrary code with the\nprivileges of the user running GIMP if a specially crafted XCF file is\nprocessed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.8.14-1+deb8u1.

\n

We recommend that you upgrade your gimp packages.

\n
\n
\n
\n
", "3613": "
\n

Debian Security Advisory

\n

DSA-3613-1 libvirt -- security update

\n
\n
Date Reported:
\n
02 Jul 2016
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5008.
\n
More information:
\n
\n

Vivian Zhang and Christoph Anton Mitterer discovered that setting an\nempty VNC password does not work as documented in Libvirt, a\nvirtualisation abstraction library. When the password on a VNC server is\nset to the empty string, authentication on the VNC server will be\ndisabled, allowing any user to connect, despite the documentation\ndeclaring that setting an empty password for the VNC server prevents all\nclient connections. With this update the behaviour is enforced by\nsetting the password expiration to now.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.2.9-9+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.0-1.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "3614": "
\n

Debian Security Advisory

\n

DSA-3614-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
02 Jul 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3092.
\n
More information:
\n
\n

The TERASOLUNA Framework Development Team discovered a denial of service\nvulnerability in Apache Commons FileUpload, a package to make it\neasy to add robust, high-performance, file upload capability to servlets\nand web applications. A remote attacker can take advantage of this flaw\nby sending file upload requests that cause the HTTP server using the\nApache Commons Fileupload library to become unresponsive, preventing the\nserver from servicing other requests.

\n

Apache Tomcat uses a package renamed copy of Apache Commons FileUpload\nto implement the file upload requirements of the Servlet specification\nand is therefore also vulnerable to the denial of service vulnerability.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u3.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 7.0.70-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0.70-1.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3615": "
\n

Debian Security Advisory

\n

DSA-3615-1 wireshark -- security update

\n
\n
Date Reported:
\n
02 Jul 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5350, CVE-2016-5351, CVE-2016-5353, CVE-2016-5354, CVE-2016-5355, CVE-2016-5356, CVE-2016-5357, CVE-2016-5359.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors/parsers for\nPKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB,\nToshiba, CoSine, NetScreen, WBXML which could result in denial of service\nor potentially the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u7.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.0.4+gdd7746e-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.4+gdd7746e-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3616": "
\n

Debian Security Advisory

\n

DSA-3616-1 linux -- security update

\n
\n
Date Reported:
\n
04 Jul 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 828914.
In Mitre's CVE dictionary: CVE-2014-9904, CVE-2016-5728, CVE-2016-5828, CVE-2016-5829, CVE-2016-6130.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2014-9904\n

    It was discovered that the snd_compress_check_input function used in\n the ALSA subsystem does not properly check for an integer overflow,\n allowing a local user to cause a denial of service.

    • \n
  • CVE-2016-5728\n

    Pengfei Wang discovered a race condition in the MIC VOP driver that\n could allow a local user to obtain sensitive information from kernel\n memory or cause a denial of service.

    • \n
  • CVE-2016-5828\n

    Cyril Bur and Michael Ellerman discovered a flaw in the handling of\n Transactional Memory on powerpc systems allowing a local user to\n cause a denial of service (kernel crash) or possibly have\n unspecified other impact, by starting a transaction, suspending it,\n and then calling any of the exec() class system calls.

    • \n
  • CVE-2016-5829\n

    A heap-based buffer overflow vulnerability was found in the hiddev\n driver, allowing a local user to cause a denial of service or,\n potentially escalate their privileges.

    • \n
  • CVE-2016-6130\n

    Pengfei Wang discovered a flaw in the S/390 character device drivers\n potentially leading to information leak with /dev/sclp.

    • \n
\n

Additionally this update fixes a regression in the ebtables facility\n(#828914) that was introduced in DSA-3607-1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt25-2+deb8u3.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3617": "
\n

Debian Security Advisory

\n

DSA-3617-1 horizon -- security update

\n
\n
Date Reported:
\n
06 Jul 2016
\n
Affected Packages:
\n
\nhorizon\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3219, CVE-2016-4428.
\n
More information:
\n
\n

Two cross-site scripting vulnerabilities have been found in Horizon,\na web application to control an OpenStack cloud.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2014.1.3-7+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 3:9.0.1-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3:9.0.1-2.

\n

We recommend that you upgrade your horizon packages.

\n
\n
\n
\n
", "3618": "
\n

Debian Security Advisory

\n

DSA-3618-1 php5 -- security update

\n
\n
Date Reported:
\n
14 Jul 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5768, CVE-2016-5769, CVE-2016-5770, CVE-2016-5771, CVE-2016-5772, CVE-2016-5773.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.23, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n

https://php.net/ChangeLog-5.php#5.6.23

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.23+dfsg-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.8-1 of the php7.0 source package.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3619": "
\n

Debian Security Advisory

\n

DSA-3619-1 libgd2 -- security update

\n
\n
Date Reported:
\n
15 Jul 2016
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 829014, Bug 829062, Bug 829694.
In Mitre's CVE dictionary: CVE-2016-5116, CVE-2016-5766, CVE-2016-6128, CVE-2016-6132, CVE-2016-6161, CVE-2016-6214, CVE-2016-6905.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation. A remote attacker can\ntake advantage of these flaws to cause a denial-of-service against an\napplication using the libgd2 library (application crash), or potentially\nto execute arbitrary code with the privileges of the user running the\napplication.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-5+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.2-29-g3c2b605-1 or earlier.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3620": "
\n

Debian Security Advisory

\n

DSA-3620-1 pidgin -- security update

\n
\n
Date Reported:
\n
15 Jul 2016
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2365, CVE-2016-2366, CVE-2016-2367, CVE-2016-2368, CVE-2016-2369, CVE-2016-2370, CVE-2016-2371, CVE-2016-2372, CVE-2016-2373, CVE-2016-2374, CVE-2016-2375, CVE-2016-2376, CVE-2016-2377, CVE-2016-2378, CVE-2016-2380, CVE-2016-4323.
\n
More information:
\n
\n

Yves Younan of Cisco Talos discovered several vulnerabilities in the\nMXit protocol support in pidgin, a multi-protocol instant messaging\nclient. A remote attacker can take advantage of these flaws to cause a\ndenial of service (application crash), overwrite files, information\ndisclosure, or potentially to execute arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.11.0-0+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.11.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.11.0-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
\n
\n
", "3621": "
\n

Debian Security Advisory

\n

DSA-3621-1 mysql-connector-java -- security update

\n
\n
Date Reported:
\n
18 Jul 2016
\n
Affected Packages:
\n
\nmysql-connector-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-2575.
\n
More information:
\n
\n

A vulnerability was discovered in mysql-connector-java, a Java database\n(JDBC) driver for MySQL, which may result in unauthorized update, insert\nor delete access to some MySQL Connectors accessible data as well as\nread access to a subset of MySQL Connectors accessible data. The\nvulnerability was addressed by upgrading mysql-connector-java to the new\nupstream version 5.1.39, which includes additional changes, such as bug\nfixes, new features, and possibly incompatible changes. Please see the\nMySQL Connector/J Release Notes and Oracle's Critical Patch Update\nadvisory for further details:

\n\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.1.39-1~deb8u1.

\n

We recommend that you upgrade your mysql-connector-java packages.

\n
\n
\n
\n
", "3622": "
\n

Debian Security Advisory

\n

DSA-3622-1 python-django -- security update

\n
\n
Date Reported:
\n
18 Jul 2016
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6186.
\n
More information:
\n
\n

It was discovered that Django, a high-level Python web development\nframework, is prone to a cross-site scripting vulnerability in the\nadmin's add/change related popup.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.7.7-1+deb8u5.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3623": "
\n

Debian Security Advisory

\n

DSA-3623-1 apache2 -- security update

\n
\n
Date Reported:
\n
20 Jul 2016
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5387.
\n
More information:
\n
\n

Scott Geary of VendHQ discovered that the Apache HTTPD server used the\nvalue of the Proxy header from HTTP requests to initialize the\nHTTP_PROXY environment variable for CGI scripts, which in turn was\nincorrectly used by certain HTTP client implementations to configure the\nproxy for outgoing HTTP requests. A remote attacker could possibly use\nthis flaw to redirect HTTP requests performed by a CGI script to an\nattacker-controlled proxy via a malicious HTTP request.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.4.10-10+deb8u5.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3624": "
\n

Debian Security Advisory

\n

DSA-3624-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
21 Jul 2016
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's\nCritical Patch Update advisory for further details:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.50-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3625": "
\n

Debian Security Advisory

\n

DSA-3625-1 squid3 -- security update

\n
\n
Date Reported:
\n
22 Jul 2016
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 823968.
In Mitre's CVE dictionary: CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556.
\n
More information:
\n
\n

Several security issues have been discovered in the Squid caching proxy.

\n
    \n
  • CVE-2016-4051:\n

    CESG and Yuriy M. Kaminskiy discovered that Squid cachemgr.cgi was\n vulnerable to a buffer overflow when processing remotely supplied\n inputs relayed through Squid.

    • \n
  • CVE-2016-4052:\n

    CESG discovered that a buffer overflow made Squid vulnerable to a\n Denial of Service (DoS) attack when processing ESI responses.

    • \n
  • CVE-2016-4053:\n

    CESG found that Squid was vulnerable to public information\n disclosure of the server stack layout when processing ESI responses.

    • \n
  • CVE-2016-4054:\n

    CESG discovered that Squid was vulnerable to remote code execution\n when processing ESI responses.

    • \n
  • CVE-2016-4554:\n

    Jianjun Chen found that Squid was vulnerable to a header smuggling\n attack that could lead to cache poisoning and to bypass of\n same-origin security policy in Squid and some client browsers.

    • \n
  • CVE-2016-4555,\n CVE-2016-4556:\n

    \"bfek-18\" and \"@vftable\" found that Squid was vulnerable to a Denial\n of Service (DoS) attack when processing ESI responses, due to\n incorrect pointer handling and reference counting.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.8-6+deb8u3.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 3.5.19-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "3626": "
\n

Debian Security Advisory

\n

DSA-3626-1 openssh -- security update

\n
\n
Date Reported:
\n
24 Jul 2016
\n
Affected Packages:
\n
\nopenssh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 831902.
In Mitre's CVE dictionary: CVE-2016-6210.
\n
More information:
\n
\n

Eddie Harari reported that the OpenSSH SSH daemon allows user\nenumeration through timing differences when trying to authenticate\nusers. When sshd tries to authenticate a non-existing user, it will pick\nup a fixed fake password structure with a hash based on the Blowfish\nalgorithm. If real users passwords are hashed using SHA256/SHA512, then\na remote attacker can take advantage of this flaw by sending large\npasswords, receiving shorter response times from the server for\nnon-existing users.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:6.7p1-5+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:7.2p2-6.

\n

We recommend that you upgrade your openssh packages.

\n
\n
\n
\n
", "3627": "
\n

Debian Security Advisory

\n

DSA-3627-1 phpmyadmin -- security update

\n
\n
Date Reported:
\n
24 Jul 2016
\n
Affected Packages:
\n
\nphpmyadmin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1927, CVE-2016-2039, CVE-2016-2040, CVE-2016-2041, CVE-2016-2560, CVE-2016-2561, CVE-2016-5099, CVE-2016-5701, CVE-2016-5705, CVE-2016-5706, CVE-2016-5731, CVE-2016-5733, CVE-2016-5739.
\n
More information:
\n
\n

Several vulnerabilities have been fixed in phpMyAdmin, the web-based\nMySQL administration interface.

\n
    \n
  • CVE-2016-1927\n

    The suggestPassword function relied on a non-secure random number\n generator which makes it easier for remote attackers to guess\n generated passwords via a brute-force approach.

    • \n
  • CVE-2016-2039\n

    CSRF token values were generated by a non-secure random number\n generator, which allows remote attackers to bypass intended access\n restrictions by predicting a value.

    • \n
  • CVE-2016-2040\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n authenticated users to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-2041\n

    phpMyAdmin does not use a constant-time algorithm for comparing\n CSRF tokens, which makes it easier for remote attackers to bypass\n intended access restrictions by measuring time differences.

    • \n
  • CVE-2016-2560\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-2561\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-5099\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-5701\n

    For installations running on plain HTTP, phpMyAdmin allows remote\n attackers to conduct BBCode injection attacks against HTTP sessions\n via a crafted URI.

    • \n
  • CVE-2016-5705\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-5706\n

    phpMyAdmin allows remote attackers to cause a denial of service\n (resource consumption) via a large array in the scripts parameter.

    • \n
  • CVE-2016-5731\n

    A cross-site scripting (XSS) vulnerability allows remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-5733\n

    Multiple cross-site scripting (XSS) vulnerabilities allow remote\n attackers to inject arbitrary web script or HTML.

    • \n
  • CVE-2016-5739\n

    A specially crafted Transformation could leak information which\n a remote attacker could use to perform cross site request forgeries.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4:4.2.12-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.6.3-1.

\n

We recommend that you upgrade your phpmyadmin packages.

\n
\n
\n
\n
", "3628": "
\n

Debian Security Advisory

\n

DSA-3628-1 perl -- security update

\n
\n
Date Reported:
\n
25 Jul 2016
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 829578.
In Mitre's CVE dictionary: CVE-2016-1238, CVE-2016-6185.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the implementation of the\nPerl programming language. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-1238\n

    John Lightsey and Todd Rinaldo reported that the opportunistic\n loading of optional modules can make many programs unintentionally\n load code from the current working directory (which might be changed\n to another directory without the user realising) and potentially\n leading to privilege escalation, as demonstrated in Debian with\n certain combinations of installed packages.

    \n

    The problem relates to Perl loading modules from the includes\n directory array (\"@INC\") in which the last element is the current\n directory (\".\"). That means that, when perl wants to load a module\n (during first compilation or during lazy loading of a module in run\n time), perl will look for the module in the current directory at the\n end, since '.' is the last include directory in its array of include\n directories to seek. The issue is with requiring libraries that are\n in \".\" but are not otherwise installed.

    \n

    With this update several modules which are known to be vulnerable\n are updated to not load modules from current directory.

    \n

    Additionally the update allows configurable removal of \".\" from @INC\n in /etc/perl/sitecustomize.pl for a transitional period. It is\n recommended to enable this setting if the possible breakage for a\n specific site has been evaluated. Problems in packages provided in\n Debian resulting from the switch to the removal of '.' from @INC\n should be reported to the Perl maintainers at\n perl@packages.debian.org .

    \n

    It is planned to switch to the default removal of '.' in @INC in a\n subsequent update to perl via a point release if possible, and in\n any case for the upcoming stable release Debian 9 (stretch).

    • \n
  • CVE-2016-6185\n

    It was discovered that XSLoader, a core module from Perl to\n dynamically load C libraries into Perl code, could load shared\n library from incorrect location. XSLoader uses caller() information\n to locate the .so file to load. This can be incorrect if\n XSLoader::load() is called in a string eval. An attacker can take\n advantage of this flaw to execute arbitrary code.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.20.2-3+deb8u6. Additionally this update includes the\nfollowing updated packages to address optional module loading\nvulnerabilities related to CVE-2016-1238,\nor to address build failures which occur when '.' is removed from @INC:

\n
    \n
  • cdbs 0.4.130+deb8u1
    • \n
  • debhelper 9.20150101+deb8u2
    • \n
  • devscripts 2.15.3+deb8u12
    • \n
  • exim4 4.84.2-2+deb8u12
    • \n
  • libintl-perl 1.23-1+deb8u12
    • \n
  • libmime-charset-perl 1.011.1-1+deb8u22
    • \n
  • libmime-encwords-perl 1.014.3-1+deb8u12
    • \n
  • libmodule-build-perl 0.421000-2+deb8u12
    • \n
  • libnet-dns-perl 0.81-2+deb8u12
    • \n
  • libsys-syslog-perl 0.33-1+deb8u12
    • \n
  • libunicode-linebreak-perl 0.0.20140601-2+deb8u22
    • \n
\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "3629": "
\n

Debian Security Advisory

\n

DSA-3629-1 ntp -- security update

\n
\n
Date Reported:
\n
25 Jul 2016
\n
Affected Packages:
\n
\nntp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8158, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2516, CVE-2016-2518.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Network Time Protocol\ndaemon and utility programs:

\n
    \n
  • CVE-2015-7974\n

    Matt Street discovered that insufficient key validation allows\n impersonation attacks between authenticated peers.

    • \n
  • CVE-2015-7977\nCVE-2015-7978\n

    Stephen Gray discovered that a NULL pointer dereference and a\n buffer overflow in the handling of ntpdc reslist commands may\n result in denial of service.

    • \n
  • CVE-2015-7979\n

    Aanchal Malhotra discovered that if NTP is configured for broadcast\n mode, an attacker can send malformed authentication packets which\n break associations with the server for other broadcast clients.

    • \n
  • CVE-2015-8138\n

    Matthew van Gundy and Jonathan Gardner discovered that missing\n validation of origin timestamps in ntpd clients may result in denial\n of service.

    • \n
  • CVE-2015-8158\n

    Jonathan Gardner discovered that missing input sanitising in ntpq\n may result in denial of service.

    • \n
  • CVE-2016-1547\n

    Stephen Gray and Matthew van Gundy discovered that incorrect handling\n of crypto NAK packets may result in denial of service.

    • \n
  • CVE-2016-1548\n

    Jonathan Gardner and Miroslav Lichvar discovered that ntpd clients\n could be forced to change from basic client/server mode to interleaved\n symmetric mode, preventing time synchronisation.

    • \n
  • CVE-2016-1550\n

    Matthew van Gundy, Stephen Gray and Loganaden Velvindron discovered\n that timing leaks in the packet authentication code could result\n in recovery of a message digest.

    • \n
  • CVE-2016-2516\n

    Yihan Lian discovered that duplicate IPs on unconfig directives will\n trigger an assert.

    • \n
  • CVE-2016-2518\n

    Yihan Lian discovered that an OOB memory access could potentially\n crash ntpd.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2.6.p5+dfsg-7+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1:4.2.8p7+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:4.2.8p7+dfsg-1.

\n

We recommend that you upgrade your ntp packages.

\n
\n
\n
\n
", "3630": "
\n

Debian Security Advisory

\n

DSA-3630-1 libgd2 -- security update

\n
\n
Date Reported:
\n
26 Jul 2016
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6207.
\n
More information:
\n
\n

Secunia Research at Flexera Software discovered an integer overflow\nvulnerability within the _gdContributionsAlloc() function in libgd2, a\nlibrary for programmatic graphics creation and manipulation. A remote\nattacker can take advantage of this flaw to cause a denial-of-service\nagainst an application using the libgd2 library.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-43-g22cba39-1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3631": "
\n

Debian Security Advisory

\n

DSA-3631-1 php5 -- security update

\n
\n
Date Reported:
\n
26 Jul 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5385, CVE-2016-5399, CVE-2016-6289, CVE-2016-6290, CVE-2016-6291, CVE-2016-6292, CVE-2016-6294, CVE-2016-6295, CVE-2016-6296, CVE-2016-6297.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.24, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n

https://php.net/ChangeLog-5.php#5.6.24

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.24+dfsg-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.0.9-1 of the php7.0 source package.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3632": "
\n

Debian Security Advisory

\n

DSA-3632-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
27 Jul 2016
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.26. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.26-0+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.26-1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3633": "
\n

Debian Security Advisory

\n

DSA-3633-1 xen -- security update

\n
\n
Date Reported:
\n
27 Jul 2016
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8338, CVE-2016-4480, CVE-2016-4962, CVE-2016-5242, CVE-2016-6258.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2015-8338\n

    Julien Grall discovered that Xen on ARM was susceptible to denial\n of service via long running memory operations.

    • \n
  • CVE-2016-4480\n

    Jan Beulich discovered that incorrect page table handling could\n result in privilege escalation inside a Xen guest instance.

    • \n
  • CVE-2016-4962\n

    Wei Liu discovered multiple cases of missing input sanitising in\n libxl which could result in denial of service.

    • \n
  • CVE-2016-5242\n

    Aaron Cornelius discovered that incorrect resource handling on\n ARM systems could result in denial of service.

    • \n
  • CVE-2016-6258\n

    Jeremie Boutoille discovered that incorrect pagetable handling in\n PV instances could result in guest to host privilege escalation.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u6.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3634": "
\n

Debian Security Advisory

\n

DSA-3634-1 redis -- security update

\n
\n
Date Reported:
\n
30 Jul 2016
\n
Affected Packages:
\n
\nredis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832460.
In Mitre's CVE dictionary: CVE-2013-7458.
\n
More information:
\n
\n

It was discovered that redis, a persistent key-value database, did not\nproperly protect redis-cli history files: they were created by default\nwith world-readable permissions.

\n

Users and systems administrators may want to proactively change\npermissions on existing ~/rediscli_history files, instead of waiting\nfor the updated redis-cli to do so the next time it is run.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:2.8.17-1+deb8u5.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 2:3.2.1-4.

\n

We recommend that you upgrade your redis packages.

\n
\n
\n
\n
", "3635": "
\n

Debian Security Advisory

\n

DSA-3635-1 libdbd-mysql-perl -- security update

\n
\n
Date Reported:
\n
29 Jul 2016
\n
Affected Packages:
\n
\nlibdbd-mysql-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9906, CVE-2015-8949.
\n
More information:
\n
\n

Two use-after-free vulnerabilities were discovered in DBD::mysql, a Perl\nDBI driver for the MySQL database server. A remote attacker can take\nadvantage of these flaws to cause a denial-of-service against an\napplication using DBD::mysql (application crash), or potentially to\nexecute arbitrary code with the privileges of the user running the\napplication.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.028-2+deb8u1.

\n

We recommend that you upgrade your libdbd-mysql-perl packages.

\n
\n
\n
\n
", "3636": "
\n

Debian Security Advisory

\n

DSA-3636-1 collectd -- security update

\n
\n
Date Reported:
\n
30 Jul 2016
\n
Affected Packages:
\n
\ncollectd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832507, Bug 832577.
In Mitre's CVE dictionary: CVE-2016-6254.
\n
More information:
\n
\n

Emilien Gaspar discovered that collectd, a statistics collection and\nmonitoring daemon, incorrectly processed incoming network\npackets. This resulted in a heap overflow, allowing a remote attacker\nto either cause a DoS via application crash, or potentially execute\narbitrary code.

\n

Additionally, security researchers at Columbia University and the\nUniversity of Virginia discovered that collectd failed to verify a\nreturn value during initialization. This meant the daemon could\nsometimes be started without the desired, secure settings.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.4.1-6+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.5.2-1.

\n

We recommend that you upgrade your collectd packages.

\n
\n
\n
\n
", "3637": "
\n

Debian Security Advisory

\n

DSA-3637-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
31 Jul 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1704, CVE-2016-1705, CVE-2016-1706, CVE-2016-1707, CVE-2016-1708, CVE-2016-1709, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5136, CVE-2016-5137.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-1704\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
  • CVE-2016-1705\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
  • CVE-2016-1706\n

    Pinkie Pie discovered a way to escape the Pepper Plugin API sandbox.

    • \n
  • CVE-2016-1707\n

    xisigr discovered a URL spoofing issue.

    • \n
  • CVE-2016-1708\n

    Adam Varsan discovered a use-after-free issue.

    • \n
  • CVE-2016-1709\n

    ChenQin discovered a buffer overflow issue in the sfntly library.

    • \n
  • CVE-2016-1710\n

    Mariusz Mlynski discovered a same-origin bypass.

    • \n
  • CVE-2016-1711\n

    Mariusz Mlynski discovered another same-origin bypass.

    • \n
  • CVE-2016-5127\n

    cloudfuzzer discovered a use-after-free issue.

    • \n
  • CVE-2016-5128\n

    A same-origin bypass issue was discovered in the v8 javascript library.

    • \n
  • CVE-2016-5129\n

    Jeonghoon Shin discovered a memory corruption issue in the v8 javascript\n library.

    • \n
  • CVE-2016-5130\n

    Widih Matar discovered a URL spoofing issue.

    • \n
  • CVE-2016-5131\n

    Nick Wellnhofer discovered a use-after-free issue in the libxml2 library.

    • \n
  • CVE-2016-5132\n

    Ben Kelly discovered a same-origin bypass.

    • \n
  • CVE-2016-5133\n

    Patch Eudor discovered an issue in proxy authentication.

    • \n
  • CVE-2016-5134\n

    Paul Stone discovered an information leak in the Proxy Auto-Config\n feature.

    • \n
  • CVE-2016-5135\n

    ShenYeYinJiu discovered a way to bypass the Content Security Policy.

    • \n
  • CVE-2016-5136\n

    Rob Wu discovered a use-after-free issue.

    • \n
  • CVE-2016-5137\n

    Xiaoyin Liu discovered a way to discover whether an HSTS web site had been\n visited.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.82-1~deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these problems\nhave been fixed in version 52.0.2743.82-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3638": "
\n

Debian Security Advisory

\n

DSA-3638-1 curl -- security update

\n
\n
Date Reported:
\n
03 Aug 2016
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5419, CVE-2016-5420, CVE-2016-5421.
\n
More information:
\n
\n

Several vulnerabilities were discovered in cURL, an URL transfer library:

\n
    \n
  • CVE-2016-5419\n

    Bru Rom discovered that libcurl would attempt to resume a TLS session\n even if the client certificate had changed.

    • \n
  • CVE-2016-5420\n

    It was discovered that libcurl did not consider client certificates\n when reusing TLS connections.

    • \n
  • CVE-2016-5421\n

    Marcelo Echeverria and Fernando Mu\u00f1oz discovered that libcurl was\n vulnerable to a use-after-free flaw.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.38.0-4+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.50.1-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3639": "
\n

Debian Security Advisory

\n

DSA-3639-1 wordpress -- security update

\n
\n
Date Reported:
\n
03 Aug 2016
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8834, CVE-2016-5832, CVE-2016-5834, CVE-2016-5835, CVE-2016-5837, CVE-2016-5838, CVE-2016-5839.
\n
More information:
\n
\n

Several vulnerabilities were discovered in wordpress, a web blogging\ntool, which could allow remote attackers to compromise a site via\ncross-site scripting, bypass restrictions, obtain sensitive\nrevision-history information, or mount a denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u9.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3640": "
\n

Debian Security Advisory

\n

DSA-3640-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
03 Aug 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code,\ncross-site scripting, information disclosure and bypass of the same-origin\npolicy.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.3.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.3.0esr-1 for firefox-esr and 48.0-1 for firefox.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3641": "
\n

Debian Security Advisory

\n

DSA-3641-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
04 Aug 2016
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3606.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts of\nthe Java sandbox or denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u111-2.6.7-1~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3642": "
\n

Debian Security Advisory

\n

DSA-3642-1 lighttpd -- security update

\n
\n
Date Reported:
\n
05 Aug 2016
\n
Affected Packages:
\n
\nlighttpd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832571.
In Mitre's CVE dictionary: CVE-2016-1000212.
\n
More information:
\n
\n

Dominic Scheirlinck and Scott Geary of Vend reported insecure behavior\nin the lighttpd web server. Lighttpd assigned Proxy header values from\nclient requests to internal HTTP_PROXY environment variables, allowing\nremote attackers to carry out Man in the Middle (MITM) attacks or\ninitiate connections to arbitrary hosts.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.35-4+deb8u1.

\n

We recommend that you upgrade your lighttpd packages.

\n
\n
\n
\n
", "3643": "
\n

Debian Security Advisory

\n

DSA-3643-1 kde4libs -- security update

\n
\n
Date Reported:
\n
06 Aug 2016
\n
Affected Packages:
\n
\nkde4libs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832620.
In Mitre's CVE dictionary: CVE-2016-6232.
\n
More information:
\n
\n

Andreas Cord-Landwehr discovered that kde4libs, the core libraries\nfor all KDE 4 applications, do not properly handle the extraction\nof archives with \"../\" in the file paths. A remote attacker can\ntake advantage of this flaw to overwrite files outside of the\nextraction folder, if a user is tricked into extracting a specially\ncrafted archive.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4:4.14.2-5+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4:4.14.22-2.

\n

We recommend that you upgrade your kde4libs packages.

\n
\n
\n
\n
", "3644": "
\n

Debian Security Advisory

\n

DSA-3644-1 fontconfig -- security update

\n
\n
Date Reported:
\n
08 Aug 2016
\n
Affected Packages:
\n
\nfontconfig\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 833570.
In Mitre's CVE dictionary: CVE-2016-5384.
\n
More information:
\n
\n

Tobias Stoeckmann discovered that cache files are insufficiently\nvalidated in fontconfig, a generic font configuration library. An\nattacker can trigger arbitrary free() calls, which in turn allows double\nfree attacks and therefore arbitrary code execution. In combination with\nsetuid binaries using crafted cache files, this could allow privilege\nescalation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.11.0-6.3+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.11.0-6.5.

\n

We recommend that you upgrade your fontconfig packages.

\n
\n
\n
\n
", "3645": "
\n

Debian Security Advisory

\n

DSA-3645-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
09 Aug 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5139, CVE-2016-5140, CVE-2016-5141, CVE-2016-5142, CVE-2016-5143, CVE-2016-5144.
\n
More information:
\n
\n

Several vulnerabilites have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-5139\n

    GiWan Go discovered a use-after-free issue in the pdfium library.

    • \n
  • CVE-2016-5140\n

    Ke Liu discovered a use-after-free issue in the pdfium library.

    • \n
  • CVE-2016-5141\n

    Sergey Glazunov discovered a URL spoofing issue.

    • \n
  • CVE-2016-5142\n

    Sergey Glazunov discovered a use-after-free issue.

    • \n
  • CVE-2016-5143\n

    Gregory Panakkal discovered an issue in the developer tools.

    • \n
  • CVE-2016-5144\n

    Gregory Panakkal discovered another issue in the developer tools.

    • \n
  • CVE-2016-5146\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.0.2743.116-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 52.0.2743.116-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3646": "
\n

Debian Security Advisory

\n

DSA-3646-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
11 Aug 2016
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5423, CVE-2016-5424.
\n
More information:
\n
\n

Several vulnerabilities have been found in PostgreSQL-9.4, a SQL\ndatabase system.

\n
    \n
  • CVE-2016-5423\n

    Karthikeyan Jambu Rajaraman discovered that nested CASE-WHEN\n expressions are not properly evaluated, potentially leading to a\n crash or allowing to disclose portions of server memory.

    • \n
  • CVE-2016-5424\n

    Nathan Bossart discovered that special characters in database and\n role names are not properly handled, potentially leading to the\n execution of commands with superuser privileges, when a superuser\n executes pg_dumpall or other routine maintenance operations.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.9-0+deb8u1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3647": "
\n

Debian Security Advisory

\n

DSA-3647-1 icedove -- security update

\n
\n
Date Reported:
\n
11 Aug 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2818.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.2.0-1~deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:45.2.0-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:45.2.0-2.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3648": "
\n

Debian Security Advisory

\n

DSA-3648-1 wireshark -- security update

\n
\n
Date Reported:
\n
12 Aug 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6504, CVE-2016-6505, CVE-2016-6506, CVE-2016-6507, CVE-2016-6508, CVE-2016-6509, CVE-2016-6510, CVE-2016-6511.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for NDS,\nPacketBB, WSP, MMSE, RLC, LDSS, RLC and OpenFlow, which could result in\ndenial of service or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u8.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.0.5+ga3be9c6-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.5+ga3be9c6-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3649": "
\n

Debian Security Advisory

\n

DSA-3649-1 gnupg -- security update

\n
\n
Date Reported:
\n
17 Aug 2016
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6313.
\n
More information:
\n
\n

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of\nTechnology discovered a flaw in the mixing functions of GnuPG's random\nnumber generator. An attacker who obtains 4640 bits from the RNG can\ntrivially predict the next 160 bits of output.

\n

A first analysis on the impact of this bug for GnuPG shows that existing\nRSA keys are not weakened. For DSA and Elgamal keys it is also unlikely\nthat the private key can be predicted from other public information.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.18-7+deb8u2.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "3650": "
\n

Debian Security Advisory

\n

DSA-3650-1 libgcrypt20 -- security update

\n
\n
Date Reported:
\n
17 Aug 2016
\n
Affected Packages:
\n
\nlibgcrypt20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6313.
\n
More information:
\n
\n

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of\nTechnology discovered a flaw in the mixing functions of Libgcrypt's\nrandom number generator. An attacker who obtains 4640 bits from the RNG\ncan trivially predict the next 160 bits of output.

\n

A first analysis on the impact of this bug for GnuPG shows that existing\nRSA keys are not weakened. For DSA and Elgamal keys it is also unlikely\nthat the private key can be predicted from other public information.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.6.3-2+deb8u2.

\n

We recommend that you upgrade your libgcrypt20 packages.

\n
\n
\n
\n
", "3651": "
\n

Debian Security Advisory

\n

DSA-3651-1 rails -- security update

\n
\n
Date Reported:
\n
25 Aug 2016
\n
Affected Packages:
\n
\nrails\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 834155.
In Mitre's CVE dictionary: CVE-2016-6316.
\n
More information:
\n
\n

Andrew Carpenter of Critical Juncture discovered a cross-site scripting\nvulnerability affecting Action View in rails, a web application\nframework written in Ruby. Text declared as HTML safe will not have\nquotes escaped when used as attribute values in tag helpers.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:4.1.8-1+deb8u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:4.2.7.1-1.

\n

We recommend that you upgrade your rails packages.

\n
\n
\n
\n
", "3652": "
\n

Debian Security Advisory

\n

DSA-3652-1 imagemagick -- security update

\n
\n
Date Reported:
\n
25 Aug 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832885, Bug 832887, Bug 832888, Bug 832968, Bug 833003, Bug 832474, Bug 832475, Bug 832464.
In Mitre's CVE dictionary: CVE-2014-9907, CVE-2015-8957, CVE-2015-8958, CVE-2015-8959, CVE-2016-4562, CVE-2016-4563, CVE-2016-4564, CVE-2016-5010, CVE-2016-5687, CVE-2016-5688, CVE-2016-5689, CVE-2016-5690, CVE-2016-5691, CVE-2016-5841, CVE-2016-5842, CVE-2016-6491, CVE-2016-6823, CVE-2016-7513, CVE-2016-7514, CVE-2016-7515, CVE-2016-7516, CVE-2016-7517, CVE-2016-7518, CVE-2016-7519, CVE-2016-7520, CVE-2016-7521, CVE-2016-7522, CVE-2016-7523, CVE-2016-7524, CVE-2016-7525, CVE-2016-7526, CVE-2016-7527, CVE-2016-7528, CVE-2016-7529, CVE-2016-7530, CVE-2016-7531, CVE-2016-7532, CVE-2016-7533, CVE-2016-7534, CVE-2016-7535, CVE-2016-7536, CVE-2016-7537, CVE-2016-7538, CVE-2016-7539, CVE-2016-7540.
\n
More information:
\n
\n

This updates fixes many vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,\nPDB, DDS, DCM, EXIF, RGF or BMP files are processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3653": "
\n

Debian Security Advisory

\n

DSA-3653-1 flex -- security update

\n
\n
Date Reported:
\n
25 Aug 2016
\n
Affected Packages:
\n
\nflex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832768.
In Mitre's CVE dictionary: CVE-2016-6354.
\n
More information:
\n
\n

Alexander Sulfrian discovered a buffer overflow in the\nyy_get_next_buffer() function generated by Flex, which may result in\ndenial of service and potentially the execution of code if operating on\ndata from untrusted sources.

\n

Affected applications need to be rebuild. bogofilter will be rebuild\nagainst the updated flex in a followup update. Further affected\napplications should be reported at the bug referenced above.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.5.39-8+deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.6.1-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.

\n

We recommend that you upgrade your flex packages.

\n
\n
\n
\n
", "3654": "
\n

Debian Security Advisory

\n

DSA-3654-1 quagga -- security update

\n
\n
Date Reported:
\n
26 Aug 2016
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 822787, Bug 835223.
In Mitre's CVE dictionary: CVE-2016-4036, CVE-2016-4049, CVE-2016-4036, CVE-2016-4049.
\n
More information:
\n
\n

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing\ndaemon.

\n
    \n
  • CVE-2016-4036\n

    Tam\u00e1s N\u00e9meth discovered that sensitive configuration files in\n /etc/quagga were world-readable despite containing sensitive\n information.

    • \n
  • CVE-2016-4049\n

    Evgeny Uskov discovered that a bgpd instance handling many peers\n could be crashed by a malicious user when requesting a route dump.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.99.23.1-1+deb8u2.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "3655": "
\n

Debian Security Advisory

\n

DSA-3655-1 mupdf -- security update

\n
\n
Date Reported:
\n
26 Aug 2016
\n
Affected Packages:
\n
\nmupdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832031, Bug 833417.
In Mitre's CVE dictionary: CVE-2016-6265, CVE-2016-6525.
\n
More information:
\n
\n

Two vulnerabilities were discovered in MuPDF, a lightweight PDF viewer.\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2016-6265\n

    Marco Grassi discovered a use-after-free vulnerability in MuPDF. An\n attacker can take advantage of this flaw to cause an application\n crash (denial-of-service), or potentially to execute arbitrary code\n with the privileges of the user running MuPDF, if a specially\n crafted PDF file is processed.

    • \n
  • CVE-2016-6525\n

    Yu Hong and Zheng Jihong discovered a heap overflow vulnerability\n within the pdf_load_mesh_params function, allowing an attacker to\n cause an application crash (denial-of-service), or potentially to\n execute arbitrary code with the privileges of the user running\n MuPDF, if a specially crafted PDF file is processed.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.5-1+deb8u1.

\n

We recommend that you upgrade your mupdf packages.

\n
\n
\n
\n
", "3656": "
\n

Debian Security Advisory

\n

DSA-3656-1 tryton-server -- security update

\n
\n
Date Reported:
\n
30 Aug 2016
\n
Affected Packages:
\n
\ntryton-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1241, CVE-2016-1242.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the server for the Tryton\napplication platform, which may result in information disclosure of\npassword hashes or file contents.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.0-3+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.4-1.

\n

We recommend that you upgrade your tryton-server packages.

\n
\n
\n
\n
", "3657": "
\n

Debian Security Advisory

\n

DSA-3657-1 libarchive -- security update

\n
\n
Date Reported:
\n
30 Aug 2016
\n
Affected Packages:
\n
\nlibarchive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8933, CVE-2015-8934, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5844.
\n
More information:
\n
\n

Hanno Boeck and Marcin Noga discovered multiple vulnerabilities in\nlibarchive; processing malformed archives may result in denial of\nservice or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.1.2-11+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 3.2.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.2.1-1.

\n

We recommend that you upgrade your libarchive packages.

\n
\n
\n
\n
", "3658": "
\n

Debian Security Advisory

\n

DSA-3658-1 libidn -- security update

\n
\n
Date Reported:
\n
01 Sep 2016
\n
Affected Packages:
\n
\nlibidn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8948, CVE-2016-6261, CVE-2016-6263.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in libidn, the GNU\nlibrary for Internationalized Domain Names (IDNs), allowing a remote\nattacker to cause a denial of service against an application using the\nlibidn library (application crash).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.29-1+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.33-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.33-1.

\n

We recommend that you upgrade your libidn packages.

\n
\n
\n
\n
", "3659": "
\n

Debian Security Advisory

\n

DSA-3659-1 linux -- security update

\n
\n
Date Reported:
\n
04 Sep 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5696, CVE-2016-6136, CVE-2016-6480, CVE-2016-6828.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.

\n
    \n
  • CVE-2016-5696\n

    Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.\n Krishnamurthy of the University of California, Riverside; and Lisa\n M. Marvel of the United States Army Research Laboratory discovered\n that Linux's implementation of the TCP Challenge ACK feature\n results in a side channel that can be used to find TCP connections\n between specific IP addresses, and to inject messages into those\n connections.

    \n

    Where a service is made available through TCP, this may allow\n remote attackers to impersonate another connected user to the\n server or to impersonate the server to another connected user. In\n case the service uses a protocol with message authentication\n (e.g. TLS or SSH), this vulnerability only allows denial of\n service (connection failure). An attack takes tens of seconds, so\n short-lived TCP connections are also unlikely to be vulnerable.

    \n

    This may be mitigated by increasing the rate limit for TCP\n Challenge ACKs so that it is never exceeded:\n sysctl net.ipv4.tcp_challenge_ack_limit=1000000000

    • \n
  • CVE-2016-6136\n

    Pengfei Wang discovered that the audit subsystem has a\n 'double-fetch' or TOCTTOU bug in its handling of special\n characters in the name of an executable. Where audit logging of\n execve() is enabled, this allows a local user to generate\n misleading log messages.

    • \n
  • CVE-2016-6480\n

    Pengfei Wang discovered that the aacraid driver for Adaptec RAID\n controllers has a 'double-fetch' or TOCTTOU bug in its\n validation of FIB messages passed through the ioctl() system\n call. This has no practical security impact in current Debian\n releases.

    • \n
  • CVE-2016-6828\n

    Marco Grassi reported a 'use-after-free' bug in the TCP\n implementation, which can be triggered by local users. The\n security impact is unclear, but might include denial of service or\n privilege escalation.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.36-1+deb8u1. In addition, this update contains several\nchanges originally targeted for the upcoming jessie point release.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3660": "
\n

Debian Security Advisory

\n

DSA-3660-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
05 Sep 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5147, CVE-2016-5148, CVE-2016-5149, CVE-2016-5150, CVE-2016-5151, CVE-2016-5152, CVE-2016-5153, CVE-2016-5154, CVE-2016-5155, CVE-2016-5156, CVE-2016-5157, CVE-2016-5158, CVE-2016-5159, CVE-2016-5160, CVE-2016-5161, CVE-2016-5162, CVE-2016-5163, CVE-2016-5164, CVE-2016-5165, CVE-2016-5166, CVE-2016-5167.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-5147\n

    A cross-site scripting issue was discovered.

    • \n
  • CVE-2016-5148\n

    Another cross-site scripting issue was discovered.

    • \n
  • CVE-2016-5149\n

    Max Justicz discovered a script injection issue in extension handling.

    • \n
  • CVE-2016-5150\n

    A use-after-free issue was discovered in Blink/Webkit.

    • \n
  • CVE-2016-5151\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5152\n

    GiWan Go discovered a heap overflow issue in the pdfium library.

    • \n
  • CVE-2016-5153\n

    Atte Kettunen discovered a use-after-destruction issue.

    • \n
  • CVE-2016-5154\n

    A heap overflow issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5155\n

    An address bar spoofing issue was discovered.

    • \n
  • CVE-2016-5156\n

    jinmo123 discovered a use-after-free issue.

    • \n
  • CVE-2016-5157\n

    A heap overflow issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5158\n

    GiWan Go discovered a heap overflow issue in the pdfium library.

    • \n
  • CVE-2016-5159\n

    GiWan Go discovered another heap overflow issue in the pdfium library.

    • \n
  • CVE-2016-5160\n

    @l33terally discovered an extensions resource bypass.

    • \n
  • CVE-2016-5161\n

    A type confusion issue was discovered.

    • \n
  • CVE-2016-5162\n

    Nicolas Golubovic discovered an extensions resource bypass.

    • \n
  • CVE-2016-5163\n

    Rafay Baloch discovered an address bar spoofing issue.

    • \n
  • CVE-2016-5164\n

    A cross-site scripting issue was discovered in the developer tools.

    • \n
  • CVE-2016-5165\n

    Gregory Panakkal discovered a script injection issue in the developer\n tools.

    • \n
  • CVE-2016-5166\n

    Gregory Panakkal discovered an issue with the Save Page As feature.

    • \n
  • CVE-2016-5167\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 53.0.2785.89-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.89-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3661": "
\n

Debian Security Advisory

\n

DSA-3661-1 charybdis -- security update

\n
\n
Date Reported:
\n
06 Sep 2016
\n
Affected Packages:
\n
\ncharybdis\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7143.
\n
More information:
\n
\n

It was discovered that incorrect SASL authentication in the Charybdis\nIRC server may lead to users impersonating other users.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.2-5+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.3-1.

\n

We recommend that you upgrade your charybdis packages.

\n
\n
\n
\n
", "3662": "
\n

Debian Security Advisory

\n

DSA-3662-1 inspircd -- security update

\n
\n
Date Reported:
\n
08 Sep 2016
\n
Affected Packages:
\n
\ninspircd\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7142.
\n
More information:
\n
\n

It was discovered that incorrect SASL authentication in the Inspircd\nIRC server may lead to users impersonating other users.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.17-1+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.23-1.

\n

We recommend that you upgrade your inspircd packages.

\n
\n
\n
\n
", "3663": "
\n

Debian Security Advisory

\n

DSA-3663-1 xen -- security update

\n
\n
Date Reported:
\n
09 Sep 2016
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7092, CVE-2016-7094, CVE-2016-7154.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2016-7092 (XSA-185)\n

    Jeremie Boutoille of Quarkslab and Shangcong Luan of Alibaba\n discovered a flaw in the handling of L3 pagetable entries, allowing\n a malicious 32-bit PV guest administrator can escalate their\n privilege to that of the host.

    • \n
  • CVE-2016-7094 (XSA-187)\n

    x86 HVM guests running with shadow paging use a subset of the x86\n emulator to handle the guest writing to its own pagetables. Andrew\n Cooper of Citrix discovered that there are situations a guest can\n provoke which result in exceeding the space allocated for internal\n state. A malicious HVM guest administrator can cause Xen to fail a\n bug check, causing a denial of service to the host.

    • \n
  • CVE-2016-7154 (XSA-188)\n

    Mikhail Gorobets of Advanced Threat Research, Intel Security\n discovered a use after free flaw in the FIFO event channel code. A\n malicious guest administrator can crash the host, leading to a\n denial of service. Arbitrary code execution (and therefore privilege\n escalation), and information leaks, cannot be excluded.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u7.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3664": "
\n

Debian Security Advisory

\n

DSA-3664-1 pdns -- security update

\n
\n
Date Reported:
\n
10 Sep 2016
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 830808.
In Mitre's CVE dictionary: CVE-2016-5426, CVE-2016-5427, CVE-2016-6172.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in pdns, an authoritative\nDNS server. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2016-5426 / CVE-2016-5427\n

    Florian Heinz and Martin Kluge reported that the PowerDNS\n Authoritative Server accepts queries with a qname's length larger\n than 255 bytes and does not properly handle dot inside labels. A\n remote, unauthenticated attacker can take advantage of these flaws\n to cause abnormal load on the PowerDNS backend by sending specially\n crafted DNS queries, potentially leading to a denial of service.

    • \n
  • CVE-2016-6172\n

    It was reported that a malicious primary DNS server can crash a\n secondary PowerDNS server due to improper restriction of zone size\n limits. This update adds a feature to limit AXFR sizes in response\n to this flaw.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.1-4+deb8u6.

\n

We recommend that you upgrade your pdns packages.

\n
\n
\n
\n
", "3665": "
\n

Debian Security Advisory

\n

DSA-3665-1 openjpeg2 -- security update

\n
\n
Date Reported:
\n
11 Sep 2016
\n
Affected Packages:
\n
\nopenjpeg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6581, CVE-2015-8871, CVE-2016-1924, CVE-2016-7163.
\n
More information:
\n
\n

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-2+deb8u1.

\n

We recommend that you upgrade your openjpeg2 packages.

\n
\n
\n
\n
", "3666": "
\n

Debian Security Advisory

\n

DSA-3666-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
14 Sep 2016
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6662.
\n
More information:
\n
\n

Dawid Golunski discovered that the mysqld_safe wrapper provided by the\nMySQL database server insufficiently restricted the load path for custom\nmalloc implementations, which could result in privilege escalation.

\n

The vulnerability was addressed by upgrading MySQL to the new upstream\nversion 5.5.52, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes for further details:

\n\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.5.52-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3667": "
\n

Debian Security Advisory

\n

DSA-3667-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
15 Sep 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175, CVE-2016-7395.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-5170\n

    A use-after-free issue was discovered in Blink/Webkit.

    • \n
  • CVE-2016-5171\n

    Another use-after-free issue was discovered in Blink/Webkit.

    • \n
  • CVE-2016-5172\n

    Choongwoo Han discovered an information leak in the v8 javascript\n library.

    • \n
  • CVE-2016-5173\n

    A resource bypass issue was discovered in extensions.

    • \n
  • CVE-2016-5174\n

    Andrey Kovalev discoved a way to bypass the popup blocker.

    • \n
  • CVE-2016-5175\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
  • CVE-2016-7395\n

    An uninitialized memory read issue was discovered in the skia\n library.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 53.0.2785.113-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.113-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3668": "
\n

Debian Security Advisory

\n

DSA-3668-1 mailman -- security update

\n
\n
Date Reported:
\n
15 Sep 2016
\n
Affected Packages:
\n
\nmailman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 835970.
In Mitre's CVE dictionary: CVE-2016-6893.
\n
More information:
\n
\n

It was discovered that there was a CSRF vulnerability in mailman, a\nweb-based mailing list manager, which could allow an attacker to obtain\na user's password.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.18-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1.23-1.

\n

We recommend that you upgrade your mailman packages.

\n
\n
\n
\n
", "3669": "
\n

Debian Security Advisory

\n

DSA-3669-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
15 Sep 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1240.
\n
More information:
\n
\n

Dawid Golunski of LegalHackers discovered that the Tomcat init script\nperformed unsafe file handling, which could result in local privilege\nescalation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u4.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3670": "
\n

Debian Security Advisory

\n

DSA-3670-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
15 Sep 2016
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1240.
\n
More information:
\n
\n

Dawid Golunski of LegalHackers discovered that the Tomcat init script\nperformed unsafe file handling, which could result in local privilege\nescalation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u3.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3671": "
\n

Debian Security Advisory

\n

DSA-3671-1 wireshark -- security update

\n
\n
Date Reported:
\n
20 Sep 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7176, CVE-2016-7177, CVE-2016-7178, CVE-2016-7179, CVE-2016-7180.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the dissectors for H.225,\nCatapult DCT2000, UMTS FP and IPMI, which could result in denial of\nservice or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u9.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.2.0+g5368c50-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.0+g5368c50-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3672": "
\n

Debian Security Advisory

\n

DSA-3672-1 irssi -- security update

\n
\n
Date Reported:
\n
21 Sep 2016
\n
Affected Packages:
\n
\nirssi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7044, CVE-2016-7045.
\n
More information:
\n
\n

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely\nexploitable crash and heap corruption vulnerabilities in the format\nparsing code in Irssi, a terminal based IRC client.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.8.17-1+deb8u1.

\n

We recommend that you upgrade your irssi packages.

\n
\n
\n
\n
", "3673": "
\n

Debian Security Advisory

\n

DSA-3673-1 openssl -- security update

\n
\n
Date Reported:
\n
22 Sep 2016
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6306.
\n
More information:
\n
\n

Several vulnerabilities were discovered in OpenSSL:

\n
    \n
  • CVE-2016-2177\n

    Guido Vranken discovered that OpenSSL uses undefined pointer\n arithmetic. Additional information can be found at\n \n https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/

    • \n
  • CVE-2016-2178\n

    Cesar Pereida, Billy Brumley and Yuval Yarom discovered a timing\n leak in the DSA code.

    • \n
  • CVE-2016-2179 / CVE-2016-2181\n

    Quan Luo and the OCAP audit team discovered denial of service\n vulnerabilities in DTLS.

    • \n
  • CVE-2016-2180 / CVE-2016-2182 / CVE-2016-6303\n

    Shi Lei discovered an out-of-bounds memory read in\n TS_OBJ_print_bio() and an out-of-bounds write in BN_bn2dec()\n and MDC2_Update().

    • \n
  • CVE-2016-2183\n

    DES-based cipher suites are demoted from the HIGH group to MEDIUM\n as a mitigation for the SWEET32 attack.

    • \n
  • CVE-2016-6302\n

    Shi Lei discovered that the use of SHA512 in TLS session tickets\n is susceptible to denial of service.

    • \n
  • CVE-2016-6304\n

    Shi Lei discovered that excessively large OCSP status request may\n result in denial of service via memory exhaustion.

    • \n
  • CVE-2016-6306\n

    Shi Lei discovered that missing message length validation when parsing\n certificates may potentially result in denial of service.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u4.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3674": "
\n

Debian Security Advisory

\n

DSA-3674-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
22 Sep 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation disclosure.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.4.0esr-1~deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.4.0esr-1 of firefox-esr and in version 49.0-1 of firefox.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3675": "
\n

Debian Security Advisory

\n

DSA-3675-1 imagemagick -- security update

\n
\n
Date Reported:
\n
23 Sep 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 836776, Bug 836172, Bug 836171.
\n
More information:
\n
\n

This updates fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u5.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3676": "
\n

Debian Security Advisory

\n

DSA-3676-1 unadf -- security update

\n
\n
Date Reported:
\n
24 Sep 2016
\n
Affected Packages:
\n
\nunadf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 838248.
In Mitre's CVE dictionary: CVE-2016-1243, CVE-2016-1244.
\n
More information:
\n
\n

Tuomas R\u00e4s\u00e4nen discovered two vulnerabilities in unADF, a tool to extract\nfiles from an Amiga Disk File dump (.adf):

\n
    \n
  • CVE-2016-1243\n

    A stack buffer overflow in the function extractTree() might allow an\n attacker, with control on the content of a ADF file, to execute\n arbitrary code with the privileges of the program execution.

    • \n
  • CVE-2016-1244\n

    The unADF extractor creates the path in the destination via a mkdir\n in a system() call. Since there was no sanitization on the input of\n the filenames, an attacker can directly inject code in the pathnames\n of archived directories in an ADF file.

    • \n
\n

For the oldstable distribution (wheezy), these problems have been fixed\nin version 0.7.11a-3+deb7u1.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.7.11a-3+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.7.11a-4.

\n

We recommend that you upgrade your unadf packages.

\n
\n
\n
\n
", "3677": "
\n

Debian Security Advisory

\n

DSA-3677-1 libarchive -- security update

\n
\n
Date Reported:
\n
25 Sep 2016
\n
Affected Packages:
\n
\nlibarchive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 837714.
In Mitre's CVE dictionary: CVE-2016-5418, CVE-2016-6250, CVE-2016-7166.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libarchive, a multi-format\narchive and compression library, which may lead to denial of service\n(memory consumption and application crash), bypass of sandboxing\nrestrictions and overwrite arbitrary files with arbitrary data from an\narchive, or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.1.2-11+deb8u3.

\n

We recommend that you upgrade your libarchive packages.

\n
\n
\n
\n
", "3678": "
\n

Debian Security Advisory

\n

DSA-3678-1 python-django -- security update

\n
\n
Date Reported:
\n
26 Sep 2016
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7401.
\n
More information:
\n
\n

Sergey Bobrov discovered that cookie parsing in Django and Google\nAnalytics interacted such a way that an attacker could set arbitrary\ncookies. This allows other malicious web sites to bypass the\nCross-Site Request Forgery (CSRF) protections built into Django.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.7.11-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:1.10-1.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3679": "
\n

Debian Security Advisory

\n

DSA-3679-1 jackrabbit -- security update

\n
\n
Date Reported:
\n
27 Sep 2016
\n
Affected Packages:
\n
\njackrabbit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 838204.
In Mitre's CVE dictionary: CVE-2016-6801.
\n
More information:
\n
\n

Lukas Reschke discovered that Apache Jackrabbit, an implementation of\nthe Content Repository for Java Technology API, did not correctly\ncheck the Content-Type header on HTTP POST requests, enabling\nCross-Site Request Forgery (CSRF) attacks by malicious web sites.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.3.6-1+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.4-1.

\n

We recommend that you upgrade your jackrabbit packages.

\n
\n
\n
\n
", "3680": "
\n

Debian Security Advisory

\n

DSA-3680-1 bind9 -- security update

\n
\n
Date Reported:
\n
27 Sep 2016
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 831796, Bug 839010.
In Mitre's CVE dictionary: CVE-2016-2775, CVE-2016-2776.
\n
More information:
\n
\n

Two vulnerabilities were reported in BIND, a DNS server.

\n
    \n
  • CVE-2016-2775\n

    The lwresd component in BIND (which is not enabled by default)\n could crash while processing an overlong request name. This could\n lead to a denial of service.

    • \n
  • CVE-2016-2776\n

    A crafted query could crash the BIND name server daemon, leading\n to a denial of service. All server roles (authoritative,\n recursive and forwarding) in default configurations are\n affected.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:9.9.5.dfsg-9+deb8u7.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3681": "
\n

Debian Security Advisory

\n

DSA-3681-1 wordpress -- security update

\n
\n
Date Reported:
\n
29 Sep 2016
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 837090.
In Mitre's CVE dictionary: CVE-2016-4029, CVE-2016-6634, CVE-2016-6635, CVE-2016-7168, CVE-2016-7169.
\n
More information:
\n
\n

Several vulnerabilities were discovered in wordpress, a web blogging tool,\nwhich could allow remote attackers to compromise a site via cross-site\nscripting, cross-site request forgery, path traversal, or bypass restrictions.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u10.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3682": "
\n

Debian Security Advisory

\n

DSA-3682-1 c-ares -- security update

\n
\n
Date Reported:
\n
30 Sep 2016
\n
Affected Packages:
\n
\nc-ares\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 839151.
In Mitre's CVE dictionary: CVE-2016-5180.
\n
More information:
\n
\n

Gzob Qq discovered that the query-building functions in c-ares, an\nasynchronous DNS request library would not correctly process crafted\nquery names, resulting in a heap buffer overflow and potentially\nleading to arbitrary code execution.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.10.0-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.12.0-1.

\n

We recommend that you upgrade your c-ares packages.

\n
\n
\n
\n
", "3683": "
\n

Debian Security Advisory

\n

DSA-3683-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
02 Oct 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5177, CVE-2016-5178.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-5177\n

    A use-after-free issue was discovered in the v8 javascript library.

    • \n
  • CVE-2016-5178\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 53.0.2785.143-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 53.0.2785.143-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3684": "
\n

Debian Security Advisory

\n

DSA-3684-1 libdbd-mysql-perl -- security update

\n
\n
Date Reported:
\n
03 Oct 2016
\n
Affected Packages:
\n
\nlibdbd-mysql-perl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1246.
\n
More information:
\n
\n

Pali Rohar discovered that libdbd-mysql-perl, the Perl DBI database\ndriver for MySQL and MariaDB, constructed an error message in a\nfixed-length buffer, leading to a crash (_FORTIFY_SOURCE failure) and,\npotentially, to denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.028-2+deb8u2.

\n

We recommend that you upgrade your libdbd-mysql-perl packages.

\n
\n
\n
\n
", "3685": "
\n

Debian Security Advisory

\n

DSA-3685-1 libav -- security update

\n
\n
Date Reported:
\n
04 Oct 2016
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7424.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at \nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.8

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 6:11.8-1~deb8u1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3686": "
\n

Debian Security Advisory

\n

DSA-3686-1 icedove -- security update

\n
\n
Date Reported:
\n
04 Oct 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2836.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.3.0-1~deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:45.3.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3687": "
\n

Debian Security Advisory

\n

DSA-3687-1 nspr -- security update

\n
\n
Date Reported:
\n
05 Oct 2016
\n
Affected Packages:
\n
\nnspr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 583651.
In Mitre's CVE dictionary: CVE-2016-1951.
\n
More information:
\n
\n

Two vulnerabilities were reported in NSPR, a library to abstract over\noperating system interfaces developed by the Mozilla project.

\n
    \n
  • CVE-2016-1951\n

    q1 reported that the NSPR implementation of sprintf-style string\n formatting function miscomputed memory allocation sizes,\n potentially leading to heap-based buffer overflows

    • \n
\n

The second issue concerns environment variable processing in NSPR.\nThe library did not ignore environment variables used to configuring\nlogging and tracing in processes which underwent a SUID/SGID/AT_SECURE\ntransition at process start. In certain system configurations, this\nallowed local users to escalate their privileges.

\n

In addition, this nspr update contains further stability and\ncorrectness fixes and contains support code for an upcoming nss\nupdate.

\n

For the stable distribution (jessie), these problems have been fixed\nin version 2:4.12-1+debu8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:4.12-1.

\n

We recommend that you upgrade your nspr packages.

\n
\n
\n
\n
", "3688": "
\n

Debian Security Advisory

\n

DSA-3688-1 nss -- security update

\n
\n
Date Reported:
\n
05 Oct 2016
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 583651.
In Mitre's CVE dictionary: CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE-2016-1979, CVE-2016-2834.
\n
More information:
\n
\n

Several vulnerabilities were discovered in NSS, the cryptography\nlibrary developed by the Mozilla project.

\n
    \n
  • CVE-2015-4000\n

    David Adrian et al. reported that it may be feasible to attack\n Diffie-Hellman-based cipher suites in certain circumstances,\n compromising the confidentiality and integrity of data encrypted\n with Transport Layer Security (TLS).

    • \n
  • CVE-2015-7181\nCVE-2015-7182\nCVE-2016-1950\n

    Tyson Smith, David Keeler, and Francis Gabriel discovered\n heap-based buffer overflows in the ASN.1 DER parser, potentially\n leading to arbitrary code execution.

    • \n
  • CVE-2015-7575\n

    Karthikeyan Bhargavan discovered that TLS client implementation\n accepted MD5-based signatures for TLS 1.2 connections with forward\n secrecy, weakening the intended security strength of TLS\n connections.

    • \n
  • CVE-2016-1938\n

    Hanno Boeck discovered that NSS miscomputed the result of integer\n division for certain inputs. This could weaken the cryptographic\n protections provided by NSS. However, NSS implements RSA-CRT leak\n hardening, so RSA private keys are not directly disclosed by this\n issue.

    • \n
  • CVE-2016-1978\n

    Eric Rescorla discovered a use-after-free vulnerability in the\n implementation of ECDH-based TLS handshakes, with unknown\n consequences.

    • \n
  • CVE-2016-1979\n

    Tim Taubert discovered a use-after-free vulnerability in ASN.1 DER\n processing, with application-specific impact.

    • \n
  • CVE-2016-2834\n

    Tyson Smith and Jed Davis discovered unspecified memory-safety\n bugs in NSS.

    • \n
\n

In addition, the NSS library did not ignore environment variables in\nprocesses which underwent a SUID/SGID/AT_SECURE transition at process\nstart. In certain system configurations, this allowed local users to\nescalate their privileges.

\n

This update contains further correctness and stability fixes without\nimmediate security impact.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:3.23-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3689": "
\n

Debian Security Advisory

\n

DSA-3689-1 php5 -- security update

\n
\n
Date Reported:
\n
08 Oct 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.26, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.26+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3690": "
\n

Debian Security Advisory

\n

DSA-3690-1 icedove -- security update

\n
\n
Date Reported:
\n
10 Oct 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5257.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors may\nlead to the execution of arbitrary code or denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:45.4.0-1~deb8u1.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:45.4.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:45.4.0-1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3691": "
\n

Debian Security Advisory

\n

DSA-3691-1 ghostscript -- security update

\n
\n
Date Reported:
\n
12 Oct 2016
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 839118, Bug 839260, Bug 839841, Bug 839845, Bug 839846, Bug 840451.
In Mitre's CVE dictionary: CVE-2013-5653, CVE-2016-7976, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Ghostscript, the GPL\nPostScript/PDF interpreter, which may lead to the execution of arbitrary\ncode or information disclosure if a specially crafted Postscript file is\nprocessed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.06~dfsg-2+deb8u3.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
\n
\n
", "3692": "
\n

Debian Security Advisory

\n

DSA-3692-1 freeimage -- security update

\n
\n
Date Reported:
\n
13 Oct 2016
\n
Affected Packages:
\n
\nfreeimage\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3885, CVE-2016-5684.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the FreeImage multimedia\nlibrary, which might result in denial of service or the execution of\narbitrary code if a malformed XMP or RAW image is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.15.4-4.2+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 3.17.0+ds1-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.17.0+ds1-3.

\n

We recommend that you upgrade your freeimage packages.

\n
\n
\n
\n
", "3693": "
\n

Debian Security Advisory

\n

DSA-3693-1 libgd2 -- security update

\n
\n
Date Reported:
\n
14 Oct 2016
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6911, CVE-2016-7568, CVE-2016-8670.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the GD Graphics Library,\nwhich may result in denial of service or potentially the execution of\narbitrary code if a malformed file is processed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u7.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3694": "
\n

Debian Security Advisory

\n

DSA-3694-1 tor -- security update

\n
\n
Date Reported:
\n
18 Oct 2016
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8860.
\n
More information:
\n
\n

It has been discovered that Tor treats the contents of some buffer\nchunks as if they were a NUL-terminated string. This issue could\nenable a remote attacker to crash a Tor client, hidden service, relay,\nor authority.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.5.12-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.8.9-1.

\n

For the experimental distribution, this problem has been fixed in\nversion 0.2.9.4-alpha-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3695": "
\n

Debian Security Advisory

\n

DSA-3695-1 quagga -- security update

\n
\n
Date Reported:
\n
18 Oct 2016
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 841162.
In Mitre's CVE dictionary: CVE-2016-1245.
\n
More information:
\n
\n

It was discovered that the zebra daemon in the Quagga routing suite\nsuffered from a stack-based buffer overflow when processing IPv6\nNeighbor Discovery messages.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.99.23.1-1+deb8u3.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "3696": "
\n

Debian Security Advisory

\n

DSA-3696-1 linux -- security update

\n
\n
Date Reported:
\n
19 Oct 2016
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 831014.
In Mitre's CVE dictionary: CVE-2015-8956, CVE-2016-5195, CVE-2016-7042, CVE-2016-7425.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2015-8956\n

    It was discovered that missing input sanitising in RFCOMM Bluetooth\n socket handling may result in denial of service or information leak.

    • \n
  • CVE-2016-5195\n

    It was discovered that a race condition in the memory management\n code can be used for local privilege escalation.

    • \n
  • CVE-2016-7042\n

    Ondrej Kozina discovered that incorrect buffer allocation in the\n proc_keys_show() function may result in local denial of service.

    • \n
  • CVE-2016-7425\n

    Marco Grassi discovered a buffer overflow in the arcmsr SCSI driver\n which may result in local denial of service, or potentially,\n arbitrary code execution.

    • \n
\n

Additionally this update fixes a regression introduced in DSA-3616-1\ncausing iptables performance issues (cf. Debian Bug #831014).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.36-1+deb8u2.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3697": "
\n

Debian Security Advisory

\n

DSA-3697-1 kdepimlibs -- security update

\n
\n
Date Reported:
\n
21 Oct 2016
\n
Affected Packages:
\n
\nkdepimlibs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7966.
\n
More information:
\n
\n

Roland Tapken discovered that insufficient input sanitising in KMail's\nplain text viewer allowed the injection of HTML code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4:4.14.2-2+deb8u2.

\n

We recommend that you upgrade your kdepimlibs packages.

\n
\n
\n
\n
", "3698": "
\n

Debian Security Advisory

\n

DSA-3698-1 php5 -- security update

\n
\n
Date Reported:
\n
24 Oct 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9137.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.27, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n

https://php.net/ChangeLog-5.php#5.6.27

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.27+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3699": "
\n

Debian Security Advisory

\n

DSA-3699-1 virtualbox -- end-of-life

\n
\n
Date Reported:
\n
25 Oct 2016
\n
Affected Packages:
\n
\nvirtualbox\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Upstream support for the 4.3 release series has ended and since no\ninformation is available which would allow backports of isolated\nsecurity fixes, security support for virtualbox in jessie needed to be\nended as well.

\n
\n
\n
\n
", "3700": "
\n

Debian Security Advisory

\n

DSA-3700-1 asterisk -- security update

\n
\n
Date Reported:
\n
25 Oct 2016
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-3008, CVE-2016-2232, CVE-2016-2316, CVE-2016-7551.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Asterisk, an open source\nPBX and telephony toolkit, which may result in denial of service or\nincorrect certificate validation.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:11.13.1~dfsg-2+deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "3701": "
\n

Debian Security Advisory

\n

DSA-3701-1 nginx -- security update

\n
\n
Date Reported:
\n
25 Oct 2016
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1247.
\n
More information:
\n
\n

Dawid Golunski reported the nginx web server packages in Debian\nsuffered from a privilege escalation vulnerability (www-data to root)\ndue to the way log files are handled. This security update changes\nownership of the /var/log/nginx directory root. In addition,\n/var/log/nginx has to be made accessible to local users, and local\nusers may be able to read the log files themselves local until the\nnext logrotate invocation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.6.2-5+deb8u3.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "3702": "
\n

Debian Security Advisory

\n

DSA-3702-1 tar -- security update

\n
\n
Date Reported:
\n
01 Nov 2016
\n
Affected Packages:
\n
\ntar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842339.
In Mitre's CVE dictionary: CVE-2016-6321.
\n
More information:
\n
\n

Harry Sintonen discovered that GNU tar does not properly handle member\nnames containing '..', thus allowing an attacker to bypass the path\nnames specified on the command line and replace files and directories in\nthe target directory.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.27.1-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.29b-1.1.

\n

We recommend that you upgrade your tar packages.

\n
\n
\n
\n
", "3703": "
\n

Debian Security Advisory

\n

DSA-3703-1 bind9 -- security update

\n
\n
Date Reported:
\n
01 Nov 2016
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842858.
In Mitre's CVE dictionary: CVE-2016-8864.
\n
More information:
\n
\n

Tony Finch and Marco Davids reported an assertion failure in BIND, a\nDNS server implementation, which causes the server process to\nterminate. This denial-of-service vulnerability is related to a\ndefect in the processing of responses with DNAME records from\nauthoritative servers and primarily affects recursive resolvers.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u8.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3704": "
\n

Debian Security Advisory

\n

DSA-3704-1 memcached -- security update

\n
\n
Date Reported:
\n
03 Nov 2016
\n
Affected Packages:
\n
\nmemcached\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842811, Bug 842812, Bug 842814.
In Mitre's CVE dictionary: CVE-2016-8704, CVE-2016-8705, CVE-2016-8706.
\n
More information:
\n
\n

Aleksandar Nikolic of Cisco Talos discovered several integer overflow\nvulnerabilities in memcached, a high-performance memory object caching\nsystem. A remote attacker can take advantage of these flaws to cause a\ndenial of service (daemon crash), or potentially to execute arbitrary\ncode.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.21-1.1+deb8u1.

\n

We recommend that you upgrade your memcached packages.

\n
\n
\n
\n
", "3705": "
\n

Debian Security Advisory

\n

DSA-3705-1 curl -- security update

\n
\n
Date Reported:
\n
03 Nov 2016
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624.
\n
More information:
\n
\n

Several vulnerabilities were discovered in cURL, an URL transfer library:

\n
    \n
  • CVE-2016-8615\n

    It was discovered that a malicious HTTP server could inject new\n cookies for arbitrary domains into a cookie jar.

    • \n
  • CVE-2016-8616\n

    It was discovered that when re-using a connection, curl was doing case\n insensitive comparisons of user name and password with the existing\n connections.

    • \n
  • CVE-2016-8617\n

    It was discovered that on systems with 32-bit addresses in userspace\n (e.g. x86, ARM, x32), the output buffer size value calculated in the\n base64 encode function would wrap around if input size was at least\n 1GB of data, causing an undersized output buffer to be allocated.

    • \n
  • CVE-2016-8618\n

    It was discovered that the curl_maprintf() function could be tricked\n into doing a double-free due to an unsafe size_t multiplication on\n systems using 32 bit size_t variables.

    • \n
  • CVE-2016-8619\n

    It was discovered that the Kerberos implementation could be\n tricked into doing a double-free when reading one of the length fields\n from a socket.

    • \n
  • CVE-2016-8620\n

    It was discovered that the curl tool's globbing feature could write\n to invalid memory areas when parsing invalid ranges.

    • \n
  • CVE-2016-8621\n

    It was discovered that the function curl_getdate could read out of\n bounds when parsing invalid date strings.

    • \n
  • CVE-2016-8622\n

    It was discovered that the URL percent-encoding decode function would\n return a signed 32bit integer variable as length, even though it\n allocated a destination buffer larger than 2GB, which would lead to\n a out-of-bounds write.

    • \n
  • CVE-2016-8623\n

    It was discovered that libcurl could access an already-freed memory\n area due to concurrent access to shared cookies. This could lead to\n a denial of service or disclosure of sensitive information.

    • \n
  • CVE-2016-8624\n

    It was discovered that curl wouldn't parse the authority component of\n a URL correctly when the host name part ends with a '#' character,\n and could be tricked into connecting to a different host.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.38.0-4+deb8u5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 7.51.0-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3706": "
\n

Debian Security Advisory

\n

DSA-3706-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
07 Nov 2016
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 841050.
In Mitre's CVE dictionary: CVE-2016-5584, CVE-2016-7440.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.53, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.53-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3707": "
\n

Debian Security Advisory

\n

DSA-3707-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
07 Nov 2016
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in breakouts\nof the Java sandbox or denial of service.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7u111-2.6.7-2~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3708": "
\n

Debian Security Advisory

\n

DSA-3708-1 mat -- security update

\n
\n
Date Reported:
\n
07 Nov 2016
\n
Affected Packages:
\n
\nmat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 826101.
\n
More information:
\n
\n

Hartmut Goebel discovered that MAT, a toolkit to anonymise/remove\nmetadata from files did not remove metadata from images embededed in PDF\ndocuments.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.5.2-3+deb8u1. This update disables PDF support in MAT\nentirely.

\n

We recommend that you upgrade your mat packages.

\n
\n
\n
\n
", "3709": "
\n

Debian Security Advisory

\n

DSA-3709-1 libxslt -- security update

\n
\n
Date Reported:
\n
08 Nov 2016
\n
Affected Packages:
\n
\nlibxslt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842570.
In Mitre's CVE dictionary: CVE-2016-4738.
\n
More information:
\n
\n

Nick Wellnhofer discovered that the xsltFormatNumberConversion function\nin libxslt, an XSLT processing runtime library, does not properly check\nfor a zero byte terminating the pattern string. This flaw can be\nexploited to leak a couple of bytes after the buffer that holds the\npattern string.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.1.28-2+deb8u2.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1.1.29-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.29-2.

\n

We recommend that you upgrade your libxslt packages.

\n
\n
\n
\n
", "3710": "
\n

Debian Security Advisory

\n

DSA-3710-1 pillow -- security update

\n
\n
Date Reported:
\n
10 Nov 2016
\n
Affected Packages:
\n
\npillow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9189, CVE-2016-9190.
\n
More information:
\n
\n

Cris Neckar discovered multiple vulnerabilities in Pillow, a Python\nimaging library, which may result in the execution of arbitrary code or\ninformation disclosure if a malformed image file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.6.1-2+deb8u3.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 3.4.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.4.2-1.

\n

We recommend that you upgrade your pillow packages.

\n
\n
\n
\n
", "3711": "
\n

Debian Security Advisory

\n

DSA-3711-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
11 Nov 2016
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3492, CVE-2016-5584, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6663, CVE-2016-7440, CVE-2016-8283.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.28. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.28-0+deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 10.0.28-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.0.28-1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3712": "
\n

Debian Security Advisory

\n

DSA-3712-1 terminology -- security update

\n
\n
Date Reported:
\n
13 Nov 2016
\n
Affected Packages:
\n
\nterminology\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8971.
\n
More information:
\n
\n

Nicolas Braud-Santoni discovered that incorrect sanitising of character\nescape sequences in the Terminology terminal emulator may result in the\nexecution of arbitrary commands.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.7.0-1+deb8u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your terminology packages.

\n
\n
\n
\n
", "3713": "
\n

Debian Security Advisory

\n

DSA-3713-1 gst-plugins-bad0.10 -- security update

\n
\n
Date Reported:
\n
15 Nov 2016
\n
Affected Packages:
\n
\ngst-plugins-bad0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES\nSound Format files allowed the execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttp://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.10.23-7.4+deb8u1.

\n

The unstable distribution (sid) no longer contains Gstreamer 0.10.

\n

We recommend that you upgrade your gst-plugins-bad0.10 packages.

\n
\n
\n
\n
", "3714": "
\n

Debian Security Advisory

\n

DSA-3714-1 akonadi -- security update

\n
\n
Date Reported:
\n
15 Nov 2016
\n
Affected Packages:
\n
\nakonadi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 843534.
\n
More information:
\n
\n

In some configurations the MySQL storage backend for Akonadi, an\nextensible cross-desktop Personal Information Management (PIM) storage\nservice failed to start after applying the MySQL 5.5.53 security upgrade.

\n

This update extends the /etc/akonadi/mysql-global.conf configuration\nfile to restore compatibility (version 1.13.0-2+deb8u2).

\n

We recommend that you upgrade your akonadi packages.

\n
\n
\n
\n
", "3715": "
\n

Debian Security Advisory

\n

DSA-3715-1 moin -- security update

\n
\n
Date Reported:
\n
15 Nov 2016
\n
Affected Packages:
\n
\nmoin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 844338, Bug 844340, Bug 844341.
In Mitre's CVE dictionary: CVE-2016-7146, CVE-2016-7148, CVE-2016-9119.
\n
More information:
\n
\n

Several cross-site scripting vulnerabilities were discovered in moin, a\nPython clone of WikiWiki. A remote attacker can conduct cross-site\nscripting attacks via the GUI editor's attachment dialogue\n(CVE-2016-7146),\nthe AttachFile view (CVE-2016-7148)\nand the GUI editor's link dialogue (CVE-2016-9119).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.9.8-1+deb8u1.

\n

We recommend that you upgrade your moin packages.

\n
\n
\n
\n
", "3716": "
\n

Debian Security Advisory

\n

DSA-3716-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
16 Nov 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066, CVE-2016-9074.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\nbypass of the same-origin policy. Also, a man-in-the-middle attack in\nthe addon update mechanism has been fixed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.5.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.5.0esr-1 and version 50.0-1 of the firefox source package.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3717": "
\n

Debian Security Advisory

\n

DSA-3717-1 gst-plugins-bad1.0, gst-plugins-bad0.10 -- security update

\n
\n
Date Reported:
\n
17 Nov 2016
\n
Affected Packages:
\n
\ngst-plugins-bad1.0, gst-plugins-bad0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Chris Evans discovered that the GStreamer plugin to decode VMware screen\ncapture files allowed the execution of arbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.4-2.1+deb8u1 of gst-plugins-bad1.0 and version\n0.10.23-7.4+deb8u2 of gst-plugins-bad0.10.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.10.1-1 of gst-plugins-bad1.0.

\n

We recommend that you upgrade your gst-plugins-bad1.0 packages.

\n
\n
\n
\n
", "3718": "
\n

Debian Security Advisory

\n

DSA-3718-1 drupal7 -- security update

\n
\n
Date Reported:
\n
17 Nov 2016
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9449, CVE-2016-9451.
\n
More information:
\n
\n

Multiple vulnerabilities has been found in the Drupal content management\nframework. For additional information, please refer to the upstream advisory\nat https://www.drupal.org/SA-CORE-2016-005

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.32-1+deb8u8.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.52-1.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3719": "
\n

Debian Security Advisory

\n

DSA-3719-1 wireshark -- security update

\n
\n
Date Reported:
\n
21 Nov 2016
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9373, CVE-2016-9374, CVE-2016-9375, CVE-2016-9376.
\n
More information:
\n
\n

It was discovered that wireshark, a network protocol analyzer,\ncontained several vulnerabilities in the dissectors for DCERPC,\nAllJoyn, DTN, and OpenFlow, that could lead to various crashes,\ndenial-of-service, or execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u10.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.2+g9c5aae3-1.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3720": "
\n

Debian Security Advisory

\n

DSA-3720-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
21 Nov 2016
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 840685.
In Mitre's CVE dictionary: CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797.
\n
More information:
\n
\n

Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u4.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3721": "
\n

Debian Security Advisory

\n

DSA-3721-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
21 Nov 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 841655, Bug 842662, Bug 842663, Bug 842664, Bug 842665, Bug 842666.
In Mitre's CVE dictionary: CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797.
\n
More information:
\n
\n

Multiple security vulnerabilities have been discovered in the Tomcat\nservlet and JSP engine, which may result in possible timing attacks to\ndetermine valid user names, bypass of the SecurityManager, disclosure of\nsystem properties, unrestricted access to global resources, arbitrary\nfile overwrites, and potentially escalation of privileges.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u5.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3722": "
\n

Debian Security Advisory

\n

DSA-3722-1 vim -- security update

\n
\n
Date Reported:
\n
22 Nov 2016
\n
Affected Packages:
\n
\nvim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1248.
\n
More information:
\n
\n

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi\neditor, does not properly validate values for the filetype,\nsyntax and keymap options, which may result in the execution of\narbitrary code if a file with a specially crafted modeline is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:7.4.488-7+deb8u1.

\n

We recommend that you upgrade your vim packages.

\n
\n
\n
\n
", "3723": "
\n

Debian Security Advisory

\n

DSA-3723-1 gst-plugins-good1.0 -- security update

\n
\n
Date Reported:
\n
24 Nov 2016
\n
Affected Packages:
\n
\ngst-plugins-good1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 845375.
In Mitre's CVE dictionary: CVE-2016-9634, CVE-2016-9635, CVE-2016-9636.
\n
More information:
\n
\n

Chris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.

\n

We recommend that you upgrade your gst-plugins-good1.0 packages.

\n
\n
\n
\n
", "3724": "
\n

Debian Security Advisory

\n

DSA-3724-1 gst-plugins-good0.10 -- security update

\n
\n
Date Reported:
\n
24 Nov 2016
\n
Affected Packages:
\n
\ngst-plugins-good0.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9634, CVE-2016-9635, CVE-2016-9636.
\n
More information:
\n
\n

Chris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html

\n

This update removes the insecure FLIC file format plugin.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.10.31-3+nmu4+deb8u2.

\n

We recommend that you upgrade your gst-plugins-good0.10 packages.

\n
\n
\n
\n
", "3725": "
\n

Debian Security Advisory

\n

DSA-3725-1 icu -- security update

\n
\n
Date Reported:
\n
27 Nov 2016
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 838694.
In Mitre's CVE dictionary: CVE-2014-9911, CVE-2015-2632, CVE-2015-4844, CVE-2016-0494, CVE-2016-6293, CVE-2016-7415.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the International Components\nfor Unicode (ICU) library.

\n
    \n
  • CVE-2014-9911\n

    Michele Spagnuolo discovered a buffer overflow vulnerability which\n might allow remote attackers to cause a denial of service or possibly\n execute arbitrary code via crafted text.

    • \n
  • CVE-2015-2632\n

    An integer overflow vulnerability might lead into a denial of service\n or disclosure of portion of application memory if an attacker has\n control on the input file.

    • \n
  • CVE-2015-4844\n

    Buffer overflow vulnerabilities might allow an attacker with control\n on the font file to perform a denial of service or,\n possibly, execute arbitrary code.

    • \n
  • CVE-2016-0494\n

    Integer signedness issues were introduced as part of the\n CVE-2015-4844 fix.

    • \n
  • CVE-2016-6293\n

    A buffer overflow might allow an attacker to perform a denial of\n service or disclosure of portion of application memory.

    • \n
  • CVE-2016-7415\n

    A stack-based buffer overflow might allow an attacker with control on\n the locale string to perform a denial of service and, possibly,\n execute arbitrary code.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 57.1-5.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "3726": "
\n

Debian Security Advisory

\n

DSA-3726-1 imagemagick -- security update

\n
\n
Date Reported:
\n
26 Nov 2016
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 840437, Bug 845195, Bug 845196, Bug 845198, Bug 845202, Bug 845206, Bug 845212, Bug 845213, Bug 845241, Bug 845242, Bug 845243, Bug 845244, Bug 845246, Bug 840435.
In Mitre's CVE dictionary: CVE-2016-7799, CVE-2016-7906, CVE-2016-8677, CVE-2016-8862, CVE-2016-9556, CVE-2016-9559.
\n
More information:
\n
\n

Several issues have been discovered in ImageMagick, a popular set of\nprograms and libraries for image manipulation. These issues include\nseveral problems in memory handling that can result in a denial of\nservice attack or in execution of arbitrary code by an attacker with\ncontrol on the image input.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.6.5+dfsg-1.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3727": "
\n

Debian Security Advisory

\n

DSA-3727-1 hdf5 -- security update

\n
\n
Date Reported:
\n
30 Nov 2016
\n
Affected Packages:
\n
\nhdf5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 845301.
In Mitre's CVE dictionary: CVE-2016-4330, CVE-2016-4331, CVE-2016-4332, CVE-2016-4333.
\n
More information:
\n
\n

Cisco Talos discovered that hdf5, a file format and library for\nstoring scientific data, contained several vulnerabilities that could\nlead to arbitrary code execution when handling untrusted data.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.8.13+docs-15+deb8u1.

\n

For the testing distribution (stretch) and unstable distribution\n(sid), these problems have been fixed in version 1.10.0-patch1+docs-1.

\n

We recommend that you upgrade your hdf5 packages.

\n
\n
\n
\n
", "3728": "
\n

Debian Security Advisory

\n

DSA-3728-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
01 Dec 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9079.
\n
More information:
\n
\n

A use-after-free vulnerability in the SVG Animation was discovered in\nthe Mozilla Firefox web browser, allowing a remote attacker to cause a\ndenial of service (application crash) or execute arbitrary code, if a\nuser is tricked into opening a specially crafted website.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 45.5.1esr-1~deb8u1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3729": "
\n

Debian Security Advisory

\n

DSA-3729-1 xen -- security update

\n
\n
Date Reported:
\n
07 Dec 2016
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 845663, Bug 845664, Bug 845665, Bug 845668, Bug 845670.
In Mitre's CVE dictionary: CVE-2016-7777, CVE-2016-9379, CVE-2016-9380, CVE-2016-9382, CVE-2016-9383, CVE-2016-9385, CVE-2016-9386.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor. The\nCommon Vulnerabilities and Exposures project identifies the following\nproblems:

\n
    \n
  • CVE-2016-7777\n (XSA-190)\n

    Jan Beulich from SUSE discovered that Xen does not properly honor\n CR0.TS and CR0.EM for x86 HVM guests, potentially allowing guest\n users to read or modify FPU, MMX, or XMM register state information\n belonging to arbitrary tasks on the guest by modifying an\n instruction while the hypervisor is preparing to emulate it.

    • \n
  • CVE-2016-9379,\n CVE-2016-9380 (XSA-198)\n

    Daniel Richman and Gabor Szarka of the Cambridge University\n Student-Run Computing Facility discovered that pygrub, the boot\n loader emulator, fails to quote (or sanity check) its results when\n reporting them to its caller. A malicious guest administrator can\n take advantage of this flaw to cause an information leak or denial\n of service.

    • \n
  • CVE-2016-9382\n (XSA-192)\n

    Jan Beulich of SUSE discovered that Xen does not properly handle x86\n task switches to VM86 mode. A unprivileged guest process can take\n advantage of this flaw to crash the guest or, escalate its\n privileges to that of the guest operating system.

    • \n
  • CVE-2016-9383\n (XSA-195)\n

    George Dunlap of Citrix discovered that the Xen x86 64-bit bit test\n instruction emulation is broken. A malicious guest can take\n advantage of this flaw to modify arbitrary memory, allowing for\n arbitrary code execution, denial of service (host crash), or\n information leaks.

    • \n
  • CVE-2016-9385\n (XSA-193)\n

    Andrew Cooper of Citrix discovered that Xen's x86 segment base write\n emulation lacks canonical address checks. A malicious guest\n administrator can take advantage of this flaw to crash the host,\n leading to a denial of service.

    • \n
  • CVE-2016-9386\n (XSA-191)\n

    Andrew Cooper of Citrix discovered that x86 null segments are not\n always treated as unusable. An unprivileged guest user program\n may be able to elevate its privilege to that of the guest\n operating system.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u8.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3730": "
\n

Debian Security Advisory

\n

DSA-3730-1 icedove -- security update

\n
\n
Date Reported:
\n
11 Dec 2016
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-9074, CVE-2016-9079.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple memory safety errors,\nsame-origin policy bypass issues, integer overflows, buffer overflows\nand use-after-frees may lead to the execution of arbitrary code or\ndenial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:45.5.1-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:45.5.1-1 or earlier.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3731": "
\n

Debian Security Advisory

\n

DSA-3731-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
11 Dec 2016
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193, CVE-2016-5194, CVE-2016-5198, CVE-2016-5199, CVE-2016-5200, CVE-2016-5201, CVE-2016-5202, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2016-5181\n

    A cross-site scripting issue was discovered.

    • \n
  • CVE-2016-5182\n

    Giwan Go discovered a heap overflow issue.

    • \n
  • CVE-2016-5183\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5184\n

    Another use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5185\n

    cloudfuzzer discovered a use-after-free issue in Blink/Webkit.

    • \n
  • CVE-2016-5186\n

    Abdulrahman Alqabandi discovered an out-of-bounds read issue in the\n developer tools.

    • \n
  • CVE-2016-5187\n

    Luan Herrera discovered a URL spoofing issue.

    • \n
  • CVE-2016-5188\n

    Luan Herrera discovered that some drop down menus can be used to\n hide parts of the user interface.

    • \n
  • CVE-2016-5189\n

    xisigr discovered a URL spoofing issue.

    • \n
  • CVE-2016-5190\n

    Atte Kettunen discovered a use-after-free issue.

    • \n
  • CVE-2016-5191\n

    Gareth Hughes discovered a cross-site scripting issue.

    • \n
  • CVE-2016-5192\n

    haojunhou@gmail.com discovered a same-origin bypass.

    • \n
  • CVE-2016-5193\n

    Yuyang Zhou discovered a way to pop open a new window.

    • \n
  • CVE-2016-5194\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
  • CVE-2016-5198\n

    Tencent Keen Security Lab discovered an out-of-bounds memory access\n issue in the v8 javascript library.

    • \n
  • CVE-2016-5199\n

    A heap corruption issue was discovered in the ffmpeg library.

    • \n
  • CVE-2016-5200\n

    Choongwoo Han discovered an out-of-bounds memory access issue in\n the v8 javascript library.

    • \n
  • CVE-2016-5201\n

    Rob Wu discovered an information leak.

    • \n
  • CVE-2016-5202\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
  • CVE-2016-5203\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5204\n

    Mariusz Mlynski discovered a cross-site scripting issue in SVG\n image handling.

    • \n
  • CVE-2016-5205\n

    A cross-site scripting issue was discovered.

    • \n
  • CVE-2016-5206\n

    Rob Wu discovered a same-origin bypass in the pdfium library.

    • \n
  • CVE-2016-5207\n

    Mariusz Mlynski discovered a cross-site scripting issue.

    • \n
  • CVE-2016-5208\n

    Mariusz Mlynski discovered another cross-site scripting issue.

    • \n
  • CVE-2016-5209\n

    Giwan Go discovered an out-of-bounds write issue in Blink/Webkit.

    • \n
  • CVE-2016-5210\n

    Ke Liu discovered an out-of-bounds write in the pdfium library.

    • \n
  • CVE-2016-5211\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5212\n

    Khalil Zhani discovered an information disclosure issue in the\n developer tools.

    • \n
  • CVE-2016-5213\n

    Khalil Zhani discovered a use-after-free issue in the v8 javascript\n library.

    • \n
  • CVE-2016-5214\n

    Jonathan Birch discovered a file download protection bypass.

    • \n
  • CVE-2016-5215\n

    Looben Yang discovered a use-after-free issue.

    • \n
  • CVE-2016-5216\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2016-5217\n

    Rob Wu discovered a condition where data was not validated by\n the pdfium library.

    • \n
  • CVE-2016-5218\n

    Abdulrahman Alqabandi discovered a URL spoofing issue.

    • \n
  • CVE-2016-5219\n

    Rob Wu discovered a use-after-free issue in the v8 javascript\n library.

    • \n
  • CVE-2016-5220\n

    Rob Wu discovered a way to access files on the local system.

    • \n
  • CVE-2016-5221\n

    Tim Becker discovered an integer overflow issue in the angle\n library.

    • \n
  • CVE-2016-5222\n

    xisigr discovered a URL spoofing issue.

    • \n
  • CVE-2016-5223\n

    Hwiwon Lee discovered an integer overflow issue in the pdfium\n library.

    • \n
  • CVE-2016-5224\n

    Roeland Krak discovered a same-origin bypass in SVG image handling.

    • \n
  • CVE-2016-5225\n

    Scott Helme discovered a Content Security Protection bypass.

    • \n
  • CVE-2016-5226\n

    Jun Kokatsu discovered a cross-scripting issue.

    • \n
  • CVE-2016-9650\n

    Jakub \u017boczek discovered a Content Security Protection information\n disclosure.

    • \n
  • CVE-2016-9651\n

    Guang Gong discovered a way to access private data in the v8\n javascript library.

    • \n
  • CVE-2016-9652\n

    The chrome development team found and fixed various issues during\n internal auditing.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 55.0.2883.75-1~deb8u1.

\n

For the testing distribution (stretch), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 55.0.2883.75-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3732": "
\n

Debian Security Advisory

\n

DSA-3732-1 php5 -- security update

\n
\n
Date Reported:
\n
13 Dec 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9138, CVE-2016-9933, CVE-2016-9934.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.28, which includes additional bug fixes. Please refer to\nthe upstream changelog for more information:

\n

\nhttps://secure.php.net/ChangeLog-5.php#5.6.28

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.28+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3733": "
\n

Debian Security Advisory

\n

DSA-3733-1 apt -- security update

\n
\n
Date Reported:
\n
13 Dec 2016
\n
Affected Packages:
\n
\napt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1252.
\n
More information:
\n
\n

Jann Horn of Google Project Zero discovered that APT, the high level\npackage manager, does not properly handle errors when validating\nsignatures on InRelease files. An attacker able to man-in-the-middle\nHTTP requests to an apt repository that uses InRelease files\n(clearsigned Release files), can take advantage of this flaw to\ncircumvent the signature of the InRelease file, leading to arbitrary\ncode execution.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.9.8.4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4~beta2.

\n

We recommend that you upgrade your apt packages.

\n
\n
\n
\n
", "3734": "
\n

Debian Security Advisory

\n

DSA-3734-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
14 Dec 2016
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, buffer overflows and other\nimplementation errors may lead to the execution of arbitrary code or\ninformation leaks.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.6.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.6.0esr-1 of firefox-esr and version 50.1.0-1 of firefox.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3735": "
\n

Debian Security Advisory

\n

DSA-3735-1 game-music-emu -- security update

\n
\n
Date Reported:
\n
15 Dec 2016
\n
Affected Packages:
\n
\ngame-music-emu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
No other external database security references currently available.
\n
More information:
\n
\n

Chris Evans discovered that incorrect emulation of the SPC700 audio\nco-processor of the Super Nintendo Entertainment System allows the\nexecution of arbitrary code if a malformed SPC music file is opened.\nFurther information can be found at\n\nhttp://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.5.5-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.6.0-4.

\n

We recommend that you upgrade your game-music-emu packages.

\n
\n
\n
\n
", "3736": "
\n

Debian Security Advisory

\n

DSA-3736-1 libupnp -- security update

\n
\n
Date Reported:
\n
16 Dec 2016
\n
Affected Packages:
\n
\nlibupnp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 831857, Bug 842093.
In Mitre's CVE dictionary: CVE-2016-6255, CVE-2016-8863.
\n
More information:
\n
\n

Two vulnerabilities were discovered in libupnp, a portable SDK for\nUPnP devices.

\n
    \n
  • CVE-2016-6255\n

    Matthew Garret discovered that libupnp by default allows any user to\n write to the filesystem of the host running a libupnp-based server\n application.

    • \n
  • CVE-2016-8863\n

    Scott Tenaglia discovered a heap buffer overflow vulnerability, that\n can lead to denial of service or remote code execution.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:1.6.19+git20141001-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 1:1.6.19+git20160116-1.2.

\n

We recommend that you upgrade your libupnp packages.

\n
\n
\n
\n
", "3737": "
\n

Debian Security Advisory

\n

DSA-3737-1 php5 -- security update

\n
\n
Date Reported:
\n
16 Dec 2016
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9935.
\n
More information:
\n
\n

Several vulnerabilities were found in PHP, a general-purpose scripting\nlanguage commonly used for web application development.

\n

The vulnerabilities are addressed by upgrading PHP to the new upstream\nversion 5.6.29, which includes additional bug fixes. Please refer to the\nupstream changelog for more information:

\n

\nhttps://php.net/ChangeLog-5.php#5.6.29

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.29+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3738": "
\n

Debian Security Advisory

\n

DSA-3738-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
18 Dec 2016
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802312, Bug 845385, Bug 845393.
In Mitre's CVE dictionary: CVE-2016-6816, CVE-2016-8735, CVE-2016-9774, CVE-2016-9775.
\n
More information:
\n
\n

Multiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.

\n

As part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3739": "
\n

Debian Security Advisory

\n

DSA-3739-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
18 Dec 2016
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802312, Bug 845385, Bug 845393.
In Mitre's CVE dictionary: CVE-2016-6816, CVE-2016-8735, CVE-2016-9774, CVE-2016-9775.
\n
More information:
\n
\n

Multiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution.

\n

As part of this update, several regressions stemming from incomplete\nfixes for previous vulnerabilities were also fixed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u5.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 8.5.8-2.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3740": "
\n

Debian Security Advisory

\n

DSA-3740-1 samba -- security update

\n
\n
Date Reported:
\n
19 Dec 2016
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 830195.
In Mitre's CVE dictionary: CVE-2016-2119, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file,\nprint, and login server for Unix. The Common Vulnerabilities and\nExposures project identifies the following issues:

\n
    \n
  • CVE-2016-2119\n

    Stefan Metzmacher discovered that client-side SMB2/3 required\n signing can be downgraded, allowing a man-in-the-middle attacker to\n impersonate a server being connected to by Samba, and return\n malicious results.

    • \n
  • CVE-2016-2123\n

    Trend Micro's Zero Day Initiative and Frederic Besler discovered\n that the routine ndr_pull_dnsp_name, used to parse data from the\n Samba Active Directory ldb database, contains an integer overflow\n flaw, leading to an attacker-controlled memory overwrite. An\n authenticated user can take advantage of this flaw for remote\n privilege escalation.

    • \n
  • CVE-2016-2125\n

    Simo Sorce of Red Hat discovered that the Samba client code always\n requests a forwardable ticket when using Kerberos authentication. A\n target server, which must be in the current or trusted domain/realm,\n is given a valid general purpose Kerberos Ticket Granting Ticket\n (TGT), which can be used to fully impersonate the authenticated user\n or service.

    • \n
  • CVE-2016-2126\n

    Volker Lendecke discovered several flaws in the Kerberos PAC\n validation. A remote, authenticated, attacker can cause the winbindd\n process to crash using a legitimate Kerberos ticket due to incorrect\n handling of the PAC checksum. A local service with access to the\n winbindd privileged pipe can cause winbindd to cache elevated access\n permissions.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:4.2.14+dfsg-0+deb8u2. In addition, this update contains\nseveral changes originally targeted for the upcoming jessie point\nrelease.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3741": "
\n

Debian Security Advisory

\n

DSA-3741-1 tor -- security update

\n
\n
Date Reported:
\n
20 Dec 2016
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 848847.
In Mitre's CVE dictionary: CVE-2016-1254.
\n
More information:
\n
\n

It was discovered that Tor, a connection-based low-latency anonymous\ncommunication system, may read one byte past a buffer when parsing\nhidden service descriptors. This issue may enable a hostile hidden\nservice to crash Tor clients depending on hardening options and malloc\nimplementation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.5.12-4.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 0.2.9.8-2.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3742": "
\n

Debian Security Advisory

\n

DSA-3742-1 flightgear -- security update

\n
\n
Date Reported:
\n
20 Dec 2016
\n
Affected Packages:
\n
\nflightgear\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9956.
\n
More information:
\n
\n

It was discovered that the Flight Gear flight simulator performs\ninsufficient sanitising of Nasal scripts which allows a malicious script\nto overwrite arbitrary files with the privileges of the user running\nFlight Gear.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.0.0-5+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2016.4.3+dfsg-1.

\n

We recommend that you upgrade your flightgear packages.

\n
\n
\n
\n
", "3743": "
\n

Debian Security Advisory

\n

DSA-3743-1 python-bottle -- security update

\n
\n
Date Reported:
\n
20 Dec 2016
\n
Affected Packages:
\n
\npython-bottle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 848392.
In Mitre's CVE dictionary: CVE-2016-9964.
\n
More information:
\n
\n

It was discovered that bottle, a WSGI-framework for the Python\nprogramming language, did not properly filter \"\\r\\n\" sequences when\nhandling redirections. This allowed an attacker to perform CRLF\nattacks such as HTTP header injection.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.12.7-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 0.12.11-1.

\n

We recommend that you upgrade your python-bottle packages.

\n
\n
\n
\n
", "3744": "
\n

Debian Security Advisory

\n

DSA-3744-1 libxml2 -- security update

\n
\n
Date Reported:
\n
23 Dec 2016
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 840553, Bug 840554.
In Mitre's CVE dictionary: CVE-2016-4658, CVE-2016-5131.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, or potentially, the execution of arbitrary code with\nthe privileges of the user running the application.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.9.1+dfsg1-5+deb8u4.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 2.9.4+dfsg1-2.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-2.1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "3745": "
\n

Debian Security Advisory

\n

DSA-3745-1 squid3 -- security update

\n
\n
Date Reported:
\n
24 Dec 2016
\n
Affected Packages:
\n
\nsquid3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 848493.
In Mitre's CVE dictionary: CVE-2016-10002.
\n
More information:
\n
\n

Saulius Lapinskas from Lithuanian State Social Insurance Fund Board\ndiscovered that Squid3, a fully featured web proxy cache, does not\nproperly process responses to If-None-Modified HTTP conditional\nrequests, leading to client-specific Cookie data being leaked to other\nclients. A remote attacker can take advantage of this flaw to discover\nprivate and sensitive information about another clients browsing\nsession.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.8-6+deb8u4. In addition, this update includes a fix for\n#819563.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.23-1.

\n

We recommend that you upgrade your squid3 packages.

\n
\n
\n
\n
", "3746": "
\n

Debian Security Advisory

\n

DSA-3746-1 graphicsmagick -- security update

\n
\n
Date Reported:
\n
24 Dec 2016
\n
Affected Packages:
\n
\ngraphicsmagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 814732, Bug 825800, Bug 847055.
In Mitre's CVE dictionary: CVE-2015-8808, CVE-2016-2317, CVE-2016-2318, CVE-2016-3714, CVE-2016-3715, CVE-2016-5118, CVE-2016-5240, CVE-2016-7800, CVE-2016-7996, CVE-2016-7997, CVE-2016-8682, CVE-2016-8683, CVE-2016-8684, CVE-2016-9830.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in GraphicsMagick, a\ncollection of image processing tool, which can cause denial of service\nattacks, remote file deletion, and remote command execution.

\n

This security update removes the full support of PLT/Gnuplot decoder to\nprevent Gnuplot-shell based shell exploits for fixing the\nCVE-2016-3714\nvulnerability.

\n

The undocumented TMP magick prefix no longer removes the argument file\nafter it has been read for fixing the\nCVE-2016-3715\nvulnerability. Since the TMP feature was originally implemented,\nGraphicsMagick added a temporary file management subsystem which assures\nthat temporary files are removed so this feature is not needed.

\n

Remove support for reading input from a shell command, or writing output\nto a shell command, by prefixing the specified filename (containing the\ncommand) with a '|' for fixing the\nCVE-2016-5118\nvulnerability.

\n
    \n
  • CVE-2015-8808\n

    Gustavo Grieco discovered an out of bound read in the parsing of GIF\n files which may cause denial of service.

    • \n
  • CVE-2016-2317\n

    Gustavo Grieco discovered a stack buffer overflow and two heap buffer\n overflows while processing SVG images which may cause denial of service.

    • \n
  • CVE-2016-2318\n

    Gustavo Grieco discovered several segmentation faults while processing\n SVG images which may cause denial of service.

    • \n
  • CVE-2016-5240\n

    Gustavo Grieco discovered an endless loop problem caused by negative\n stroke-dasharray arguments while parsing SVG files which may cause\n denial of service.

    • \n
  • CVE-2016-7800\n

    Marco Grassi discovered an unsigned underflow leading to heap overflow\n when parsing 8BIM chunk often attached to JPG files which may cause\n denial of service.

    • \n
  • CVE-2016-7996\n

    Moshe Kaplan discovered that there is no check that the provided\n colormap is not larger than 256 entries in the WPG reader which may\n cause denial of service.

    • \n
  • CVE-2016-7997\n

    Moshe Kaplan discovered that an assertion is thrown for some files in\n the WPG reader due to a logic error which may cause denial of service.

    • \n
  • CVE-2016-8682\n

    Agostino Sarubbo of Gentoo discovered a stack buffer read overflow\n while reading the SCT header which may cause denial of service.

    • \n
  • CVE-2016-8683\n

    Agostino Sarubbo of Gentoo discovered a memory allocation failure in the\n PCX coder which may cause denial of service.

    • \n
  • CVE-2016-8684\n

    Agostino Sarubbo of Gentoo discovered a memory allocation failure in the\n SGI coder which may cause denial of service.

    • \n
  • CVE-2016-9830\n

    Agostino Sarubbo of Gentoo discovered a memory allocation failure in\n MagickRealloc() function which may cause denial of service.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.20-3+deb8u2.

\n

For the testing distribution (stretch), these problems (with the\nexception of \nCVE-2016-9830) have been fixed in version 1.3.25-5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.25-6.

\n

We recommend that you upgrade your graphicsmagick packages.

\n
\n
\n
\n
", "3747": "
\n

Debian Security Advisory

\n

DSA-3747-1 exim4 -- security update

\n
\n
Date Reported:
\n
25 Dec 2016
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9963.
\n
More information:
\n
\n

Bjoern Jacke discovered that Exim, Debian's default mail transfer agent,\nmay leak the private DKIM signing key to the log files if specific\nconfiguration options are met.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.84.2-2+deb8u2.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "3748": "
\n

Debian Security Advisory

\n

DSA-3748-1 libcrypto++ -- security update

\n
\n
Date Reported:
\n
26 Dec 2016
\n
Affected Packages:
\n
\nlibcrypto++\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 848009.
In Mitre's CVE dictionary: CVE-2016-9939.
\n
More information:
\n
\n

Gergely G\u00e1bor Nagy from Tresorit discovered that libcrypto++, a C++\ncryptographic library, contained a bug in several ASN.1 parsing\nroutines. This would allow an attacker to remotely cause a denial of\nservice.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.6.1-6+deb8u3.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.6.4-5.

\n

We recommend that you upgrade your libcrypto++ packages.

\n
\n
\n
\n
", "3749": "
\n

Debian Security Advisory

\n

DSA-3749-1 dcmtk -- security update

\n
\n
Date Reported:
\n
29 Dec 2016
\n
Affected Packages:
\n
\ndcmtk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 848830.
In Mitre's CVE dictionary: CVE-2015-8979.
\n
More information:
\n
\n

Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection\nof libraries implementing the DICOM standard, did not properly handle\nthe size of data received from the network. This could lead to\ndenial-of-service (via application crash) or arbitrary code execution.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.6.0-15+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 3.6.1~20160216-2.

\n

We recommend that you upgrade your dcmtk packages.

\n
\n
\n
\n
", "3750": "
\n

Debian Security Advisory

\n

DSA-3750-1 libphp-phpmailer -- security update

\n
\n
Date Reported:
\n
31 Dec 2016
\n
Affected Packages:
\n
\nlibphp-phpmailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 849365.
In Mitre's CVE dictionary: CVE-2016-10033.
\n
More information:
\n
\n

Dawid Golunski discovered that PHPMailer, a popular library to send\nemail from PHP applications, allowed a remote attacker to execute\ncode if they were able to provide a crafted Sender address.

\n

Note that for this issue also \nCVE-2016-10045 was assigned, which is a regression in the original patch\nproposed for \nCVE-2016-10033. Because the origial patch was not applied in Debian,\nDebian was not vulnerable to \nCVE-2016-10045.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.9+dfsg-2+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.2.14+dfsg-2.1.

\n

We recommend that you upgrade your libphp-phpmailer packages.

\n
\n
\n
\n
", "3751": "
\n

Debian Security Advisory

\n

DSA-3751-1 libgd2 -- security update

\n
\n
Date Reported:
\n
01 Jan 2017
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 849038.
In Mitre's CVE dictionary: CVE-2016-9933.
\n
More information:
\n
\n

A stack overflow vulnerability was discovered within the\ngdImageFillToBorder function in libgd2, a library for programmatic\ngraphics creation and manipulation, triggered when invalid colors are\nused with truecolor images. A remote attacker can take advantage of this\nflaw to cause a denial-of-service against an application using the\nlibgd2 library.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.0-5+deb8u8.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 2.2.2-29-g3c2b605-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.2-29-g3c2b605-1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3752": "
\n

Debian Security Advisory

\n

DSA-3752-1 pcsc-lite -- security update

\n
\n
Date Reported:
\n
04 Jan 2017
\n
Affected Packages:
\n
\npcsc-lite\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10109.
\n
More information:
\n
\n

Peter Wu discovered that a use-after-free in the pscd PC/SC daemon of\nPCSC-Lite might result in denial of service or potentially privilege\nescalation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.8.13-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.8.20-1.

\n

We recommend that you upgrade your pcsc-lite packages.

\n
\n
\n
\n
", "3753": "
\n

Debian Security Advisory

\n

DSA-3753-1 libvncserver -- security update

\n
\n
Date Reported:
\n
05 Jan 2017
\n
Affected Packages:
\n
\nlibvncserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 850007, Bug 850008.
In Mitre's CVE dictionary: CVE-2016-9941, CVE-2016-9942.
\n
More information:
\n
\n

It was discovered that libvncserver, a collection of libraries used to\nimplement VNC/RFB clients and servers, incorrectly processed incoming\nnetwork packets. This resulted in several heap-based buffer overflows,\nallowing a rogue server to either cause a DoS by crashing the client,\nor potentially execute arbitrary code on the client side.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.9.9+dfsg2-6.1+deb8u2.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 0.9.11+dfsg-1.

\n

We recommend that you upgrade your libvncserver packages.

\n
\n
\n
\n
", "3754": "
\n

Debian Security Advisory

\n

DSA-3754-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
08 Jan 2017
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8745.
\n
More information:
\n
\n

It was discovered that incorrect error handling in the NIO HTTP\nconnector of the Tomcat servlet and JSP engine could result in\ninformation disclosure.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u7.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3755": "
\n

Debian Security Advisory

\n

DSA-3755-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
08 Jan 2017
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8745.
\n
More information:
\n
\n

It was discovered that incorrect error handling in the NIO HTTP\nconnector of the Tomcat servlet and JSP engine could result in\ninformation disclosure.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u6.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 8.5.9-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.5.9-1.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3756": "
\n

Debian Security Advisory

\n

DSA-3756-1 icoutils -- security update

\n
\n
Date Reported:
\n
09 Jan 2017
\n
Affected Packages:
\n
\nicoutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5208.
\n
More information:
\n
\n

Choongwoo Han discovered that a programming error in the wrestool tool\nof the icoutils suite allows denial of service or the execution of\narbitrary code if a malformed binary is parsed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.31.0-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.31.0-4.

\n

We recommend that you upgrade your icoutils packages.

\n
\n
\n
\n
", "3757": "
\n

Debian Security Advisory

\n

DSA-3757-1 icedove -- security update

\n
\n
Date Reported:
\n
11 Jan 2017
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9904, CVE-2016-9905.
\n
More information:
\n
\n

Multiple security issues have been found in Icedove, Debian's version of\nthe Mozilla Thunderbird mail client: Multiple vulnerabilities may lead\nto the execution of arbitrary code, data leakage or bypass of the content\nsecurity policy.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:45.6.0-1~deb8u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3758": "
\n

Debian Security Advisory

\n

DSA-3758-1 bind9 -- security update

\n
\n
Date Reported:
\n
11 Jan 2017
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 851062, Bug 851063, Bug 851065.
In Mitre's CVE dictionary: CVE-2016-9131, CVE-2016-9147, CVE-2016-9444.
\n
More information:
\n
\n

Several denial-of-service vulnerabilities (assertion failures) were\ndiscovered in BIND, a DNS server implementation.

\n
    \n
  • CVE-2016-9131\n

    A crafted upstream response to an ANY query could cause an\n assertion failure.

    • \n
  • CVE-2016-9147\n

    A crafted upstream response with self-contradicting DNSSEC data\n could cause an assertion failure.

    • \n
  • CVE-2016-9444\n

    Specially-crafted upstream responses with a DS record could cause\n an assertion failure.

    • \n
\n

These vulnerabilities predominantly affect DNS servers providing\nrecursive service. Client queries to authoritative-only servers\ncannot trigger these assertion failures. These vulnerabilities are\npresent whether or not DNSSEC validation is enabled in the server\nconfiguration.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:9.9.5.dfsg-9+deb8u9.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3759": "
\n

Debian Security Advisory

\n

DSA-3759-1 python-pysaml2 -- security update

\n
\n
Date Reported:
\n
12 Jan 2017
\n
Affected Packages:
\n
\npython-pysaml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 850716.
In Mitre's CVE dictionary: CVE-2016-10149.
\n
More information:
\n
\n

Matias P. Brutti discovered that python-pysaml2, a Python\nimplementation of the Security Assertion Markup Language 2.0, did not\ncorrectly sanitize the XML messages it handled. This allowed a remote\nattacker to perform XML External Entity attacks, leading to a wide\nrange of exploits.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.0-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 3.0.0-5.

\n

We recommend that you upgrade your python-pysaml2 packages.

\n
\n
\n
\n
", "3760": "
\n

Debian Security Advisory

\n

DSA-3760-1 ikiwiki -- security update

\n
\n
Date Reported:
\n
12 Jan 2017
\n
Affected Packages:
\n
\nikiwiki\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9646, CVE-2016-10026, CVE-2017-0356.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the Ikiwiki wiki compiler:

\n
    \n
  • CVE-2016-9646\n

    Commit metadata forgery via CGI::FormBuilder context-dependent APIs

    • \n
  • CVE-2016-10026\n

    Editing restriction bypass for git revert

    • \n
  • CVE-2017-0356\n

    Authentication bypass via repeated parameters

    • \n
\n

Additional details on these vulnerabilities can be found at\nhttps://ikiwiki.info/security/

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.20141016.4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 3.20170111.

\n

We recommend that you upgrade your ikiwiki packages.

\n
\n
\n
\n
", "3761": "
\n

Debian Security Advisory

\n

DSA-3761-1 rabbitmq-server -- security update

\n
\n
Date Reported:
\n
13 Jan 2017
\n
Affected Packages:
\n
\nrabbitmq-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 849849.
In Mitre's CVE dictionary: CVE-2016-9877.
\n
More information:
\n
\n

It was discovered that RabbitMQ, an implementation of the AMQP\nprotocol, didn't correctly validate MQTT (MQ Telemetry Transport)\nconnection authentication. This allowed anyone to login to an existing\nuser account without having to provide a password.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.3.5-1.1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 3.6.6-1.

\n

We recommend that you upgrade your rabbitmq-server packages.

\n
\n
\n
\n
", "3762": "
\n

Debian Security Advisory

\n

DSA-3762-1 tiff -- security update

\n
\n
Date Reported:
\n
13 Jan 2017
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3622, CVE-2016-3623, CVE-2016-3624, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316, CVE-2016-5317, CVE-2016-5320, CVE-2016-5321, CVE-2016-5322, CVE-2016-5323, CVE-2016-5652, CVE-2016-5875, CVE-2016-6223, CVE-2016-9273, CVE-2016-9297, CVE-2016-9448, CVE-2016-9453, CVE-2016-9532, CVE-2016-9533, CVE-2016-9534, CVE-2016-9536, CVE-2016-9537, CVE-2016-9538, CVE-2016-9540, CVE-2016-10092, CVE-2016-10093, CVE-2016-10094.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the libtiff library\nand the included tools tiff2rgba, rgb2ycbcr, tiffcp, tiffcrop, tiff2pdf\nand tiffsplit, which may result in denial of service, memory disclosure\nor the execution of arbitrary code.

\n

There were additional vulnerabilities in the tools bmp2tiff, gif2tiff,\nthumbnail and ras2tiff, but since these were addressed by the libtiff\ndevelopers by removing the tools altogether, no patches are available\nand those tools were also removed from the tiff package in Debian\nstable. The change had already been made in Debian stretch before and\nno applications included in Debian are known to rely on these scripts.\nIf you use those tools in custom setups, consider using a different\nconversion/thumbnailing tool.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 4.0.7-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-4.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "3763": "
\n

Debian Security Advisory

\n

DSA-3763-1 pdns-recursor -- security update

\n
\n
Date Reported:
\n
13 Jan 2017
\n
Affected Packages:
\n
\npdns-recursor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7068.
\n
More information:
\n
\n

Florian Heinz and Martin Kluge reported that pdns-recursor, a recursive\nDNS server, parses all records present in a query regardless of whether\nthey are needed or even legitimate, allowing a remote, unauthenticated\nattacker to cause an abnormal CPU usage load on the pdns server,\nresulting in a partial denial of service if the system becomes\noverloaded.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.6.2-2+deb8u3.

\n

We recommend that you upgrade your pdns-recursor packages.

\n
\n
\n
\n
", "3764": "
\n

Debian Security Advisory

\n

DSA-3764-1 pdns -- security update

\n
\n
Date Reported:
\n
13 Jan 2017
\n
Affected Packages:
\n
\npdns\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-2120, CVE-2016-7068, CVE-2016-7072, CVE-2016-7073, CVE-2016-7074.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in pdns, an authoritative\nDNS server. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2016-2120\n

    Mathieu Lafon discovered that pdns does not properly validate\n records in zones. An authorized user can take advantage of this flaw\n to crash server by inserting a specially crafted record in a zone\n under their control and then sending a DNS query for that record.

    • \n
  • CVE-2016-7068\n

    Florian Heinz and Martin Kluge reported that pdns parses all records\n present in a query regardless of whether they are needed or even\n legitimate, allowing a remote, unauthenticated attacker to cause an\n abnormal CPU usage load on the pdns server, resulting in a partial\n denial of service if the system becomes overloaded.

    • \n
  • CVE-2016-7072\n

    Mongo discovered that the webserver in pdns is susceptible to a\n denial-of-service vulnerability, allowing a remote, unauthenticated\n attacker to cause a denial of service by opening a large number of TCP\n connections to the web server.

    • \n
  • CVE-2016-7073 /\n CVE-2016-7074\n

    Mongo discovered that pdns does not sufficiently validate TSIG\n signatures, allowing an attacker in position of man-in-the-middle to\n alter the content of an AXFR.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.4.1-4+deb8u7.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.2-1.

\n

We recommend that you upgrade your pdns packages.

\n
\n
\n
\n
", "3765": "
\n

Debian Security Advisory

\n

DSA-3765-1 icoutils -- security update

\n
\n
Date Reported:
\n
14 Jan 2017
\n
Affected Packages:
\n
\nicoutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5331, CVE-2017-5332, CVE-2017-5333.
\n
More information:
\n
\n

Several programming errors in the wrestool tool of icoutils, a suite\nof tools to create and extract MS Windows icons and cursors, allow\ndenial of service or the execution of arbitrary code if a malformed\nbinary is parsed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.31.0-2+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 0.31.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.31.1-1.

\n

We recommend that you upgrade your icoutils packages.

\n
\n
\n
\n
", "3766": "
\n

Debian Security Advisory

\n

DSA-3766-1 mapserver -- security update

\n
\n
Date Reported:
\n
19 Jan 2017
\n
Affected Packages:
\n
\nmapserver\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5522.
\n
More information:
\n
\n

It was discovered that mapserver, a CGI-based framework for Internet\nmap services, was vulnerable to a stack-based overflow. This issue\nallowed a remote user to crash the service, or potentially execute\narbitrary code.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 6.4.1-5+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0.4-1.

\n

We recommend that you upgrade your mapserver packages.

\n
\n
\n
\n
", "3767": "
\n

Debian Security Advisory

\n

DSA-3767-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
19 Jan 2017
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 851233.
In Mitre's CVE dictionary: CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.54, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.54-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3768": "
\n

Debian Security Advisory

\n

DSA-3768-1 openjpeg2 -- security update

\n
\n
Date Reported:
\n
20 Jan 2017
\n
Affected Packages:
\n
\nopenjpeg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5159, CVE-2016-8332, CVE-2016-9572, CVE-2016-9573.
\n
More information:
\n
\n

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-2+deb8u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your openjpeg2 packages.

\n
\n
\n
\n
", "3769": "
\n

Debian Security Advisory

\n

DSA-3769-1 libphp-swiftmailer -- security update

\n
\n
Date Reported:
\n
22 Jan 2017
\n
Affected Packages:
\n
\nlibphp-swiftmailer\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 849626.
In Mitre's CVE dictionary: CVE-2016-10074.
\n
More information:
\n
\n

Dawid Golunski from LegalHackers discovered that PHP Swift Mailer, a\nmailing solution for PHP, did not correctly validate user input. This\nallowed a remote attacker to execute arbitrary code by passing\nspecially formatted email addresses in specific email headers.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.2.2-1+deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 5.4.2-1.1.

\n

We recommend that you upgrade your libphp-swiftmailer packages.

\n
\n
\n
\n
", "3770": "
\n

Debian Security Advisory

\n

DSA-3770-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
22 Jan 2017
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842895, Bug 851755.
In Mitre's CVE dictionary: CVE-2016-6664, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3257, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3312, CVE-2017-3317, CVE-2017-3318.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.29. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.29-0+deb8u1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3771": "
\n

Debian Security Advisory

\n

DSA-3771-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
25 Jan 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Memory safety errors, use-after-frees and other implementation\nerrors may lead to the execution of arbitrary code, information\ndisclosure or privilege escalation.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.7.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.7.0esr-1 of firefox-esr and version 51.0-1 of firefox.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3772": "
\n

Debian Security Advisory

\n

DSA-3772-1 libxpm -- security update

\n
\n
Date Reported:
\n
26 Jan 2017
\n
Affected Packages:
\n
\nlibxpm\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10164.
\n
More information:
\n
\n

Tobias Stoeckmann discovered that the libXpm library contained two\ninteger overflow flaws, leading to a heap out-of-bounds write, while\nparsing XPM extensions in a file. An attacker can provide a specially\ncrafted XPM file that, when processed by an application using the libXpm\nlibrary, would cause a denial-of-service against the application, or\npotentially, the execution of arbitrary code with the privileges of the\nuser running the application.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:3.5.12-0+deb8u1. This update is based on a new upstream\nversion of libxpm including additional bug fixes.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem has been fixed in version 1:3.5.12-1.

\n

We recommend that you upgrade your libxpm packages.

\n
\n
\n
\n
", "3773": "
\n

Debian Security Advisory

\n

DSA-3773-1 openssl -- security update

\n
\n
Date Reported:
\n
27 Jan 2017
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7056, CVE-2016-8610, CVE-2017-3731.
\n
More information:
\n
\n

Several vulnerabilities were discovered in OpenSSL:

\n
    \n
  • CVE-2016-7056\n

    A local timing attack was discovered against ECDSA P-256.

    • \n
  • CVE-2016-8610\n

    It was discovered that no limit was imposed on alert packets during\n an SSL handshake.

    • \n
  • CVE-2017-3731\n

    Robert Swiecki discovered that the RC4-MD5 cipher when running on\n 32 bit systems could be forced into an out-of-bounds read, resulting\n in denial of service.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1t-1+deb8u6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0d-1 of the openssl source package and in version 1.0.2k-1\nof the openssl1.0 source package.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "3774": "
\n

Debian Security Advisory

\n

DSA-3774-1 lcms2 -- security update

\n
\n
Date Reported:
\n
29 Jan 2017
\n
Affected Packages:
\n
\nlcms2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 852627.
In Mitre's CVE dictionary: CVE-2016-10165.
\n
More information:
\n
\n

Ibrahim M. El-Sayed discovered an out-of-bounds heap read vulnerability\nin the function Type_MLU_Read in lcms2, the Little CMS 2 color\nmanagement library, which can be triggered by an image with a specially\ncrafted ICC profile and leading to a heap memory leak or\ndenial-of-service for applications using the lcms2 library.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.6-3+deb8u1.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), this problem has been fixed in version 2.8-4.

\n

We recommend that you upgrade your lcms2 packages.

\n
\n
\n
\n
", "3775": "
\n

Debian Security Advisory

\n

DSA-3775-1 tcpdump -- security update

\n
\n
Date Reported:
\n
29 Jan 2017
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.9.0-1~deb8u1.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 4.9.0-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.9.0-1.

\n

We recommend that you upgrade your tcpdump packages.

\n
\n
\n
\n
", "3776": "
\n

Debian Security Advisory

\n

DSA-3776-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
31 Jan 2017
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2017-5006\n

    Mariusz Mlynski discovered a cross-site scripting issue.

    • \n
  • CVE-2017-5007\n

    Mariusz Mlynski discovered another cross-site scripting issue.

    • \n
  • CVE-2017-5008\n

    Mariusz Mlynski discovered a third cross-site scripting issue.

    • \n
  • CVE-2017-5009\n

    Sean Stanek and Chip Bradford discovered an out-of-bounds memory\n issue in the webrtc library.

    • \n
  • CVE-2017-5010\n

    Mariusz Mlynski discovered a fourth cross-site scripting issue.

    • \n
  • CVE-2017-5011\n

    Khalil Zhani discovered a way to access unauthorized files in the\n developer tools.

    • \n
  • CVE-2017-5012\n

    Gergely Nagy discovered a heap overflow issue in the v8 javascript\n library.

    • \n
  • CVE-2017-5013\n

    Haosheng Wang discovered a URL spoofing issue.

    • \n
  • CVE-2017-5014\n

    sweetchip discovered a heap overflow issue in the skia library.

    • \n
  • CVE-2017-5015\n

    Armin Razmdjou discovered a URL spoofing issue.

    • \n
  • CVE-2017-5016\n

    Haosheng Wang discovered another URL spoofing issue.

    • \n
  • CVE-2017-5017\n

    danberm discovered an uninitialized memory issue in support for\n webm video files.

    • \n
  • CVE-2017-5018\n

    Rob Wu discovered a cross-site scripting issue.

    • \n
  • CVE-2017-5019\n

    Wadih Matar discovered a use-after-free issue.

    • \n
  • CVE-2017-5020\n

    Rob Wu discovered another cross-site scripting issue.

    • \n
  • CVE-2017-5021\n

    Rob Wu discovered a use-after-free issue in extensions.

    • \n
  • CVE-2017-5022\n

    PKAV Team discovered a way to bypass the Content Security Policy.

    • \n
  • CVE-2017-5023\n

    UK's National Cyber Security Centre (NCSC) discovered a type\n confusion issue.

    • \n
  • CVE-2017-5024\n

    Paul Mehta discovered a heap overflow issue in the ffmpeg library.

    • \n
  • CVE-2017-5025\n

    Paul Mehta discovered another heap overflow issue in the ffmpeg\n library.

    • \n
  • CVE-2017-5026\n

    Ronni Skansing discovered a user interface spoofing issue.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 56.0.2924.76-1~deb8u1.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems will be fixed soon.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3777": "
\n

Debian Security Advisory

\n

DSA-3777-1 libgd2 -- security update

\n
\n
Date Reported:
\n
31 Jan 2017
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6906, CVE-2016-6912, CVE-2016-9317, CVE-2016-10166, CVE-2016-10167, CVE-2016-10168.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in libgd2, a library for\nprogrammatic graphics creation and manipulation, which may result in\ndenial of service or potentially the execution of arbitrary code if a\nmalformed file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.1.0-5+deb8u9.

\n

For the testing distribution (stretch) and the unstable distribution\n(sid), these problems have been fixed in version 2.2.4-1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3778": "
\n

Debian Security Advisory

\n

DSA-3778-1 ruby-archive-tar-minitar -- security update

\n
\n
Date Reported:
\n
31 Jan 2017
\n
Affected Packages:
\n
\nruby-archive-tar-minitar\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 853249.
In Mitre's CVE dictionary: CVE-2016-10173.
\n
More information:
\n
\n

Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library\nthat provides the ability to deal with POSIX tar archive files, is prone\nto a directory traversal vulnerability. An attacker can take advantage\nof this flaw to overwrite arbitrary files during archive extraction via\na .. (dot dot) in an extracted filename.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.5.2-2+deb8u1.

\n

We recommend that you upgrade your ruby-archive-tar-minitar packages.

\n
\n
\n
\n
", "3779": "
\n

Debian Security Advisory

\n

DSA-3779-1 wordpress -- security update

\n
\n
Date Reported:
\n
01 Feb 2017
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 851310, Bug 852767.
In Mitre's CVE dictionary: CVE-2017-5488, CVE-2017-5489, CVE-2017-5490, CVE-2017-5491, CVE-2017-5492, CVE-2017-5493, CVE-2017-5610, CVE-2017-5611, CVE-2017-5612.
\n
More information:
\n
\n

Several vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to hijack victims'\ncredentials, access sensitive information, execute arbitrary commands,\nbypass read and post restrictions, or mount denial-of-service attacks.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u12.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 4.7.1+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3780": "
\n

Debian Security Advisory

\n

DSA-3780-1 ntfs-3g -- security update

\n
\n
Date Reported:
\n
01 Feb 2017
\n
Affected Packages:
\n
\nntfs-3g\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-0358.
\n
More information:
\n
\n

Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write\nNTFS driver for FUSE, does not scrub the environment before executing\nmodprobe with elevated privileges. A local user can take advantage of\nthis flaw for local root privilege escalation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2014.2.15AR.2-1+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2016.2.22AR.1-4.

\n

We recommend that you upgrade your ntfs-3g packages.

\n
\n
\n
\n
", "3781": "
\n

Debian Security Advisory

\n

DSA-3781-1 svgsalamander -- security update

\n
\n
Date Reported:
\n
05 Feb 2017
\n
Affected Packages:
\n
\nsvgsalamander\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5617.
\n
More information:
\n
\n

Luc Lynx discovered that SVG Salamander, a SVG engine for Java was\nsusceptible to server side request forgery.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0~svn95-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.1+dfsg-2.

\n

We recommend that you upgrade your svgsalamander packages.

\n
\n
\n
\n
", "3782": "
\n

Debian Security Advisory

\n

DSA-3782-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
08 Feb 2017
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3260, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in the bypass of\nJava sandbox restrictions, denial of service, arbitrary code execution,\nincorrect parsing of URLs/LDAP DNs or cryptographic timing side channel\nattacks.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u121-2.6.8-2~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3783": "
\n

Debian Security Advisory

\n

DSA-3783-1 php5 -- security update

\n
\n
Date Reported:
\n
08 Feb 2017
\n
Affected Packages:
\n
\nphp5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10158, CVE-2016-10159, CVE-2016-10160, CVE-2016-10161.
\n
More information:
\n
\n

Several issues have been discovered in PHP, a widely-used open source\ngeneral-purpose scripting language.

\n
    \n
  • CVE-2016-10158\n

    Loading a TIFF or JPEG malicious file can lead to a Denial-of-Service\n attack when the EXIF header is being parsed.

    • \n
  • CVE-2016-10159\n

    Loading a malicious phar archive can cause an extensive memory\n allocation, leading to a Denial-of-Service attack on 32 bit\n computers.

    • \n
  • CVE-2016-10160\n

    An attacker might remotely execute arbitrary code using a malicious\n phar archive. This is the consequence of an off-by-one memory\n corruption.

    • \n
  • CVE-2016-10161\n

    An attacker with control of the unserialize() function argument can\n cause an out-of-bounce read. This could lead to a Denial-of-Service\n attack or a remote code execution.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.6.30+dfsg-0+deb8u1.

\n

We recommend that you upgrade your php5 packages.

\n
\n
\n
\n
", "3784": "
\n

Debian Security Advisory

\n

DSA-3784-1 viewvc -- security update

\n
\n
Date Reported:
\n
09 Feb 2017
\n
Affected Packages:
\n
\nviewvc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854681.
In Mitre's CVE dictionary: CVE-2017-5938.
\n
More information:
\n
\n

Thomas Gerbet discovered that viewvc, a web interface for CVS and\nSubversion repositories, did not properly sanitize user input. This\nproblem resulted in a potential Cross-Site Scripting vulnerability.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.1.22-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.1.26-1.

\n

We recommend that you upgrade your viewvc packages.

\n
\n
\n
\n
", "3785": "
\n

Debian Security Advisory

\n

DSA-3785-1 jasper -- security update

\n
\n
Date Reported:
\n
09 Feb 2017
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1867, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the JasPer library\nfor processing JPEG-2000 images, which may result in denial of service\nor the execution of arbitrary code if a malformed image is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u2.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3786": "
\n

Debian Security Advisory

\n

DSA-3786-1 vim -- security update

\n
\n
Date Reported:
\n
13 Feb 2017
\n
Affected Packages:
\n
\nvim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854969.
In Mitre's CVE dictionary: CVE-2017-5953.
\n
More information:
\n
\n

Editor spell files passed to the vim (Vi IMproved) editor\nmay result in an integer overflow in memory allocation\nand a resulting buffer overflow which potentially\ncould result in the execution of arbitrary code or denial of\nservice.

\n

For the stable distribution (jessie), this problem has been\nfixed in version 2:7.4.488-7+deb8u2.

\n

For the unstable distribution (sid), this problem has been\nfixed in version 2:8.0.0197-2.

\n

We recommend that you upgrade your vim packages.

\n
\n
\n
\n
", "3787": "
\n

Debian Security Advisory

\n

DSA-3787-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
13 Feb 2017
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854551.
In Mitre's CVE dictionary: CVE-2017-6056.
\n
More information:
\n
\n

It was discovered that a programming error in the processing of HTTPS\nrequests in the Apache Tomcat servlet and JSP engine may result in\ndenial of service via an infinite loop.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 7.0.56-3+deb8u8.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3788": "
\n

Debian Security Advisory

\n

DSA-3788-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
13 Feb 2017
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 851304.
In Mitre's CVE dictionary: CVE-2017-6056.
\n
More information:
\n
\n

It was discovered that a programming error in the processing of HTTPS\nrequests in the Apache Tomcat servlet and JSP engine may result in\ndenial of service via an infinite loop.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 8.0.14-1+deb8u7.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3789": "
\n

Debian Security Advisory

\n

DSA-3789-1 libevent -- security update

\n
\n
Date Reported:
\n
15 Feb 2017
\n
Affected Packages:
\n
\nlibevent\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854092.
In Mitre's CVE dictionary: CVE-2016-10195, CVE-2016-10196, CVE-2016-10197.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libevent, an asynchronous\nevent notification library. They would lead to Denial Of Service via\napplication crash, or remote code execution.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.0.21-stable-2+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.0.21-stable-3.

\n

We recommend that you upgrade your libevent packages.

\n
\n
\n
\n
", "3790": "
\n

Debian Security Advisory

\n

DSA-3790-1 spice -- security update

\n
\n
Date Reported:
\n
16 Feb 2017
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854336.
In Mitre's CVE dictionary: CVE-2016-9577, CVE-2016-9578.
\n
More information:
\n
\n

Several vulnerabilities were discovered in spice, a SPICE protocol\nclient and server library. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-9577\n

    Frediano Ziglio of Red Hat discovered a buffer overflow\n vulnerability in the main_channel_alloc_msg_rcv_buf function. An\n authenticated attacker can take advantage of this flaw to cause a\n denial of service (spice server crash), or possibly, execute\n arbitrary code.

    • \n
  • CVE-2016-9578\n

    Frediano Ziglio of Red Hat discovered that spice does not properly\n validate incoming messages. An attacker able to connect to the\n spice server could send crafted messages which would cause the\n process to crash.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.12.5-1+deb8u4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.12.8-2.1.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "3791": "
\n

Debian Security Advisory

\n

DSA-3791-1 linux -- security update

\n
\n
Date Reported:
\n
22 Feb 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6786, CVE-2016-6787, CVE-2016-8405, CVE-2016-9191, CVE-2017-2583, CVE-2017-2584, CVE-2017-2596, CVE-2017-2618, CVE-2017-5549, CVE-2017-5551, CVE-2017-5897, CVE-2017-5970, CVE-2017-6001, CVE-2017-6074.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.

\n
    \n
  • CVE-2016-6786 / CVE-2016-6787\n

    It was discovered that the performance events subsystem does not\n properly manage locks during certain migrations, allowing a local\n attacker to escalate privileges. This can be mitigated by\n disabling unprivileged use of performance events:\n sysctl kernel.perf_event_paranoid=3

    • \n
  • CVE-2016-8405\n

    Peter Pi of Trend Micro discovered that the frame buffer video\n subsystem does not properly check bounds while copying color maps to\n userspace, causing a heap buffer out-of-bounds read, leading to\n information disclosure.

    • \n
  • CVE-2016-9191\n

    CAI Qian discovered that reference counting is not properly handled\n within proc_sys_readdir in the sysctl implementation, allowing a\n local denial of service (system hang) or possibly privilege\n escalation.

    • \n
  • CVE-2017-2583\n

    Xiaohan Zhang reported that KVM for amd64 does not correctly\n emulate loading of a null stack selector. This can be used by a\n user in a guest VM for denial of service (on an Intel CPU) or to\n escalate privileges within the VM (on an AMD CPU).

    • \n
  • CVE-2017-2584\n

    Dmitry Vyukov reported that KVM for x86 does not correctly emulate\n memory access by the SGDT and SIDT instructions, which can result\n in a use-after-free and information leak.

    • \n
  • CVE-2017-2596\n

    Dmitry Vyukov reported that KVM leaks page references when\n emulating a VMON for a nested hypervisor. This can be used by a\n privileged user in a guest VM for denial of service or possibly\n to gain privileges in the host.

    • \n
  • CVE-2017-2618\n

    It was discovered that an off-by-one in the handling of SELinux\n attributes in /proc/pid/attr could result in local denial of\n service.

    • \n
  • CVE-2017-5549\n

    It was discovered that the KLSI KL5KUSB105 serial USB device\n driver could log the contents of uninitialised kernel memory,\n resulting in an information leak.

    • \n
  • CVE-2017-5551\n

    Jan Kara found that changing the POSIX ACL of a file on tmpfs never\n cleared its set-group-ID flag, which should be done if the user\n changing it is not a member of the group-owner. In some cases, this\n would allow the user-owner of an executable to gain the privileges\n of the group-owner.

    • \n
  • CVE-2017-5897\n

    Andrey Konovalov discovered an out-of-bounds read flaw in the\n ip6gre_err function in the IPv6 networking code.

    • \n
  • CVE-2017-5970\n

    Andrey Konovalov discovered a denial-of-service flaw in the IPv4\n networking code. This can be triggered by a local or remote\n attacker if a local UDP or raw socket has the IP_RETOPTS option\n enabled.

    • \n
  • CVE-2017-6001\n

    Di Shen discovered a race condition between concurrent calls to\n the performance events subsystem, allowing a local attacker to\n escalate privileges. This flaw exists because of an incomplete fix\n of CVE-2016-6786.\n This can be mitigated by disabling unprivileged use of performance\n events: sysctl kernel.perf_event_paranoid=3

    • \n
  • CVE-2017-6074\n

    Andrey Konovalov discovered a use-after-free vulnerability in the\n DCCP networking code, which could result in denial of service or\n local privilege escalation. On systems that do not already have\n the dccp module loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-dccp.conf install dccp false

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u1.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3792": "
\n

Debian Security Advisory

\n

DSA-3792-1 libreoffice -- security update

\n
\n
Date Reported:
\n
23 Feb 2017
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3157.
\n
More information:
\n
\n

Ben Hayak discovered that objects embedded in Writer and Calc documents\nmay result in information disclosure. Please see \nhttps://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/\nfor additional information.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u6.

\n

For the testing distribution (stretch), this problem has been fixed\nin version 1:5.2.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.2.3-1.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3793": "
\n

Debian Security Advisory

\n

DSA-3793-1 shadow -- security update

\n
\n
Date Reported:
\n
24 Feb 2017
\n
Affected Packages:
\n
\nshadow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 832170, Bug 855943.
In Mitre's CVE dictionary: CVE-2016-6252, CVE-2017-2616.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the shadow suite. The Common\nVulnerabilities and Exposures project identifies the following problems:

\n
    \n
  • CVE-2016-6252\n

    An integer overflow vulnerability was discovered, potentially\n allowing a local user to escalate privileges via crafted input to\n the newuidmap utility.

    • \n
  • CVE-2017-2616\n

    Tobias Stoeckmann discovered that su does not properly handle\n clearing a child PID. A local attacker can take advantage of this\n flaw to send SIGKILL to other processes with root privileges,\n resulting in denial of service.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:4.2-3+deb8u3.

\n

We recommend that you upgrade your shadow packages.

\n
\n
\n
\n
", "3794": "
\n

Debian Security Advisory

\n

DSA-3794-1 munin -- security update

\n
\n
Date Reported:
\n
25 Feb 2017
\n
Affected Packages:
\n
\nmunin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 855705.
In Mitre's CVE dictionary: CVE-2017-6188.
\n
More information:
\n
\n

Stevie Trujillo discovered a local file write vulnerability in munin, a\nnetwork-wide graphing framework, when CGI graphs are enabled. GET\nparameters are not properly handled, allowing to inject options into\nmunin-cgi-graph and overwriting any file accessible by the user\nrunning the cgi-process.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.0.25-1+deb8u1.

\n

We recommend that you upgrade your munin packages.

\n
\n
\n
\n
", "3795": "
\n

Debian Security Advisory

\n

DSA-3795-1 bind9 -- security update

\n
\n
Date Reported:
\n
26 Feb 2017
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 855520.
In Mitre's CVE dictionary: CVE-2017-3135.
\n
More information:
\n
\n

It was discovered that a maliciously crafted query can cause ISC's\nBIND DNS server (named) to crash if both Response Policy Zones (RPZ)\nand DNS64 (a bridge between IPv4 and IPv6 networks) are enabled. It\nis uncommon for both of these options to be used in combination, so\nvery few systems will be affected by this problem in practice.

\n

This update also corrects an additional regression caused by the fix\nfor CVE-2016-8864,\nwhich was applied in a previous security update.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u10.

\n

For the testing (stretch) and unstable (sid) distributions, this\nproblem has been fixed in version 1:9.10.3.dfsg.P4-12.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3796": "
\n

Debian Security Advisory

\n

DSA-3796-1 apache2 -- security update

\n
\n
Date Reported:
\n
26 Feb 2017
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-0736, CVE-2016-2161, CVE-2016-8743.
\n
More information:
\n
\n

Several vulnerabilities were discovered in the Apache2 HTTP server.

\n
    \n
  • CVE-2016-0736\n

    RedTeam Pentesting GmbH discovered that mod_session_crypto was\n vulnerable to padding oracle attacks, which could allow an attacker\n to guess the session cookie.

    • \n
  • CVE-2016-2161\n

    Maksim Malyutin discovered that malicious input to mod_auth_digest\n could cause the server to crash, causing a denial of service.

    • \n
  • CVE-2016-8743\n

    David Dennerline, of IBM Security's X-Force Researchers, and R\u00e9gis\n Leroy discovered problems in the way Apache handled a broad pattern\n of unusual whitespace patterns in HTTP requests. In some\n configurations, this could lead to response splitting or cache\n pollution vulnerabilities. To fix these issues, this update makes\n Apache httpd be more strict in what HTTP requests it accepts.

    \n

    If this causes problems with non-conforming clients, some checks can\n be relaxed by adding the new directive HttpProtocolOptions unsafe\n to the configuration.

    • \n
\n

This update also fixes the issue where mod_reqtimeout was not enabled\nby default on new installations.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.4.10-10+deb8u8.

\n

For the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 2.4.25-1.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3797": "
\n

Debian Security Advisory

\n

DSA-3797-1 mupdf -- security update

\n
\n
Date Reported:
\n
28 Feb 2017
\n
Affected Packages:
\n
\nmupdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8674, CVE-2017-5896, CVE-2017-5991.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the PDF viewer MuPDF, which\nmay result in denial of service or the execution of arbitrary code if\na malformed PDF file is opened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.5-1+deb8u2.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 1.9a+ds1-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.9a+ds1-4.

\n

We recommend that you upgrade your mupdf packages.

\n
\n
\n
\n
", "3798": "
\n

Debian Security Advisory

\n

DSA-3798-1 tnef -- security update

\n
\n
Date Reported:
\n
01 Mar 2017
\n
Affected Packages:
\n
\ntnef\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 856117.
In Mitre's CVE dictionary: CVE-2017-6307, CVE-2017-6308, CVE-2017-6309, CVE-2017-6310.
\n
More information:
\n
\n

Eric Sesterhenn, from X41 D-Sec GmbH, discovered several\nvulnerabilities in tnef, a tool used to unpack MIME attachments of\ntype application/ms-tnef. Multiple heap overflows, type confusions\nand out of bound reads and writes could be exploited by tricking a\nuser into opening a malicious attachment. This would result in denial\nof service via application crash, or potential arbitrary code\nexecution.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.9-1+deb8u1.

\n

We recommend that you upgrade your tnef packages.

\n
\n
\n
\n
", "3799": "
\n

Debian Security Advisory

\n

DSA-3799-1 imagemagick -- security update

\n
\n
Date Reported:
\n
01 Mar 2017
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 851485, Bug 851483, Bug 851380, Bug 848139, Bug 851383, Bug 851382, Bug 851381.
In Mitre's CVE dictionary: CVE-2016-8707, CVE-2016-10062, CVE-2016-10144, CVE-2016-10145, CVE-2016-10146, CVE-2017-5506, CVE-2017-5507, CVE-2017-5508, CVE-2017-5510, CVE-2017-5511.
\n
More information:
\n
\n

This update fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service or the execution of arbitrary\ncode if malformed TIFF, WPG, IPL, MPC or PSB files are processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u7.

\n

For the testing distribution (stretch), these problems have been fixed\nin version 8:6.9.7.4+dfsg-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-1.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3800": "
\n

Debian Security Advisory

\n

DSA-3800-1 libquicktime -- security update

\n
\n
Date Reported:
\n
02 Mar 2017
\n
Affected Packages:
\n
\nlibquicktime\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 855099.
In Mitre's CVE dictionary: CVE-2016-2399.
\n
More information:
\n
\n

Marco Romano discovered that libquicktime, a library for reading and\nwriting QuickTime files, was vulnerable to an integer overflow\nattack. When opened, a specially crafted MP4 file would cause a denial\nof service by crashing the application.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:1.2.4-7+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:1.2.4-10.

\n

We recommend that you upgrade your libquicktime packages.

\n
\n
\n
\n
", "3801": "
\n

Debian Security Advisory

\n

DSA-3801-1 ruby-zip -- security update

\n
\n
Date Reported:
\n
04 Mar 2017
\n
Affected Packages:
\n
\nruby-zip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 856269.
In Mitre's CVE dictionary: CVE-2017-5946.
\n
More information:
\n
\n

It was discovered that ruby-zip, a Ruby module for reading and writing\nzip files, is prone to a directory traversal vulnerability. An attacker\ncan take advantage of this flaw to overwrite arbitrary files during\narchive extraction via a .. (dot dot) in an extracted filename.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.1.6-1+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1.2.0-1.1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.2.0-1.1.

\n

We recommend that you upgrade your ruby-zip packages.

\n
\n
\n
\n
", "3802": "
\n

Debian Security Advisory

\n

DSA-3802-1 zabbix -- security update

\n
\n
Date Reported:
\n
05 Mar 2017
\n
Affected Packages:
\n
\nzabbix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10134.
\n
More information:
\n
\n

An SQL injection vulnerability has been discovered in the Latest data\npage of the web frontend of the Zabbix network monitoring system

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.2.7+dfsg-2+deb8u2.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1:3.0.7+dfsg-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.0.7+dfsg-1.

\n

We recommend that you upgrade your zabbix packages.

\n
\n
\n
\n
", "3803": "
\n

Debian Security Advisory

\n

DSA-3803-1 texlive-base -- security update

\n
\n
Date Reported:
\n
08 Mar 2017
\n
Affected Packages:
\n
\ntexlive-base\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10243.
\n
More information:
\n
\n

It was discovered that texlive-base, the TeX Live package which provides\nthe essential TeX programs and files, whitelists mpost as an external\nprogram to be run from within the TeX source code (called \\write18).\nSince mpost allows to specify other programs to be run, an attacker can\ntake advantage of this flaw for arbitrary code execution when compiling\na TeX document.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2014.20141024-2+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 2016.20161130-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2016.20161130-1.

\n

We recommend that you upgrade your texlive-base packages.

\n
\n
\n
\n
", "3804": "
\n

Debian Security Advisory

\n

DSA-3804-1 linux -- security update

\n
\n
Date Reported:
\n
08 Mar 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9588, CVE-2017-2636, CVE-2017-5669, CVE-2017-5986, CVE-2017-6214, CVE-2017-6345, CVE-2017-6346, CVE-2017-6348, CVE-2017-6353.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.

\n
    \n
  • CVE-2016-9588\n

    Jim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.

    • \n
  • CVE-2017-2636\n

    Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false

    • \n
  • CVE-2017-5669\n

    Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.

    • \n
  • CVE-2017-5986\n

    Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (\n CVE-2017-6353). This update includes a later fix that\n avoids those. On systems that do not already have the sctp\n module loaded, this can be mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-sctp.conf install sctp false

    • \n
  • CVE-2017-6214\n

    Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().

    • \n
  • CVE-2017-6345\n

    Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This can be used\n by a local user to cause a denial-of-service (crash). On systems\n that do not already have the llc2 module loaded, this can be\n mitigated by disabling it:\n echo>> /etc/modprobe.d/disable-llc2.conf install llc2 false

    • \n
  • CVE-2017-6346\n

    Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.

    • \n
  • CVE-2017-6348\n

    Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3805": "
\n

Debian Security Advisory

\n

DSA-3805-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
08 Mar 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees and other\nimplementation errors may lead to the execution of arbitrary code, ASLR\nbypass, information disclosure or denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.8.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.8.0esr-1 of firefox-esr and version 52.0-1 of firefox.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3806": "
\n

Debian Security Advisory

\n

DSA-3806-1 pidgin -- security update

\n
\n
Date Reported:
\n
10 Mar 2017
\n
Affected Packages:
\n
\npidgin\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2640.
\n
More information:
\n
\n

It was discovered a vulnerability in Pidgin, a multi-protocol instant\nmessaging client. A server controlled by an attacker can send an invalid\nXML that can trigger an out-of-bound memory access. This might lead to a\ncrash or, in some extreme cases, to remote code execution in the\nclient-side.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.11.0-0+deb8u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.12.0-1.

\n

We recommend that you upgrade your pidgin packages.

\n
\n
\n
\n
", "3807": "
\n

Debian Security Advisory

\n

DSA-3807-1 icoutils -- security update

\n
\n
Date Reported:
\n
12 Mar 2017
\n
Affected Packages:
\n
\nicoutils\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-6009, CVE-2017-6010, CVE-2017-6011.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the icotool and wrestool\ntools of Icoutils, a set of programs that deal with MS Windows icons and\ncursors, which may result in denial of service or the execution of\narbitrary code if a malformed .ico or .exe file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.31.0-2+deb8u3.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 0.31.2-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.31.2-1.

\n

We recommend that you upgrade your icoutils packages.

\n
\n
\n
\n
", "3808": "
\n

Debian Security Advisory

\n

DSA-3808-1 imagemagick -- security update

\n
\n
Date Reported:
\n
13 Mar 2017
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 856878, Bug 856879, Bug 856880, Bug 857426, Bug 844594.
In Mitre's CVE dictionary: CVE-2016-10252, CVE-2017-6498, CVE-2017-6499, CVE-2017-6500.
\n
More information:
\n
\n

This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service or the execution of arbitrary code if\nmalformed TGA, Sun or PSD files are processed.

\n

This update also fixes visual artefacts when running -sharpen on CMYK\nimages (no security impact, but piggybacked on top of the security\nupdate with approval of the Debian stable release managers since it's\na regression in jessie compared to wheezy).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u8.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-2.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3809": "
\n

Debian Security Advisory

\n

DSA-3809-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
14 Mar 2017
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3302, CVE-2017-3313.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.30. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n

https://mariadb.com/kb/en/mariadb/mariadb-10030-release-notes/

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 10.0.30-0+deb8u1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3810": "
\n

Debian Security Advisory

\n

DSA-3810-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
15 Mar 2017
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5033, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5038, CVE-2017-5039, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2017-5029\n

    Holger Fuhrmannek discovered an integer overflow issue in the libxslt\n library.

    • \n
  • CVE-2017-5030\n

    Brendon Tiszka discovered a memory corruption issue in the v8 javascript\n library.

    • \n
  • CVE-2017-5031\n

    Looben Yang discovered a use-after-free issue in the ANGLE library.

    • \n
  • CVE-2017-5032\n

    Ashfaq Ansari discovered an out-of-bounds write in the pdfium library.

    • \n
  • CVE-2017-5033\n

    Nicolai Gr\u00f8dum discovered a way to bypass the Content Security Policy.

    • \n
  • CVE-2017-5034\n

    Ke Liu discovered an integer overflow issue in the pdfium library.

    • \n
  • CVE-2017-5035\n

    Enzo Aguado discovered an issue with the omnibox.

    • \n
  • CVE-2017-5036\n

    A use-after-free issue was discovered in the pdfium library.

    • \n
  • CVE-2017-5037\n

    Yongke Wang discovered multiple out-of-bounds write issues.

    • \n
  • CVE-2017-5038\n

    A use-after-free issue was discovered in the guest view.

    • \n
  • CVE-2017-5039\n

    jinmo123 discovered a use-after-free issue in the pdfium library.

    • \n
  • CVE-2017-5040\n

    Choongwoo Han discovered an information disclosure issue in the v8\n javascript library.

    • \n
  • CVE-2017-5041\n

    Jordi Chancel discovered an address spoofing issue.

    • \n
  • CVE-2017-5042\n

    Mike Ruddy discovered incorrect handling of cookies.

    • \n
  • CVE-2017-5043\n

    Another use-after-free issue was discovered in the guest view.

    • \n
  • CVE-2017-5044\n

    Kushal Arvind Shah discovered a heap overflow issue in the skia\n library.

    • \n
  • CVE-2017-5045\n

    Dhaval Kapil discovered an information disclosure issue.

    • \n
  • CVE-2017-5046\n

    Masato Kinugawa discovered an information disclosure issue.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 57.0.2987.98-1~deb8u1.

\n

For the upcoming stable (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 57.0.2987.98-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3811": "
\n

Debian Security Advisory

\n

DSA-3811-1 wireshark -- security update

\n
\n
Date Reported:
\n
18 Mar 2017
\n
Affected Packages:
\n
\nwireshark\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5596, CVE-2017-5597, CVE-2017-6014, CVE-2017-6467, CVE-2017-6468, CVE-2017-6469, CVE-2017-6470, CVE-2017-6471, CVE-2017-6472, CVE-2017-6473, CVE-2017-6474.
\n
More information:
\n
\n

It was discovered that wireshark, a network protocol analyzer, contained\nseveral vulnerabilities in the dissectors for ASTERIX, DHCPv6,\nNetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to\nvarious crashes, denial-of-service or execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.12.1+g01b65bf-4+deb8u11.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.5+g440fd4d-2.

\n

We recommend that you upgrade your wireshark packages.

\n
\n
\n
\n
", "3812": "
\n

Debian Security Advisory

\n

DSA-3812-1 ioquake3 -- security update

\n
\n
Date Reported:
\n
18 Mar 2017
\n
Affected Packages:
\n
\nioquake3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-6903.
\n
More information:
\n
\n

It was discovered that ioquake3, a modified version of the ioQuake3 game\nengine performs insufficent restrictions on automatically downloaded\ncontent (pk3 files or game code), which allows malicious game servers to\nmodify configuration settings including driver settings.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.36+u20140802+gca9eebb-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.36+u20161101+dfsg1-2.

\n

We recommend that you upgrade your ioquake3 packages.

\n
\n
\n
\n
", "3813": "
\n

Debian Security Advisory

\n

DSA-3813-1 r-base -- security update

\n
\n
Date Reported:
\n
19 Mar 2017
\n
Affected Packages:
\n
\nr-base\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8714.
\n
More information:
\n
\n

Cory Duplantis discovered a buffer overflow in the R programming\nlanguage. A malformed encoding file may lead to the execution of\narbitrary code during PDF generation.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.1.1-1+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.3.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.3.3-1.

\n

We recommend that you upgrade your r-base packages.

\n
\n
\n
\n
", "3814": "
\n

Debian Security Advisory

\n

DSA-3814-1 audiofile -- security update

\n
\n
Date Reported:
\n
22 Mar 2017
\n
Affected Packages:
\n
\naudiofile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 857651.
In Mitre's CVE dictionary: CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the audiofile library,\nwhich may result in denial of service or the execution of arbitrary code\nif a malformed audio file is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.3.6-2+deb8u2.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 0.3.6-4.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.3.6-4.

\n

We recommend that you upgrade your audiofile packages.

\n
\n
\n
\n
", "3815": "
\n

Debian Security Advisory

\n

DSA-3815-1 wordpress -- security update

\n
\n
Date Reported:
\n
23 Mar 2017
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 857026.
In Mitre's CVE dictionary: CVE-2017-6814, CVE-2017-6815, CVE-2017-6816, CVE-2017-6817.
\n
More information:
\n
\n

Several vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to delete unintended files,\nmount Cross-Site Scripting attacks, or bypass redirect URL validation\nmechanisms.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u13.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 4.7.3+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3816": "
\n

Debian Security Advisory

\n

DSA-3816-1 samba -- security update

\n
\n
Date Reported:
\n
23 Mar 2017
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2619.
\n
More information:
\n
\n

Jann Horn of Google discovered a time-of-check, time-of-use race\ncondition in Samba, a SMB/CIFS file, print, and login server for Unix. A\nmalicious client can take advantage of this flaw by exploiting a symlink\nrace to access areas of the server file system not exported under a\nshare definition.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:4.2.14+dfsg-0+deb8u4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:4.5.6+dfsg-2.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3817": "
\n

Debian Security Advisory

\n

DSA-3817-1 jbig2dec -- security update

\n
\n
Date Reported:
\n
24 Mar 2017
\n
Affected Packages:
\n
\njbig2dec\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9601.
\n
More information:
\n
\n

Multiple security issues have been found in the JBIG2 decoder library,\nwhich may lead to lead to denial of service or the execution of arbitrary\ncode if a malformed image file (usually embedded in a PDF document) is\nopened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.13-4~deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 0.13-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.13-4.

\n

We recommend that you upgrade your jbig2dec packages.

\n
\n
\n
\n
", "3818": "
\n

Debian Security Advisory

\n

DSA-3818-1 gst-plugins-bad1.0 -- security update

\n
\n
Date Reported:
\n
27 Mar 2017
\n
Affected Packages:
\n
\ngst-plugins-bad1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media\nframework and its codecs and demuxers, which may result in denial of\nservice or the execution of arbitrary code if a malformed media file is\nopened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2.1+deb8u2.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 1.10.4-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.4-1.

\n

We recommend that you upgrade your gst-plugins-bad1.0 packages.

\n
\n
\n
\n
", "3819": "
\n

Debian Security Advisory

\n

DSA-3819-1 gst-plugins-base1.0 -- security update

\n
\n
Date Reported:
\n
27 Mar 2017
\n
Affected Packages:
\n
\ngst-plugins-base1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842, CVE-2017-5844.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media\nframework and its codecs and demuxers, which may result in denial of\nservice or the execution of arbitrary code if a malformed media file is\nopened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 1.10.4-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.4-1.

\n

We recommend that you upgrade your gst-plugins-base1.0 packages.

\n
\n
\n
\n
", "3820": "
\n

Debian Security Advisory

\n

DSA-3820-1 gst-plugins-good1.0 -- security update

\n
\n
Date Reported:
\n
27 Mar 2017
\n
Affected Packages:
\n
\ngst-plugins-good1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10198, CVE-2016-10199, CVE-2017-5840, CVE-2017-5841, CVE-2017-5845.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media\nframework and its codecs and demuxers, which may result in denial of\nservice or the execution of arbitrary code if a malformed media file is\nopened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u3.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 1.10.3-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.3-1.

\n

We recommend that you upgrade your gst-plugins-good1.0 packages.

\n
\n
\n
\n
", "3821": "
\n

Debian Security Advisory

\n

DSA-3821-1 gst-plugins-ugly1.0 -- security update

\n
\n
Date Reported:
\n
27 Mar 2017
\n
Affected Packages:
\n
\ngst-plugins-ugly1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5846, CVE-2017-5847.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media\nframework and its codecs and demuxers, which may result in denial of\nservice or the execution of arbitrary code if a malformed media file is\nopened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 1.10.4-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.10.4-1.

\n

We recommend that you upgrade your gst-plugins-ugly1.0 packages.

\n
\n
\n
\n
", "3822": "
\n

Debian Security Advisory

\n

DSA-3822-1 gstreamer1.0 -- security update

\n
\n
Date Reported:
\n
27 Mar 2017
\n
Affected Packages:
\n
\ngstreamer1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5838.
\n
More information:
\n
\n

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media\nframework and its codecs and demuxers, which may result in denial of\nservice or the execution of arbitrary code if a malformed media file is\nopened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.4-2+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1.10.3-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion version 1.10.3-1.

\n

We recommend that you upgrade your gstreamer1.0 packages.

\n
\n
\n
\n
", "3823": "
\n

Debian Security Advisory

\n

DSA-3823-1 eject -- security update

\n
\n
Date Reported:
\n
28 Mar 2017
\n
Affected Packages:
\n
\neject\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 858872.
In Mitre's CVE dictionary: CVE-2017-6964.
\n
More information:
\n
\n

Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to\ncheck if a given device is an encrypted device handled by devmapper, and\nused in eject, does not check return values from setuid() and setgid()\nwhen dropping privileges.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.1.5+deb1+cvs20081104-13.1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.1.5+deb1+cvs20081104-13.2.

\n

We recommend that you upgrade your eject packages.

\n
\n
\n
\n
", "3824": "
\n

Debian Security Advisory

\n

DSA-3824-1 firebird2.5 -- security update

\n
\n
Date Reported:
\n
29 Mar 2017
\n
Affected Packages:
\n
\nfirebird2.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 858641.
In Mitre's CVE dictionary: CVE-2017-6369.
\n
More information:
\n
\n

George Noseevich discovered that firebird2.5, a relational database\nsystem, did not properly check User-Defined Functions (UDF), thus\nallowing remote authenticated users to execute arbitrary code on the\nfirebird server.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.5.3.26778.ds4-5+deb8u1.

\n

We recommend that you upgrade your firebird2.5 packages.

\n
\n
\n
\n
", "3825": "
\n

Debian Security Advisory

\n

DSA-3825-1 jhead -- security update

\n
\n
Date Reported:
\n
31 Mar 2017
\n
Affected Packages:
\n
\njhead\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 858213.
In Mitre's CVE dictionary: CVE-2016-3822.
\n
More information:
\n
\n

It was discovered that jhead, a tool to manipulate the non-image part of\nEXIF compliant JPEG files, is prone to an out-of-bounds access\nvulnerability, which may result in denial of service or, potentially,\nthe execution of arbitrary code if an image with specially crafted EXIF\ndata is processed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.97-1+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1:3.00-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:3.00-4.

\n

We recommend that you upgrade your jhead packages.

\n
\n
\n
\n
", "3826": "
\n

Debian Security Advisory

\n

DSA-3826-1 tryton-server -- security update

\n
\n
Date Reported:
\n
04 Apr 2017
\n
Affected Packages:
\n
\ntryton-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-0360.
\n
More information:
\n
\n

It was discovered that the original patch to address CVE-2016-1242 did\nnot cover all cases, which may result in information disclosure of file\ncontents.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.0-3+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.2.1-2.

\n

We recommend that you upgrade your tryton-server packages.

\n
\n
\n
\n
", "3827": "
\n

Debian Security Advisory

\n

DSA-3827-1 jasper -- security update

\n
\n
Date Reported:
\n
07 Apr 2017
\n
Affected Packages:
\n
\njasper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9591, CVE-2016-10249, CVE-2016-10251.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the JasPer library for\nprocessing JPEG-2000 images, which may result in denial of service or\nthe execution of arbitrary code if a malformed image is processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.900.1-debian1-2.4+deb8u3.

\n

We recommend that you upgrade your jasper packages.

\n
\n
\n
\n
", "3828": "
\n

Debian Security Advisory

\n

DSA-3828-1 dovecot -- security update

\n
\n
Date Reported:
\n
10 Apr 2017
\n
Affected Packages:
\n
\ndovecot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860049.
In Mitre's CVE dictionary: CVE-2017-2669.
\n
More information:
\n
\n

It was discovered that the Dovecot email server is vulnerable to a\ndenial of service attack. When the dict passdb and userdb are used\nfor user authentication, the username sent by the IMAP/POP3 client is\nsent through var_expand() to perform %variable expansion. Sending\nspecially crafted %variable fields could result in excessive memory\nusage causing the process to crash (and restart).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.2.13-12~deb8u2.

\n

We recommend that you upgrade your dovecot packages.

\n
\n
\n
\n
", "3829": "
\n

Debian Security Advisory

\n

DSA-3829-1 bouncycastle -- security update

\n
\n
Date Reported:
\n
11 Apr 2017
\n
Affected Packages:
\n
\nbouncycastle\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-6644.
\n
More information:
\n
\n

Quan Nguyen discovered that a missing boundary check in the\nGalois/Counter mode implementation of Bouncy Castle (a Java\nimplementation of cryptographic algorithms) may result in information\ndisclosure.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.49+dfsg-3+deb8u2.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1.54-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.54-1.

\n

We recommend that you upgrade your bouncycastle packages.

\n
\n
\n
\n
", "3830": "
\n

Debian Security Advisory

\n

DSA-3830-1 icu -- security update

\n
\n
Date Reported:
\n
19 Apr 2017
\n
Affected Packages:
\n
\nicu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
\n
More information:
\n
\n

It was discovered that icu, the International Components for Unicode\nlibrary, did not correctly validate its input. An attacker could use\nthis problem to trigger an out-of-bound write through a heap-based\nbuffer overflow, thus causing a denial of service via application\ncrash, or potential execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.1-8+deb8u5.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 57.1-6.

\n

We recommend that you upgrade your icu packages.

\n
\n
\n
\n
", "3831": "
\n

Debian Security Advisory

\n

DSA-3831-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
20 Apr 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469.
\n
More information:
\n
\n

Multiple security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, information disclosure or denial of service.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 45.9.0esr-1~deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 45.9.0esr-1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3832": "
\n

Debian Security Advisory

\n

DSA-3832-1 icedove -- security update

\n
\n
Date Reported:
\n
20 Apr 2017
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396, CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410.
\n
More information:
\n
\n

Multiple security issues have been found in Thunderbird, which may may\nlead to the execution of arbitrary code or information leaks.

\n

With this update, the Icedove packages are de-branded back to the official\nMozilla branding. With the removing of the Debian branding the packages\nare also renamed back to the official names used by Mozilla.

\n

The Thunderbird package is using a different default profile folder,\nthe default profile folder is now '$(HOME)/.thunderbird'.\nThe users profile folder, that was used in Icedove, will get migrated\nto the new profile folder on the first start, that can take a little bit\nmore time.

\n

Please read README.Debian for getting more information about the\nchanges.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:45.8.0-3~deb8u1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3833": "
\n

Debian Security Advisory

\n

DSA-3833-1 libav -- security update

\n
\n
Date Reported:
\n
24 Apr 2017
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9821, CVE-2016-9822.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at \nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.9

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 6:11.9-1~deb8u1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "3834": "
\n

Debian Security Advisory

\n

DSA-3834-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
25 Apr 2017
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 854713, Bug 860544.
In Mitre's CVE dictionary: CVE-2017-3302, CVE-2017-3305, CVE-2017-3308, CVE-2017-3309, CVE-2017-3329, CVE-2017-3453, CVE-2017-3456, CVE-2017-3461, CVE-2017-3462, CVE-2017-3463, CVE-2017-3464, CVE-2017-3600.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.55, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:

\n\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.5.55-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3835": "
\n

Debian Security Advisory

\n

DSA-3835-1 python-django -- security update

\n
\n
Date Reported:
\n
26 Apr 2017
\n
Affected Packages:
\n
\npython-django\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 842856, Bug 859515, Bug 859516.
In Mitre's CVE dictionary: CVE-2016-9013, CVE-2016-9014, CVE-2017-7233, CVE-2017-7234.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Django, a high-level Python\nweb development framework. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2016-9013\n

    Marti Raudsepp reported that a user with a hardcoded password is\n created when running tests with an Oracle database.

    • \n
  • CVE-2016-9014\n

    Aymeric Augustin discovered that Django does not properly validate\n the Host header against settings.ALLOWED_HOSTS when the debug\n setting is enabled. A remote attacker can take advantage of this\n flaw to perform DNS rebinding attacks.

    • \n
  • CVE-2017-7233\n

    It was discovered that is_safe_url() does not properly handle\n certain numeric URLs as safe. A remote attacker can take advantage\n of this flaw to perform XSS attacks or to use a Django server as an\n open redirect.

    • \n
  • CVE-2017-7234\n

    Phithon from Chaitin Tech discovered an open redirect vulnerability\n in the django.views.static.serve() view. Note that this view is not\n intended for production use.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.7.11-1+deb8u2.

\n

We recommend that you upgrade your python-django packages.

\n
\n
\n
\n
", "3836": "
\n

Debian Security Advisory

\n

DSA-3836-1 weechat -- security update

\n
\n
Date Reported:
\n
27 Apr 2017
\n
Affected Packages:
\n
\nweechat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 861121.
In Mitre's CVE dictionary: CVE-2017-8073.
\n
More information:
\n
\n

It was discovered that weechat, a fast and light chat client, is prone\nto a buffer overflow vulnerability in the IRC plugin, allowing a remote\nattacker to cause a denial-of-service by sending a specially crafted\nfilename via DCC.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.0.1-1+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7-3.

\n

We recommend that you upgrade your weechat packages.

\n
\n
\n
\n
", "3837": "
\n

Debian Security Advisory

\n

DSA-3837-1 libreoffice -- security update

\n
\n
Date Reported:
\n
27 Apr 2017
\n
Affected Packages:
\n
\nlibreoffice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7870.
\n
More information:
\n
\n

It was discovered that a buffer overflow in processing Windows Metafiles\nmay result in denial of service or the execution of arbitrary code if\na malformed document is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:4.3.3-2+deb8u7.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1:5.2.5-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.2.5-1.

\n

We recommend that you upgrade your libreoffice packages.

\n
\n
\n
\n
", "3838": "
\n

Debian Security Advisory

\n

DSA-3838-1 ghostscript -- security update

\n
\n
Date Reported:
\n
28 Apr 2017
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 858350, Bug 859666, Bug 859694, Bug 859696, Bug 861295.
In Mitre's CVE dictionary: CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Ghostscript, the GPL\nPostScript/PDF interpreter, which may lead to the execution of arbitrary\ncode or denial of service if a specially crafted Postscript file is\nprocessed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.06~dfsg-2+deb8u5.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 9.20~dfsg-3.1 or earlier versions.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
\n
\n
", "3839": "
\n

Debian Security Advisory

\n

DSA-3839-1 freetype -- security update

\n
\n
Date Reported:
\n
28 Apr 2017
\n
Affected Packages:
\n
\nfreetype\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 856971, Bug 861220, Bug 861308.
In Mitre's CVE dictionary: CVE-2016-10244, CVE-2017-8105, CVE-2017-8287.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Freetype. Opening malformed\nfonts may result in denial of service or the execution of arbitrary\ncode.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.5.2-3+deb8u2.

\n

We recommend that you upgrade your freetype packages.

\n
\n
\n
\n
", "3840": "
\n

Debian Security Advisory

\n

DSA-3840-1 mysql-connector-java -- security update

\n
\n
Date Reported:
\n
02 May 2017
\n
Affected Packages:
\n
\nmysql-connector-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3523.
\n
More information:
\n
\n

Thijs Alkemade discovered that unexpected automatic deserialisation of\nJava objects in the MySQL Connector/J JDBC driver may result in the\nexecution of arbitary code. For additional details, please refer to the\nadvisory at\nhttps://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.1.41-1~deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 5.1.41-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.1.41-1.

\n

We recommend that you upgrade your mysql-connector-java packages.

\n
\n
\n
\n
", "3841": "
\n

Debian Security Advisory

\n

DSA-3841-1 libxstream-java -- security update

\n
\n
Date Reported:
\n
02 May 2017
\n
Affected Packages:
\n
\nlibxstream-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7957.
\n
More information:
\n
\n

It was discovered that XStream, a Java library to serialise objects to\nXML and back again, was suspectible to denial of service during\nunmarshalling.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.7-2+deb8u2.

\n

For the upcoming stable distribution (stretch), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.9-2.

\n

We recommend that you upgrade your libxstream-java packages.

\n
\n
\n
\n
", "3842": "
\n

Debian Security Advisory

\n

DSA-3842-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
03 May 2017
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5647, CVE-2017-5648.
\n
More information:
\n
\n

Two vulnerabilities were discovered in tomcat7, a servlet and JSP\nengine.

\n
    \n
  • CVE-2017-5647\n

    Pipelined requests were processed incorrectly, which could result in\n some responses appearing to be sent for the wrong request.

    • \n
  • CVE-2017-5648\n

    Some application listeners calls were issued against the wrong\n objects, allowing untrusted applications running under a\n SecurityManager to bypass that protection mechanism and access or\n modify information associated with other web applications.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u10.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 7.0.72-3.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3843": "
\n

Debian Security Advisory

\n

DSA-3843-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
03 May 2017
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860068, Bug 860069.
In Mitre's CVE dictionary: CVE-2017-5647, CVE-2017-5648.
\n
More information:
\n
\n

Two vulnerabilities were discovered in tomcat8, a servlet and JSP\nengine.

\n
    \n
  • CVE-2017-5647\n

    Pipelined requests were processed incorrectly, which could result in\n some responses appearing to be sent for the wrong request.

    • \n
  • CVE-2017-5648\n

    Some application listeners calls were issued against the wrong\n objects, allowing untrusted applications running under a\n SecurityManager to bypass that protection mechanism and access or\n modify information associated with other web applications.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8.0.14-1+deb8u9.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 8.5.11-2.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3844": "
\n

Debian Security Advisory

\n

DSA-3844-1 tiff -- security update

\n
\n
Date Reported:
\n
03 May 2017
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-3658, CVE-2016-9535, CVE-2016-10266, CVE-2016-10267, CVE-2016-10269, CVE-2016-10270, CVE-2017-5225, CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service, memory\ndisclosure or the execution of arbitrary code.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.0.3-12.3+deb8u3.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.0.7-6.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.7-6.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "3845": "
\n

Debian Security Advisory

\n

DSA-3845-1 libtirpc -- security update

\n
\n
Date Reported:
\n
08 May 2017
\n
Affected Packages:
\n
\nlibtirpc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-8779.
\n
More information:
\n
\n

Guido Vranken discovered that incorrect memory management in libtirpc,\na transport-independent RPC library used by rpcbind and other programs\nmay result in denial of service via memory exhaustion (depending on\nmemory management settings).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.5-1+deb8u1 of libtirpc and version 0.2.1-6+deb8u2 of rpcbind.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.5-1.2 and version 0.2.3-0.6 of rpcbind.

\n

We recommend that you upgrade your libtirpc packages.

\n
\n
\n
\n
", "3846": "
\n

Debian Security Advisory

\n

DSA-3846-1 libytnef -- security update

\n
\n
Date Reported:
\n
09 May 2017
\n
Affected Packages:
\n
\nlibytnef\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-6298, CVE-2017-6299, CVE-2017-6300, CVE-2017-6301, CVE-2017-6302, CVE-2017-6303, CVE-2017-6304, CVE-2017-6305, CVE-2017-6306, CVE-2017-6800, CVE-2017-6801, CVE-2017-6802.
\n
More information:
\n
\n

Several issues were discovered in libytnef, a library used to decode\napplication/ms-tnef e-mail attachments. Multiple heap overflows,\nout-of-bound writes and reads, NULL pointer dereferences and infinite\nloops could be exploited by tricking a user into opening a maliciously\ncrafted winmail.dat file.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.5-6+deb8u1.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 1.9.2-1.

\n

We recommend that you upgrade your libytnef packages.

\n
\n
\n
\n
", "3847": "
\n

Debian Security Advisory

\n

DSA-3847-1 xen -- security update

\n
\n
Date Reported:
\n
09 May 2017
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9932, CVE-2016-10013, CVE-2016-10024, CVE-2017-7228.
\n
More information:
\n
\n

Jan Beulich and Jann Horn discovered multiple vulnerabilities in the Xen\nhypervisor, which may lead to privilege escalation, guest-to-host\nbreakout, denial of service or information leaks.

\n

In additional to the CVE identifiers listed above, this update also\naddresses the vulnerabilities announced as XSA-213, XSA-214 and XSA-215.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.4.1-9+deb8u9.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.8.1-1+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.8.1-1+deb9u1.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3848": "
\n

Debian Security Advisory

\n

DSA-3848-1 git -- security update

\n
\n
Date Reported:
\n
10 May 2017
\n
Affected Packages:
\n
\ngit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-8386.
\n
More information:
\n
\n

Timo Schmid of ERNW GmbH discovered that the Git git-shell, a restricted\nlogin shell for Git-only SSH access, allows a user to run an interactive\npager by causing it to spawn \"git upload-pack --help\".

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:2.1.4-2.1+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.11.0-3.

\n

We recommend that you upgrade your git packages.

\n
\n
\n
\n
", "3849": "
\n

Debian Security Advisory

\n

DSA-3849-1 kde4libs -- security update

\n
\n
Date Reported:
\n
12 May 2017
\n
Affected Packages:
\n
\nkde4libs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 856890.
In Mitre's CVE dictionary: CVE-2017-6410, CVE-2017-8422.
\n
More information:
\n
\n

Several vulnerabilities were discovered in kde4libs, the core libraries\nfor all KDE 4 applications. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2017-6410\n

    Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs\n reported that URLs are not sanitized before passing them to\n FindProxyForURL, potentially allowing a remote attacker to obtain\n sensitive information via a crafted PAC file.

    • \n
  • CVE-2017-8422\n

    Sebastian Krahmer from SUSE discovered that the KAuth framework\n contains a logic flaw in which the service invoking dbus is not\n properly checked. This flaw allows spoofing the identity of the\n caller and gaining root privileges from an unprivileged account.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4:4.14.2-5+deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4:4.14.26-2.

\n

We recommend that you upgrade your kde4libs packages.

\n
\n
\n
\n
", "3850": "
\n

Debian Security Advisory

\n

DSA-3850-1 rtmpdump -- security update

\n
\n
Date Reported:
\n
12 May 2017
\n
Affected Packages:
\n
\nrtmpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8270, CVE-2015-8271, CVE-2015-8272.
\n
More information:
\n
\n

Dave McDaniel discovered multiple vulnerabilities in rtmpdump, a small\ndumper/library for RTMP media streams, which may result in denial of\nservice or the execution of arbitrary code if a malformed stream is\ndumped.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2.4+20150115.gita107cef-1+deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 2.4+20151223.gitfa8646d.1-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4+20151223.gitfa8646d.1-1.

\n

We recommend that you upgrade your rtmpdump packages.

\n
\n
\n
\n
", "3851": "
\n

Debian Security Advisory

\n

DSA-3851-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
12 May 2017
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7484, CVE-2017-7485, CVE-2017-7486.
\n
More information:
\n
\n

Several vulnerabilities have been found in the PostgreSQL database\nsystem:

\n
    \n
  • CVE-2017-7484\n

    Robert Haas discovered that some selectivity estimators did not\n validate user privileges which could result in information\n disclosure.

    • \n
  • CVE-2017-7485\n

    Daniel Gustafsson discovered that the PGREQUIRESSL environment\n variable did no longer enforce a TLS connection.

    • \n
  • CVE-2017-7486\n

    Andrew Wheelwright discovered that user mappings were insufficiently\n restricted.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 9.4.12-0+deb8u1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3852": "
\n

Debian Security Advisory

\n

DSA-3852-1 squirrelmail -- security update

\n
\n
Date Reported:
\n
13 May 2017
\n
Affected Packages:
\n
\nsquirrelmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7692.
\n
More information:
\n
\n

Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a\nwebmail application, incorrectly handled a user-supplied value. This\nwould allow a logged-in user to run arbitrary commands on the server.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:1.4.23~svn20120406-2+deb8u1.

\n

We recommend that you upgrade your squirrelmail packages.

\n
\n
\n
\n
", "3853": "
\n

Debian Security Advisory

\n

DSA-3853-1 bitlbee -- security update

\n
\n
Date Reported:
\n
15 May 2017
\n
Affected Packages:
\n
\nbitlbee\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10188, CVE-2016-10189.
\n
More information:
\n
\n

It was discovered that bitlbee, an IRC to other chat networks gateway,\ncontained issues that allowed a remote attacker to cause a denial of\nservice (via application crash), or potentially execute arbitrary\ncommands.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 3.2.2-2+deb8u1.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 3.5-1.

\n

We recommend that you upgrade your bitlbee packages.

\n
\n
\n
\n
", "3854": "
\n

Debian Security Advisory

\n

DSA-3854-1 bind9 -- security update

\n
\n
Date Reported:
\n
14 May 2017
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860224, Bug 860225, Bug 860226.
In Mitre's CVE dictionary: CVE-2017-3136, CVE-2017-3137, CVE-2017-3138.
\n
More information:
\n
\n

Several vulnerabilities were discovered in BIND, a DNS server\nimplementation. The Common Vulnerabilities and Exposures project\nidentifies the following problems:

\n
    \n
  • CVE-2017-3136\n

    Oleg Gorokhov of Yandex discovered that BIND does not properly\n handle certain queries when using DNS64 with the \"break-dnssec yes;\"\n option, allowing a remote attacker to cause a denial-of-service.

    • \n
  • CVE-2017-3137\n

    It was discovered that BIND makes incorrect assumptions about the\n ordering of records in the answer section of a response containing\n CNAME or DNAME resource records, leading to situations where BIND\n exits with an assertion failure. An attacker can take advantage of\n this condition to cause a denial-of-service.

    • \n
  • CVE-2017-3138\n

    Mike Lalumiere of Dyn, Inc. discovered that BIND can exit with a\n REQUIRE assertion failure if it receives a null command string on\n its control channel. Note that the fix applied in Debian is only\n applied as a hardening measure. Details about the issue can be found\n at https://kb.isc.org/article/AA-01471 .

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:9.9.5.dfsg-9+deb8u11.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1:9.10.3.dfsg.P4-12.3.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3855": "
\n

Debian Security Advisory

\n

DSA-3855-1 jbig2dec -- security update

\n
\n
Date Reported:
\n
18 May 2017
\n
Affected Packages:
\n
\njbig2dec\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860460, Bug 860787, Bug 860788.
In Mitre's CVE dictionary: CVE-2017-7885, CVE-2017-7975, CVE-2017-7976.
\n
More information:
\n
\n

Multiple security issues have been found in the JBIG2 decoder library,\nwhich may lead to denial of service, disclosure of sensitive information\nfrom process memory or the execution of arbitrary code if a malformed\nimage file (usually embedded in a PDF document) is opened.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.13-4~deb8u2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.13-4.1.

\n

We recommend that you upgrade your jbig2dec packages.

\n
\n
\n
\n
", "3856": "
\n

Debian Security Advisory

\n

DSA-3856-1 deluge -- security update

\n
\n
Date Reported:
\n
18 May 2017
\n
Affected Packages:
\n
\ndeluge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7178, CVE-2017-9031.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in the web interface of the\nDeluge BitTorrent client (directory traversal and cross-site request\nforgery).

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1.3.10-3+deb8u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.3.13+git20161130.48cedf63-3.

\n

We recommend that you upgrade your deluge packages.

\n
\n
\n
\n
", "3857": "
\n

Debian Security Advisory

\n

DSA-3857-1 mysql-connector-java -- security update

\n
\n
Date Reported:
\n
18 May 2017
\n
Affected Packages:
\n
\nmysql-connector-java\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3586, CVE-2017-3589.
\n
More information:
\n
\n

Two vulnerabilities have been found in the MySQL Connector/J JDBC driver.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.1.42-1~deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 5.1.42-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.1.42-1.

\n

We recommend that you upgrade your mysql-connector-java packages.

\n
\n
\n
\n
", "3858": "
\n

Debian Security Advisory

\n

DSA-3858-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
19 May 2017
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in privilege\nescalation, denial of service, newline injection in SMTP or use of\ninsecure cryptography.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 7u131-2.6.9-2~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3859": "
\n

Debian Security Advisory

\n

DSA-3859-1 dropbear -- security update

\n
\n
Date Reported:
\n
19 May 2017
\n
Affected Packages:
\n
\ndropbear\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9078, CVE-2017-9079.
\n
More information:
\n
\n

Two vulnerabilities were found in Dropbear, a lightweight SSH2 server\nand client:

\n
    \n
  • CVE-2017-9078\n

    Mark Shepard discovered a double free in the TCP listener cleanup\n which could result in denial of service by an authenticated user if\n Dropbear is running with the \"-a\" option.

    • \n
  • CVE-2017-9079\n

    Jann Horn discovered a local information leak in parsing the\n .authorized_keys file.

    • \n
\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2014.65-1+deb8u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your dropbear packages.

\n
\n
\n
\n
", "3860": "
\n

Debian Security Advisory

\n

DSA-3860-1 samba -- security update

\n
\n
Date Reported:
\n
24 May 2017
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7494.
\n
More information:
\n
\n

steelo discovered a remote code execution vulnerability in Samba, a\nSMB/CIFS file, print, and login server for Unix. A malicious client with\naccess to a writable share, can take advantage of this flaw by uploading\na shared library and then cause the server to load and execute it.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2:4.2.14+dfsg-0+deb8u6.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3861": "
\n

Debian Security Advisory

\n

DSA-3861-1 libtasn1-6 -- security update

\n
\n
Date Reported:
\n
24 May 2017
\n
Affected Packages:
\n
\nlibtasn1-6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863186.
In Mitre's CVE dictionary: CVE-2017-6891.
\n
More information:
\n
\n

Jakub Jirasek of Secunia Research discovered that libtasn1, a library\nused to handle Abstract Syntax Notation One structures, did not\nproperly validate its input. This would allow an attacker to cause a\ncrash by denial-of-service, or potentially execute arbitrary code, by\ntricking a user into processing a maliciously crafted assignments\nfile.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 4.2-3+deb8u3.

\n

We recommend that you upgrade your libtasn1-6 packages.

\n
\n
\n
\n
", "3862": "
\n

Debian Security Advisory

\n

DSA-3862-1 puppet -- security update

\n
\n
Date Reported:
\n
25 May 2017
\n
Affected Packages:
\n
\npuppet\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2295.
\n
More information:
\n
\n

It was discovered that unrestricted YAML deserialisation of data sent\nfrom agents to the server in the Puppet configuration management system\ncould result in the execution of arbitrary code.

\n

Note that this fix breaks backward compability with Puppet agents older\nthan 3.2.2 and there is no safe way to restore it. This affects puppet\nagents running on Debian wheezy; we recommend to update to the\npuppet version shipped in wheezy-backports.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.7.2-4+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 4.8.2-5.

\n

We recommend that you upgrade your puppet packages.

\n
\n
\n
\n
", "3863": "
\n

Debian Security Advisory

\n

DSA-3863-1 imagemagick -- security update

\n
\n
Date Reported:
\n
25 May 2017
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860736, Bug 862577, Bug 859771, Bug 859769, Bug 860734, Bug 862572, Bug 862574, Bug 862573.
In Mitre's CVE dictionary: CVE-2017-7606, CVE-2017-7619, CVE-2017-7941, CVE-2017-7943, CVE-2017-8343, CVE-2017-8344, CVE-2017-8345, CVE-2017-8346, CVE-2017-8347, CVE-2017-8348, CVE-2017-8349, CVE-2017-8350, CVE-2017-8351, CVE-2017-8352, CVE-2017-8353, CVE-2017-8354, CVE-2017-8355, CVE-2017-8356, CVE-2017-8357, CVE-2017-8765, CVE-2017-8830, CVE-2017-9098, CVE-2017-9141, CVE-2017-9142, CVE-2017-9143, CVE-2017-9144.
\n
More information:
\n
\n

This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising\nmay result in denial of service, memory disclosure or the execution of\narbitrary code if malformed RLE, ART, JNG, DDS, BMP, ICO, EPT, SUN, MTV,\nPICT, XWD, PCD, SFW, MAT, EXR, DCM, MNG, PCX or SVG files are processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 8:6.8.9.9-5+deb8u9.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 8:6.9.7.4+dfsg-8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-8.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3864": "
\n

Debian Security Advisory

\n

DSA-3864-1 fop -- security update

\n
\n
Date Reported:
\n
27 May 2017
\n
Affected Packages:
\n
\nfop\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5661.
\n
More information:
\n
\n

It was discovered that an XML external entities vulnerability in the\nApache FOP XML formatter may result in information disclosure.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1:1.1.dfsg2-1+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1:2.1-6.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.1-6.

\n

We recommend that you upgrade your fop packages.

\n
\n
\n
\n
", "3865": "
\n

Debian Security Advisory

\n

DSA-3865-1 mosquitto -- security update

\n
\n
Date Reported:
\n
29 May 2017
\n
Affected Packages:
\n
\nmosquitto\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7650.
\n
More information:
\n
\n

It was discovered that pattern-based ACLs in the Mosquitto MQTT broker\ncould be bypassed.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.3.4-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.10-3.

\n

We recommend that you upgrade your mosquitto packages.

\n
\n
\n
\n
", "3866": "
\n

Debian Security Advisory

\n

DSA-3866-1 strongswan -- security update

\n
\n
Date Reported:
\n
30 May 2017
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9022, CVE-2017-9023.
\n
More information:
\n
\n

Two denial of service vulnerabilities were identified in strongSwan, an\nIKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.

\n
    \n
  • CVE-2017-9022\n

    RSA public keys passed to the gmp plugin aren't validated sufficiently\n before attempting signature verification, so that invalid input might\n lead to a floating point exception and crash of the process.\n A certificate with an appropriately prepared public key sent by a peer\n could be used for a denial-of-service attack.

    • \n
  • CVE-2017-9023\n

    ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when\n parsing X.509 certificates with extensions that use such types. This could\n lead to infinite looping of the thread parsing a specifically crafted\n certificate.

    • \n
\n

A fix for a build failure was additionally included in the 5.2.1-6+deb8u4\nrevision of the strongSwan package.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 5.2.1-6+deb8u3.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 5.5.1-4

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.5.1-4.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "3867": "
\n

Debian Security Advisory

\n

DSA-3867-1 sudo -- security update

\n
\n
Date Reported:
\n
30 May 2017
\n
Affected Packages:
\n
\nsudo\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863731.
In Mitre's CVE dictionary: CVE-2017-1000367.
\n
More information:
\n
\n

The Qualys Security team discovered that sudo, a program designed to\nprovide limited super user privileges to specific users, does not\nproperly parse \"/proc/[pid]/stat\" to read the device number of the tty\nfrom field 7 (tty_nr). A sudoers user can take advantage of this flaw on\nan SELinux-enabled system to obtain full root privileges.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.8.10p3-1+deb8u4.

\n

We recommend that you upgrade your sudo packages.

\n
\n
\n
\n
", "3868": "
\n

Debian Security Advisory

\n

DSA-3868-1 openldap -- security update

\n
\n
Date Reported:
\n
30 May 2017
\n
Affected Packages:
\n
\nopenldap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863563.
In Mitre's CVE dictionary: CVE-2017-9287.
\n
More information:
\n
\n

Karsten Heymann discovered that the OpenLDAP directory server can be\ncrashed by performing a paged search with a page size of 0, resulting in\ndenial of service. This vulnerability is limited to the MDB storage\nbackend.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 2.4.40+dfsg-1+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.44+dfsg-5.

\n

We recommend that you upgrade your openldap packages.

\n
\n
\n
\n
", "3869": "
\n

Debian Security Advisory

\n

DSA-3869-1 tnef -- security update

\n
\n
Date Reported:
\n
01 Jun 2017
\n
Affected Packages:
\n
\ntnef\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 862442.
In Mitre's CVE dictionary: CVE-2017-8911.
\n
More information:
\n
\n

It was discovered that tnef, a tool used to unpack MIME attachments of\ntype \"application/ms-tnef\", did not correctly validate its input. An\nattacker could exploit this by tricking a user into opening a\nmalicious attachment, which would result in a denial-of-service by\napplication crash.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.4.9-1+deb8u3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.4.12-1.2.

\n

We recommend that you upgrade your tnef packages.

\n
\n
\n
\n
", "3870": "
\n

Debian Security Advisory

\n

DSA-3870-1 wordpress -- security update

\n
\n
Date Reported:
\n
01 Jun 2017
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 862053, Bug 862816.
In Mitre's CVE dictionary: CVE-2017-8295, CVE-2017-9061, CVE-2017-9062, CVE-2017-9063, CVE-2017-9064, CVE-2017-9065.
\n
More information:
\n
\n

Several vulnerabilities were discovered in wordpress, a web blogging\ntool. They would allow remote attackers to force password resets, and\nperform various cross-site scripting and cross-site request forgery\nattacks.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1+dfsg-1+deb8u14.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 4.7.5+dfsg-1.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3871": "
\n

Debian Security Advisory

\n

DSA-3871-1 zookeeper -- security update

\n
\n
Date Reported:
\n
01 Jun 2017
\n
Affected Packages:
\n
\nzookeeper\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5637.
\n
More information:
\n
\n

It was discovered that Zookeeper, a service for maintaining\nconfiguration information, didn't restrict access to the computationally\nexpensive wchp/wchc commands which could result in denial of service by\nelevated CPU consumption.

\n

This update disables those two commands by default. The new\nconfiguration option 4lw.commands.whitelist can be used to whitelist\ncommands selectively (and the full set of commands can be restored\nwith '*')

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.4.5+dfsg-2+deb8u2.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your zookeeper packages.

\n
\n
\n
\n
", "3872": "
\n

Debian Security Advisory

\n

DSA-3872-1 nss -- security update

\n
\n
Date Reported:
\n
01 Jun 2017
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5461, CVE-2017-5462, CVE-2017-7502.
\n
More information:
\n
\n

Several vulnerabilities were discovered in NSS, a set of cryptographic\nlibraries, which may result in denial of service or information\ndisclosure.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 2:3.26-1+debu8u2.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3873": "
\n

Debian Security Advisory

\n

DSA-3873-1 perl -- security update

\n
\n
Date Reported:
\n
05 Jun 2017
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863870.
In Mitre's CVE dictionary: CVE-2017-6512.
\n
More information:
\n
\n

The cPanel Security Team reported a time of check to time of use\n(TOCTTOU) race condition flaw in File::Path, a core module from Perl to\ncreate or remove directory trees. An attacker can take advantage of this\nflaw to set the mode on an attacker-chosen file to a attacker-chosen\nvalue.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 5.20.2-3+deb8u7.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 5.24.1-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.24.1-3.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "3874": "
\n

Debian Security Advisory

\n

DSA-3874-1 ettercap -- security update

\n
\n
Date Reported:
\n
09 Jun 2017
\n
Affected Packages:
\n
\nettercap\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 857035, Bug 861604.
In Mitre's CVE dictionary: CVE-2017-6430, CVE-2017-8366.
\n
More information:
\n
\n

Agostino Sarubbo and AromalUllas discovered that ettercap, a network\nsecurity tool for traffic interception, contains vulnerabilities that\nallowed an attacker able to provide maliciously crafted filters to\ncause a denial-of-service via application crash.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 1:0.8.1-3+deb8u1.

\n

For the upcoming stable (stretch) and unstable (sid) distributions,\nthese problems have been fixed in version 1:0.8.2-4.

\n

We recommend that you upgrade your ettercap packages.

\n
\n
\n
\n
", "3875": "
\n

Debian Security Advisory

\n

DSA-3875-1 libmwaw -- security update

\n
\n
Date Reported:
\n
09 Jun 2017
\n
Affected Packages:
\n
\nlibmwaw\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9433.
\n
More information:
\n
\n

It was discovered that a buffer overflow in libmwaw, a library to open\nold Mac text documents might result in the execution of arbitrary code\nif a malformed document is opened.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.3.1-2+deb8u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.3.9-2.

\n

We recommend that you upgrade your libmwaw packages.

\n
\n
\n
\n
", "3876": "
\n

Debian Security Advisory

\n

DSA-3876-1 otrs2 -- security update

\n
\n
Date Reported:
\n
09 Jun 2017
\n
Affected Packages:
\n
\notrs2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9324.
\n
More information:
\n
\n

Joerg-Thomas Vogt discovered that the SecureMode was insufficiently\nvalidated in the OTRS ticket system, which could allow agents to\nescalate their privileges.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.3.9-3+deb8u1.

\n

For the upcoming stable distribution (stretch), this problem will be\nfixed soon.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.0.20-1.

\n

We recommend that you upgrade your otrs2 packages.

\n
\n
\n
\n
", "3877": "
\n

Debian Security Advisory

\n

DSA-3877-1 tor -- security update

\n
\n
Date Reported:
\n
10 Jun 2017
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864424.
In Mitre's CVE dictionary: CVE-2017-0376.
\n
More information:
\n
\n

It has been discovered that Tor, a connection-based low-latency\nanonymous communication system, contain a flaw in the hidden service\ncode when receiving a BEGIN_DIR cell on a hidden service rendezvous\ncircuit. A remote attacker can take advantage of this flaw to cause a\nhidden service to crash with an assertion failure (TROVE-2017-005).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.2.5.14-1.

\n

For the upcoming stable distribution (stretch), this problem will be\nfixed in version 0.2.9.11-1~deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.2.9.11-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3878": "
\n

Debian Security Advisory

\n

DSA-3878-1 zziplib -- security update

\n
\n
Date Reported:
\n
12 Jun 2017
\n
Affected Packages:
\n
\nzziplib\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978, CVE-2017-5979, CVE-2017-5980, CVE-2017-5981.
\n
More information:
\n
\n

Agostino Sarubbo discovered multiple vulnerabilities in zziplib, a\nlibrary to access Zip archives, which could result in denial of service\nand potentially the execution of arbitrary code if a malformed archive\nis processed.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 0.13.62-3+deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 0.13.62-3.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 0.13.62-3.1.

\n

We recommend that you upgrade your zziplib packages.

\n
\n
\n
\n
", "3879": "
\n

Debian Security Advisory

\n

DSA-3879-1 libosip2 -- security update

\n
\n
Date Reported:
\n
13 Jun 2017
\n
Affected Packages:
\n
\nlibosip2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10324, CVE-2016-10325, CVE-2016-10326, CVE-2017-7853.
\n
More information:
\n
\n

Multiple security vulnerabilities have been found in oSIP, a library\nimplementing the Session Initiation Protocol, which might result in\ndenial of service through malformed SIP messages.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.1.0-2+deb8u1.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.1.0-2.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.1.0-2.1.

\n

We recommend that you upgrade your libosip2 packages.

\n
\n
\n
\n
", "3880": "
\n

Debian Security Advisory

\n

DSA-3880-1 libgcrypt20 -- security update

\n
\n
Date Reported:
\n
14 Jun 2017
\n
Affected Packages:
\n
\nlibgcrypt20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9526.
\n
More information:
\n
\n

It was discovered that a side channel attack in the EdDSA session key\nhandling in Libgcrypt may result in information disclosure.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 1.6.3-2+deb8u3.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 1.7.6-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.6-2.

\n

We recommend that you upgrade your libgcrypt20 packages.

\n
\n
\n
\n
", "3881": "
\n

Debian Security Advisory

\n

DSA-3881-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
14 Jun 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778.
\n
More information:
\n
\n

Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer overflows\nand other implementation errors may lead to the execution of arbitrary\ncode, denial of service or domain spoofing.

\n

Debian follows the extended support releases (ESR) of Firefox. Support\nfor the 45.x series has ended, so starting with this update we're now\nfollowing the 52.x releases.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 52.2.0esr-1~deb8u1.

\n

For the upcoming stable distribution (stretch), these problems will be\nfixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 52.2.0esr-1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3882": "
\n

Debian Security Advisory

\n

DSA-3882-1 request-tracker4 -- security update

\n
\n
Date Reported:
\n
15 Jun 2017
\n
Affected Packages:
\n
\nrequest-tracker4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-6127, CVE-2017-5361, CVE-2017-5943, CVE-2017-5944.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Request Tracker, an\nextensible trouble-ticket tracking system. The Common Vulnerabilities\nand Exposures project identifies the following problems:

\n
    \n
  • CVE-2016-6127\n

    It was discovered that Request Tracker is vulnerable to a cross-site\n scripting (XSS) attack if an attacker uploads a malicious file with\n a certain content type. Installations which use the\n AlwaysDownloadAttachments config setting are unaffected by this\n flaw. The applied fix addresses all existant and future uploaded\n attachments.

    • \n
  • CVE-2017-5361\n

    It was discovered that Request Tracker is vulnerable to timing\n side-channel attacks for user passwords.

    • \n
  • CVE-2017-5943\n

    It was discovered that Request Tracker is prone to an information\n leak of cross-site request forgery (CSRF) verification tokens if a\n user is tricked into visiting a specially crafted URL by an\n attacker.

    • \n
  • CVE-2017-5944\n

    It was discovered that Request Tracker is prone to a remote code\n execution vulnerability in the dashboard subscription interface. A\n privileged attacker can take advantage of this flaw through\n carefully-crafted saved search names to cause unexpected code to be\n executed. The applied fix addresses all existant and future saved\n searches.

    \n
\n

Additionally to the above mentioned CVEs, this update workarounds\nCVE-2015-7686\nin Email::Address which could induce a denial of service\nof Request Tracker itself.

\n

For the stable distribution (jessie), these problems have been fixed in\nversion 4.2.8-3+deb8u2.

\n

For the upcoming stable distribution (stretch), these problems have been\nfixed in version 4.4.1-3+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.4.1-4.

\n

We recommend that you upgrade your request-tracker4 packages.

\n
\n
\n
\n
", "3883": "
\n

Debian Security Advisory

\n

DSA-3883-1 rt-authen-externalauth -- security update

\n
\n
Date Reported:
\n
15 Jun 2017
\n
Affected Packages:
\n
\nrt-authen-externalauth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5361.
\n
More information:
\n
\n

It was discovered that RT::Authen::ExternalAuth, an external\nauthentication module for Request Tracker, is vulnerable to timing\nside-channel attacks for user passwords. Only ExternalAuth in DBI\n(database) mode is vulnerable.

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 0.25-1+deb8u1.

\n

We recommend that you upgrade your rt-authen-externalauth packages.

\n
\n
\n
\n
", "3884": "
\n

Debian Security Advisory

\n

DSA-3884-1 gnutls28 -- security update

\n
\n
Date Reported:
\n
16 Jun 2017
\n
Affected Packages:
\n
\ngnutls28\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864560.
In Mitre's CVE dictionary: CVE-2017-7507.
\n
More information:
\n
\n

Hubert Kario discovered that GnuTLS, a library implementing the TLS and\nSSL protocols, does not properly decode a status response TLS extension,\nallowing a remote attacker to cause an application using the GnuTLS\nlibrary to crash (denial of service).

\n

For the stable distribution (jessie), this problem has been fixed in\nversion 3.3.8-6+deb8u6.

\n

For the upcoming stable distribution (stretch), this problem has been\nfixed in version 3.5.8-5+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.5.8-6.

\n

We recommend that you upgrade your gnutls28 packages.

\n
\n
\n
\n
", "3885": "
\n

Debian Security Advisory

\n

DSA-3885-1 irssi -- security update

\n
\n
Date Reported:
\n
18 Jun 2017
\n
Affected Packages:
\n
\nirssi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864400.
In Mitre's CVE dictionary: CVE-2017-9468, CVE-2017-9469.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2017-9468\n

    Joseph Bisch discovered that Irssi does not properly handle DCC\n messages without source nick/host. A malicious IRC server can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.

    • \n
  • CVE-2017-9469\n

    Joseph Bisch discovered that Irssi does not properly handle\n receiving incorrectly quoted DCC files. A remote attacker can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 0.8.17-1+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-1+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.3-1.

\n

We recommend that you upgrade your irssi packages.

\n
\n
\n
\n
", "3886": "
\n

Debian Security Advisory

\n

DSA-3886-1 linux -- security update

\n
\n
Date Reported:
\n
19 Jun 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7487, CVE-2017-7645, CVE-2017-7895, CVE-2017-8064, CVE-2017-8890, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242, CVE-2017-1000364.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2017-7487\n

    Li Qiang reported a reference counter leak in the ipxitf_ioctl\n function which may result into a use-after-free vulnerability,\n triggerable when a IPX interface is configured.

    • \n
  • CVE-2017-7645\n

    Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that\n the NFSv2 and NFSv3 server implementations are vulnerable to an\n out-of-bounds memory access issue while processing arbitrarily long\n arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of\n service.

    • \n
  • CVE-2017-7895\n

    Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3\n server implementations do not properly handle payload bounds\n checking of WRITE requests. A remote attacker with write access to a\n NFS mount can take advantage of this flaw to read chunks of\n arbitrary memory from both kernel-space and user-space.

    • \n
  • CVE-2017-8064\n

    Arnd Bergmann found that the DVB-USB core misused the device\n logging system, resulting in a use-after-free vulnerability, with\n unknown security impact.

    • \n
  • CVE-2017-8890\n

    It was discovered that the net_csk_clone_lock() function allows a\n remote attacker to cause a double free leading to a denial of\n service or potentially have other impact.

    • \n
  • CVE-2017-8924\n

    Johan Hovold found that the io_ti USB serial driver could leak\n sensitive information if a malicious USB device was connected.

    • \n
  • CVE-2017-8925\n

    Johan Hovold found a reference counter leak in the omninet USB\n serial driver, resulting in a use-after-free vulnerability. This\n can be triggered by a local user permitted to open tty devices.

    • \n
  • CVE-2017-9074\n

    Andrey Konovalov reported that the IPv6 fragmentation\n implementation could read beyond the end of a packet buffer. A\n local user or guest VM might be able to use this to leak sensitive\n information or to cause a denial of service (crash).

    • \n
  • CVE-2017-9075\n

    Andrey Konovalov reported that the SCTP/IPv6 implementation\n wrongly initialised address lists on connected sockets, resulting\n in a use-after-free vulnerability, a similar issue to\n CVE-2017-8890. This can be triggered by any local user.

    • \n
  • CVE-2017-9076\n\t/ CVE-2017-9077\n

    Cong Wang found that the TCP/IPv6 and DCCP/IPv6 implementations\n wrongly initialised address lists on connected sockets, a similar\n issue to CVE-2017-9075.

    • \n
  • CVE-2017-9242\n

    Andrey Konovalov reported a packet buffer overrun in the IPv6\n implementation. A local user could use this for denial of service\n (memory corruption; crash) and possibly for privilege escalation.

    • \n
  • CVE-2017-1000364\n

    The Qualys Research Labs discovered that the size of the stack guard\n page is not sufficiently large. The stack-pointer can jump over the\n guard-page and moving from the stack into another memory region\n without accessing the guard-page. In this case no page-fault\n exception is raised and the stack extends into the other memory\n region. An attacker can exploit this flaw for privilege escalation.

    \n

    The default stack gap protection is set to 256 pages and can be\n configured via the stack_guard_gap kernel parameter on the kernel\n command line.

    \n

    Further details can be found at\n https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u1 or earlier versions before the stretch release.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3887": "
\n

Debian Security Advisory

\n

DSA-3887-1 glibc -- security update

\n
\n
Date Reported:
\n
19 Jun 2017
\n
Affected Packages:
\n
\nglibc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000366.
\n
More information:
\n
\n

The Qualys Research Labs discovered various problems in the dynamic\nlinker of the GNU C Library which allow local privilege escalation by\nclashing the stack. For the full details, please refer to their advisory\npublished at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.19-18+deb8u10.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.24-11+deb9u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your glibc packages.

\n
\n
\n
\n
", "3888": "
\n

Debian Security Advisory

\n

DSA-3888-1 exim4 -- security update

\n
\n
Date Reported:
\n
19 Jun 2017
\n
Affected Packages:
\n
\nexim4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000369.
\n
More information:
\n
\n

The Qualys Research Labs discovered a memory leak in the Exim mail\ntransport agent. This is not a security vulnerability in Exim by itself,\nbut can be used to exploit a vulnerability in stack handling. For the\nfull details, please refer to their advisory published at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 4.84.2-2+deb8u4.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 4.89-2+deb9u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your exim4 packages.

\n
\n
\n
\n
", "3889": "
\n

Debian Security Advisory

\n

DSA-3889-1 libffi -- security update

\n
\n
Date Reported:
\n
19 Jun 2017
\n
Affected Packages:
\n
\nlibffi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 751907.
In Mitre's CVE dictionary: CVE-2017-1000376.
\n
More information:
\n
\n

libffi, a library used to call code written in one language from code written\nin a different language, was enforcing an executable stack on the i386\narchitecture. While this might not be considered a vulnerability by itself,\nthis could be leveraged when exploiting other vulnerabilities, like for example\nthe stack clash class of vulnerabilities discovered by Qualys Research Labs.\nFor the full details, please refer to their advisory published at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 3.1-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.2.1-4.

\n

For the testing distribution (buster), this problem has been fixed\nin version 3.2.1-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.2.1-4.

\n

We recommend that you upgrade your libffi packages.

\n
\n
\n
\n
", "3890": "
\n

Debian Security Advisory

\n

DSA-3890-1 spip -- security update

\n
\n
Date Reported:
\n
21 Jun 2017
\n
Affected Packages:
\n
\nspip\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864921.
In Mitre's CVE dictionary: CVE-2017-9736.
\n
More information:
\n
\n

Emeric Boit of ANSSI reported that SPIP, a website engine for\npublishing, insufficiently sanitises the value from the X-Forwarded-Host\nHTTP header field. An unauthenticated attacker can take advantage of\nthis flaw to cause remote code execution.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.1.4-3~deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 3.1.4-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.1.4-3.

\n

We recommend that you upgrade your spip packages.

\n
\n
\n
\n
", "3891": "
\n

Debian Security Advisory

\n

DSA-3891-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864447, Bug 802312.
In Mitre's CVE dictionary: CVE-2017-5664.
\n
More information:
\n
\n

Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and\nJSP engine, static error pages used the original request's HTTP method\nto serve content, instead of systematically using the GET method. This\ncould under certain conditions result in undesirable results,\nincluding the replacement or removal of the custom error page.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 8.0.14-1+deb8u10.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 8.5.14-1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 8.5.14-2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 8.5.14-2.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3892": "
\n

Debian Security Advisory

\n

DSA-3892-1 tomcat7 -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\ntomcat7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864447, Bug 802312.
In Mitre's CVE dictionary: CVE-2017-5664.
\n
More information:
\n
\n

Aniket Nandkishor Kulkarni discovered that in tomcat7, a servlet and\nJSP engine, static error pages used the original request's HTTP method\nto serve content, instead of systematically using the GET method. This\ncould under certain conditions result in undesirable results,\nincluding the replacement or removal of the custom error page.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 7.0.56-3+deb8u11.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 7.0.72-3.

\n

For the testing distribution (buster), this problem has been fixed\nin version 7.0.72-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.0.72-3.

\n

We recommend that you upgrade your tomcat7 packages.

\n
\n
\n
\n
", "3893": "
\n

Debian Security Advisory

\n

DSA-3893-1 jython -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\njython\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864859.
In Mitre's CVE dictionary: CVE-2016-4000.
\n
More information:
\n
\n

Alvaro Munoz and Christian Schneider discovered that jython, an\nimplementation of the Python language seamlessly integrated with Java,\nis prone to arbitrary code execution triggered when sending a serialized\nfunction to the deserializer.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.5.3-3+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.5.3-16+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.5.3-17.

\n

We recommend that you upgrade your jython packages.

\n
\n
\n
\n
", "3894": "
\n

Debian Security Advisory

\n

DSA-3894-1 graphite2 -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\ngraphite2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in the Graphite font rendering\nengine which might result in denial of service or the execution of\narbitrary code if a malformed font file is processed.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1.3.10-1~deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed\nprior to the initial release.

\n

We recommend that you upgrade your graphite2 packages.

\n
\n
\n
\n
", "3895": "
\n

Debian Security Advisory

\n

DSA-3895-1 flatpak -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\nflatpak\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9780.
\n
More information:
\n
\n

It was discovered that Flatpak, an application deployment framework for\ndesktop apps insufficiently restricted file permissinons in third-party\nrepositories, which could result in privilege escalation.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.8.5-2+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 0.8.7-1.

\n

We recommend that you upgrade your flatpak packages.

\n
\n
\n
\n
", "3896": "
\n

Debian Security Advisory

\n

DSA-3896-1 apache2 -- security update

\n
\n
Date Reported:
\n
22 Jun 2017
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679.
\n
More information:
\n
\n

Several vulnerabilities have been found in the Apache HTTPD server.

\n
    \n
  • CVE-2017-3167\n

    Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by\n third-party modules outside of the authentication phase may lead to\n authentication requirements being bypassed.

    • \n
  • CVE-2017-3169\n

    Vasileios Panopoulos of AdNovum Informatik AG discovered that\n mod_ssl may dereference a NULL pointer when third-party modules call\n ap_hook_process_connection() during an HTTP request to an HTTPS port\n leading to a denial of service.

    • \n
  • CVE-2017-7659\n

    Robert Swiecki reported that a specially crafted HTTP/2 request\n could cause mod_http2 to dereference a NULL pointer and crash the\n server process.

    • \n
  • CVE-2017-7668\n

    Javier Jimenez reported that the HTTP strict parsing contains a\n flaw leading to a buffer overread in ap_find_token(). A remote\n attacker can take advantage of this flaw by carefully crafting a\n sequence of request headers to cause a segmentation fault, or to\n force ap_find_token() to return an incorrect value.

    • \n
  • CVE-2017-7679\n

    ChenQin and Hanno Boeck reported that mod_mime can read one byte\n past the end of a buffer when sending a malicious Content-Type\n response header.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.4.10-10+deb8u9. The oldstable distribution (jessie) is not\naffected by CVE-2017-7659.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.4.25-3+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.25-4.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3897": "
\n

Debian Security Advisory

\n

DSA-3897-1 drupal7 -- security update

\n
\n
Date Reported:
\n
24 Jun 2017
\n
Affected Packages:
\n
\ndrupal7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 865498.
In Mitre's CVE dictionary: CVE-2015-7943, CVE-2017-6922.
\n
More information:
\n
\n

Two vulnerabilities were discovered in Drupal, a fully-featured content\nmanagement framework. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n
    \n
  • CVE-2015-7943\n

    Samuel Mortenson and Pere Orga discovered that the overlay module\n does not sufficiently validate URLs prior to displaying their\n contents, leading to an open redirect vulnerability.

    \n

    More information can be found at\n https://www.drupal.org/SA-CORE-2015-004\n

    \n
    • \n
  • CVE-2017-6922\n

    Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files\n uploaded by anonymous users into a private file system can be\n accessed by other anonymous users leading to an access bypass\n vulnerability.

    \n

    More information can be found at\n https://www.drupal.org/SA-CORE-2017-003\n

    \n
    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 7.32-1+deb8u9.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 7.52-2+deb9u1. For the stable distribution (stretch),\nCVE-2015-7943 was already fixed before the initial release.

\n

We recommend that you upgrade your drupal7 packages.

\n
\n
\n
\n
", "3898": "
\n

Debian Security Advisory

\n

DSA-3898-1 expat -- security update

\n
\n
Date Reported:
\n
25 Jun 2017
\n
Affected Packages:
\n
\nexpat\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-9063, CVE-2017-9233.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Expat, an XML parsing C\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2016-9063\n

    Gustavo Grieco discovered an integer overflow flaw during parsing of\n XML. An attacker can take advantage of this flaw to cause a denial\n of service against an application using the Expat library.

    • \n
  • CVE-2017-9233\n

    Rhodri James discovered an infinite loop vulnerability within the\n entityValueInitProcessor() function while parsing malformed XML\n in an external entity. An attacker can take advantage of this\n flaw to cause a denial of service against an application using\n the Expat library.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0-6+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.2.0-2+deb9u1. For the stable distribution (stretch),\nCVE-2016-9063 was already fixed before the initial release.

\n

For the testing distribution (buster), these problems have been fixed\nin version 2.2.1-1 or earlier version.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.2.1-1 or earlier version.

\n

We recommend that you upgrade your expat packages.

\n
\n
\n
\n
", "3899": "
\n

Debian Security Advisory

\n

DSA-3899-1 vlc -- security update

\n
\n
Date Reported:
\n
27 Jun 2017
\n
Affected Packages:
\n
\nvlc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-8310, CVE-2017-8311, CVE-2017-8312, CVE-2017-8313.
\n
More information:
\n
\n

Several vulnerabilities have been found in VLC, the VideoLAN project's\nmedia player. Processing malformed subtitles or movie files could lead\nto denial of service and potentially the execution of arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.2.6-1~deb8u1.

\n

We recommend that you upgrade your vlc packages.

\n
\n
\n
\n
", "3900": "
\n

Debian Security Advisory

\n

DSA-3900-1 openvpn -- security update

\n
\n
Date Reported:
\n
27 Jun 2017
\n
Affected Packages:
\n
\nopenvpn\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 865480.
In Mitre's CVE dictionary: CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521.
\n
More information:
\n
\n

Several issues were discovered in openvpn, a virtual private network\napplication.

\n
    \n
  • CVE-2017-7479\n

    It was discovered that openvpn did not properly handle the\n rollover of packet identifiers. This would allow an authenticated\n remote attacker to cause a denial-of-service via application\n crash.

    • \n
  • CVE-2017-7508\n

    Guido Vranken discovered that openvpn did not properly handle\n specific malformed IPv6 packets. This would allow a remote\n attacker to cause a denial-of-service via application crash.

    • \n
  • CVE-2017-7520\n

    Guido Vranken discovered that openvpn did not properly handle\n clients connecting to an HTTP proxy with NTLMv2\n authentication. This would allow a remote attacker to cause a\n denial-of-service via application crash, or potentially leak\n sensitive information like the user's proxy password.

    • \n
  • CVE-2017-7521\n

    Guido Vranken discovered that openvpn did not properly handle\n some x509 extensions. This would allow a remote attacker to cause\n a denial-of-service via application crash.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.3.4-5+deb8u2.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.4.0-6+deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 2.4.3-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.4.3-1.

\n

We recommend that you upgrade your openvpn packages.

\n
\n
\n
\n
", "3901": "
\n

Debian Security Advisory

\n

DSA-3901-1 libgcrypt20 -- security update

\n
\n
Date Reported:
\n
02 Jul 2017
\n
Affected Packages:
\n
\nlibgcrypt20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7526.
\n
More information:
\n
\n

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot\nBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and\nYuval Yarom discovered that Libgcrypt is prone to a local side-channel\nattack allowing full key recovery for RSA-1024.

\n

See https://eprint.iacr.org/2017/627 for details.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.3-2+deb8u4.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.7.6-2+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 1.7.8-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.8-1.

\n

We recommend that you upgrade your libgcrypt20 packages.

\n
\n
\n
\n
", "3902": "
\n

Debian Security Advisory

\n

DSA-3902-1 jabberd2 -- security update

\n
\n
Date Reported:
\n
05 Jul 2017
\n
Affected Packages:
\n
\njabberd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 867032.
In Mitre's CVE dictionary: CVE-2017-10807.
\n
More information:
\n
\n

It was discovered that jabberd2, a Jabber instant messenger server,\nallowed anonymous SASL connections, even if disabled in the\nconfiguration.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.4.0-3+deb9u1.

\n

We recommend that you upgrade your jabberd2 packages.

\n
\n
\n
\n
", "3903": "
\n

Debian Security Advisory

\n

DSA-3903-1 tiff -- security update

\n
\n
Date Reported:
\n
05 Jul 2017
\n
Affected Packages:
\n
\ntiff\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-10095, CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936, CVE-2017-10688.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the libtiff library and\nthe included tools, which may result in denial of service or the\nexecution of arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 4.0.3-12.3+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.0.8-2+deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 4.0.8-3.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.0.8-3.

\n

We recommend that you upgrade your tiff packages.

\n
\n
\n
\n
", "3904": "
\n

Debian Security Advisory

\n

DSA-3904-1 bind9 -- security update

\n
\n
Date Reported:
\n
08 Jul 2017
\n
Affected Packages:
\n
\nbind9\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 866564.
In Mitre's CVE dictionary: CVE-2017-3142, CVE-2017-3143.
\n
More information:
\n
\n

Cl\u00e9ment Berthaux from Synaktiv discovered two vulnerabilities in BIND, a DNS\nserver implementation. They allow an attacker to bypass TSIG authentication by\nsending crafted DNS packets to a server.

\n
    \n
  • CVE-2017-3142\n

    An attacker who is able to send and receive messages to an authoritative\n DNS server and who has knowledge of a valid TSIG key name may be able to\n circumvent TSIG authentication of AXFR requests via a carefully constructed\n request packet. A server that relies solely on TSIG keys for protection\n with no other ACL protection could be manipulated into:\n\t

    \n
      \n
    • providing an AXFR of a zone to an unauthorized recipient
      • \n
    • accepting bogus NOTIFY packets
      • \n
    \n
    • \n
  • CVE-2017-3143\n

    An attacker who is able to send and receive messages to an authoritative\n DNS server and who has knowledge of a valid TSIG key name for the zone and\n service being targeted may be able to manipulate BIND into accepting an\n unauthorized dynamic update.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:9.9.5.dfsg-9+deb8u12.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u1.

\n

We recommend that you upgrade your bind9 packages.

\n
\n
\n
\n
", "3905": "
\n

Debian Security Advisory

\n

DSA-3905-1 xorg-server -- security update

\n
\n
Date Reported:
\n
09 Jul 2017
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 867492.
In Mitre's CVE dictionary: CVE-2017-10971, CVE-2017-10972.
\n
More information:
\n
\n

Two security issues have been discovered in the X.org X server, which\nmay lead to privilege escalation or an information leak.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2:1.16.4-1+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2:1.19.2-1+deb9u1. Setups running root-less X are not affected.

\n

For the testing distribution (buster), these problems have been fixed\nin version 2:1.19.3-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:1.19.3-2.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "3906": "
\n

Debian Security Advisory

\n

DSA-3906-1 undertow -- security update

\n
\n
Date Reported:
\n
11 Jul 2017
\n
Affected Packages:
\n
\nundertow\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2666, CVE-2017-2670.
\n
More information:
\n
\n

Two vulnerabilities have been discovered in Undertow, a web server\nwritten in Java, which may lead to denial of service or HTTP request\nsmuggling.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.4.8-1+deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 1.4.18-1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-1.

\n

We recommend that you upgrade your undertow packages.

\n
\n
\n
\n
", "3907": "
\n

Debian Security Advisory

\n

DSA-3907-1 spice -- security update

\n
\n
Date Reported:
\n
11 Jul 2017
\n
Affected Packages:
\n
\nspice\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7506.
\n
More information:
\n
\n

Frediano Ziglio discovered a buffer overflow in spice, a SPICE protocol\nclient and server library which may result in memory disclosure, denial\nof service and potentially the execution of arbitrary code.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.12.5-1+deb8u5.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.12.8-2.1+deb9u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your spice packages.

\n
\n
\n
\n
", "3908": "
\n

Debian Security Advisory

\n

DSA-3908-1 nginx -- security update

\n
\n
Date Reported:
\n
12 Jul 2017
\n
Affected Packages:
\n
\nnginx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7529.
\n
More information:
\n
\n

An integer overflow has been found in the HTTP range module of Nginx, a\nhigh-performance web and reverse proxy server, which may result in\ninformation disclosure.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.2-5+deb8u5.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.10.3-1+deb9u1.

\n

For the unstable distribution (sid), this problem will be fixed soon.

\n

We recommend that you upgrade your nginx packages.

\n
\n
\n
\n
", "3909": "
\n

Debian Security Advisory

\n

DSA-3909-1 samba -- security update

\n
\n
Date Reported:
\n
14 Jul 2017
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868209.
In Mitre's CVE dictionary: CVE-2017-11103.
\n
More information:
\n
\n

Jeffrey Altman, Viktor Duchovni and Nico Williams identified a mutual\nauthentication bypass vulnerability in samba, the SMB/CIFS file, print, and\nlogin server. Also known as Orpheus' Lyre, this vulnerability is located in\nSamba Kerberos Key Distribution Center (KDC-REP) component and could be used by\nan attacker on the network path to impersonate a server.

\n

More details can be found on the vulnerability website\n(https://orpheus-lyre.info/)\nand on the Samba project website (\nhttps://www.samba.org/samba/security/CVE-2017-11103.html)

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2:4.2.14+dfsg-0+deb8u7.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2:4.5.8+dfsg-2+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 2:4.6.5+dfsg-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:4.6.5+dfsg-4.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3910": "
\n

Debian Security Advisory

\n

DSA-3910-1 knot -- security update

\n
\n
Date Reported:
\n
14 Jul 2017
\n
Affected Packages:
\n
\nknot\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 865678.
In Mitre's CVE dictionary: CVE-2017-11104.
\n
More information:
\n
\n

Cl\u00e9ment Berthaux from Synaktiv discovered a signature forgery vulnerability in\nknot, an authoritative-only DNS server. This vulnerability allows an attacker\nto bypass TSIG authentication by sending crafted DNS packets to a server.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6.0-1+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.4.0-3+deb9u1.

\n

For the testing (buster) and unstable (sid), this problem will be fixed\nin a later update.

\n

We recommend that you upgrade your knot packages.

\n
\n
\n
\n
", "3911": "
\n

Debian Security Advisory

\n

DSA-3911-1 evince -- security update

\n
\n
Date Reported:
\n
14 Jul 2017
\n
Affected Packages:
\n
\nevince\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000083.
\n
More information:
\n
\n

Felix Wilhelm discovered that the Evince document viewer made insecure\nuse of tar when opening tar comic book archives (CBT). Opening a\nmalicious CBT archive could result in the execution of arbitrary code.\nThis update disables the CBT format entirely.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 3.14.1-2+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.22.1-3+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.22.1-4.

\n

We recommend that you upgrade your evince packages.

\n
\n
\n
\n
", "3912": "
\n

Debian Security Advisory

\n

DSA-3912-1 heimdal -- security update

\n
\n
Date Reported:
\n
16 Jul 2017
\n
Affected Packages:
\n
\nheimdal\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868208.
In Mitre's CVE dictionary: CVE-2017-11103.
\n
More information:
\n
\n

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams reported that\nHeimdal, an implementation of Kerberos 5 that aims to be compatible with\nMIT Kerberos, trusts metadata taken from the unauthenticated plaintext\n(Ticket), rather than the authenticated and encrypted KDC response. A\nman-in-the-middle attacker can use this flaw to impersonate services to\nthe client.

\n

See https://orpheus-lyre.info/ for details.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.6~rc2+dfsg-9+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 7.1.0+dfsg-13+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.4.0.dfsg.1-1.

\n

We recommend that you upgrade your heimdal packages.

\n
\n
\n
\n
", "3913": "
\n

Debian Security Advisory

\n

DSA-3913-1 apache2 -- security update

\n
\n
Date Reported:
\n
18 Jul 2017
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868467.
In Mitre's CVE dictionary: CVE-2017-9788.
\n
More information:
\n
\n

Robert Swiecki reported that mod_auth_digest does not properly\ninitialize or reset the value placeholder in [Proxy-]Authorization\nheaders of type Digest between successive key=value assignments,\nleading to information disclosure or denial of service.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u10.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.4.27-1.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3914": "
\n

Debian Security Advisory

\n

DSA-3914-1 imagemagick -- security update

\n
\n
Date Reported:
\n
18 Jul 2017
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863126, Bug 867367, Bug 867778, Bug 867721, Bug 864273, Bug 864274, Bug 867806, Bug 868264.
In Mitre's CVE dictionary: CVE-2017-9439, CVE-2017-9440, CVE-2017-9501, CVE-2017-10928, CVE-2017-11141, CVE-2017-11170, CVE-2017-11188, CVE-2017-11360, CVE-2017-11352, CVE-2017-11449, CVE-2017-11448, CVE-2017-11447, CVE-2017-11450, CVE-2017-11478.
\n
More information:
\n
\n

This updates fixes several vulnerabilities in imagemagick: Various\nmemory handling problems and cases of missing or incomplete input\nsanitising may result in denial of service, memory disclosure or the\nexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,\nTGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNG\nfiles are processed.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 8:6.8.9.9-5+deb8u10.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8:6.9.7.4+dfsg-12.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "3915": "
\n

Debian Security Advisory

\n

DSA-3915-1 ruby-mixlib-archive -- security update

\n
\n
Date Reported:
\n
20 Jul 2017
\n
Affected Packages:
\n
\nruby-mixlib-archive\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868572.
In Mitre's CVE dictionary: CVE-2017-1000026.
\n
More information:
\n
\n

It was discovered that ruby-mixlib-archive, a Chef Software's library\nused to handle various archive formats, was vulnerable to a directory\ntraversal attack. This allowed attackers to overwrite arbitrary files\nby using a malicious tar archive containing \"..\" in its entries.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.2.0-1+deb9u1.

\n

We recommend that you upgrade your ruby-mixlib-archive packages.

\n
\n
\n
\n
", "3916": "
\n

Debian Security Advisory

\n

DSA-3916-1 atril -- security update

\n
\n
Date Reported:
\n
21 Jul 2017
\n
Affected Packages:
\n
\natril\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868500.
In Mitre's CVE dictionary: CVE-2017-1000083.
\n
More information:
\n
\n

It was discovered that Atril, the MATE document viewer, made insecure\nuse of tar when opening tar comic book archives (CBT). Opening a\nmalicious CBT archive could result in the execution of arbitrary code.\nThis update disables the CBT format entirely.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.8.1+dfsg1-4+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.16.1-2+deb9u1.

\n

We recommend that you upgrade your atril packages.

\n
\n
\n
\n
", "3917": "
\n

Debian Security Advisory

\n

DSA-3917-1 catdoc -- security update

\n
\n
Date Reported:
\n
23 Jul 2017
\n
Affected Packages:
\n
\ncatdoc\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 867717.
In Mitre's CVE dictionary: CVE-2017-11110.
\n
More information:
\n
\n

A heap-based buffer underflow flaw was discovered in catdoc, a text\nextractor for MS-Office files, which may lead to denial of service\n(application crash) or have unspecified other impact, if a specially\ncrafted file is processed.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.94.4-1.1+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1:0.94.3~git20160113.dbc9ec6+dfsg-1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 1:0.95-3.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:0.95-3.

\n

We recommend that you upgrade your catdoc packages.

\n
\n
\n
\n
", "3918": "
\n

Debian Security Advisory

\n

DSA-3918-1 icedove -- security update

\n
\n
Date Reported:
\n
25 Jul 2017
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778.
\n
More information:
\n
\n

Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.

\n

Debian follows the extended support releases (ESR) of Thunderbird.\nSupport for the 45.x series has ended, so starting with this update\nwe're now following the 52.x releases.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.2.1-4~deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:52.2.1-4~deb9u1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3919": "
\n

Debian Security Advisory

\n

DSA-3919-1 openjdk-8 -- security update

\n
\n
Date Reported:
\n
25 Jul 2017
\n
Affected Packages:
\n
\nopenjdk-8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in sandbox bypass,\nuse of insecure cryptography, side channel attacks, information\ndisclosure, the execution of arbitrary code, denial of service or\nbypassing Jar verification.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 8u141-b15-1~deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 8u141-b15-1.

\n

We recommend that you upgrade your openjdk-8 packages.

\n
\n
\n
\n
", "3920": "
\n

Debian Security Advisory

\n

DSA-3920-1 qemu -- security update

\n
\n
Date Reported:
\n
25 Jul 2017
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9310, CVE-2017-9330, CVE-2017-9373, CVE-2017-9374, CVE-2017-10664, CVE-2017-10911.
\n
More information:
\n
\n

Multiple vulnerabilities were found in qemu, a fast processor\nemulator:

\n
    \n
  • CVE-2017-9310\n

    Denial of service via infinite loop in e1000e NIC emulation.

    • \n
  • CVE-2017-9330\n

    Denial of service via infinite loop in USB OHCI emulation.

    • \n
  • CVE-2017-9373\n

    Denial of service via memory leak in IDE AHCI emulation.

    • \n
  • CVE-2017-9374\n

    Denial of service via memory leak in USB EHCI emulation.

    • \n
  • CVE-2017-10664\n

    Denial of service in qemu-nbd server.

    • \n
  • CVE-2017-10911\n

    Information leak in Xen blkif response handling.

    • \n
\n

For the oldstable distribution (jessie), a separate DSA will be issued.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u1.

\n

For the unstable distribution (sid), these problems will be fixed soon.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3921": "
\n

Debian Security Advisory

\n

DSA-3921-1 enigmail -- security update

\n
\n
Date Reported:
\n
28 Jul 2017
\n
Affected Packages:
\n
\nenigmail\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 869774.
\n
More information:
\n
\n

In DSA 3918 Thunderbird was upgraded to the latest ESR series. This\nupdate upgrades Enigmail, the OpenPGP extention for Thunderbird,\nto version 1.9.8.1 to restore full compatibility.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2:1.9.8.1-1~deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2:1.9.8.1-1~deb9u1.

\n

We recommend that you upgrade your enigmail packages.

\n
\n
\n
\n
", "3922": "
\n

Debian Security Advisory

\n

DSA-3922-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
28 Jul 2017
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868788.
In Mitre's CVE dictionary: CVE-2017-3635, CVE-2017-3636, CVE-2017-3641, CVE-2017-3648, CVE-2017-3651, CVE-2017-3652, CVE-2017-3653.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.57, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:

\n\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.57-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "3923": "
\n

Debian Security Advisory

\n

DSA-3923-1 freerdp -- security update

\n
\n
Date Reported:
\n
01 Aug 2017
\n
Affected Packages:
\n
\nfreerdp\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 869880.
In Mitre's CVE dictionary: CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839.
\n
More information:
\n
\n

Tyler Bohan of Talos discovered that FreeRDP, a free implementation of\nthe Remote Desktop Protocol (RDP), contained several vulnerabilities\nthat allowed a malicious remote server or a man-in-the-middle to\neither cause a DoS by forcibly terminating the client, or execute\narbitrary code on the client side.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1.1.0~git20140921.1.440916e+dfsg1-4+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0~git20140921.1.440916e+dfsg1-14.

\n

We recommend that you upgrade your freerdp packages.

\n
\n
\n
\n
", "3924": "
\n

Debian Security Advisory

\n

DSA-3924-1 varnish -- security update

\n
\n
Date Reported:
\n
02 Aug 2017
\n
Affected Packages:
\n
\nvarnish\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 870467.
In Mitre's CVE dictionary: CVE-2017-12425.
\n
More information:
\n
\n

A denial of service vulnerability was discovered in Varnish, a state of\nthe art, high-performance web accelerator. Specially crafted HTTP\nrequests can cause the Varnish daemon to assert and restart, clearing\nthe cache in the process.

\n

See https://varnish-cache.org/security/VSV00001.html for details.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 4.0.2-1+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 5.0.0-7+deb9u1.

\n

We recommend that you upgrade your varnish packages.

\n
\n
\n
\n
", "3925": "
\n

Debian Security Advisory

\n

DSA-3925-1 qemu -- security update

\n
\n
Date Reported:
\n
04 Aug 2017
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 865755, Bug 869171, Bug 869173, Bug 867751, Bug 869945.
In Mitre's CVE dictionary: CVE-2017-9524, CVE-2017-10806, CVE-2017-11334, CVE-2017-11434.
\n
More information:
\n
\n

Multiple vulnerabilities were found in qemu, a fast processor emulator:

\n\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u2.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3926": "
\n

Debian Security Advisory

\n

DSA-3926-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
04 Aug 2017
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, CVE-2017-5091, CVE-2017-5092, CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100, CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107, CVE-2017-5108, CVE-2017-5109, CVE-2017-5110, CVE-2017-7000.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2017-5087\n

    Ned Williamson discovered a way to escape the sandbox.

    • \n
  • CVE-2017-5088\n

    Xiling Gong discovered an out-of-bounds read issue in the v8 javascript\n library.

    • \n
  • CVE-2017-5089\n

    Michal Bentkowski discovered a spoofing issue.

    • \n
  • CVE-2017-5091\n

    Ned Williamson discovered a use-after-free issue in IndexedDB.

    • \n
  • CVE-2017-5092\n

    Yu Zhou discovered a use-after-free issue in PPAPI.

    • \n
  • CVE-2017-5093\n

    Luan Herrera discovered a user interface spoofing issue.

    • \n
  • CVE-2017-5094\n

    A type confusion issue was discovered in extensions.

    • \n
  • CVE-2017-5095\n

    An out-of-bounds write issue was discovered in the pdfium library.

    • \n
  • CVE-2017-5097\n

    An out-of-bounds read issue was discovered in the skia library.

    • \n
  • CVE-2017-5098\n

    Jihoon Kim discovered a use-after-free issue in the v8 javascript library.

    • \n
  • CVE-2017-5099\n

    Yuan Deng discovered an out-of-bounds write issue in PPAPI.

    • \n
  • CVE-2017-5100\n

    A use-after-free issue was discovered in Chrome Apps.

    • \n
  • CVE-2017-5101\n

    Luan Herrera discovered a URL spoofing issue.

    • \n
  • CVE-2017-5102\n

    An uninitialized variable was discovered in the skia library.

    • \n
  • CVE-2017-5103\n

    Another uninitialized variable was discovered in the skia library.

    • \n
  • CVE-2017-5104\n

    Khalil Zhani discovered a user interface spoofing issue.

    • \n
  • CVE-2017-5105\n

    Rayyan Bijoora discovered a URL spoofing issue.

    • \n
  • CVE-2017-5106\n

    Jack Zac discovered a URL spoofing issue.

    • \n
  • CVE-2017-5107\n

    David Kohlbrenner discovered an information leak in SVG file handling.

    • \n
  • CVE-2017-5108\n

    Guang Gong discovered a type confusion issue in the pdfium library.

    • \n
  • CVE-2017-5109\n

    Jose Maria Acuna Morgado discovered a user interface spoofing issue.

    • \n
  • CVE-2017-5110\n

    xisigr discovered a way to spoof the payments dialog.

    • \n
  • CVE-2017-7000\n

    Chaitin Security Research Lab discovered an information disclosure\n issue in the sqlite library.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 60.0.3112.78-1~deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 60.0.3112.78-1 or earlier versions.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3927": "
\n

Debian Security Advisory

\n

DSA-3927-1 linux -- security update

\n
\n
Date Reported:
\n
07 Aug 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-9605, CVE-2017-10810, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000365.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2017-7346\n

    Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.

    • \n
  • CVE-2017-7482\n

    Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.

    • \n
  • CVE-2017-7533\n

    Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.

    • \n
  • CVE-2017-7541\n

    A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.

    • \n
  • CVE-2017-7542\n

    An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.

    • \n
  • CVE-2017-9605\n

    Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.

    • \n
  • CVE-2017-10810\n

    Li Qiang discovered a memory leak flaw within the VirtIO GPU driver\n resulting in denial of service (memory consumption).

    • \n
  • CVE-2017-10911 /\nXSA-216\n

    Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.

    • \n
  • CVE-2017-11176\n

    It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a user-space close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.

    • \n
  • CVE-2017-1000365\n

    It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.

    • \n
\n

For the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3928": "
\n

Debian Security Advisory

\n

DSA-3928-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809.
\n
More information:
\n
\n

Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, bypass of the same-origin policy or\nincorrect enforcement of CSP.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 52.3.0esr-1~deb8u2.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 52.3.0esr-1~deb9u1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3929": "
\n

Debian Security Advisory

\n

DSA-3929-1 libsoup2.4 -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\nlibsoup2.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 871650.
In Mitre's CVE dictionary: CVE-2017-2885.
\n
More information:
\n
\n

Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer\noverflow vulnerability in libsoup2.4, a HTTP library implementation in\nC. A remote attacker can take advantage of this flaw by sending a\nspecially crafted HTTP request to cause an application using the\nlibsoup2.4 library to crash (denial of service), or potentially execute\narbitrary code.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.48.0-1+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.56.0-2+deb9u1.

\n

We recommend that you upgrade your libsoup2.4 packages.

\n
\n
\n
\n
", "3930": "
\n

Debian Security Advisory

\n

DSA-3930-1 freeradius -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\nfreeradius\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868765.
In Mitre's CVE dictionary: CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987.
\n
More information:
\n
\n

Guido Vranken discovered that FreeRADIUS, an open source\nimplementation of RADIUS, the IETF protocol for AAA (Authorisation,\nAuthentication, and Accounting), did not properly handle memory when\nprocessing packets. This would allow a remote attacker to cause a\ndenial-of-service by application crash, or potentially execute\narbitrary code.

\n

All those issues are covered by this single DSA, but it's worth noting\nthat not all issues affect all releases:

\n\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.2.5+dfsg-0.2+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 3.0.12+dfsg-5+deb9u1.

\n

We recommend that you upgrade your freeradius packages.

\n
\n
\n
\n
", "3931": "
\n

Debian Security Advisory

\n

DSA-3931-1 ruby-rack-cors -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\nruby-rack-cors\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-11173.
\n
More information:
\n
\n

Jens Mueller discovered that an incorrect regular expression in rack-cors\nmay lead to insufficient restriction of CORS requests.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.4.0-1+deb9u1.

\n

We recommend that you upgrade your ruby-rack-cors packages.

\n
\n
\n
\n
", "3932": "
\n

Debian Security Advisory

\n

DSA-3932-1 subversion -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\nsubversion\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-8734, CVE-2017-9800.
\n
More information:
\n
\n

Several problems were discovered in Subversion, a centralised version\ncontrol system.

\n
    \n
  • CVE-2016-8734\n

    (jessie only)

    \n

    Subversion's mod_dontdothat server module and Subversion clients\n using http(s):// were vulnerable to a denial-of-service attack\n caused by exponential XML entity expansion.

    • \n
  • CVE-2017-9800\n

    Joern Schneeweisz discovered that Subversion did not correctly\n handle maliciously constructed svn+ssh:// URLs. This allowed an\n attacker to run an arbitrary shell command, for instance via\n svn:externals properties or when using svnsync sync.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1.8.10-6+deb8u5.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.9.5-1+deb9u1.

\n

We recommend that you upgrade your subversion packages.

\n
\n
\n
\n
", "3933": "
\n

Debian Security Advisory

\n

DSA-3933-1 pjproject -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\npjproject\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9359, CVE-2017-9372.
\n
More information:
\n
\n

Two vulnerabilities were found in the PJSIP/PJProject communication\nlibrary, which may result in denial of service.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0.0.ast20130823-1+deb8u1.

\n

For the stable distribution (stretch), these problems had been fixed\nprior to the initial release.

\n

We recommend that you upgrade your pjproject packages.

\n
\n
\n
\n
", "3934": "
\n

Debian Security Advisory

\n

DSA-3934-1 git -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\ngit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000117.
\n
More information:
\n
\n

Joern Schneeweisz discovered that git, a distributed revision control\nsystem, did not correctly handle maliciously constructed ssh://\nURLs. This allowed an attacker to run an arbitrary shell command, for\ninstance via git submodules.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u4.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u1.

\n

We recommend that you upgrade your git packages.

\n
\n
\n
\n
", "3935": "
\n

Debian Security Advisory

\n

DSA-3935-1 postgresql-9.4 -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\npostgresql-9.4\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548.
\n
More information:
\n
\n

Several vulnerabilities have been found in the PostgreSQL database\nsystem:

\n\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 9.4.13-0+deb8u1.

\n

We recommend that you upgrade your postgresql-9.4 packages.

\n
\n
\n
\n
", "3936": "
\n

Debian Security Advisory

\n

DSA-3936-1 postgresql-9.6 -- security update

\n
\n
Date Reported:
\n
10 Aug 2017
\n
Affected Packages:
\n
\npostgresql-9.6\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7546, CVE-2017-7547, CVE-2017-7548.
\n
More information:
\n
\n

Several vulnerabilities have been found in the PostgreSQL database\nsystem:

\n\n

For the stable distribution (stretch), these problems have been fixed in\nversion 9.6.4-0+deb9u1.

\n

We recommend that you upgrade your postgresql-9.6 packages.

\n
\n
\n
\n
", "3937": "
\n

Debian Security Advisory

\n

DSA-3937-1 zabbix -- security update

\n
\n
Date Reported:
\n
12 Aug 2017
\n
Affected Packages:
\n
\nzabbix\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2824, CVE-2017-2825.
\n
More information:
\n
\n

Lilith Wyatt discovered two vulnerabilities in the Zabbix network\nmonitoring system which may result in execution of arbitrary code or\ndatabase writes by malicious proxies.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:2.2.7+dfsg-2+deb8u3.

\n

For the stable distribution (stretch), these problems have been fixed\nprior to the initial release.

\n

We recommend that you upgrade your zabbix packages.

\n
\n
\n
\n
", "3938": "
\n

Debian Security Advisory

\n

DSA-3938-1 libgd2 -- security update

\n
\n
Date Reported:
\n
12 Aug 2017
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 869263.
In Mitre's CVE dictionary: CVE-2017-7890.
\n
More information:
\n
\n

Matviy Kotoniy reported that the gdImageCreateFromGifCtx() function used\nto load images from GIF format files in libgd2, a library for\nprogrammatic graphics creation and manipulation, does not zero stack\nallocated color map buffers before their use, which may result in\ninformation disclosure if a specially crafted file is processed.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.1.0-5+deb8u10.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.2.4-2+deb9u1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3939": "
\n

Debian Security Advisory

\n

DSA-3939-1 botan1.10 -- security update

\n
\n
Date Reported:
\n
12 Aug 2017
\n
Affected Packages:
\n
\nbotan1.10\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-2801.
\n
More information:
\n
\n

Aleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing\na malformed certificate.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.10.8-2+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed\nprior to the initial release.

\n

We recommend that you upgrade your botan1.10 packages.

\n
\n
\n
\n
", "3940": "
\n

Debian Security Advisory

\n

DSA-3940-1 cvs -- security update

\n
\n
Date Reported:
\n
13 Aug 2017
\n
Affected Packages:
\n
\ncvs\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 871810.
In Mitre's CVE dictionary: CVE-2017-12836.
\n
More information:
\n
\n

It was discovered that CVS, a centralised version control system, did\nnot correctly handle maliciously constructed repository URLs, which\nallowed an attacker to run an arbitrary shell command.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2:1.12.13+real-15+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2:1.12.13+real-22+deb9u1.

\n

We recommend that you upgrade your cvs packages.

\n
\n
\n
\n
", "3941": "
\n

Debian Security Advisory

\n

DSA-3941-1 iortcw -- security update

\n
\n
Date Reported:
\n
13 Aug 2017
\n
Affected Packages:
\n
\niortcw\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-11721.
\n
More information:
\n
\n

A read buffer overflow was discovered in the idtech3 (Quake III Arena)\nfamily of game engines. This allows remote attackers to cause a denial\nof service (application crash) or possibly have unspecified other impact\nvia a crafted packet.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.50a+dfsg1-3+deb9u1.

\n

We recommend that you upgrade your iortcw packages.

\n
\n
\n
\n
", "3942": "
\n

Debian Security Advisory

\n

DSA-3942-1 supervisor -- security update

\n
\n
Date Reported:
\n
13 Aug 2017
\n
Affected Packages:
\n
\nsupervisor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 870187.
In Mitre's CVE dictionary: CVE-2017-11610.
\n
More information:
\n
\n

Calum Hutton reported that the XML-RPC server in supervisor, a system\nfor controlling process state, does not perform validation on requested\nXML-RPC methods, allowing an authenticated client to send a malicious\nXML-RPC request to supervisord that will run arbitrary shell commands on\nthe server as the same user as supervisord.

\n

The vulnerability has been fixed by disabling nested namespace lookup\nentirely. supervisord will now only call methods on the object\nregistered to handle XML-RPC requests and not any child objects it may\ncontain, possibly breaking existing setups. No publicly available\nplugins are currently known that use nested namespaces. Plugins that use\na single namespace will continue to work as before. Details can be found\non the upstream issue at\nhttps://github.com/Supervisor/supervisor/issues/964 .

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 3.0r1-1+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.3.1-1+deb9u1.

\n

We recommend that you upgrade your supervisor packages.

\n
\n
\n
\n
", "3943": "
\n

Debian Security Advisory

\n

DSA-3943-1 gajim -- security update

\n
\n
Date Reported:
\n
14 Aug 2017
\n
Affected Packages:
\n
\ngajim\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863445.
In Mitre's CVE dictionary: CVE-2016-10376.
\n
More information:
\n
\n

Gajim, a GTK+-based XMPP/Jabber client, unconditionally implements the\n\"XEP-0146: Remote Controlling Clients\" extension, allowing a malicious\nXMPP server to trigger commands to leak private conversations from\nencrypted sessions. With this update XEP-0146 support has been disabled\nby default and made opt-in via the remote_commands option.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.16-1+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed prior\nto the initial release.

\n

We recommend that you upgrade your gajim packages.

\n
\n
\n
\n
", "3944": "
\n

Debian Security Advisory

\n

DSA-3944-1 mariadb-10.0 -- security update

\n
\n
Date Reported:
\n
17 Aug 2017
\n
Affected Packages:
\n
\nmariadb-10.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3308, CVE-2017-3309, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3636, CVE-2017-3641, CVE-2017-3653.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server. The\nvulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.0.32. Please see the MariaDB 10.0 Release Notes for further\ndetails:

\n\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 10.0.32-0+deb8u1.

\n

We recommend that you upgrade your mariadb-10.0 packages.

\n
\n
\n
\n
", "3945": "
\n

Debian Security Advisory

\n

DSA-3945-1 linux -- security update

\n
\n
Date Reported:
\n
17 Aug 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2014-9940, CVE-2017-7346, CVE-2017-7482, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542, CVE-2017-7889, CVE-2017-9605, CVE-2017-10911, CVE-2017-11176, CVE-2017-1000363, CVE-2017-1000365.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2014-9940\n

    A use-after-free flaw in the voltage and current regulator driver\n could allow a local user to cause a denial of service or potentially\n escalate privileges.

    • \n
  • CVE-2017-7346\n

    Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.

    • \n
  • CVE-2017-7482\n

    Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.

    • \n
  • CVE-2017-7533\n

    Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.

    • \n
  • CVE-2017-7541\n

    A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.

    • \n
  • CVE-2017-7542\n

    An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.

    • \n
  • CVE-2017-7889\n

    Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.

    • \n
  • CVE-2017-9605\n

    Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.

    • \n
  • CVE-2017-10911\n

    / XSA-216

    \n

    Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.

    • \n
  • CVE-2017-11176\n

    It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.

    • \n
  • CVE-2017-1000363\n

    Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments, allowing a local attacker with write access to the\n kernel command line arguments to execute arbitrary code.

    • \n
  • CVE-2017-1000365\n

    It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3946": "
\n

Debian Security Advisory

\n

DSA-3946-1 libmspack -- security update

\n
\n
Date Reported:
\n
18 Aug 2017
\n
Affected Packages:
\n
\nlibmspack\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 868956, Bug 871263.
In Mitre's CVE dictionary: CVE-2017-6419, CVE-2017-11423.
\n
More information:
\n
\n

It was discovered that libsmpack, a library used to handle Microsoft\ncompression formats, did not properly validate its input. A remote\nattacker could craft malicious CAB or CHM files and use this flaw to\ncause a denial of service via application crash, or potentially\nexecute arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 0.5-1+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 0.5-1+deb9u1.

\n

We recommend that you upgrade your libmspack packages.

\n
\n
\n
\n
", "3947": "
\n

Debian Security Advisory

\n

DSA-3947-1 newsbeuter -- security update

\n
\n
Date Reported:
\n
18 Aug 2017
\n
Affected Packages:
\n
\nnewsbeuter\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-12904.
\n
More information:
\n
\n

Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,\ndid not properly escape the title and description of a news article\nwhen bookmarking it. This allowed a remote attacker to run an\narbitrary shell command on the client machine.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.8-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.9-5+deb9u1.

\n

We recommend that you upgrade your newsbeuter packages.

\n
\n
\n
\n
", "3948": "
\n

Debian Security Advisory

\n

DSA-3948-1 ioquake3 -- security update

\n
\n
Date Reported:
\n
19 Aug 2017
\n
Affected Packages:
\n
\nioquake3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-11721.
\n
More information:
\n
\n

A read buffer overflow was discovered in the idtech3 (Quake III Arena)\nfamily of game engines. This allows remote attackers to cause a denial\nof service (application crash) or possibly have unspecified other impact\nvia a crafted packet.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.36+u20140802+gca9eebb-2+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.36+u20161101+dfsg1-2+deb9u1.

\n

We recommend that you upgrade your ioquake3 packages.

\n
\n
\n
\n
", "3949": "
\n

Debian Security Advisory

\n

DSA-3949-1 augeas -- security update

\n
\n
Date Reported:
\n
21 Aug 2017
\n
Affected Packages:
\n
\naugeas\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 872400.
In Mitre's CVE dictionary: CVE-2017-7555.
\n
More information:
\n
\n

Han Han of Red Hat discovered that augeas, a configuration editing\ntool, improperly handled some escaped strings. A remote attacker could\nleverage this flaw by sending maliciously crafted strings, thus\ncausing an augeas-enabled application to crash or potentially execute\narbitrary code.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.2.0-0.2+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.8.0-1+deb9u1.

\n

We recommend that you upgrade your augeas packages.

\n
\n
\n
\n
", "3950": "
\n

Debian Security Advisory

\n

DSA-3950-1 libraw -- security update

\n
\n
Date Reported:
\n
21 Aug 2017
\n
Affected Packages:
\n
\nlibraw\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 864183.
In Mitre's CVE dictionary: CVE-2017-6886, CVE-2017-6887.
\n
More information:
\n
\n

Hossein Lotfi and Jakub Jirasek from Secunia Research have discovered\nmultiple vulnerabilities in LibRaw, a library for reading RAW images. An\nattacker could cause a memory corruption leading to a DoS (Denial of\nService) with craft KDC or TIFF file.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 0.16.0-9+deb8u3.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 0.17.2-6+deb9u1.

\n

We recommend that you upgrade your libraw packages.

\n
\n
\n
\n
", "3951": "
\n

Debian Security Advisory

\n

DSA-3951-1 smb4k -- security update

\n
\n
Date Reported:
\n
22 Aug 2017
\n
Affected Packages:
\n
\nsmb4k\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-8849.
\n
More information:
\n
\n

Sebastian Krahmer discovered that a programming error in the mount\nhelper binary of the Smb4k Samba network share browser may result in\nlocal privilege escalation.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.2.1-2~deb8u1.

\n

We recommend that you upgrade your smb4k packages.

\n
\n
\n
\n
", "3952": "
\n

Debian Security Advisory

\n

DSA-3952-1 libxml2 -- security update

\n
\n
Date Reported:
\n
23 Aug 2017
\n
Affected Packages:
\n
\nlibxml2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 863018, Bug 863019, Bug 863021, Bug 863022, Bug 870865, Bug 870867, Bug 870870.
In Mitre's CVE dictionary: CVE-2017-0663, CVE-2017-7375, CVE-2017-7376, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050.
\n
More information:
\n
\n

Several vulnerabilities were discovered in libxml2, a library providing\nsupport to read, modify and write XML and HTML files. A remote attacker\ncould provide a specially crafted XML or HTML file that, when processed\nby an application using libxml2, would cause a denial-of-service against\nthe application, information leaks, or potentially, the execution of\narbitrary code with the privileges of the user running the application.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.9.1+dfsg1-5+deb8u5.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.9.4+dfsg1-2.2+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2.9.4+dfsg1-3.1.

\n

We recommend that you upgrade your libxml2 packages.

\n
\n
\n
\n
", "3953": "
\n

Debian Security Advisory

\n

DSA-3953-1 aodh -- security update

\n
\n
Date Reported:
\n
23 Aug 2017
\n
Affected Packages:
\n
\naodh\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 872605.
In Mitre's CVE dictionary: CVE-2017-12440.
\n
More information:
\n
\n

Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm\nengine for OpenStack. Aodh does not verify that the user creating the\nalarm is the trustor or has the same rights as the trustor, nor that the\ntrust is for the same project as the alarm. The bug allows that an\nauthenticated user without a Keystone token with knowledge of trust IDs\nto perform unspecified authenticated actions by adding alarm actions.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.0.0-4+deb9u1.

\n

We recommend that you upgrade your aodh packages.

\n
\n
\n
\n
", "3954": "
\n

Debian Security Advisory

\n

DSA-3954-1 openjdk-7 -- security update

\n
\n
Date Reported:
\n
25 Aug 2017
\n
Affected Packages:
\n
\nopenjdk-7\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in sandbox bypass,\nincorrect authentication, the execution of arbitrary code, denial of\nservice, information disclosure, use of insecure cryptography or\nbypassing Jar verification.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 7u151-2.6.11-1~deb8u1.

\n

We recommend that you upgrade your openjdk-7 packages.

\n
\n
\n
\n
", "3955": "
\n

Debian Security Advisory

\n

DSA-3955-1 mariadb-10.1 -- security update

\n
\n
Date Reported:
\n
26 Aug 2017
\n
Affected Packages:
\n
\nmariadb-10.1\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3636, CVE-2017-3641, CVE-2017-3653.
\n
More information:
\n
\n

Several issues have been discovered in the MariaDB database server.\nThe vulnerabilities are addressed by upgrading MariaDB to the new upstream\nversion 10.1.26. Please see the MariaDB 10.1 Release Notes for further\ndetails:

\n\n

For the stable distribution (stretch), these problems have been fixed\nin version 10.1.26-0+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 10.1.26-1.

\n

We recommend that you upgrade your mariadb-10.1 packages.

\n
\n
\n
\n
", "3956": "
\n

Debian Security Advisory

\n

DSA-3956-1 connman -- security update

\n
\n
Date Reported:
\n
27 Aug 2017
\n
Affected Packages:
\n
\nconnman\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 872844.
In Mitre's CVE dictionary: CVE-2017-12865.
\n
More information:
\n
\n

Security consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS proxy\nin ConnMan might crash the service and, in same cases, remotely execute\narbitrary commands in the host running the service.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.21-1.2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.33-3+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 1.33-3+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.35-1.

\n

We recommend that you upgrade your connman packages.

\n
\n
\n
\n
", "3957": "
\n

Debian Security Advisory

\n

DSA-3957-1 ffmpeg -- security update

\n
\n
Date Reported:
\n
28 Aug 2017
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9608, CVE-2017-9993, CVE-2017-11399, CVE-2017-11665, CVE-2017-11719.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in FFmpeg, a multimedia\nplayer, server and encoder. These issues could lead to Denial-of-Service\nand, in some situation, the execution of arbitrary code.

\n
    \n
  • CVE-2017-9608\n

    Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when\n parsing a crafted MOV file.

    • \n
  • CVE-2017-9993\n

    Thierry Foucu discovered that it was possible to leak information from\n files and symlinks ending in common multimedia extensions, using the\n HTTP Live Streaming.

    • \n
  • CVE-2017-11399\n

    Liu Bingchang of IIE discovered an integer overflow in the APE decoder\n that can be triggered by a crafted APE file.

    • \n
  • CVE-2017-11665\n

    JunDong Xie of Ant-financial Light-Year Security Lab discovered that\n an attacker able to craft a RTMP stream can crash FFmpeg.

    • \n
  • CVE-2017-11719\n

    Liu Bingchang of IIE discovered an out-of-bound access that can be\n triggered by a crafted DNxHD file.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 7:3.2.7-1~deb9u1.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "3958": "
\n

Debian Security Advisory

\n

DSA-3958-1 fontforge -- security update

\n
\n
Date Reported:
\n
29 Aug 2017
\n
Affected Packages:
\n
\nfontforge\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 869614.
In Mitre's CVE dictionary: CVE-2017-11568, CVE-2017-11569, CVE-2017-11571, CVE-2017-11572, CVE-2017-11574, CVE-2017-11575, CVE-2017-11576, CVE-2017-11577.
\n
More information:
\n
\n

It was discovered that FontForge, a font editor, did not correctly\nvalidate its input. An attacker could use this flaw by tricking a user\ninto opening a maliciously crafted OpenType font file, thus causing a\ndenial-of-service via application crash, or execution of arbitrary\ncode.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 20120731.b-5+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:20161005~dfsg-4+deb9u1.

\n

We recommend that you upgrade your fontforge packages.

\n
\n
\n
\n
", "3959": "
\n

Debian Security Advisory

\n

DSA-3959-1 libgcrypt20 -- security update

\n
\n
Date Reported:
\n
29 Aug 2017
\n
Affected Packages:
\n
\nlibgcrypt20\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 873383.
In Mitre's CVE dictionary: CVE-2017-0379.
\n
More information:
\n
\n

Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt\nis prone to a local side-channel attack against the ECDH encryption with\nCurve25519, allowing recovery of the private key.

\n

See https://eprint.iacr.org/2017/806 for details.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.7.6-2+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1.7.9-1.

\n

We recommend that you upgrade your libgcrypt20 packages.

\n
\n
\n
\n
", "3960": "
\n

Debian Security Advisory

\n

DSA-3960-1 gnupg -- security update

\n
\n
Date Reported:
\n
01 Sep 2017
\n
Affected Packages:
\n
\ngnupg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7526.
\n
More information:
\n
\n

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot\nBruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and\nYuval Yarom discovered that GnuPG is prone to a local side-channel\nattack allowing full key recovery for RSA-1024.

\n

See https://eprint.iacr.org/2017/627 for details.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.4.18-7+deb8u4.

\n

We recommend that you upgrade your gnupg packages.

\n
\n
\n
\n
", "3961": "
\n

Debian Security Advisory

\n

DSA-3961-1 libgd2 -- security update

\n
\n
Date Reported:
\n
03 Sep 2017
\n
Affected Packages:
\n
\nlibgd2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-6362.
\n
More information:
\n
\n

A double-free vulnerability was discovered in the gdImagePngPtr()\nfunction in libgd2, a library for programmatic graphics creation and\nmanipulation, which may result in denial of service or potentially the\nexecution of arbitrary code if a specially crafted file is processed.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.1.0-5+deb8u11.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.2.4-2+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.2.5-1.

\n

We recommend that you upgrade your libgd2 packages.

\n
\n
\n
\n
", "3962": "
\n

Debian Security Advisory

\n

DSA-3962-1 strongswan -- security update

\n
\n
Date Reported:
\n
03 Sep 2017
\n
Affected Packages:
\n
\nstrongswan\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 872155.
In Mitre's CVE dictionary: CVE-2017-11185.
\n
More information:
\n
\n

A denial of service vulnerability was identified in strongSwan, an IKE/IPsec\nsuite, using Google's OSS-Fuzz fuzzing project.

\n

The gmp plugin in strongSwan had insufficient input validation when verifying\nRSA signatures. This coding error could lead to a null pointer dereference,\nleading to process crash.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 5.2.1-6+deb8u5.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 5.5.1-4+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 5.6.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 5.6.0-1.

\n

We recommend that you upgrade your strongswan packages.

\n
\n
\n
\n
", "3963": "
\n

Debian Security Advisory

\n

DSA-3963-1 mercurial -- security update

\n
\n
Date Reported:
\n
04 Sep 2017
\n
Affected Packages:
\n
\nmercurial\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 861243, Bug 871709, Bug 871710.
In Mitre's CVE dictionary: CVE-2017-9462, CVE-2017-1000115, CVE-2017-1000116.
\n
More information:
\n
\n

Several issues were discovered in Mercurial, a distributed revision\ncontrol system.

\n
    \n
  • CVE-2017-9462\n (fixed in stretch only)\n

    Jonathan Claudius of Mozilla discovered that repositories served\n over stdio could be tricked into granting authorized users access to\n the Python debugger.

    • \n
  • CVE-2017-1000115\n

    Mercurial's symlink auditing was incomplete, and could be abused to\n write files outside the repository.

    • \n
  • CVE-2017-1000116\n

    Joern Schneeweisz discovered that Mercurial did not correctly handle\n maliciously constructed ssh:// URLs. This allowed an attacker to run\n an arbitrary shell command.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 3.1.2-2+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.0-1+deb9u1.

\n

We recommend that you upgrade your mercurial packages.

\n
\n
\n
\n
", "3964": "
\n

Debian Security Advisory

\n

DSA-3964-1 asterisk -- security update

\n
\n
Date Reported:
\n
04 Sep 2017
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-14099, CVE-2017-14100.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Asterisk, an open source\nPBX and telephony toolkit, which may result in disclosure of RTP\nconnections or the execution of arbitrary shell commands.

\n

For additional information please refer to the upstream advisories:\nhttp://downloads.asterisk.org/pub/security/AST-2017-005.html,\nhttp://downloads.asterisk.org/pub/security/AST-2017-006.html

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:11.13.1~dfsg-2+deb8u3.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:13.14.1~dfsg-2+deb9u1.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "3965": "
\n

Debian Security Advisory

\n

DSA-3965-1 file -- security update

\n
\n
Date Reported:
\n
05 Sep 2017
\n
Affected Packages:
\n
\nfile\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000249.
\n
More information:
\n
\n

Thomas Jarosch discovered a stack-based buffer overflow flaw in file, a\nfile type classification tool, which may result in denial of service if\nan ELF binary with a specially crafted .notes section is processed.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1:5.30-1+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:5.32-1.

\n

We recommend that you upgrade your file packages.

\n
\n
\n
\n
", "3966": "
\n

Debian Security Advisory

\n

DSA-3966-1 ruby2.3 -- security update

\n
\n
Date Reported:
\n
05 Sep 2017
\n
Affected Packages:
\n
\nruby2.3\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-9096, CVE-2016-7798, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-14064.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the interpreter for the Ruby\nlanguage:

\n
    \n
  • CVE-2015-9096\n

    SMTP command injection in Net::SMTP.

    • \n
  • CVE-2016-7798\n

    Incorrect handling of initialization vector in the GCM mode in the\n OpenSSL extension.

    • \n
  • CVE-2017-0900\n

    Denial of service in the RubyGems client.

    • \n
  • CVE-2017-0901\n

    Potential file overwrite in the RubyGems client.

    • \n
  • CVE-2017-0902\n

    DNS hijacking in the RubyGems client.

    • \n
  • CVE-2017-14064\n

    Heap memory disclosure in the JSON library.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.3.3-1+deb9u1. This update also hardens RubyGems against\nmalicious terminal escape sequences (CVE-2017-0899).

\n

We recommend that you upgrade your ruby2.3 packages.

\n
\n
\n
\n
", "3967": "
\n

Debian Security Advisory

\n

DSA-3967-1 mbedtls -- security update

\n
\n
Date Reported:
\n
08 Sep 2017
\n
Affected Packages:
\n
\nmbedtls\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 873557.
In Mitre's CVE dictionary: CVE-2017-14032.
\n
More information:
\n
\n

An authentication bypass vulnerability was discovered in mbed TLS, a\nlightweight crypto and SSL/TLS library, when the authentication mode is\nconfigured as optional. A remote attacker can take advantage of this\nflaw to mount a man-in-the-middle attack and impersonate an intended\npeer via an X.509 certificate chain with many intermediates.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.4.2-1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 2.6.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.6.0-1.

\n

We recommend that you upgrade your mbedtls packages.

\n
\n
\n
\n
", "3968": "
\n

Debian Security Advisory

\n

DSA-3968-1 icedove -- security update

\n
\n
Date Reported:
\n
11 Sep 2017
\n
Affected Packages:
\n
\nicedove\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809.
\n
More information:
\n
\n

Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 52.3.0-4~deb8u2.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 52.3.0-4~deb9u1.

\n

We recommend that you upgrade your icedove packages.

\n
\n
\n
\n
", "3969": "
\n

Debian Security Advisory

\n

DSA-3969-1 xen -- security update

\n
\n
Date Reported:
\n
12 Sep 2017
\n
Affected Packages:
\n
\nxen\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10916, CVE-2017-10917, CVE-2017-10918, CVE-2017-10919, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, CVE-2017-12135, CVE-2017-12136, CVE-2017-12137, CVE-2017-12855, CVE-2017-15596.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in the Xen hypervisor:

\n
    \n
  • CVE-2017-10912\n

    Jann Horn discovered that incorrectly handling of page transfers might\n result in privilege escalation.

    • \n
  • CVE-2017-10913 / CVE-2017-10914\n

    Jann Horn discovered that race conditions in grant handling might\n result in information leaks or privilege escalation.

    • \n
  • CVE-2017-10915\n

    Andrew Cooper discovered that incorrect reference counting with\n shadow paging might result in privilege escalation.

    • \n
  • CVE-2017-10916\n

    Andrew Cooper discovered an information leak in the handling\n of the Memory Protection Extensions (MPX) and Protection\n Key (PKU) CPU features. This only affects Debian stretch.

    • \n
  • CVE-2017-10917\n

    Ankur Arora discovered a NULL pointer dereference in event\n polling, resulting in denial of service.

    • \n
  • CVE-2017-10918\n

    Julien Grall discovered that incorrect error handling in\n physical-to-machine memory mappings may result in privilege\n escalation, denial of service or an information leak.

    • \n
  • CVE-2017-10919\n

    Julien Grall discovered that incorrect handling of\n virtual interrupt injection on ARM systems may result in\n denial of service.

    • \n
  • CVE-2017-10920 / CVE-2017-10921 / CVE-2017-10922\n

    Jan Beulich discovered multiple places where reference\n counting on grant table operations was incorrect, resulting\n in potential privilege escalation.

    • \n
  • CVE-2017-12135\n

    Jan Beulich found multiple problems in the handling of\n transitive grants which could result in denial of service\n and potentially privilege escalation.

    • \n
  • CVE-2017-12136\n

    Ian Jackson discovered that race conditions in the allocator\n for grant mappings may result in denial of service or privilege\n escalation. This only affects Debian stretch.

    • \n
  • CVE-2017-12137\n

    Andrew Cooper discovered that incorrect validation of\n grants may result in privilege escalation.

    • \n
  • CVE-2017-12855\n

    Jan Beulich discovered that incorrect grant status handling, thus\n incorrectly informing the guest that the grant is no longer in use.

    • \n
  • XSA-235 (no CVE yet)\n

    Wei Liu discovered that incorrect locking of add-to-physmap\n operations on ARM may result in denial of service.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 4.4.1-9+deb8u10.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.8.1-1+deb9u3.

\n

We recommend that you upgrade your xen packages.

\n
\n
\n
\n
", "3970": "
\n

Debian Security Advisory

\n

DSA-3970-1 emacs24 -- security update

\n
\n
Date Reported:
\n
12 Sep 2017
\n
Affected Packages:
\n
\nemacs24\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 875448.
In Mitre's CVE dictionary: CVE-2017-14482.
\n
More information:
\n
\n

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 24.4+1-5+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 24.5+1-11+deb9u1.

\n

We recommend that you upgrade your emacs24 packages.

\n
\n
\n
\n
", "3971": "
\n

Debian Security Advisory

\n

DSA-3971-1 tcpdump -- security update

\n
\n
Date Reported:
\n
13 Sep 2017
\n
Affected Packages:
\n
\ntcpdump\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 867718, Bug 873804, Bug 873805, Bug 873806.
In Mitre's CVE dictionary: CVE-2017-11108, CVE-2017-11541, CVE-2017-11542, CVE-2017-11543, CVE-2017-12893, CVE-2017-12894, CVE-2017-12895, CVE-2017-12896, CVE-2017-12897, CVE-2017-12898, CVE-2017-12899, CVE-2017-12900, CVE-2017-12901, CVE-2017-12902, CVE-2017-12985, CVE-2017-12986, CVE-2017-12987, CVE-2017-12988, CVE-2017-12989, CVE-2017-12990, CVE-2017-12991, CVE-2017-12992, CVE-2017-12993, CVE-2017-12994, CVE-2017-12995, CVE-2017-12996, CVE-2017-12997, CVE-2017-12998, CVE-2017-12999, CVE-2017-13000, CVE-2017-13001, CVE-2017-13002, CVE-2017-13003, CVE-2017-13004, CVE-2017-13005, CVE-2017-13006, CVE-2017-13007, CVE-2017-13008, CVE-2017-13009, CVE-2017-13010, CVE-2017-13011, CVE-2017-13012, CVE-2017-13013, CVE-2017-13014, CVE-2017-13015, CVE-2017-13016, CVE-2017-13017, CVE-2017-13018, CVE-2017-13019, CVE-2017-13020, CVE-2017-13021, CVE-2017-13022, CVE-2017-13023, CVE-2017-13024, CVE-2017-13025, CVE-2017-13026, CVE-2017-13027, CVE-2017-13028, CVE-2017-13029, CVE-2017-13030, CVE-2017-13031, CVE-2017-13032, CVE-2017-13033, CVE-2017-13034, CVE-2017-13035, CVE-2017-13036, CVE-2017-13037, CVE-2017-13038, CVE-2017-13039, CVE-2017-13040, CVE-2017-13041, CVE-2017-13042, CVE-2017-13043, CVE-2017-13044, CVE-2017-13045, CVE-2017-13046, CVE-2017-13047, CVE-2017-13048, CVE-2017-13049, CVE-2017-13050, CVE-2017-13051, CVE-2017-13052, CVE-2017-13053, CVE-2017-13054, CVE-2017-13055, CVE-2017-13687, CVE-2017-13688, CVE-2017-13689, CVE-2017-13690, CVE-2017-13725.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in tcpdump, a command-line\nnetwork traffic analyzer. These vulnerabilities might result in denial\nof service or, potentially, execution of arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 4.9.2-1~deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.2-1~deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 4.9.2-1 or earlier versions.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.9.2-1 or earlier versions.

\n

We recommend that you upgrade your tcpdump packages.

\n
\n
\n
\n
", "3972": "
\n

Debian Security Advisory

\n

DSA-3972-1 bluez -- security update

\n
\n
Date Reported:
\n
13 Sep 2017
\n
Affected Packages:
\n
\nbluez\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 875633.
In Mitre's CVE dictionary: CVE-2017-1000250.
\n
More information:
\n
\n

An information disclosure vulnerability was discovered in the Service\nDiscovery Protocol (SDP) in bluetoothd, allowing a proximate attacker to\nobtain sensitive information from bluetoothd process memory, including\nBluetooth encryption keys.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 5.23-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 5.43-2+deb9u1.

\n

We recommend that you upgrade your bluez packages.

\n
\n
\n
\n
", "3973": "
\n

Debian Security Advisory

\n

DSA-3973-1 wordpress-shibboleth -- security update

\n
\n
Date Reported:
\n
14 Sep 2017
\n
Affected Packages:
\n
\nwordpress-shibboleth\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 874416.
In Mitre's CVE dictionary: CVE-2017-14313.
\n
More information:
\n
\n

A cross-site-scripting vulnerability has been discovered in the login\nform of the Shibboleth identity provider module for Wordpress.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1.4-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.4-2+deb9u1.

\n

We recommend that you upgrade your wordpress-shibboleth packages.

\n
\n
\n
\n
", "3974": "
\n

Debian Security Advisory

\n

DSA-3974-1 tomcat8 -- security update

\n
\n
Date Reported:
\n
15 Sep 2017
\n
Affected Packages:
\n
\ntomcat8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 802312.
In Mitre's CVE dictionary: CVE-2017-7674, CVE-2017-7675.
\n
More information:
\n
\n

Two issues were discovered in the Tomcat servlet and JSP engine.

\n
    \n
  • CVE-2017-7674\n

    Rick Riemer discovered that the Cross-Origin Resource Sharing\n filter did not add a Vary header indicating possible different\n responses, which could lead to cache poisoning.

    • \n
  • CVE-2017-7675 (stretch only)\n

    Markus D\u00f6rschmidt found that the HTTP/2 implementation bypassed\n some security checks, thus allowing an attacker to conduct\n directory traversal attacks by using specially crafted URLs.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 8.0.14-1+deb8u11.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 8.5.14-1+deb9u2.

\n

We recommend that you upgrade your tomcat8 packages.

\n
\n
\n
\n
", "3975": "
\n

Debian Security Advisory

\n

DSA-3975-1 emacs25 -- security update

\n
\n
Date Reported:
\n
15 Sep 2017
\n
Affected Packages:
\n
\nemacs25\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-14482.
\n
More information:
\n
\n

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code\nexecution when rendering text/enriched MIME data (e.g. when using\nEmacs-based mail clients).

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 25.1+1-4+deb9u1.

\n

We recommend that you upgrade your emacs25 packages.

\n
\n
\n
\n
", "3976": "
\n

Debian Security Advisory

\n

DSA-3976-1 freexl -- security update

\n
\n
Date Reported:
\n
17 Sep 2017
\n
Affected Packages:
\n
\nfreexl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 875690, Bug 875691.
In Mitre's CVE dictionary: CVE-2017-2923, CVE-2017-2924.
\n
More information:
\n
\n

Marcin Icewall Noga of Cisco Talos discovered two vulnerabilities in\nfreexl, a library to read Microsoft Excel spreadsheets, which might\nresult in denial of service or the execution of arbitrary code if a\nmalformed Excel file is opened.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1.0.0g-1+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-2+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.4-1.

\n

We recommend that you upgrade your freexl packages.

\n
\n
\n
\n
", "3977": "
\n

Debian Security Advisory

\n

DSA-3977-1 newsbeuter -- security update

\n
\n
Date Reported:
\n
18 Sep 2017
\n
Affected Packages:
\n
\nnewsbeuter\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 876004.
In Mitre's CVE dictionary: CVE-2017-14500.
\n
More information:
\n
\n

It was discovered that podbeuter, the podcast fetcher in newsbeuter, a\ntext-mode RSS feed reader, did not properly escape the name of the media\nenclosure (the podcast file), allowing a remote attacker to run an\narbitrary shell command on the client machine. This is only exploitable\nif the file is also played in podbeuter.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.8-2+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.9-5+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.9-7.

\n

We recommend that you upgrade your newsbeuter packages.

\n
\n
\n
\n
", "3978": "
\n

Debian Security Advisory

\n

DSA-3978-1 gdk-pixbuf -- security update

\n
\n
Date Reported:
\n
18 Sep 2017
\n
Affected Packages:
\n
\ngdk-pixbuf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 874552.
In Mitre's CVE dictionary: CVE-2017-2862.
\n
More information:
\n
\n

Marcin Noga discovered a buffer overflow in the JPEG loader of the GDK\nPixbuf library, which may result in the execution of arbitrary code if\na malformed file is opened.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.31.1-2+deb8u6.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.36.5-2+deb9u1.

\n

We recommend that you upgrade your gdk-pixbuf packages.

\n
\n
\n
\n
", "3979": "
\n

Debian Security Advisory

\n

DSA-3979-1 pyjwt -- security update

\n
\n
Date Reported:
\n
19 Sep 2017
\n
Affected Packages:
\n
\npyjwt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-11424.
\n
More information:
\n
\n

It was discovered that PyJWT, a Python implementation of JSON Web Token\nperformed insufficient validation of some public key types, which could\nallow a remote attacker to craft JWTs from scratch.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.2.1-1+deb8u2.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.4.2-1+deb9u1.

\n

We recommend that you upgrade your pyjwt packages.

\n
\n
\n
\n
", "3980": "
\n

Debian Security Advisory

\n

DSA-3980-1 apache2 -- security update

\n
\n
Date Reported:
\n
20 Sep 2017
\n
Affected Packages:
\n
\napache2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 876109.
In Mitre's CVE dictionary: CVE-2017-9798.
\n
More information:
\n
\n

Hanno Boeck discovered that incorrect parsing of Limit directives of\n.htaccess files by the Apache HTTP Server could result in memory\ndisclosure.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.10-10+deb8u11.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.4.25-3+deb9u3.

\n

We recommend that you upgrade your apache2 packages.

\n
\n
\n
\n
", "3981": "
\n

Debian Security Advisory

\n

DSA-3981-1 linux -- security update

\n
\n
Date Reported:
\n
20 Sep 2017
\n
Affected Packages:
\n
\nlinux\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 866511, Bug 875881.
In Mitre's CVE dictionary: CVE-2017-7518, CVE-2017-7558, CVE-2017-10661, CVE-2017-11600, CVE-2017-12134, CVE-2017-12146, CVE-2017-12153, CVE-2017-12154, CVE-2017-14106, CVE-2017-14140, CVE-2017-14156, CVE-2017-14340, CVE-2017-14489, CVE-2017-14497, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-1000251, CVE-2017-1000252, CVE-2017-1000370, CVE-2017-1000371, CVE-2017-1000380.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to privilege escalation, denial of service or information\nleaks.

\n
    \n
  • CVE-2017-7518\n

    Andy Lutomirski discovered that KVM is prone to an incorrect debug\n exception (#DB) error occurring while emulating a syscall\n instruction. A process inside a guest can take advantage of this\n flaw for privilege escalation inside a guest.

    • \n
  • CVE-2017-7558\n (stretch only)\n

    Stefano Brivio of Red Hat discovered that the SCTP subsystem is\n prone to a data leak vulnerability due to an out-of-bounds read\n flaw, allowing to leak up to 100 uninitialized bytes to userspace.

    • \n
  • CVE-2017-10661\n (jessie only)\n

    Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially execute arbitrary code.

    • \n
  • CVE-2017-11600\n

    Bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.

    • \n
  • CVE-2017-12134\n / #866511 / XSA-229\n

    Jan H. Schoenherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.

    \n

    This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2> /sys/block/nvme0n1/queue/nomerges

    • \n
  • CVE-2017-12146\n (stretch only)\n

    Adrian Salido of Google reported a race condition in access to the\n driver_override attribute for platform devices in sysfs. If\n unprivileged users are permitted to access this attribute, this\n might allow them to gain privileges.

    • \n
  • CVE-2017-12153\n

    Bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability (in any user namespace with a\n wifi device) can use this to cause a denial of service.

    • \n
  • CVE-2017-12154\n

    Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.

    • \n
  • CVE-2017-14106\n

    Andrey Konovalov discovered that a user-triggerable division by\n zero in the tcp_disconnect() function could result in local denial\n of service.

    • \n
  • CVE-2017-14140\n

    Otto Ebeling reported that the move_pages() system call performed\n insufficient validation of the UIDs of the calling and target\n processes, resulting in a partial ASLR bypass. This made it easier\n for local users to exploit vulnerabilities in programs installed\n with the set-UID permission bit set.

    • \n
  • CVE-2017-14156\n

    sohu0106 reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.

    • \n
  • CVE-2017-14340\n

    Richard Wareing discovered that the XFS implementation allows the\n creation of files with the realtime flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.

    • \n
  • CVE-2017-14489\n

    ChunYu Wang of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to execute\n arbitrary code.

    • \n
  • CVE-2017-14497\n (stretch only)\n

    Benjamin Poirier of SUSE reported that vnet headers are not\n properly handled within the tpacket_rcv() function in the raw\n packet (af_packet) feature. A local user with the CAP_NET_RAW\n capability can take advantage of this flaw to cause a denial of\n service (buffer overflow, and disk and memory corruption) or have\n other impact.

    • \n
  • CVE-2017-1000111\n

    Andrey Konovalov of Google reported a race condition in the raw\n packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this for denial of service or possibly to\n execute arbitrary code.

    • \n
  • CVE-2017-1000112\n

    Andrey Konovalov of Google reported a race condition flaw in the\n UDP Fragmentation Offload (UFO) code. A local user can use this\n flaw for denial of service or possibly to execute arbitrary code.

    • \n
  • CVE-2017-1000251\n / #875881\n

    Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed Blueborne. A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.

    • \n
  • CVE-2017-1000252\n (stretch only)\n

    Jan H. Schoenherr of Amazon reported that the KVM implementation\n for Intel x86 processors did not correctly validate interrupt\n injection requests. A local user with permission to use KVM could\n use this for denial of service.

    • \n
  • CVE-2017-1000370\n

    The Qualys Research Labs reported that a large argument or\n environment list can result in ASLR bypass for 32-bit PIE binaries.

    • \n
  • CVE-2017-1000371\n

    The Qualys Research Labs reported that a large argument\n or environment list can result in a stack/heap clash for 32-bit\n PIE binaries.

    • \n
  • CVE-2017-1000380\n

    Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.

    • \n
\n

Debian disables unprivileged user namespaces by default, but if they\nare enabled (via the kernel.unprivileged_userns_clone sysctl) then\nCVE-2017-11600,\nCVE-2017-14497 and\nCVE-2017-1000111\ncan be exploited by any local user.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u5.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u5.

\n

We recommend that you upgrade your linux packages.

\n
\n
\n
\n
", "3982": "
\n

Debian Security Advisory

\n

DSA-3982-1 perl -- security update

\n
\n
Date Reported:
\n
21 Sep 2017
\n
Affected Packages:
\n
\nperl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 875596, Bug 875597.
In Mitre's CVE dictionary: CVE-2017-12837, CVE-2017-12883.
\n
More information:
\n
\n

Multiple vulnerabilities were discovered in the implementation of the\nPerl programming language. The Common Vulnerabilities and Exposures\nproject identifies the following problems:

\n
    \n
  • CVE-2017-12837\n

    Jakub Wilk reported a heap buffer overflow flaw in the regular\n expression compiler, allowing a remote attacker to cause a denial of\n service via a specially crafted regular expression with the\n case-insensitive modifier.

    • \n
  • CVE-2017-12883\n

    Jakub Wilk reported a buffer over-read flaw in the regular\n expression parser, allowing a remote attacker to cause a denial of\n service or information leak.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 5.20.2-3+deb8u9.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 5.24.1-3+deb9u2.

\n

For the testing distribution (buster), these problems have been fixed\nin version 5.26.0-8.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 5.26.0-8.

\n

We recommend that you upgrade your perl packages.

\n
\n
\n
\n
", "3983": "
\n

Debian Security Advisory

\n

DSA-3983-1 samba -- security update

\n
\n
Date Reported:
\n
22 Sep 2017
\n
Affected Packages:
\n
\nsamba\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-12150, CVE-2017-12151, CVE-2017-12163.
\n
More information:
\n
\n

Multiple security issues have been discoverd in Samba, a SMB/CIFS file,\nprint, and login server for Unix:

\n
    \n
  • CVE-2017-12150\n

    Stefan Metzmacher discovered multiple code paths where SMB signing\n was not enforced.

    • \n
  • CVE-2017-12151\n

    Stefan Metzmacher discovered that tools using libsmbclient did not\n enforce encryption when following DFS redirects, which could allow a\n man-in-the-middle attacker to read or modify connections which were\n meant to be encrypted.

    • \n
  • CVE-2017-12163\n

    Yihan Lian and Zhibin Hu discovered that insufficient range checks\n in the processing of SMB1 write requests could result in disclosure\n of server memory.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2:4.2.14+dfsg-0+deb8u8.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2:4.5.8+dfsg-2+deb9u2.

\n

We recommend that you upgrade your samba packages.

\n
\n
\n
\n
", "3984": "
\n

Debian Security Advisory

\n

DSA-3984-1 git -- security update

\n
\n
Date Reported:
\n
26 Sep 2017
\n
Affected Packages:
\n
\ngit\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 876854.
In Mitre's CVE dictionary: CVE-2017-14867.
\n
More information:
\n
\n

joernchen discovered that the git-cvsserver subcommand of Git, a\ndistributed version control system, suffers from a shell command\ninjection vulnerability due to unsafe use of the Perl backtick\noperator. The git-cvsserver subcommand is reachable from the\ngit-shell subcommand even if CVS support has not been configured\n(however, the git-cvs package needs to be installed).

\n

In addition to fixing the actual bug, this update removes the\ncvsserver subcommand from git-shell by default. Refer to the updated\ndocumentation for instructions how to reenable in case this CVS\nfunctionality is still needed.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1:2.1.4-2.1+deb8u5.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1:2.11.0-3+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 1:2.14.2-1.

\n

We recommend that you upgrade your git packages.

\n
\n
\n
\n
", "3985": "
\n

Debian Security Advisory

\n

DSA-3985-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
28 Sep 2017
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5111, CVE-2017-5112, CVE-2017-5113, CVE-2017-5114, CVE-2017-5115, CVE-2017-5116, CVE-2017-5117, CVE-2017-5118, CVE-2017-5119, CVE-2017-5120, CVE-2017-5121, CVE-2017-5122.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n
    \n
  • CVE-2017-5111\n

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

    • \n
  • CVE-2017-5112\n

    Tobias Klein discovered a buffer overflow issue in the webgl\n library.

    • \n
  • CVE-2017-5113\n

    A buffer overflow issue was discovered in the skia library.

    • \n
  • CVE-2017-5114\n

    Ke Liu discovered a memory issue in the pdfium library.

    • \n
  • CVE-2017-5115\n

    Marco Giovannini discovered a type confusion issue in the v8\n javascript library.

    • \n
  • CVE-2017-5116\n

    Guang Gong discovered a type confusion issue in the v8 javascript\n library.

    • \n
  • CVE-2017-5117\n

    Tobias Klein discovered an uninitialized value in the skia library.

    • \n
  • CVE-2017-5118\n

    WenXu Wu discovered a way to bypass the Content Security Policy.

    • \n
  • CVE-2017-5119\n

    Another uninitialized value was discovered in the skia library.

    • \n
  • CVE-2017-5120\n

    Xiaoyin Liu discovered a way downgrade HTTPS connections during\n redirection.

    • \n
  • CVE-2017-5121\n

    Jordan Rabet discovered an out-of-bounds memory access in the v8\n javascript library.

    • \n
  • CVE-2017-5122\n

    Choongwoo Han discovered an out-of-bounds memory access in the v8\n javascript library.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 61.0.3163.100-1~deb9u1.

\n

For the testing distribution (buster), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 61.0.3163.100-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
", "3986": "
\n

Debian Security Advisory

\n

DSA-3986-1 ghostscript -- security update

\n
\n
Date Reported:
\n
29 Sep 2017
\n
Affected Packages:
\n
\nghostscript\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 869907, Bug 869910, Bug 869913, Bug 869915, Bug 869916, Bug 869917, Bug 869977.
In Mitre's CVE dictionary: CVE-2017-9611, CVE-2017-9612, CVE-2017-9726, CVE-2017-9727, CVE-2017-9739, CVE-2017-9835, CVE-2017-11714.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Ghostscript, the GPL\nPostScript/PDF interpreter, which may result in denial of service if a\nspecially crafted Postscript file is processed.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 9.06~dfsg-2+deb8u6.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 9.20~dfsg-3.2+deb9u1.

\n

We recommend that you upgrade your ghostscript packages.

\n
\n
\n
\n
", "3987": "
\n

Debian Security Advisory

\n

DSA-3987-1 firefox-esr -- security update

\n
\n
Date Reported:
\n
29 Sep 2017
\n
Affected Packages:
\n
\nfirefox-esr\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824.
\n
More information:
\n
\n

Several security issues have been found in the Mozilla Firefox web\nbrowser: Multiple memory safety errors, use-after-frees, buffer\noverflows and other implementation errors may lead to the execution of\narbitrary code, denial of service, cross-site scripting or bypass of\nthe phishing and malware protection feature.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 52.4.0esr-1~deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 52.4.0esr-1~deb9u1.

\n

We recommend that you upgrade your firefox-esr packages.

\n
\n
\n
\n
", "3988": "
\n

Debian Security Advisory

\n

DSA-3988-1 libidn2-0 -- security update

\n
\n
Date Reported:
\n
30 Sep 2017
\n
Affected Packages:
\n
\nlibidn2-0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 873902.
In Mitre's CVE dictionary: CVE-2017-14062.
\n
More information:
\n
\n

An integer overflow vulnerability was discovered in decode_digit() in\nlibidn2-0, the GNU library for Internationalized Domain Names (IDNs),\nallowing a remote attacker to cause a denial of service against an\napplication using the library (application crash).

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.10-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.16-1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 2.0.2-4.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2.0.2-4.

\n

We recommend that you upgrade your libidn2-0 packages.

\n
\n
\n
\n
", "3989": "
\n

Debian Security Advisory

\n

DSA-3989-1 dnsmasq -- security update

\n
\n
Date Reported:
\n
02 Oct 2017
\n
Affected Packages:
\n
\ndnsmasq\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496.
\n
More information:
\n
\n

Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher, Ron\nBowes and Gynvael Coldwind of the Google Security Team discovered\nseveral vulnerabilities in dnsmasq, a small caching DNS proxy and\nDHCP/TFTP server, which may result in denial of service, information\nleak or the execution of arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.72-3+deb8u2.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.76-5+deb9u1.

\n

We recommend that you upgrade your dnsmasq packages.

\n
\n
\n
\n
", "3990": "
\n

Debian Security Advisory

\n

DSA-3990-1 asterisk -- security update

\n
\n
Date Reported:
\n
03 Oct 2017
\n
Affected Packages:
\n
\nasterisk\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-14603.
\n
More information:
\n
\n

Klaus-Peter Junghann discovered that insufficient validation of RTCP\npackets in Asterisk may result in an information leak. Please see the\nupstream advisory at\nhttp://downloads.asterisk.org/pub/security/AST-2017-008.html for\nadditional details.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 1:11.13.1~dfsg-2+deb8u4.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1:13.14.1~dfsg-2+deb9u2.

\n

We recommend that you upgrade your asterisk packages.

\n
\n
\n
\n
", "3991": "
\n

Debian Security Advisory

\n

DSA-3991-1 qemu -- security update

\n
\n
Date Reported:
\n
03 Oct 2017
\n
Affected Packages:
\n
\nqemu\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-9375, CVE-2017-12809, CVE-2017-13672, CVE-2017-13711, CVE-2017-14167.
\n
More information:
\n
\n

Multiple vulnerabilities were found in qemu, a fast processor emulator:

\n
    \n
  • CVE-2017-9375\n

    Denial of service via memory leak in USB XHCI emulation.

    • \n
  • CVE-2017-12809\n

    Denial of service in the CDROM device drive emulation.

    • \n
  • CVE-2017-13672\n

    Denial of service in VGA display emulation.

    • \n
  • CVE-2017-13711\n

    Denial of service in SLIRP networking support.

    • \n
  • CVE-2017-14167\n

    Incorrect validation of multiboot headers could result in the\n execution of arbitrary code.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:2.8+dfsg-6+deb9u3.

\n

We recommend that you upgrade your qemu packages.

\n
\n
\n
\n
", "3992": "
\n

Debian Security Advisory

\n

DSA-3992-1 curl -- security update

\n
\n
Date Reported:
\n
06 Oct 2017
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 871554, Bug 871555, Bug 877671.
In Mitre's CVE dictionary: CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in cURL, an URL transfer\nlibrary. The Common Vulnerabilities and Exposures project identifies the\nfollowing problems:

\n
    \n
  • CVE-2017-1000100\n

    Even Rouault reported that cURL does not properly handle long file\n names when doing an TFTP upload. A malicious HTTP(S) server can take\n advantage of this flaw by redirecting a client using the cURL\n library to a crafted TFTP URL and trick it to send private memory\n contents to a remote server over UDP.

    • \n
  • CVE-2017-1000101\n

    Brian Carpenter and Yongji Ouyang reported that cURL contains a flaw\n in the globbing function that parses the numerical range, leading to\n an out-of-bounds read when parsing a specially crafted URL.

    • \n
  • CVE-2017-1000254\n

    Max Dymond reported that cURL contains an out-of-bounds read flaw in\n the FTP PWD response parser. A malicious server can take advantage\n of this flaw to effectively prevent a client using the cURL library\n to work with it, causing a denial of service.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 7.38.0-4+deb8u6.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "3993": "
\n

Debian Security Advisory

\n

DSA-3993-1 tor -- security update

\n
\n
Date Reported:
\n
06 Oct 2017
\n
Affected Packages:
\n
\ntor\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-0380.
\n
More information:
\n
\n

It was discovered that the Tor onion service could leak sensitive\ninformation to log files if the SafeLogging option is set to \"0\".

\n

The oldstable distribution (jessie) is not affected.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 0.2.9.12-1.

\n

We recommend that you upgrade your tor packages.

\n
\n
\n
\n
", "3994": "
\n

Debian Security Advisory

\n

DSA-3994-1 nautilus -- security update

\n
\n
Date Reported:
\n
07 Oct 2017
\n
Affected Packages:
\n
\nnautilus\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 860268.
In Mitre's CVE dictionary: CVE-2017-14604.
\n
More information:
\n
\n

Christian Boxd\u00f6rfer discovered a vulnerability in the handling of\nFreeDesktop.org .desktop files in Nautilus, a file manager for the GNOME\ndesktop environment. An attacker can craft a .desktop file intended to run\nmalicious commands but displayed as a innocuous document file in Nautilus. An\nuser would then trust it and open the file, and Nautilus would in turn execute\nthe malicious content. Nautilus protection of only trusting .desktop files with\nexecutable permission can be bypassed by shipping the .desktop file inside a\ntarball.

\n

For the oldstable distribution (jessie), this problem has not been fixed yet.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.22.3-1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 3.26.0-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.26.0-1.

\n

We recommend that you upgrade your nautilus packages.

\n
\n
\n
\n
", "3995": "
\n

Debian Security Advisory

\n

DSA-3995-1 libxfont -- security update

\n
\n
Date Reported:
\n
10 Oct 2017
\n
Affected Packages:
\n
\nlibxfont\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-13720, CVE-2017-13722.
\n
More information:
\n
\n

Two vulnerabilities were found in libXfont, the X11 font rasterisation\nlibrary, which could result in denial of service or memory disclosure.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:1.5.1-1+deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:2.0.1-3+deb9u1.

\n

We recommend that you upgrade your libxfont packages.

\n
\n
\n
\n
", "3996": "
\n

Debian Security Advisory

\n

DSA-3996-1 ffmpeg -- security update

\n
\n
Date Reported:
\n
10 Oct 2017
\n
Affected Packages:
\n
\nffmpeg\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-14054, CVE-2017-14055, CVE-2017-14056, CVE-2017-14057, CVE-2017-14058, CVE-2017-14059, CVE-2017-14169, CVE-2017-14170, CVE-2017-14171, CVE-2017-14222, CVE-2017-14223, CVE-2017-14225, CVE-2017-14767.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the FFmpeg multimedia\nframework, which could result in denial of service or potentially the\nexecution of arbitrary code if malformed Real, MV, RL2, ASF, Apple HLS,\nPhantom Cine, MXF, NSV, MOV or RTP H.264 files/streams are processed.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 7:3.2.8-1~deb9u1.

\n

We recommend that you upgrade your ffmpeg packages.

\n
\n
\n
\n
", "3997": "
\n

Debian Security Advisory

\n

DSA-3997-1 wordpress -- security update

\n
\n
Date Reported:
\n
10 Oct 2017
\n
Affected Packages:
\n
\nwordpress\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 876274, Bug 877629.
In Mitre's CVE dictionary: CVE-2017-14718, CVE-2017-14719, CVE-2017-14720, CVE-2017-14721, CVE-2017-14722, CVE-2017-14723, CVE-2017-14724, CVE-2017-14725, CVE-2017-14726, CVE-2017-14990.
\n
More information:
\n
\n

Several vulnerabilities were discovered in Wordpress, a web blogging tool.\nThey would allow remote attackers to exploit path-traversal issues, perform SQL\ninjections and various cross-site scripting attacks.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 4.1+dfsg-1+deb8u15.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 4.7.5+dfsg-2+deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 4.8.2+dfsg-2.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 4.8.2+dfsg-2.

\n

We recommend that you upgrade your wordpress packages.

\n
\n
\n
\n
", "3998": "
\n

Debian Security Advisory

\n

DSA-3998-1 nss -- security update

\n
\n
Date Reported:
\n
11 Oct 2017
\n
Affected Packages:
\n
\nnss\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7805.
\n
More information:
\n
\n

Martin Thomson discovered that nss, the Mozilla Network Security Service\nlibrary, is prone to a use-after-free vulnerability in the TLS 1.2\nimplementation when handshake hashes are generated. A remote attacker\ncan take advantage of this flaw to cause an application using the nss\nlibrary to crash, resulting in a denial of service, or potentially to\nexecute arbitrary code.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2:3.26-1+debu8u3.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2:3.26.2-1.1+deb9u1.

\n

For the testing distribution (buster), this problem has been fixed\nin version 2:3.33-1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 2:3.33-1.

\n

We recommend that you upgrade your nss packages.

\n
\n
\n
\n
", "3999": "
\n

Debian Security Advisory

\n

DSA-3999-1 wpa -- security update

\n
\n
Date Reported:
\n
16 Oct 2017
\n
Affected Packages:
\n
\nwpa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
\n
More information:
\n
\n

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered\nmultiple vulnerabilities in the WPA protocol, used for authentication in\nwireless networks. Those vulnerabilities apply to both the access point\n(implemented in hostapd) and the station (implemented in wpa_supplicant).

\n

An attacker exploiting the vulnerabilities could force the vulnerable system to\nreuse cryptographic session keys, enabling a range of cryptographic attacks\nagainst the ciphers used in WPA1 and WPA2.

\n

More information can be found in the researchers's paper, Key Reinstallation Attacks:\nForcing Nonce Reuse in WPA2.

\n
    \n
  • CVE-2017-13077:\n

    reinstallation of the pairwise key in the Four-way handshake

    • \n
  • CVE-2017-13078:\n

    reinstallation of the group key in the Four-way handshake

    • \n
  • CVE-2017-13079:\n

    reinstallation of the integrity group key in the Four-way\n handshake

    • \n
  • CVE-2017-13080:\n

    reinstallation of the group key in the Group Key handshake

    • \n
  • CVE-2017-13081:\n

    reinstallation of the integrity group key in the Group Key\n handshake

    • \n
  • CVE-2017-13082:\n

    accepting a retransmitted Fast BSS Transition Reassociation Request\n and reinstalling the pairwise key while processing it

    • \n
  • CVE-2017-13086:\n

    reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey\n (TPK) key in the TDLS handshake

    • \n
  • CVE-2017-13087:\n

    reinstallation of the group key (GTK) when processing a\n Wireless Network Management (WNM) Sleep Mode Response frame

    • \n
  • CVE-2017-13088:\n

    reinstallation of the integrity group key (IGTK) when processing\n a Wireless Network Management (WNM) Sleep Mode Response frame

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.3-1+deb8u5.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2:2.4-1+deb9u1.

\n

For the testing distribution (buster), these problems have been fixed\nin version 2:2.4-1.1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 2:2.4-1.1.

\n

We recommend that you upgrade your wpa packages.

\n
\n
\n
\n
", "4000": "
\n

Debian Security Advisory

\n

DSA-4000-1 xorg-server -- security update

\n
\n
Date Reported:
\n
17 Oct 2017
\n
Affected Packages:
\n
\nxorg-server\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-12176, CVE-2017-12177, CVE-2017-12178, CVE-2017-12179, CVE-2017-12180, CVE-2017-12181, CVE-2017-12182, CVE-2017-12183, CVE-2017-12184, CVE-2017-12185, CVE-2017-12186, CVE-2017-12187, CVE-2017-13721, CVE-2017-13723.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the X.Org X server. An\nattacker who's able to connect to an X server could cause a denial of\nservice or potentially the execution of arbitrary code.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2:1.16.4-1+deb8u2.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2:1.19.2-1+deb9u2.

\n

We recommend that you upgrade your xorg-server packages.

\n
\n
\n
\n
", "4001": "
\n

Debian Security Advisory

\n

DSA-4001-1 yadifa -- security update

\n
\n
Date Reported:
\n
19 Oct 2017
\n
Affected Packages:
\n
\nyadifa\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 876315.
In Mitre's CVE dictionary: CVE-2017-14339.
\n
More information:
\n
\n

It was discovered that YADIFA, an authoritative DNS server, did not\nsufficiently check its input. This allowed a remote attacker to cause\na denial-of-service by forcing the daemon to enter an infinite loop.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.2.3-1+deb9u1.

\n

We recommend that you upgrade your yadifa packages.

\n
\n
\n
\n
", "4002": "
\n

Debian Security Advisory

\n

DSA-4002-1 mysql-5.5 -- security update

\n
\n
Date Reported:
\n
19 Oct 2017
\n
Affected Packages:
\n
\nmysql-5.5\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 878402.
In Mitre's CVE dictionary: CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384.
\n
More information:
\n
\n

Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.58, which includes additional changes, such as performance\nimprovements, bug fixes, new features, and possibly incompatible\nchanges. Please see the MySQL 5.5 Release Notes and Oracle's Critical\nPatch Update advisory for further details:

\n\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 5.5.58-0+deb8u1.

\n

We recommend that you upgrade your mysql-5.5 packages.

\n
\n
\n
\n
", "4003": "
\n

Debian Security Advisory

\n

DSA-4003-1 libvirt -- security update

\n
\n
Date Reported:
\n
19 Oct 2017
\n
Affected Packages:
\n
\nlibvirt\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 878799.
In Mitre's CVE dictionary: CVE-2017-1000256.
\n
More information:
\n
\n

Daniel P. Berrange reported that Libvirt, a virtualisation abstraction\nlibrary, does not properly handle the default_tls_x509_verify (and\nrelated) parameters in qemu.conf when setting up TLS clients and servers\nin QEMU, resulting in TLS clients for character devices and disk devices\nhaving verification turned off and ignoring any errors while validating\nthe server certificate.

\n

More informations in https://security.libvirt.org/2017/0002.html .

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 3.0.0-4+deb9u1.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 3.8.0-3.

\n

We recommend that you upgrade your libvirt packages.

\n
\n
\n
\n
", "4004": "
\n

Debian Security Advisory

\n

DSA-4004-1 jackson-databind -- security update

\n
\n
Date Reported:
\n
20 Oct 2017
\n
Affected Packages:
\n
\njackson-databind\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 870848.
In Mitre's CVE dictionary: CVE-2017-7525.
\n
More information:
\n
\n

Liao Xinxi discovered that jackson-databind, a Java library used to\nparse JSON and other data formats, did not properly validate user\ninput before attemtping deserialization. This allowed an attacker to\nperform code execution by providing maliciously crafted input.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 2.4.2-2+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.8.6-1+deb9u1.

\n

We recommend that you upgrade your jackson-databind packages.

\n
\n
\n
\n
", "4005": "
\n

Debian Security Advisory

\n

DSA-4005-1 openjfx -- security update

\n
\n
Date Reported:
\n
20 Oct 2017
\n
Affected Packages:
\n
\nopenjfx\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-10086, CVE-2017-10114.
\n
More information:
\n
\n

Two unspecified vulnerabilities were discovered in OpenJFX, a rich client\napplication platform for Java.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 8u141-b14-3~deb9u1.

\n

We recommend that you upgrade your openjfx packages.

\n
\n
\n
\n
", "4006": "
\n

Debian Security Advisory

\n

DSA-4006-1 mupdf -- security update

\n
\n
Date Reported:
\n
24 Oct 2017
\n
Affected Packages:
\n
\nmupdf\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 877379, Bug 879055.
In Mitre's CVE dictionary: CVE-2017-14685, CVE-2017-14686, CVE-2017-14687, CVE-2017-15587.
\n
More information:
\n
\n

Multiple vulnerabilities have been found in MuPDF, a PDF file viewer, which\nmay result in denial of service or the execution of arbitrary code.

\n
    \n
  • CVE-2017-14685,\nCVE-2017-14686,\nand CVE-2017-14687\n

    WangLin discovered that a crafted .xps file can crash MuPDF and\n potentially execute arbitrary code in several ways, since the\n application makes unchecked assumptions on the entry format.

    • \n
  • CVE-2017-15587\n

    Terry Chia and Jeremy Heng discovered an integer overflow that can\n cause arbitrary code execution via a crafted .pdf file.

    • \n
\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.9a+ds1-4+deb9u1.

\n

We recommend that you upgrade your mupdf packages.

\n
\n
\n
\n
", "4007": "
\n

Debian Security Advisory

\n

DSA-4007-1 curl -- security update

\n
\n
Date Reported:
\n
27 Oct 2017
\n
Affected Packages:
\n
\ncurl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-1000257.
\n
More information:
\n
\n

Brian Carpenter, Geeknik Labs and 0xd34db347 discovered that cURL, an URL\ntransfer library, incorrectly parsed an IMAP FETCH response with size 0,\nleading to an out-of-bounds read.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 7.38.0-4+deb8u7.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 7.52.1-5+deb9u2.

\n

For the unstable distribution (sid), this problem has been fixed in\nversion 7.56.1-1.

\n

We recommend that you upgrade your curl packages.

\n
\n
\n
\n
", "4008": "
\n

Debian Security Advisory

\n

DSA-4008-1 wget -- security update

\n
\n
Date Reported:
\n
28 Oct 2017
\n
Affected Packages:
\n
\nwget\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-13089, CVE-2017-13090.
\n
More information:
\n
\n

Antti Levomaeki, Christian Jalio, Joonas Pihlaja and Juhani Eronen\ndiscovered two buffer overflows in the HTTP protocol handler of the Wget\ndownload tool, which could result in the execution of arbitrary code\nwhen connecting to a malicious HTTP server.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1.16-1+deb8u4.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.18-5+deb9u1.

\n

We recommend that you upgrade your wget packages.

\n
\n
\n
\n
", "4009": "
\n

Debian Security Advisory

\n

DSA-4009-1 shadowsocks-libev -- security update

\n
\n
Date Reported:
\n
29 Oct 2017
\n
Affected Packages:
\n
\nshadowsocks-libev\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-15924.
\n
More information:
\n
\n

Niklas Abel discovered that insufficient input sanitising in the\nss-manager component of shadowsocks-libev, a lightweight socks5 proxy,\ncould result in arbitrary shell command execution.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 2.6.3+ds-3+deb9u1.

\n

We recommend that you upgrade your shadowsocks-libev packages.

\n
\n
\n
\n
", "4010": "
\n

Debian Security Advisory

\n

DSA-4010-1 git-annex -- security update

\n
\n
Date Reported:
\n
30 Oct 2017
\n
Affected Packages:
\n
\ngit-annex\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 873088.
In Mitre's CVE dictionary: CVE-2017-12976.
\n
More information:
\n
\n

It was discovered that git-annex, a tool to manage files with git\nwithout checking their contents in, did not correctly handle\nmaliciously constructed ssh:// URLs. This allowed an attacker to run\nan arbitrary shell command.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 5.20141125+deb8u1.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 6.20170101-1+deb9u1.

\n

We recommend that you upgrade your git-annex packages.

\n
\n
\n
\n
", "4011": "
\n

Debian Security Advisory

\n

DSA-4011-1 quagga -- security update

\n
\n
Date Reported:
\n
30 Oct 2017
\n
Affected Packages:
\n
\nquagga\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 879474.
In Mitre's CVE dictionary: CVE-2017-16227.
\n
More information:
\n
\n

It was discovered that the bgpd daemon in the Quagga routing suite does\nnot properly calculate the length of multi-segment AS_PATH UPDATE\nmessages, causing bgpd to drop a session and potentially resulting in\nloss of network connectivity.

\n

For the oldstable distribution (jessie), this problem has been fixed\nin version 0.99.23.1-1+deb8u4.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 1.1.1-3+deb9u1.

\n

We recommend that you upgrade your quagga packages.

\n
\n
\n
\n
", "4012": "
\n

Debian Security Advisory

\n

DSA-4012-1 libav -- security update

\n
\n
Date Reported:
\n
31 Oct 2017
\n
Affected Packages:
\n
\nlibav\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2015-8365, CVE-2017-7208, CVE-2017-7862, CVE-2017-9992.
\n
More information:
\n
\n

Several security issues have been corrected in multiple demuxers and\ndecoders of the libav multimedia library. A full list of the changes is\navailable at\nhttps://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.11

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 6:11.11-1~deb8u1.

\n

We recommend that you upgrade your libav packages.

\n
\n
\n
\n
", "4013": "
\n

Debian Security Advisory

\n

DSA-4013-1 openjpeg2 -- security update

\n
\n
Date Reported:
\n
31 Oct 2017
\n
Affected Packages:
\n
\nopenjpeg2\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2016-1628, CVE-2016-5152, CVE-2016-5157, CVE-2016-9118, CVE-2016-10504, CVE-2017-14039, CVE-2017-14040, CVE-2017-14041, CVE-2017-14151, CVE-2017-14152.
\n
More information:
\n
\n

Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /\ndecompression library, may result in denial of service or the execution\nof arbitrary code if a malformed JPEG 2000 file is processed.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 2.1.0-2+deb8u3.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 2.1.2-1.1+deb9u2.

\n

We recommend that you upgrade your openjpeg2 packages.

\n
\n
\n
\n
", "4014": "
\n

Debian Security Advisory

\n

DSA-4014-1 thunderbird -- security update

\n
\n
Date Reported:
\n
01 Nov 2017
\n
Affected Packages:
\n
\nthunderbird\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-7793, CVE-2017-7805, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824.
\n
More information:
\n
\n

Multiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code or denial of service.

\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 1:52.4.0-1~deb8u1.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1:52.4.0-1~deb9u1.

\n

We recommend that you upgrade your thunderbird packages.

\n
\n
\n
\n
", "4015": "
\n

Debian Security Advisory

\n

DSA-4015-1 openjdk-8 -- security update

\n
\n
Date Reported:
\n
02 Nov 2017
\n
Affected Packages:
\n
\nopenjdk-8\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in OpenJDK, an\nimplementation of the Oracle Java platform, resulting in impersonation\nof Kerberos services, denial of service, sandbox bypass or HTTP header\ninjection.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 8u151-b12-1~deb9u1.

\n

We recommend that you upgrade your openjdk-8 packages.

\n
\n
\n
\n
", "4016": "
\n

Debian Security Advisory

\n

DSA-4016-1 irssi -- security update

\n
\n
Date Reported:
\n
03 Nov 2017
\n
Affected Packages:
\n
\nirssi\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 867598, Bug 879521.
In Mitre's CVE dictionary: CVE-2017-10965, CVE-2017-10966, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in Irssi, a terminal based\nIRC client. The Common Vulnerabilities and Exposures project identifies\nthe following problems:

\n
    \n
  • CVE-2017-10965\n

    Brian geeknik Carpenter of Geeknik Labs discovered that Irssi does\n not properly handle receiving messages with invalid time stamps. A\n malicious IRC server can take advantage of this flaw to cause Irssi\n to crash, resulting in a denial of service.

    • \n
  • CVE-2017-10966\n

    Brian geeknik Carpenter of Geeknik Labs discovered that Irssi is\n susceptible to a use-after-free flaw triggered while updating the\n internal nick list. A malicious IRC server can take advantage of\n this flaw to cause Irssi to crash, resulting in a denial of service.

    • \n
  • CVE-2017-15227\n

    Joseph Bisch discovered that while waiting for the channel\n synchronisation, Irssi may incorrectly fail to remove destroyed\n channels from the query list, resulting in use after free conditions\n when updating the state later on. A malicious IRC server can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.

    • \n
  • CVE-2017-15228\n

    Hanno Boeck reported that Irssi does not properly handle installing\n themes with unterminated colour formatting sequences, leading to a\n denial of service if a user is tricked into installing a specially\n crafted theme.

    • \n
  • CVE-2017-15721\n

    Joseph Bisch discovered that Irssi does not properly handle\n incorrectly formatted DCC CTCP messages. A remote attacker can take\n advantage of this flaw to cause Irssi to crash, resulting in a\n denial of service.

    • \n
  • CVE-2017-15722\n

    Joseph Bisch discovered that Irssi does not properly verify Safe\n channel IDs. A malicious IRC server can take advantage of this flaw\n to cause Irssi to crash, resulting in a denial of service.

    • \n
  • CVE-2017-15723\n

    Joseph Bisch reported that Irssi does not properly handle overlong\n nicks or targets resulting in a NULL pointer dereference when\n splitting the message and leading to a denial of service.

    • \n
\n

For the oldstable distribution (jessie), these problems have been fixed\nin version 0.8.17-1+deb8u5.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2-1+deb9u3. CVE-2017-10965 and CVE-2017-10966 were already\nfixed in an earlier point release.

\n

We recommend that you upgrade your irssi packages.

\n
\n
\n
\n
", "4017": "
\n

Debian Security Advisory

\n

DSA-4017-1 openssl1.0 -- security update

\n
\n
Date Reported:
\n
03 Nov 2017
\n
Affected Packages:
\n
\nopenssl1.0\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3735, CVE-2017-3736.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.0.2l-2+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2m-1.

\n

We recommend that you upgrade your openssl1.0 packages.

\n
\n
\n
\n
", "4018": "
\n

Debian Security Advisory

\n

DSA-4018-1 openssl -- security update

\n
\n
Date Reported:
\n
04 Nov 2017
\n
Affected Packages:
\n
\nopenssl\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-3735, CVE-2017-3736.
\n
More information:
\n
\n

Multiple vulnerabilities have been discovered in OpenSSL, a Secure\nSockets Layer toolkit. The Common Vulnerabilities and Exposures project\nidentifies the following issues:

\n\n

For the oldstable distribution (jessie), CVE-2017-3735 has been fixed in\nversion 1.0.1t-1+deb8u7. The oldstable distribution is not affected by\nCVE-2017-3736.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0f-3+deb9u1.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 1.1.0g-1.

\n

We recommend that you upgrade your openssl packages.

\n
\n
\n
\n
", "4019": "
\n

Debian Security Advisory

\n

DSA-4019-1 imagemagick -- security update

\n
\n
Date Reported:
\n
05 Nov 2017
\n
Affected Packages:
\n
\nimagemagick\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In the Debian bugtracking system: Bug 870526, Bug 870491, Bug 870116, Bug 870111, Bug 870109, Bug 870106, Bug 870119.
In Mitre's CVE dictionary: CVE-2017-9500, CVE-2017-11446, CVE-2017-11523, CVE-2017-11533, CVE-2017-11535, CVE-2017-11537, CVE-2017-11639, CVE-2017-11640, CVE-2017-12428, CVE-2017-12431, CVE-2017-12432, CVE-2017-12434, CVE-2017-12587, CVE-2017-12640, CVE-2017-12671, CVE-2017-13139, CVE-2017-13140, CVE-2017-13141, CVE-2017-13142, CVE-2017-13143, CVE-2017-13144, CVE-2017-13145.
\n
More information:
\n
\n

This update fixes several vulnerabilities in imagemagick: Various memory\nhandling problems and cases of missing or incomplete input sanitising may\nresult in denial of service, memory disclosure or the execution of\narbitrary code if malformed image files are processed.

\n

For the stable distribution (stretch), this problem has been fixed in\nversion 8:6.9.7.4+dfsg-11+deb9u2.

\n

We recommend that you upgrade your imagemagick packages.

\n
\n
\n
\n
", "4020": "
\n

Debian Security Advisory

\n

DSA-4020-1 chromium-browser -- security update

\n
\n
Date Reported:
\n
05 Nov 2017
\n
Affected Packages:
\n
\nchromium-browser\n
\n
Vulnerable:
\n
Yes
\n
Security database references:
\n
In Mitre's CVE dictionary: CVE-2017-5124, CVE-2017-5125, CVE-2017-5126, CVE-2017-5127, CVE-2017-5128, CVE-2017-5129, CVE-2017-5131, CVE-2017-5132, CVE-2017-5133, CVE-2017-15386, CVE-2017-15387, CVE-2017-15388, CVE-2017-15389, CVE-2017-15390, CVE-2017-15391, CVE-2017-15392, CVE-2017-15393, CVE-2017-15394, CVE-2017-15395, CVE-2017-15396.
\n
More information:
\n
\n

Several vulnerabilities have been discovered in the chromium web browser.

\n

In addition, this message serves as an annoucment that security support for\nchromium in the oldstable release (jessie), Debian 8, is now discontinued.

\n

Debian 8 chromium users that desire continued security updates are strongly\nencouraged to upgrade now to the current stable release (stretch), Debian 9.

\n

An alternative is to switch to the firefox browser, which will continue to\nreceive security updates in jessie for some time.

\n
    \n
  • CVE-2017-5124\n

    A cross-site scripting issue was discovered in MHTML.

    • \n
  • CVE-2017-5125\n

    A heap overflow issue was discovered in the skia library.

    • \n
  • CVE-2017-5126\n

    Luat Nguyen discovered a use-after-free issue in the pdfium library.

    • \n
  • CVE-2017-5127\n

    Luat Nguyen discovered another use-after-free issue in the pdfium\n library.

    • \n
  • CVE-2017-5128\n

    Omair discovered a heap overflow issue in the WebGL implementation.

    • \n
  • CVE-2017-5129\n

    Omair discovered a use-after-free issue in the WebAudio implementation.

    • \n
  • CVE-2017-5131\n

    An out-of-bounds write issue was discovered in the skia library.

    • \n
  • CVE-2017-5132\n

    Guarav Dewan discovered an error in the WebAssembly implementation.

    • \n
  • CVE-2017-5133\n

    Aleksandar Nikolic discovered an out-of-bounds write issue in the skia\n library.

    • \n
  • CVE-2017-15386\n

    WenXu Wu discovered a user interface spoofing issue.

    • \n
  • CVE-2017-15387\n

    Jun Kokatsu discovered a way to bypass the content security policy.

    • \n
  • CVE-2017-15388\n

    Kushal Arvind Shah discovered an out-of-bounds read issue in the skia\n library.

    • \n
  • CVE-2017-15389\n

    xisigr discovered a URL spoofing issue.

    • \n
  • CVE-2017-15390\n

    Haosheng Wang discovered a URL spoofing issue.

    • \n
  • CVE-2017-15391\n

    Joao Lucas Melo Brasio discovered a way for an extension to bypass its\n limitations.

    • \n
  • CVE-2017-15392\n

    Xiaoyin Liu discovered an error the implementation of registry keys.

    • \n
  • CVE-2017-15393\n

    Svyat Mitin discovered an issue in the devtools.

    • \n
  • CVE-2017-15394\n

    Sam discovered a URL spoofing issue.

    • \n
  • CVE-2017-15395\n

    Johannes Bergman discovered a null pointer dereference issue.

    • \n
  • CVE-2017-15396\n

    Yuan Deng discovered a stack overflow issue in the v8 javascript library.

    • \n
\n

For the oldstable distribution (jessie), security support for chromium has\nbeen discontinued.

\n

For the stable distribution (stretch), these problems have been fixed in\nversion 62.0.3202.75-1~deb9u1.

\n

For the testing distribution (buster), these problems will be fixed soon.

\n

For the unstable distribution (sid), these problems have been fixed in\nversion 62.0.3202.75-1.

\n

We recommend that you upgrade your chromium-browser packages.

\n
\n
\n
\n
"}